package net.krotscheck.kangaroo.authz.admin.v1.resource;

import java.math.BigInteger;
import java.net.URI;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.GenericType;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import net.krotscheck.kangaroo.authz.common.authenticator.AuthenticatorType;
import net.krotscheck.kangaroo.authz.common.database.entity.AbstractAuthzEntity;
import net.krotscheck.kangaroo.authz.common.database.entity.Application;
import net.krotscheck.kangaroo.authz.common.database.entity.ClientType;
import net.krotscheck.kangaroo.authz.common.database.entity.User;
import net.krotscheck.kangaroo.authz.oauth2.exception.RFC6749;
import net.krotscheck.kangaroo.authz.test.ApplicationBuilder;
import net.krotscheck.kangaroo.common.hibernate.entity.AbstractEntity;
import net.krotscheck.kangaroo.common.hibernate.id.IdUtil;
import net.krotscheck.kangaroo.common.response.ListResponseEntity;
import net.krotscheck.kangaroo.test.rule.TestDataResource;
import org.apache.commons.configuration.Configuration;
import org.glassfish.jersey.internal.inject.InjectionManager;
import org.hibernate.Session;
import org.hibernate.search.FullTextSession;
import org.hibernate.search.SearchFactory;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.rules.TestRule;
import org.mockito.Mockito;

/* loaded from: input_file:net/krotscheck/kangaroo/authz/admin/v1/resource/AbstractServiceTest.class */
public final class AbstractServiceTest extends AbstractResourceTest {
    private static ApplicationBuilder.ApplicationContext userApp;
    private SecurityContext mockContext;
    private AbstractService service;
    private static final GenericType<ListResponseEntity<AbstractEntity>> LIST_TYPE = new GenericType<ListResponseEntity<AbstractEntity>>() { // from class: net.krotscheck.kangaroo.authz.admin.v1.resource.AbstractServiceTest.1
    };

    @ClassRule
    public static final TestRule TEST_DATA_RULE = new TestDataResource(HIBERNATE_RESOURCE) { // from class: net.krotscheck.kangaroo.authz.admin.v1.resource.AbstractServiceTest.2
        protected void loadTestData(Session session) {
            ApplicationBuilder.ApplicationContext unused = AbstractServiceTest.userApp = ApplicationBuilder.newApplication(session).client(ClientType.Implicit).authenticator(AuthenticatorType.Password).user().role("foo").identity("test_identity").bearerToken().build();
        }
    };

    /* loaded from: input_file:net/krotscheck/kangaroo/authz/admin/v1/resource/AbstractServiceTest$TestService.class */
    public static final class TestService extends AbstractService {
        protected String getAdminScope() {
            return "kangaroo:application_admin";
        }

        protected String getAccessScope() {
            return "kangaroo:application";
        }
    }

    @Override // net.krotscheck.kangaroo.authz.admin.v1.resource.AbstractResourceTest
    protected GenericType<ListResponseEntity<AbstractEntity>> getListType() {
        return LIST_TYPE;
    }

    @Before
    public void setupTestData() {
        this.mockContext = (SecurityContext) Mockito.mock(SecurityContext.class);
        this.service = new TestService();
        this.service.setConfig(getSystemConfig());
        this.service.setSession(getSession());
        this.service.setFullTextSession(getFullTextSession());
        this.service.setSearchFactory(getSearchFactory());
        this.service.setSecurityContext(this.mockContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.krotscheck.kangaroo.authz.admin.v1.resource.AbstractResourceTest
    public String getAdminScope() {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.krotscheck.kangaroo.authz.admin.v1.resource.AbstractResourceTest
    public String getRegularScope() {
        return null;
    }

    @Override // net.krotscheck.kangaroo.authz.admin.v1.resource.AbstractResourceTest
    protected URI getUrlForId(String str) {
        return UriBuilder.fromPath("/application/").path(str).build(new Object[0]);
    }

    @Override // net.krotscheck.kangaroo.authz.admin.v1.resource.AbstractResourceTest
    protected URI getUrlForEntity(AbstractAuthzEntity abstractAuthzEntity) {
        return getUrlForId(IdUtil.toString(abstractAuthzEntity.getId()));
    }

    @Test
    public void testConstructor() {
        Configuration configuration = (Configuration) Mockito.mock(Configuration.class);
        UriInfo uriInfo = (UriInfo) Mockito.mock(UriInfo.class);
        Session session = (Session) Mockito.mock(Session.class);
        InjectionManager injectionManager = (InjectionManager) Mockito.mock(InjectionManager.class);
        SearchFactory searchFactory = (SearchFactory) Mockito.mock(SearchFactory.class);
        FullTextSession fullTextSession = (FullTextSession) Mockito.mock(FullTextSession.class);
        SecurityContext securityContext = (SecurityContext) Mockito.mock(SecurityContext.class);
        TestService testService = new TestService();
        testService.setInjector(injectionManager);
        testService.setConfig(configuration);
        testService.setSession(session);
        testService.setSearchFactory(searchFactory);
        testService.setFullTextSession(fullTextSession);
        testService.setSecurityContext(securityContext);
        testService.setUriInfo(uriInfo);
        Assert.assertEquals(injectionManager, testService.getInjector());
        Assert.assertEquals(session, testService.getSession());
        Assert.assertEquals(searchFactory, testService.getSearchFactory());
        Assert.assertEquals(fullTextSession, testService.getFullTextSession());
        Assert.assertEquals(securityContext, testService.getSecurityContext());
        Assert.assertEquals(configuration, testService.getConfig());
        Assert.assertEquals(uriInfo, testService.getUriInfo());
    }

