package com.gentics.mesh.auth;

import com.gentics.mesh.FieldUtil;
import com.gentics.mesh.auth.util.KeycloakUtils;
import com.gentics.mesh.core.rest.admin.localconfig.LocalConfigModel;
import com.gentics.mesh.core.rest.group.GroupReference;
import com.gentics.mesh.core.rest.group.GroupResponse;
import com.gentics.mesh.core.rest.node.NodeCreateRequest;
import com.gentics.mesh.core.rest.node.NodeResponse;
import com.gentics.mesh.core.rest.role.RolePermissionRequest;
import com.gentics.mesh.core.rest.role.RoleResponse;
import com.gentics.mesh.core.rest.user.UserAPITokenResponse;
import com.gentics.mesh.core.rest.user.UserResponse;
import com.gentics.mesh.parameter.LinkType;
import com.gentics.mesh.parameter.ParameterProvider;
import com.gentics.mesh.parameter.impl.NodeParametersImpl;
import com.gentics.mesh.plugin.auth.AuthServicePluginUtils;
import com.gentics.mesh.rest.ConnectionLeakTest;
import com.gentics.mesh.rest.client.MeshWebrootResponse;
import com.gentics.mesh.test.ClientHelper;
import com.gentics.mesh.test.MeshTestSetting;
import com.gentics.mesh.test.TestSize;
import com.gentics.mesh.test.category.FailingTests;
import com.gentics.mesh.test.context.MeshTestContext;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.vertx.core.json.JsonObject;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import org.assertj.core.api.Assertions;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@MeshTestSetting(testSize = TestSize.PROJECT_AND_NODE, startServer = true, useKeycloak = true)
@Category({FailingTests.class})
/* loaded from: input_file:com/gentics/mesh/auth/OAuth2KeycloakPluginTest.class */
public class OAuth2KeycloakPluginTest extends AbstractOAuthTest {
    @Before
    public void deployPlugin() throws Exception {
        MapperTestPlugin.reset();
        addPublicKey();
        deployPlugin(MapperTestPlugin.class, "myMapper");
    }

    private void addPublicKey() throws Exception {
        MapperTestPlugin.publicKeys.addAll(KeycloakUtils.loadJWKs("http", "localhost", MeshTestContext.getKeycloak().getFirstMappedPort().intValue(), "master-test"));
    }

    @Test
    public void testKeycloakAuth() throws Exception {
        setClientTokenFromKeycloak();
        UserResponse userResponse = (UserResponse) ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        });
        Assert.assertEquals("mapped@email.tld", userResponse.getEmailAddress());
        Assert.assertEquals("mappedFirstname", userResponse.getFirstname());
        Assert.assertEquals("mappedLastname", userResponse.getLastname());
        Assert.assertEquals("dummyuser", userResponse.getUsername());
        String uuid = userResponse.getUuid();
        ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        });
        UserResponse userResponse2 = (UserResponse) ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        });
        Assert.assertEquals("The uuid should not change. The previously created user should be returned.", uuid, userResponse2.getUuid());
        Assertions.assertThat((List) userResponse2.getGroups().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toList())).as("Groups", new Object[0]).containsOnly(new String[]{"group1", "group2", "group3"});
        Assert.assertNotNull(tx(tx -> {
            return tx.groupDao().findByName("group1");
        }));
        Assert.assertNotNull(tx(tx2 -> {
            return tx2.groupDao().findByName("group2");
        }));
        Assert.assertNotNull(tx(tx3 -> {
            return tx3.roleDao().findByName("role1");
        }));
        Assert.assertNotNull(tx(tx4 -> {
            return tx4.roleDao().findByName("role2");
        }));
        Assert.assertEquals("anonymous", new JsonObject(get("/api/v2/auth/me")).getString("username"));
        setAdminToken();
        UserAPITokenResponse userAPITokenResponse = (UserAPITokenResponse) ClientHelper.call(() -> {
            return client().issueAPIToken(userResponse2.getUuid());
        });
        client().logout().blockingGet();
        client().setAPIKey(userAPITokenResponse.getToken());
        Assert.assertEquals("dummyuser", ((UserResponse) ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        })).getUsername());
        client().setAPIKey("borked");
        ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        }, HttpResponseStatus.UNAUTHORIZED, "error_not_authorized", new String[0]);
        client().setAPIKey((String) null);
        Assert.assertEquals("anonymous", ((UserResponse) ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        })).getUsername());
    }

    @Test
    public void testRejectToken() throws IOException {
        MapperTestPlugin.acceptToken = false;
        setClientTokenFromKeycloak();
        ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        }, HttpResponseStatus.UNAUTHORIZED);
    }

    @Test
    public void testRoleFilter() throws Exception {
        MapperTestPlugin.roleFilter = (str, str2) -> {
            System.out.println("Filtering {" + str + "} / {" + str2 + "}");
            return str.equals("group3") && str2.equals("role1");
        };
        setClientTokenFromKeycloak();
        ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        });
        assertGroupsOfUser("dummyUser", "group1", "group2", "group3");
        setAdminToken();
        assertGroupRoles("group1", "role3");
        assertGroupRoles("group2", "role1");
        assertGroupRoles("group3", "role2");
        MapperTestPlugin.roleFilter = null;
        setClientTokenFromKeycloak();
        ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        });
        assertGroupsOfUser("dummyUser", "group1", "group2", "group3");
        setAdminToken();
        assertGroupRoles("group1", "role3");
        assertGroupRoles("group2", "role1");
        assertGroupRoles("group3", "role1", "role2");
        MapperTestPlugin.roleList.add(new RoleResponse().setName("admin").setGroups(new GroupReference[]{(GroupReference) new GroupReference().setName("group1")}));
        setClientTokenFromKeycloak();
        ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        });
        setAdminToken();
        assertGroupRoles("group1", "role3", "admin");
        MapperTestPlugin.reset();
        addPublicKey();
        MapperTestPlugin.roleFilter = AuthServicePluginUtils.createRoleFilter(MapperTestPlugin.roleList, MapperTestPlugin.groupList);
        setClientTokenFromKeycloak();
        ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        });
        assertGroupsOfUser("dummyUser", "group1", "group2", "group3");
        setAdminToken();
        assertGroupRoles("group1", "role3");
        assertGroupRoles("group2", "role1");
        assertGroupRoles("group3", "role1", "role2");
    }

