package org.apache.solr.cloud;

import com.codahale.metrics.Counter;
import com.codahale.metrics.Meter;
import com.codahale.metrics.Metric;
import com.codahale.metrics.MetricRegistry;
import com.codahale.metrics.Timer;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.Predicate;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.message.AbstractHttpMessage;
import org.apache.http.message.BasicHeader;
import org.apache.http.util.EntityUtils;
import org.apache.solr.client.solrj.embedded.JettySolrRunner;
import org.apache.solr.common.util.Base64;
import org.apache.solr.common.util.StrUtils;
import org.apache.solr.common.util.Utils;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.lang.JoseException;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/solr/cloud/SolrCloudAuthTestCase.class */
public class SolrCloudAuthTestCase extends SolrCloudTestCase {
    private static final String METRICS_PREFIX_PKI = "SECURITY./authentication/pki.";
    private static final String METRICS_PREFIX = "SECURITY./authentication.";
    private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private static final List<String> AUTH_METRICS_KEYS = Arrays.asList("errors", "requests", "authenticated", "passThrough", "failWrongCredentials", "failMissingCredentials", "requestTimes", "totalTime");
    private static final List<String> AUTH_METRICS_METER_KEYS = Arrays.asList("errors", "count");
    private static final List<String> AUTH_METRICS_TIMER_KEYS = Collections.singletonList("requestTimes");
    public static final Predicate NOT_NULL_PREDICATE = obj -> {
        return obj != null;
    };
    private static final List<String> AUDIT_METRICS_KEYS = Arrays.asList("count");
    private static final List<String> AUTH_METRICS_TO_COMPARE = Arrays.asList("requests", "authenticated", "passThrough", "failWrongCredentials", "failMissingCredentials", "errors");
    private static final List<String> AUDIT_METRICS_TO_COMPARE = Arrays.asList("count");

    @BeforeClass
    public static void enableMetrics() {
        System.setProperty("metricsEnabled", "true");
    }

    @AfterClass
    public static void disableMetrics() {
        System.clearProperty("metricsEnabled");
    }

    protected void assertPkiAuthMetricsMinimums(int i, int i2, int i3, int i4, int i5, int i6) throws InterruptedException {
        assertAuthMetricsMinimums(METRICS_PREFIX_PKI, i, i2, i3, i4, i5, i6);
    }

    protected void assertAuthMetricsMinimums(int i, int i2, int i3, int i4, int i5, int i6) throws InterruptedException {
        assertAuthMetricsMinimums(METRICS_PREFIX, i, i2, i3, i4, i5, i6);
    }

    Map<String, Long> countSecurityMetrics(MiniSolrCloudCluster miniSolrCloudCluster, String str, List<String> list) {
        ArrayList arrayList = new ArrayList();
        miniSolrCloudCluster.getJettySolrRunners().forEach(jettySolrRunner -> {
            MetricRegistry registry = jettySolrRunner.getCoreContainer().getMetricManager().registry("solr.node");
            assertNotNull(registry);
            arrayList.add(registry.getMetrics());
        });
        HashMap hashMap = new HashMap();
        list.forEach(str2 -> {
            hashMap.put(str2, Long.valueOf(sumCount(str, str2, arrayList)));
        });
        return hashMap;
    }

    private void assertAuthMetricsMinimums(String str, int i, int i2, int i3, int i4, int i5, int i6) throws InterruptedException {
        HashMap hashMap = new HashMap();
        hashMap.put("requests", Long.valueOf(i));
        hashMap.put("authenticated", Long.valueOf(i2));
        hashMap.put("passThrough", Long.valueOf(i3));
        hashMap.put("failWrongCredentials", Long.valueOf(i4));
        hashMap.put("failMissingCredentials", Long.valueOf(i5));
        hashMap.put("errors", Long.valueOf(i6));
        Map<String, Long> countSecurityMetrics = countSecurityMetrics(cluster, str, AUTH_METRICS_KEYS);
        assertTrue("Expected metric minimums for prefix " + str + ": " + hashMap + ", but got: " + countSecurityMetrics + "(Possible cause is delay in loading modified security.json; see SOLR-13464 for test work around)", isMetricsEqualOrLarger(AUTH_METRICS_TO_COMPARE, hashMap, countSecurityMetrics));
        if (countSecurityMetrics.get("requests").longValue() > 0) {
            assertTrue("requestTimes count not > 1", countSecurityMetrics.get("requestTimes").longValue() > 1);
            assertTrue("totalTime not > 0", countSecurityMetrics.get("totalTime").longValue() > 0);
        }
    }

    protected void assertAuditMetricsMinimums(MiniSolrCloudCluster miniSolrCloudCluster, String str, int i, int i2) throws InterruptedException {
        String str2 = "SECURITY./auditlogging." + str + ".";
        HashMap hashMap = new HashMap();
        hashMap.put("count", Long.valueOf(i));
        Map<String, Long> countSecurityMetrics = countSecurityMetrics(miniSolrCloudCluster, str2, AUDIT_METRICS_KEYS);
        boolean isMetricsEqualOrLarger = isMetricsEqualOrLarger(AUDIT_METRICS_TO_COMPARE, hashMap, countSecurityMetrics);
        if (!isMetricsEqualOrLarger) {
            log.info("First metrics count assert failed, pausing 2s before re-attempt");
            Thread.sleep(2000L);
            countSecurityMetrics = countSecurityMetrics(miniSolrCloudCluster, str2, AUDIT_METRICS_KEYS);
            isMetricsEqualOrLarger = isMetricsEqualOrLarger(AUDIT_METRICS_TO_COMPARE, hashMap, countSecurityMetrics);
        }
        assertTrue("Expected metric minimums for prefix " + str2 + ": " + hashMap + ", but got: " + countSecurityMetrics, isMetricsEqualOrLarger);
    }

