package org.kie.kogito.security;

import io.quarkus.test.common.QuarkusTestResource;
import io.quarkus.test.junit.QuarkusTest;
import io.restassured.RestAssured;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.Test;
import org.keycloak.representations.AccessTokenResponse;
import org.kie.kogito.test.quarkus.QuarkusTestProperty;
import org.kie.kogito.testcontainers.quarkus.KeycloakQuarkusTestResource;

@QuarkusTest
@QuarkusTestResource(KeycloakQuarkusTestResource.class)
/* loaded from: input_file:org/kie/kogito/security/KeycloakSecurityCommonsServiceIT.class */
class KeycloakSecurityCommonsServiceIT {
    public static final int OK_CODE = 200;
    public static final int FORBIDDEN_CODE = 401;

    @QuarkusTestProperty(name = "quarkus.oidc.auth-server-url")
    String keycloakURL;

    KeycloakSecurityCommonsServiceIT() {
    }

    @Test
    void meTest() throws Exception {
        RestAssured.given().auth().oauth2(getAccessToken("jdoe")).when().get("/api/user/me", new Object[0]).then().statusCode(OK_CODE).body("userName", CoreMatchers.is("jdoe"), new Object[0]).body("roles", Matchers.hasSize(2), new Object[0]);
        RestAssured.given().auth().oauth2(getAccessToken("alice")).when().get("/api/user/me", new Object[0]).then().statusCode(OK_CODE).body("userName", CoreMatchers.is("alice"), new Object[0]).body("roles", Matchers.hasSize(1), new Object[0]);
        RestAssured.given().when().get("/api/user/me", new Object[0]).then().statusCode(FORBIDDEN_CODE);
    }

    private String getAccessToken(String str) {
        return ((AccessTokenResponse) RestAssured.given().param("grant_type", new Object[]{"password"}).param("username", new Object[]{str}).param("password", new Object[]{str}).param("client_id", new Object[]{"kogito-app"}).param("client_secret", new Object[]{"secret"}).when().post(this.keycloakURL + "/protocol/openid-connect/token", new Object[0]).as(AccessTokenResponse.class)).getToken();
    }
}
