package org.uberfire.backend.server.authz;

import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.assertj.core.api.Assertions;
import org.jboss.errai.security.shared.api.RoleImpl;
import org.jboss.errai.security.shared.api.identity.User;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
import org.uberfire.backend.server.authz.AuthorizationPolicyMarshaller;
import org.uberfire.security.authz.AuthorizationPolicy;
import org.uberfire.security.authz.AuthorizationResult;
import org.uberfire.security.authz.Permission;
import org.uberfire.security.authz.PermissionCollection;
import org.uberfire.security.authz.PermissionManager;
import org.uberfire.security.authz.VotingStrategy;
import org.uberfire.security.impl.authz.AuthorizationPolicyBuilder;
import org.uberfire.security.impl.authz.DefaultPermissionManager;
import org.uberfire.security.impl.authz.DefaultPermissionTypeRegistry;

/* loaded from: input_file:org/uberfire/backend/server/authz/AuthzPolicyMarshallerTest.class */
public class AuthzPolicyMarshallerTest {
    AuthorizationPolicyBuilder builder;
    AuthorizationPolicyMarshaller marshaller;
    PermissionManager permissionManager;

    @Before
    public void setUp() {
        this.permissionManager = new DefaultPermissionManager(new DefaultPermissionTypeRegistry());
        this.builder = this.permissionManager.newAuthorizationPolicy();
        this.marshaller = new AuthorizationPolicyMarshaller();
    }

    protected User createUserMock(String... strArr) {
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getRoles()).thenReturn((Set) Stream.of((Object[]) strArr).map(RoleImpl::new).collect(Collectors.toSet()));
        Mockito.when(user.getGroups()).thenReturn((Object) null);
        return user;
    }

    @Test
    public void testDefaultHomeEntry() {
        AuthorizationPolicyMarshaller.Key parse = this.marshaller.parse("default.home");
        Assert.assertTrue(parse.isDefault());
        Assert.assertEquals(parse.getAttributeType(), "home");
    }

    @Test
    public void testDefaultPermissionEntry() {
        AuthorizationPolicyMarshaller.Key parse = this.marshaller.parse("default.permission.perspective.read");
        Assert.assertTrue(parse.isDefault());
        Assert.assertEquals(parse.getAttributeType(), "permission");
        Assert.assertEquals(parse.getAttributeId(), "perspective.read");
    }

    @Test
    public void testOverwriteDefault() {
        HashMap hashMap = new HashMap();
        hashMap.put("default.permission.perspective.read", "false");
        hashMap.put("default.permission.perspective.read.HomePerspective", "true");
        hashMap.put("role.user.permission.perspective.read", "false");
        hashMap.put("role.user.permission.perspective.read.HomePerspective", "true");
        hashMap.put("role.user.permission.perspective.read.Sales dashboard", "true");
        this.marshaller.read(this.builder, new Map[]{hashMap});
        this.permissionManager.setAuthorizationPolicy(this.builder.build());
        PermissionCollection resolvePermissions = this.permissionManager.resolvePermissions(createUserMock("user", "manager"), VotingStrategy.PRIORITY);
        Assert.assertEquals(resolvePermissions.collection().size(), 3L);
        Assert.assertEquals(resolvePermissions.get("perspective.read").getResult(), AuthorizationResult.ACCESS_DENIED);
        Assert.assertEquals(resolvePermissions.get("perspective.read.HomePerspective").getResult(), AuthorizationResult.ACCESS_GRANTED);
        Assert.assertEquals(resolvePermissions.get("perspective.read.Sales dashboard").getResult(), AuthorizationResult.ACCESS_GRANTED);
    }

    @Test
    public void testDefaultPermissionsNotOverwrite() {
        HashMap hashMap = new HashMap();
        hashMap.put("default.permission.perspective.read.p1", "false");
        hashMap.put("default.permission.perspective.read.p2", "false");
        hashMap.put("role.user.permission.perspective.read", "true");
        hashMap.put("role.user.permission.perspective.read.p2", "false");
        this.marshaller.read(this.builder, new Map[]{hashMap});
        this.permissionManager.setAuthorizationPolicy(this.builder.build());
        PermissionCollection resolvePermissions = this.permissionManager.resolvePermissions(createUserMock("user"), VotingStrategy.PRIORITY);
        Assert.assertEquals(resolvePermissions.collection().size(), 2L);
        Assert.assertEquals(resolvePermissions.get("perspective.read").getResult(), AuthorizationResult.ACCESS_GRANTED);
        Assert.assertNull(resolvePermissions.get("perspective.read.p1"));
        Assert.assertEquals(resolvePermissions.get("perspective.read.p2").getResult(), AuthorizationResult.ACCESS_DENIED);
    }

