package com.linkedin.venice.router;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.linkedin.venice.acl.AccessController;
import com.linkedin.venice.acl.AclException;
import com.linkedin.venice.router.api.VenicePathParser;
import com.linkedin.venice.router.stats.AdminOperationsStats;
import com.linkedin.venice.utils.DataProviderUtils;
import com.linkedin.venice.utils.ObjectMapperFactory;
import com.linkedin.venice.utils.TestUtils;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelPipeline;
import io.netty.handler.codec.http.EmptyHttpHeaders;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.ssl.SslHandler;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import org.mockito.ArgumentCaptor;
import org.mockito.Mockito;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:com/linkedin/venice/router/TestAdminOperationsHandler.class */
public class TestAdminOperationsHandler {
    private RouterServer router;
    private AdminOperationsStats stats;
    private VeniceRouterConfig config;
    private AccessController accessController;
    private AdminOperationsHandler adminOperationsHandler;
    private static final String BASE_ADMIN_URI = String.join("/", "", VenicePathParser.TYPE_ADMIN);
    private static final String READ_QUOTA_THROTTLE_URI = String.join("/", BASE_ADMIN_URI, "readQuotaThrottle");
    private static final String READ_QUOTA_THROTTLE_ENABLE_URI = String.join("/", READ_QUOTA_THROTTLE_URI, "enable");
    private static final String READ_QUOTA_THROTTLE_DISABLE_URI = String.join("/", READ_QUOTA_THROTTLE_URI, "disable");
    private static final String INCORRECT_ADMIN_TASK = String.join("/", BASE_ADMIN_URI, "incorrect");
    private static final String READ_QUOTA_THROTTLE_INCORRECT_ACTION_URI = String.join("/", READ_QUOTA_THROTTLE_URI, "incorrect");
    private static final ObjectMapper OBJECT_MAPPER = ObjectMapperFactory.getInstance();
    private final ConfigFake fake = new ConfigFake();

    /* loaded from: input_file:com/linkedin/venice/router/TestAdminOperationsHandler$ConfigFake.class */
    private static class ConfigFake {
        private boolean readThrottlingEnabled;
        private boolean earlyThrottleEnabled;

        private ConfigFake() {
        }
    }

    @BeforeMethod
    public void setupTest() {
        this.router = (RouterServer) Mockito.mock(RouterServer.class);
        this.stats = (AdminOperationsStats) Mockito.mock(AdminOperationsStats.class);
        this.config = (VeniceRouterConfig) Mockito.mock(VeniceRouterConfig.class);
        ((RouterServer) Mockito.doReturn(this.config).when(this.router)).getConfig();
        ((VeniceRouterConfig) Mockito.doReturn(1000L).when(this.config)).getReadQuotaThrottlingLeaseTimeoutMs();
        ((VeniceRouterConfig) Mockito.doAnswer(invocationOnMock -> {
            this.fake.readThrottlingEnabled = ((Boolean) invocationOnMock.getArgument(0, Boolean.class)).booleanValue();
            return null;
        }).when(this.config)).setReadThrottlingEnabled(Mockito.anyBoolean());
        ((VeniceRouterConfig) Mockito.doAnswer(invocationOnMock2 -> {
            return Boolean.valueOf(this.fake.readThrottlingEnabled);
        }).when(this.config)).isReadThrottlingEnabled();
        ((VeniceRouterConfig) Mockito.doAnswer(invocationOnMock3 -> {
            this.fake.earlyThrottleEnabled = ((Boolean) invocationOnMock3.getArgument(0, Boolean.class)).booleanValue();
            return null;
        }).when(this.config)).setEarlyThrottleEnabled(Mockito.anyBoolean());
        ((VeniceRouterConfig) Mockito.doAnswer(invocationOnMock4 -> {
            return Boolean.valueOf(this.fake.earlyThrottleEnabled);
        }).when(this.config)).isEarlyThrottleEnabled();
        this.accessController = null;
    }

    private void setupAccessController(boolean z, boolean z2) throws AclException {
        if (z) {
            this.accessController = (AccessController) Mockito.mock(AccessController.class);
            ((AccessController) Mockito.doReturn(Boolean.valueOf(z2)).when(this.accessController)).hasAccessToAdminOperation((X509Certificate) Mockito.any(), (String) Mockito.any());
        }
    }

    private void setInitialConfig(boolean z, boolean z2) {
        this.config.setReadThrottlingEnabled(z);
        this.config.setEarlyThrottleEnabled(z2);
    }

    private FullHttpResponse passRequestToAdminOperationsHandler(HttpMethod httpMethod, String str, boolean z) throws IOException {
        Channel channel = (Channel) Mockito.mock(Channel.class);
        ((Channel) Mockito.doReturn(new InetSocketAddress(1500)).when(channel)).remoteAddress();
        ChannelHandlerContext channelHandlerContext = (ChannelHandlerContext) Mockito.mock(ChannelHandlerContext.class);
        ((ChannelHandlerContext) Mockito.doReturn(channel).when(channelHandlerContext)).channel();
        ChannelPipeline channelPipeline = (ChannelPipeline) Mockito.mock(ChannelPipeline.class);
        Mockito.when(channelHandlerContext.pipeline()).thenReturn(channelPipeline);
        if (z) {
            SslHandler sslHandler = (SslHandler) Mockito.mock(SslHandler.class);
            Mockito.when(channelPipeline.get(SslHandler.class)).thenReturn(sslHandler);
            SSLEngine sSLEngine = (SSLEngine) Mockito.mock(SSLEngine.class);
            Mockito.when(sslHandler.engine()).thenReturn(sSLEngine);
            SSLSession sSLSession = (SSLSession) Mockito.mock(SSLSession.class);
            Mockito.when(sSLEngine.getSession()).thenReturn(sSLSession);
            Mockito.when(sSLSession.getPeerCertificates()).thenReturn(new Certificate[]{(X509Certificate) Mockito.mock(X509Certificate.class)});
        }
        FullHttpRequest fullHttpRequest = (FullHttpRequest) Mockito.mock(FullHttpRequest.class);
        ((FullHttpRequest) Mockito.doReturn(EmptyHttpHeaders.INSTANCE).when(fullHttpRequest)).headers();
        ((FullHttpRequest) Mockito.doReturn(str).when(fullHttpRequest)).uri();
        ((FullHttpRequest) Mockito.doReturn(httpMethod).when(fullHttpRequest)).method();
        this.adminOperationsHandler.channelRead0(channelHandlerContext, fullHttpRequest);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Object.class);
        ((ChannelHandlerContext) Mockito.verify(channelHandlerContext)).writeAndFlush(forClass.capture());
        return (FullHttpResponse) forClass.getValue();
    }

