package com.gentics.mesh.auth;

import com.gentics.mesh.core.rest.group.GroupReference;
import com.gentics.mesh.core.rest.user.UserAPITokenResponse;
import com.gentics.mesh.core.rest.user.UserResponse;
import com.gentics.mesh.etc.config.OAuth2Options;
import com.gentics.mesh.test.ClientHelper;
import com.gentics.mesh.test.TestSize;
import com.gentics.mesh.test.context.AbstractMeshTest;
import com.gentics.mesh.test.context.MeshTestContext;
import com.gentics.mesh.test.context.MeshTestSetting;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.vertx.core.json.JsonObject;
import java.io.IOException;
import java.nio.charset.Charset;
import okhttp3.MediaType;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import org.apache.commons.io.IOUtils;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.rules.TestRule;

@MeshTestSetting(testSize = TestSize.PROJECT_AND_NODE, startServer = true, useKeycloak = true)
/* loaded from: input_file:com/gentics/mesh/auth/OAuth2KeycloakTest.class */
public class OAuth2KeycloakTest extends AbstractMeshTest {

    @ClassRule
    public static TestRule rule = (statement, description) -> {
        OAuth2Options oauth2 = testContext.getOptions().getAuthenticationOptions().getOauth2();
        oauth2.setMapperScriptDevMode(true);
        oauth2.setMapperScriptPath("src/test/resources/oauth2/mapperscript.js");
        return statement;
    };

    @Test
    public void testKeycloakAuth() throws Exception {
        JsonObject loginKeycloak = loginKeycloak();
        client().setAPIKey(loginKeycloak.getString("access_token"));
        System.out.println("Login Token\n:" + loginKeycloak.encodePrettily());
        UserResponse userResponse = (UserResponse) ClientHelper.call(() -> {
            return client().me();
        });
        Assert.assertEquals("dummy@dummy.dummy", userResponse.getEmailAddress());
        Assert.assertEquals("Dummy", userResponse.getFirstname());
        Assert.assertEquals("User", userResponse.getLastname());
        Assert.assertEquals("dummyuser", userResponse.getUsername());
        String uuid = userResponse.getUuid();
        ClientHelper.call(() -> {
            return client().me();
        });
        UserResponse userResponse2 = (UserResponse) ClientHelper.call(() -> {
            return client().me();
        });
        Assert.assertEquals("The uuid should not change. The previously created user should be returned.", uuid, userResponse2.getUuid());
        Assert.assertEquals("group1", ((GroupReference) userResponse2.getGroups().get(0)).getName());
        Assert.assertEquals("group2", ((GroupReference) userResponse2.getGroups().get(1)).getName());
        Assert.assertNotNull(tx(() -> {
            return boot().groupRoot().findByName("group1");
        }));
        Assert.assertNotNull(tx(() -> {
            return boot().groupRoot().findByName("group2");
        }));
        Assert.assertNotNull(tx(() -> {
            return boot().roleRoot().findByName("role1");
        }));
        Assert.assertNotNull(tx(() -> {
            return boot().roleRoot().findByName("role2");
        }));
        System.out.println(get("/api/v1/auth/me"));
        client().setLogin("admin", "admin");
        client().login().blockingGet();
        UserAPITokenResponse userAPITokenResponse = (UserAPITokenResponse) ClientHelper.call(() -> {
            return client().issueAPIToken(userResponse2.getUuid());
        });
        client().logout().blockingGet();
        client().setAPIKey(userAPITokenResponse.getToken());
        ClientHelper.call(() -> {
            return client().me();
        });
        client().setAPIKey("borked");
        ClientHelper.call(() -> {
            return client().me();
        }, HttpResponseStatus.UNAUTHORIZED, "error_not_authorized", new String[0]);
        client().setAPIKey((String) null);
        Assert.assertEquals("anonymous", ((UserResponse) ClientHelper.call(() -> {
            return client().me();
        })).getUsername());
    }

    protected JsonObject get(String str, String str2) throws IOException {
        return new JsonObject(httpClient().newCall(new Request.Builder().header("Accept", "application/json").header("Authorization", "Bearer " + str2).url("http://localhost:" + testContext.getPort() + str).build()).execute().body().string());
    }

    protected String get(String str) throws IOException {
        Response execute = httpClient().newCall(new Request.Builder().header("Accept", "application/json").url("http://localhost:" + testContext.getPort() + str).build()).execute();
        System.out.println("Response: " + execute.code());
        return execute.body().string();
    }

    protected JsonObject loadJson(String str) throws IOException {
        return new JsonObject(IOUtils.toString(getClass().getResource(str), Charset.defaultCharset()));
    }

    private JsonObject loginKeycloak() throws IOException {
        int intValue = MeshTestContext.getKeycloak().getFirstMappedPort().intValue();
        StringBuilder sb = new StringBuilder();
        sb.append("client_id=mesh&");
        sb.append("username=dummyuser&");
        sb.append("password=finger&");
        sb.append("grant_type=password&");
        sb.append("client_secret=9b65c378-5b4c-4e25-b5a1-a53a381b5fb4");
        return new JsonObject(httpClient().newCall(new Request.Builder().post(RequestBody.create(MediaType.parse("application/x-www-form-urlencoded"), sb.toString())).url("http://localhost:" + intValue + "/auth/realms/master-test/protocol/openid-connect/token").build()).execute().body().string());
    }
}