    @Test
    public void testHomeEntry() {
        AuthorizationPolicyMarshaller.Key parse = this.marshaller.parse("role.admin.home");
        Assert.assertTrue(parse.isRole());
        Assert.assertEquals(parse.getRole(), "admin");
        Assert.assertEquals(parse.getAttributeType(), "home");
        Assert.assertNull(parse.getAttributeId());
    }

    @Test
    public void testGroupEntry() {
        AuthorizationPolicyMarshaller.Key parse = this.marshaller.parse("group.IT.home");
        Assert.assertFalse(parse.isRole());
        Assert.assertTrue(parse.isGroup());
        Assert.assertEquals(parse.getGroup(), "IT");
        Assert.assertEquals(parse.getAttributeType(), "home");
        Assert.assertNull(parse.getAttributeId());
    }

    @Test
    public void testPriorityEntry() {
        AuthorizationPolicyMarshaller.Key parse = this.marshaller.parse("role.admin.priority");
        Assert.assertTrue(parse.isRole());
        Assert.assertEquals(parse.getRole(), "admin");
        Assert.assertEquals(parse.getAttributeType(), "priority");
        Assert.assertNull(parse.getAttributeId());
    }

    @Test
    public void testPermissionEntry() {
        AuthorizationPolicyMarshaller.Key parse = this.marshaller.parse("role.admin.permission.perspective.read");
        Assert.assertTrue(parse.isRole());
        Assert.assertEquals(parse.getRole(), "admin");
        Assert.assertEquals(parse.getAttributeType(), "permission");
        Assert.assertEquals(parse.getAttributeId(), "perspective.read");
    }

    @Test
    public void testSpecialCharsAllowed() {
        AuthorizationPolicyMarshaller.Key parse = this.marshaller.parse("role.manager.permission.repository.update.git://repo1");
        Assert.assertTrue(parse.isRole());
        Assert.assertEquals(parse.getRole(), "manager");
        Assert.assertEquals(parse.getAttributeType(), "permission");
        Assert.assertEquals(parse.getAttributeId(), "repository.update.git://repo1");
    }

    @Test
    public void testRoleMissing() {
        Assertions.assertThatThrownBy(() -> {
            this.marshaller.parse("role..priority");
        }).isInstanceOf(IllegalArgumentException.class).hasMessage("Role value is empty");
    }

    @Test
    public void testTypeMissing() {
        Assertions.assertThatThrownBy(() -> {
            this.marshaller.parse(".admin.priority");
        }).isInstanceOf(IllegalArgumentException.class).hasMessage("Key must start with [default|role|group]");
    }

    @Test
    public void testIncompleteEntry() {
        Assertions.assertThatThrownBy(() -> {
            this.marshaller.parse("role");
        }).isInstanceOf(IllegalArgumentException.class).hasMessage("Role value is empty");
    }

    @Test
    public void testReadDefaultEntries() {
        AuthorizationPolicy build = this.builder.bydefault().home("B").permission("p1", false).permission("p2", true).role("admin").permission("p1", true).build();
        String homePerspective = build.getHomePerspective();
        PermissionCollection permissions = build.getPermissions();
        Assert.assertEquals(homePerspective, "B");
        Assert.assertEquals(permissions.collection().size(), 2L);
        Assert.assertNotNull(permissions.get("p1"));
        Assert.assertNotNull(permissions.get("p2"));
        Assert.assertEquals(permissions.get("p1").getResult(), AuthorizationResult.ACCESS_DENIED);
        Assert.assertEquals(permissions.get("p2").getResult(), AuthorizationResult.ACCESS_GRANTED);
        RoleImpl roleImpl = new RoleImpl("admin");
        String homePerspective2 = build.getHomePerspective(roleImpl);
        PermissionCollection permissions2 = build.getPermissions(roleImpl);
        Assert.assertEquals(homePerspective2, "B");
        Assert.assertEquals(permissions2.collection().size(), 2L);
        Assert.assertNotNull(permissions2.get("p1"));
        Assert.assertNotNull(permissions2.get("p2"));
        Assert.assertEquals(permissions2.get("p1").getResult(), AuthorizationResult.ACCESS_GRANTED);
        Assert.assertEquals(permissions2.get("p2").getResult(), AuthorizationResult.ACCESS_GRANTED);
    }