    private void verifyReadThrottlingStatus(FullHttpResponse fullHttpResponse, boolean z, boolean z2, boolean z3, boolean z4, boolean z5) throws IOException, AclException {
        Map map = (Map) OBJECT_MAPPER.readValue(fullHttpResponse.content().toString(StandardCharsets.UTF_8), Map.class);
        if (z2 && z) {
            ((AccessController) Mockito.verify(this.accessController, Mockito.times(1))).hasAccessToAdminOperation((X509Certificate) Mockito.any(), (String) Mockito.eq("readQuotaThrottle"));
            Mockito.clearInvocations(new AccessController[]{this.accessController});
        }
        if (z2 && (!z || !z5)) {
            Assert.assertEquals(fullHttpResponse.status(), HttpResponseStatus.FORBIDDEN);
            Assert.assertNotNull(map.get("error"));
        } else {
            Assert.assertEquals(fullHttpResponse.status(), HttpResponseStatus.OK);
            Assert.assertEquals(map.get("readThrottlingEnabled"), String.valueOf(z3));
            Assert.assertEquals(map.get("earlyThrottleEnabled"), String.valueOf(z4));
        }
    }

    private void verifyErrorResponse(FullHttpResponse fullHttpResponse, boolean z, boolean z2, boolean z3, HttpResponseStatus httpResponseStatus) throws IOException, AclException {
        Map map = (Map) OBJECT_MAPPER.readValue(fullHttpResponse.content().toString(StandardCharsets.UTF_8), Map.class);
        if (z2 && z) {
            ((AccessController) Mockito.verify(this.accessController, Mockito.times(1))).hasAccessToAdminOperation((X509Certificate) Mockito.any(), Mockito.anyString());
            Mockito.clearInvocations(new AccessController[]{this.accessController});
        }
        if (!z2 || (z && z3)) {
            Assert.assertEquals(fullHttpResponse.status(), httpResponseStatus);
        } else {
            Assert.assertEquals(fullHttpResponse.status(), HttpResponseStatus.FORBIDDEN);
        }
        Assert.assertNotNull(map.get("error"));
    }

    @Test(dataProvider = "Five-True-and-False", dataProviderClass = DataProviderUtils.class)
    public void testRouterReadQuotaThrottleControl(boolean z, boolean z2, boolean z3, boolean z4, boolean z5) throws IOException, AclException {
        setInitialConfig(z, z2);
        setupAccessController(z4, z5);
        this.adminOperationsHandler = new AdminOperationsHandler(this.accessController, this.router, this.stats);
        verifyReadThrottlingStatus(passRequestToAdminOperationsHandler(HttpMethod.GET, READ_QUOTA_THROTTLE_URI, z3), z3, z4, z, z2, z5);
        verifyReadThrottlingStatus(passRequestToAdminOperationsHandler(HttpMethod.POST, READ_QUOTA_THROTTLE_DISABLE_URI, z3), z3, z4, false, false, z5);
        verifyReadThrottlingStatus(passRequestToAdminOperationsHandler(HttpMethod.POST, READ_QUOTA_THROTTLE_ENABLE_URI, z3), z3, z4, z, z2, z5);
        verifyReadThrottlingStatus(passRequestToAdminOperationsHandler(HttpMethod.POST, READ_QUOTA_THROTTLE_DISABLE_URI, z3), z3, z4, false, false, z5);
        TestUtils.waitForNonDeterministicAssertion(5L, TimeUnit.SECONDS, () -> {
            verifyReadThrottlingStatus(passRequestToAdminOperationsHandler(HttpMethod.GET, READ_QUOTA_THROTTLE_URI, z3), z3, z4, z, z2, z5);
        });
    }

    @Test(dataProvider = "Three-True-and-False", dataProviderClass = DataProviderUtils.class)
    public void testIncorrectAdminOperations(boolean z, boolean z2, boolean z3) throws IOException, AclException {
        setupAccessController(z2, z3);
        this.adminOperationsHandler = new AdminOperationsHandler(this.accessController, this.router, this.stats);
        verifyErrorResponse(passRequestToAdminOperationsHandler(HttpMethod.GET, INCORRECT_ADMIN_TASK, z), z, z2, z3, HttpResponseStatus.NOT_IMPLEMENTED);
        verifyErrorResponse(passRequestToAdminOperationsHandler(HttpMethod.GET, READ_QUOTA_THROTTLE_INCORRECT_ACTION_URI, z), z, z2, z3, HttpResponseStatus.BAD_REQUEST);
    }
}
