package org.uberfire.backend.server.authz;

import java.io.IOException;
import java.net.URI;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Set;
import javax.enterprise.event.Event;
import org.assertj.core.api.Assertions;
import org.jboss.errai.security.shared.api.GroupImpl;
import org.jboss.errai.security.shared.api.RoleImpl;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
import org.mockito.Matchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.runners.MockitoJUnitRunner;
import org.uberfire.backend.authz.AuthorizationPolicyStorage;
import org.uberfire.backend.events.AuthorizationPolicyDeployedEvent;
import org.uberfire.backend.server.WebAppSettings;
import org.uberfire.backend.server.security.RoleRegistry;
import org.uberfire.io.IOService;
import org.uberfire.java.nio.file.FileSystem;
import org.uberfire.mocks.FileSystemTestingUtils;
import org.uberfire.security.authz.AuthorizationPolicy;
import org.uberfire.security.authz.AuthorizationResult;
import org.uberfire.security.authz.Permission;
import org.uberfire.security.authz.PermissionCollection;
import org.uberfire.security.authz.PermissionManager;
import org.uberfire.security.impl.authz.DefaultPermissionManager;
import org.uberfire.security.impl.authz.DefaultPermissionTypeRegistry;
import org.uberfire.spaces.SpacesAPI;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:org/uberfire/backend/server/authz/AuthzPolicyDeployerTest.class */
public class AuthzPolicyDeployerTest {

    @Mock
    protected SpacesAPI spaces;

    @Mock
    AuthorizationPolicyStorage storage;
    AuthorizationPolicyVfsStorage vfsstorage;
    private FileSystem fileSystem;

    @Mock
    Event<AuthorizationPolicyDeployedEvent> event;
    private static FileSystemTestingUtils fileSystemTestingUtils = new FileSystemTestingUtils();
    AuthorizationPolicyDeployer deployer;
    PermissionManager permissionManager;
    IOService ioService;

    @Before
    public void setUp() throws IOException {
        fileSystemTestingUtils.setup();
        this.fileSystem = fileSystemTestingUtils.getFileSystem();
        this.ioService = (IOService) Mockito.spy(fileSystemTestingUtils.getIoService());
        ((IOService) Mockito.doNothing().when(this.ioService)).startBatch((FileSystem) Mockito.any(FileSystem.class));
        ((IOService) Mockito.doNothing().when(this.ioService)).endBatch();
        ((IOService) Mockito.doReturn(this.fileSystem).when(this.ioService)).newFileSystem((URI) Mockito.any(URI.class), Matchers.anyMap());
        this.permissionManager = (PermissionManager) Mockito.spy(new DefaultPermissionManager(new DefaultPermissionTypeRegistry()));
        this.vfsstorage = new AuthorizationPolicyVfsStorage(this.ioService, this.permissionManager, this.spaces);
        this.deployer = new AuthorizationPolicyDeployer(this.storage, this.permissionManager, this.event);
        this.vfsstorage.initFileSystem();
        RoleRegistry.get().clear();
    }

    @Test
    public void testPolicyDir() {
        WebAppSettings.get().setRootDir("/test");
        Assert.assertEquals(this.deployer.getPolicyDir(), Paths.get(URI.create("file:///test/WEB-INF/classes")));
    }

    @Test
    public void testInvalidPolicy() {
        Assertions.assertThatThrownBy(() -> {
            testPolicyLoad("WEB-INF/classes/invalid/security-policy.properties");
        }).isInstanceOf(IllegalArgumentException.class).hasMessage("Key must start with [default|role|group]");
    }

    @Test
    public void testPolicyLoad() throws Exception {
        testPolicyLoad("WEB-INF/classes/security-policy.properties");
    }

    @Test
    public void testPolicyLoad2() throws Exception {
        testPolicyLoad("WEB-INF/classes/split/security-policy.properties");
    }

    @Test
    public void testPolicyDelete() throws Exception {
        testPolicyDelete("WEB-INF/classes/security-policy.properties");
    }

    public void testPolicyDelete(String str) throws Exception {
        Path parent = Paths.get(Thread.currentThread().getContextClassLoader().getResource(str).toURI()).getParent();
        Assert.assertTrue(RoleRegistry.get().getRegisteredRoles().isEmpty());
        this.deployer.deployPolicy(parent);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(AuthorizationPolicy.class);
        ((AuthorizationPolicyStorage) Mockito.verify(this.storage)).loadPolicy();
        ((AuthorizationPolicyStorage) Mockito.verify(this.storage)).savePolicy((AuthorizationPolicy) forClass.capture());
        this.vfsstorage.savePolicy((AuthorizationPolicy) forClass.getValue());
        AuthorizationPolicy loadPolicyFromVfs = this.vfsstorage.loadPolicyFromVfs();
        Assert.assertEquals(1L, loadPolicyFromVfs.getGroups().size());
        GroupImpl groupImpl = new GroupImpl("group1");
        Permission permission = loadPolicyFromVfs.getPermissions(groupImpl).get("perspective.read");
        Assert.assertNotNull(permission);
        Assert.assertEquals(AuthorizationResult.ACCESS_GRANTED, permission.getResult());
        this.vfsstorage.deletePolicyByGroup(groupImpl, (AuthorizationPolicy) forClass.getValue());
        ((Event) Mockito.verify(this.event)).fire(Mockito.any());
        Assert.assertEquals(0L, this.vfsstorage.loadPolicyFromVfs().getGroups().size());
    }