    @Test
    public void testPolicyRead() throws Exception {
        Path path = Paths.get(Thread.currentThread().getContextClassLoader().getResource("WEB-INF/classes/security-policy.properties").toURI());
        Map nonEscapedProperties = new NonEscapedProperties();
        nonEscapedProperties.load(Files.newBufferedReader(path));
        this.marshaller.read(this.builder, new Map[]{nonEscapedProperties});
        AuthorizationPolicy build = this.builder.build();
        Set roles = build.getRoles();
        Assert.assertEquals(roles.size(), 3L);
        RoleImpl roleImpl = new RoleImpl("admin");
        PermissionCollection permissions = build.getPermissions(roleImpl);
        Assert.assertTrue(roles.contains(roleImpl));
        Assert.assertEquals(build.getRoleDescription(roleImpl), "Administrator");
        Assert.assertEquals(build.getPriority(roleImpl), 1L);
        Assert.assertEquals(permissions.collection().size(), 3L);
        Permission permission = permissions.get("perspective.read");
        Assert.assertNotNull(permission);
        Assert.assertEquals(permission.getResult(), AuthorizationResult.ACCESS_GRANTED);
        Permission permission2 = permissions.get("perspective.read.SimplePerspective");
        Assert.assertNotNull(permission2);
        Assert.assertEquals(permission2.getResult(), AuthorizationResult.ACCESS_DENIED);
        RoleImpl roleImpl2 = new RoleImpl("user");
        PermissionCollection permissions2 = build.getPermissions(roleImpl2);
        Assert.assertTrue(roles.contains(roleImpl2));
        Assert.assertEquals(build.getRoleDescription(roleImpl2), "End user");
        Assert.assertEquals(build.getPriority(roleImpl2), 2L);
        Assert.assertEquals(permissions2.collection().size(), 4L);
        Permission permission3 = permissions2.get("perspective.read");
        Assert.assertNotNull(permission3);
        Assert.assertEquals(permission3.getResult(), AuthorizationResult.ACCESS_DENIED);
        Permission permission4 = permissions2.get("perspective.read.HomePerspective");
        Assert.assertNotNull(permission4);
        Assert.assertEquals(permission4.getResult(), AuthorizationResult.ACCESS_GRANTED);
        Permission permission5 = permissions2.get("perspective.read.SimplePerspective");
        Assert.assertNotNull(permission5);
        Assert.assertEquals(permission5.getResult(), AuthorizationResult.ACCESS_GRANTED);
        RoleImpl roleImpl3 = new RoleImpl("manager");
        PermissionCollection permissions3 = build.getPermissions(roleImpl3);
        Assert.assertTrue(roles.contains(roleImpl3));
        Assert.assertEquals(build.getRoleDescription(roleImpl3), "Manager");
        Assert.assertEquals(build.getPriority(roleImpl3), 3L);
        Assert.assertEquals(permissions3.collection().size(), 3L);
        Permission permission6 = permissions3.get("perspective.read");
        Assert.assertNotNull(permission6);
        Assert.assertEquals(permission6.getResult(), AuthorizationResult.ACCESS_GRANTED);
        Permission permission7 = permissions3.get("repository.read.git://repo1");
        Assert.assertNotNull(permission7);
        Assert.assertEquals(permission7.getResult(), AuthorizationResult.ACCESS_GRANTED);
    }

    @Test
    public void testPolicyWrite() {
        this.builder.role("admin").priority(5).home("A").permission("p1", true).permission("p2", false).group("group1").priority(3).home("B").permission("p1", false).permission("p2", true).bydefault().home("B").permission("p1", false).permission("p2", true);
        AuthorizationPolicy build = this.builder.build();
        TreeMap treeMap = new TreeMap();
        this.marshaller.write(build, treeMap);
        Assert.assertEquals(treeMap.size(), 11L);
        Assert.assertEquals(treeMap.get("role.admin.home"), "A");
        Assert.assertEquals(treeMap.get("role.admin.home"), "A");
        Assert.assertEquals(treeMap.get("role.admin.priority"), "5");
        Assert.assertEquals(treeMap.get("role.admin.permission.p1"), "true");
        Assert.assertEquals(treeMap.get("role.admin.permission.p2"), "false");
        Assert.assertEquals(treeMap.get("group.group1.home"), "B");
        Assert.assertEquals(treeMap.get("group.group1.priority"), "3");
        Assert.assertEquals(treeMap.get("group.group1.permission.p1"), "false");
        Assert.assertEquals(treeMap.get("group.group1.permission.p2"), "true");
        Assert.assertEquals(treeMap.get("default.home"), "B");
        Assert.assertEquals(treeMap.get("default.permission.p1"), "false");
        Assert.assertEquals(treeMap.get("default.permission.p2"), "true");
    }
}