    @Test
    public void testGroupFilter() throws Exception {
        MapperTestPlugin.groupFilter = str -> {
            System.out.println("Filtering {" + str + "}");
            return str.equals("group1");
        };
        setClientTokenFromKeycloak();
        ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        });
        assertGroupsOfUser("dummyUser", "group2", "group3");
        MapperTestPlugin.groupFilter = null;
        setClientTokenFromKeycloak();
        ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        });
        assertGroupsOfUser("dummyUser", "group1", "group2", "group3");
        MapperTestPlugin.groupList.add(new GroupResponse().setName("admin"));
        setClientTokenFromKeycloak();
        ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        });
        assertGroupsOfUser("dummyUser", "group1", "group2", "group3", "admin");
        MapperTestPlugin.reset();
        addPublicKey();
        MapperTestPlugin.groupFilter = AuthServicePluginUtils.createGroupFilter(MapperTestPlugin.groupList);
        setClientTokenFromKeycloak();
        ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        });
        assertGroupsOfUser("dummyUser", "group1", "group2", "group3");
    }

    @Test
    public void testDefaultUserMapper() throws IOException {
        MapperTestPlugin.userResult = null;
        setClientTokenFromKeycloak();
        UserResponse userResponse = (UserResponse) ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        });
        Assert.assertEquals("dummy@dummy.dummy", userResponse.getEmailAddress());
        Assert.assertEquals("Dummy", userResponse.getFirstname());
        Assert.assertEquals("User", userResponse.getLastname());
        Assert.assertEquals("dummyuser", userResponse.getUsername());
    }

    @Test
    public void testAuthWithMultiplePublicKeys() throws IOException {
        MapperTestPlugin.publicKeys.add(loadJson("/jwk/dummy-jwk.json"));
        MapperTestPlugin.userResult = null;
        setClientTokenFromKeycloak();
        Assert.assertEquals("dummy@dummy.dummy", ((UserResponse) ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        })).getEmailAddress());
    }

    @Test
    public void testWebroot() throws IOException {
        String str = (String) tx(() -> {
            return folder("2015").getUuid();
        });
        NodeCreateRequest nodeCreateRequest = new NodeCreateRequest();
        nodeCreateRequest.setLanguage("en");
        nodeCreateRequest.setSchemaName("binary_content");
        nodeCreateRequest.getFields().put("name", FieldUtil.createStringField("MyImage"));
        nodeCreateRequest.setParentNodeUuid(str);
        uploadImage((NodeResponse) ClientHelper.call(() -> {
            return client().createNode(projectName(), nodeCreateRequest, new ParameterProvider[0]);
        }), "en", ConnectionLeakTest.BINARY_FIELD_NAME);
        setClientTokenFromKeycloak();
        ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        });
        setAdminToken();
        String str2 = (String) tx(tx -> {
            return tx.roleDao().findByName("role1").getUuid();
        });
        RolePermissionRequest recursive = new RolePermissionRequest().setRecursive(true);
        recursive.getPermissions().setRead(true);
        ClientHelper.call(() -> {
            return client().updateRolePermissions(str2, "projects/" + projectUuid(), recursive);
        });
        String str3 = (String) tx(tx2 -> {
            return tx2.groupDao().findByName("group1").getUuid();
        });
        ClientHelper.call(() -> {
            return client().addRoleToGroup(str3, str2);
        });
        setClientTokenFromKeycloak();
        String str4 = "/News/2015";
        Assert.assertEquals("/News/2015", ((MeshWebrootResponse) ClientHelper.call(() -> {
            return client().webroot(projectName(), str4, new ParameterProvider[]{new NodeParametersImpl().setResolveLinks(LinkType.SHORT)});
        })).getNodeResponse().getPath());
        String str5 = "/News/2015/blume.jpg";
        Assert.assertTrue(((MeshWebrootResponse) ClientHelper.call(() -> {
            return client().webroot(projectName(), str5, new ParameterProvider[0]);
        })).isBinary());
    }

    @Test
    public void testReadOnlyMode() throws Exception {
        setClientTokenFromKeycloak();
        ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        });
        setReadOnly(true);
        ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        });
        setClientTokenFromKeycloak();
        ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        }, HttpResponseStatus.METHOD_NOT_ALLOWED, "error_readonly_mode_oauth", new String[0]);
        setReadOnly(false);
        ClientHelper.call(() -> {
            return client().me(new ParameterProvider[0]);
        });
    }

    private void setReadOnly(boolean z) {
        String aPIKey = client().getAPIKey();
        setAdminToken();
        ClientHelper.call(() -> {
            return client().updateLocalConfig(new LocalConfigModel().setReadOnly(Boolean.valueOf(z)));
        });
        client().setAPIKey(aPIKey);
    }
}