    public void testPolicyLoad(String str) throws Exception {
        Path parent = Paths.get(Thread.currentThread().getContextClassLoader().getResource(str).toURI()).getParent();
        Assert.assertTrue(RoleRegistry.get().getRegisteredRoles().isEmpty());
        this.deployer.deployPolicy(parent);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(AuthorizationPolicy.class);
        ((AuthorizationPolicyStorage) Mockito.verify(this.storage)).loadPolicy();
        ((AuthorizationPolicyStorage) Mockito.verify(this.storage)).savePolicy((AuthorizationPolicy) forClass.capture());
        ((Event) Mockito.verify(this.event)).fire(Mockito.any());
        AuthorizationPolicy authorizationPolicy = (AuthorizationPolicy) forClass.getValue();
        ((PermissionManager) Mockito.verify(this.permissionManager)).setAuthorizationPolicy(authorizationPolicy);
        Assert.assertEquals(RoleRegistry.get().getRegisteredRoles().size(), 3L);
        Set roles = authorizationPolicy.getRoles();
        Assert.assertEquals(roles.size(), 3L);
        RoleImpl roleImpl = new RoleImpl("admin");
        PermissionCollection permissions = authorizationPolicy.getPermissions(roleImpl);
        Assert.assertTrue(roles.contains(roleImpl));
        Assert.assertEquals(authorizationPolicy.getRoleDescription(roleImpl), "Administrator");
        Assert.assertEquals(authorizationPolicy.getPriority(roleImpl), 1L);
        Assert.assertEquals(permissions.collection().size(), 3L);
        Permission permission = permissions.get("perspective.read");
        Assert.assertNotNull(permission);
        Assert.assertEquals(permission.getResult(), AuthorizationResult.ACCESS_GRANTED);
        Permission permission2 = permissions.get("perspective.read.SimplePerspective");
        Assert.assertNotNull(permission2);
        Assert.assertEquals(permission2.getResult(), AuthorizationResult.ACCESS_DENIED);
        RoleImpl roleImpl2 = new RoleImpl("user");
        PermissionCollection permissions2 = authorizationPolicy.getPermissions(roleImpl2);
        Assert.assertTrue(roles.contains(roleImpl2));
        Assert.assertEquals(authorizationPolicy.getRoleDescription(roleImpl2), "End user");
        Assert.assertEquals(authorizationPolicy.getPriority(roleImpl2), 2L);
        Assert.assertEquals(permissions2.collection().size(), 4L);
        Permission permission3 = permissions2.get("perspective.read");
        Assert.assertNotNull(permission3);
        Assert.assertEquals(permission3.getResult(), AuthorizationResult.ACCESS_DENIED);
        Permission permission4 = permissions2.get("perspective.read.HomePerspective");
        Assert.assertNotNull(permission4);
        Assert.assertEquals(permission4.getResult(), AuthorizationResult.ACCESS_GRANTED);
        Permission permission5 = permissions2.get("perspective.read.SimplePerspective");
        Assert.assertNotNull(permission5);
        Assert.assertEquals(permission5.getResult(), AuthorizationResult.ACCESS_GRANTED);
        RoleImpl roleImpl3 = new RoleImpl("manager");
        PermissionCollection permissions3 = authorizationPolicy.getPermissions(roleImpl3);
        Assert.assertTrue(roles.contains(roleImpl3));
        Assert.assertEquals(authorizationPolicy.getRoleDescription(roleImpl3), "Manager");
        Assert.assertEquals(authorizationPolicy.getPriority(roleImpl3), 3L);
        Assert.assertEquals(permissions3.collection().size(), 3L);
        Permission permission6 = permissions3.get("perspective.read");
        Assert.assertNotNull(permission6);
        Assert.assertEquals(permission6.getResult(), AuthorizationResult.ACCESS_GRANTED);
        Permission permission7 = permissions3.get("repository.read.git://repo1");
        Assert.assertNotNull(permission7);
        Assert.assertEquals(permission7.getResult(), AuthorizationResult.ACCESS_GRANTED);
    }

    @Test
    public void testNothingToDeploy() {
        this.deployer.deployPolicy((Path) null);
        ((AuthorizationPolicyStorage) Mockito.verify(this.storage, Mockito.never())).loadPolicy();
        ((AuthorizationPolicyStorage) Mockito.verify(this.storage, Mockito.never())).savePolicy((AuthorizationPolicy) Mockito.any());
    }

    @Test
    public void testAlreadyDeployed() {
        Mockito.when(this.storage.loadPolicy()).thenReturn(Mockito.mock(AuthorizationPolicy.class));
        this.deployer.deployPolicy(Paths.get("", new String[0]));
        ((AuthorizationPolicyStorage) Mockito.verify(this.storage)).loadPolicy();
        ((AuthorizationPolicyStorage) Mockito.verify(this.storage, Mockito.never())).savePolicy((AuthorizationPolicy) Mockito.any());
    }
}