    private boolean isMetricsEqualOrLarger(List<String> list, Map<String, Long> map, Map<String, Long> map2) {
        return list.stream().allMatch(str -> {
            return ((Long) map2.get(str)).intValue() >= ((Long) map.get(str)).intValue();
        });
    }

    private long sumCount(String str, String str2, List<Map<String, Metric>> list) {
        assertTrue("Metric " + str + str2 + " does not exist", list.get(0).containsKey(str + str2));
        return AUTH_METRICS_METER_KEYS.contains(str2) ? list.stream().mapToLong(map -> {
            return ((Meter) map.get(str + str2)).getCount();
        }).sum() : AUTH_METRICS_TIMER_KEYS.contains(str2) ? (long) (1000.0d * list.stream().mapToDouble(map2 -> {
            return ((Timer) map2.get(str + str2)).getMeanRate();
        }).average().orElse(0.0d)) : list.stream().mapToLong(map3 -> {
            return ((Counter) map3.get(str + str2)).getCount();
        }).sum();
    }

    public static void verifySecurityStatus(HttpClient httpClient, String str, String str2, Object obj, int i) throws Exception {
        verifySecurityStatus(httpClient, str, str2, obj, i, (String) null);
    }

    public static void verifySecurityStatus(HttpClient httpClient, String str, String str2, Object obj, int i, String str3, String str4) throws Exception {
        verifySecurityStatus(httpClient, str, str2, obj, i, makeBasicAuthHeader(str3, str4));
    }

    protected void verifySecurityStatus(HttpClient httpClient, String str, String str2, Object obj, int i, JsonWebSignature jsonWebSignature) throws Exception {
        verifySecurityStatus(httpClient, str, str2, obj, i, getBearerAuthHeader(jsonWebSignature));
    }

    private static void verifySecurityStatus(HttpClient httpClient, String str, String str2, Object obj, int i, String str3) throws IOException, InterruptedException {
        boolean z = false;
        String str4 = null;
        List splitSmart = StrUtils.splitSmart(str2, '/');
        int i2 = 0;
        while (true) {
            if (i2 >= i) {
                break;
            }
            HttpGet httpGet = new HttpGet(str);
            if (str3 != null) {
                setAuthorizationHeader(httpGet, str3);
            }
            HttpResponse execute = httpClient.execute(httpGet);
            str4 = EntityUtils.toString(execute.getEntity());
            Map map = null;
            try {
                map = (Map) Utils.fromJSONString(str4);
            } catch (Exception e) {
                fail("Invalid json " + str4);
            }
            Utils.consumeFully(execute.getEntity());
            Object objectByPath = Utils.getObjectByPath(map, true, splitSmart);
            if (!(obj instanceof Predicate)) {
                if (Objects.equals(objectByPath == null ? null : String.valueOf(objectByPath), obj)) {
                    z = true;
                    break;
                } else {
                    Thread.sleep(50L);
                    i2++;
                }
            } else if (((Predicate) obj).test(objectByPath)) {
                z = true;
                break;
            } else {
                Thread.sleep(50L);
                i2++;
            }
        }
        assertTrue("No match for " + str2 + " = " + obj + ", full response = " + str4, z);
    }

    protected static String makeBasicAuthHeader(String str, String str2) {
        return "Basic " + Base64.byteArrayToBase64((str + ":" + str2).getBytes(StandardCharsets.UTF_8));
    }

    static String getBearerAuthHeader(JsonWebSignature jsonWebSignature) throws JoseException {
        return "Bearer " + jsonWebSignature.getCompactSerialization();
    }

    public static void setAuthorizationHeader(AbstractHttpMessage abstractHttpMessage, String str) {
        abstractHttpMessage.setHeader(new BasicHeader("Authorization", str));
        log.info("Added Authorization Header {}", str);
    }

    public static Map<String, Object> getAuthPluginsInUseForCluster(String str) {
        HashMap hashMap = new HashMap();
        if (str.endsWith("authentication")) {
            for (JettySolrRunner jettySolrRunner : cluster.getJettySolrRunners()) {
                hashMap.put(jettySolrRunner.getNodeName(), jettySolrRunner.getCoreContainer().getAuthenticationPlugin());
            }
        } else if (str.endsWith("authorization")) {
            for (JettySolrRunner jettySolrRunner2 : cluster.getJettySolrRunners()) {
                hashMap.put(jettySolrRunner2.getNodeName(), jettySolrRunner2.getCoreContainer().getAuthorizationPlugin());
            }
        } else {
            fail("Test helper method assumptions broken: " + str);
        }
        return hashMap;
    }
}