    @Test
    public void testGetCurrentUser() {
        ApplicationBuilder.ApplicationContext build = getAdminContext().getBuilder().bearerToken().build();
        ((SecurityContext) Mockito.doReturn(getAdminContext().getToken()).when(this.mockContext)).getUserPrincipal();
        User currentUser = this.service.getCurrentUser();
        Assert.assertNotNull(currentUser);
        Assert.assertEquals(build.getToken().getIdentity().getUser(), currentUser);
    }

    @Test
    public void testGetCurrentUserClientCredentials() {
        ((SecurityContext) Mockito.doReturn(getAdminContext().getBuilder().client(ClientType.ClientCredentials).bearerToken().build().getToken()).when(this.mockContext)).getUserPrincipal();
        Assert.assertNull(this.service.getCurrentUser());
    }

    @Test
    public void testGetAdminApplication() {
        Assert.assertEquals(getAdminContext().getApplication(), this.service.getAdminApplication());
    }

    @Test(expected = NotFoundException.class)
    public void testAssertCanAccessNull() {
        this.service.assertCanAccess((AbstractAuthzEntity) null, "kangaroo:application_admin");
    }

    @Test
    public void testAssertCanAccessAsOwner() {
        ApplicationBuilder.ApplicationContext build = getAdminContext().getBuilder().role("lol").user().identity("not_admin").bearerToken().build();
        ApplicationBuilder.ApplicationContext build2 = userApp.getBuilder().owner(build.getUser()).build();
        ((SecurityContext) Mockito.doReturn(build.getToken()).when(this.mockContext)).getUserPrincipal();
        this.service.assertCanAccess(build2.getApplication(), "kangaroo:application_admin");
        Assert.assertTrue(true);
    }

    @Test
    public void testAssertCanAccessNotOwnerValidScope() {
        ((SecurityContext) Mockito.doReturn(getAdminContext().getBuilder().bearerToken("kangaroo:application_admin").build().getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application_admin");
        this.service.assertCanAccess(userApp.getApplication(), "kangaroo:application_admin");
        Assert.assertTrue(true);
    }

    @Test(expected = NotFoundException.class)
    public void testAssertCanAccessNotOwnerInvalidScope() {
        ((SecurityContext) Mockito.doReturn(getAdminContext().getBuilder().bearerToken("kangaroo:application").build().getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(false).when(this.mockContext)).isUserInRole("kangaroo:application_admin");
        this.service.assertCanAccess(userApp.getApplication(), "kangaroo:application_admin");
    }

    @Test
    public void testAssertCanAccessClientCredentialsValidScope() {
        ((SecurityContext) Mockito.doReturn(getAdminContext().getBuilder().client(ClientType.ClientCredentials).authenticator(AuthenticatorType.Test).bearerToken("kangaroo:application_admin").build().getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application_admin");
        this.service.assertCanAccess(userApp.getApplication(), "kangaroo:application_admin");
        Assert.assertTrue(true);
    }

    @Test(expected = NotFoundException.class)
    public void testAssertCanAccessClientCredentialsInvalidScope() {
        ((SecurityContext) Mockito.doReturn(getAdminContext().getBuilder().client(ClientType.ClientCredentials).authenticator(AuthenticatorType.Test).bearerToken("kangaroo:application").build().getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(false).when(this.mockContext)).isUserInRole("kangaroo:application_admin");
        this.service.assertCanAccess(userApp.getApplication(), "kangaroo:application_admin");
    }

    @Test
    public void testRequestUserFilterAdminNoFilter() {
        ((SecurityContext) Mockito.doReturn(getAdminContext().getBuilder().client(ClientType.Implicit).authenticator(AuthenticatorType.Test).bearerToken("kangaroo:application").build().getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application_admin");
        Assert.assertNull(this.service.resolveOwnershipFilter((BigInteger) null));
    }

    @Test(expected = BadRequestException.class)
    public void testRequestInvalidUserFilterAdminFilter() {
        ((SecurityContext) Mockito.doReturn(getAdminContext().getBuilder().client(ClientType.Implicit).authenticator(AuthenticatorType.Test).bearerToken("kangaroo:application").user().build().getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application_admin");
        this.service.resolveOwnershipFilter(IdUtil.next());
    }

    @Test
    public void testRequestUserFilterAdminFilter() {
        ApplicationBuilder.ApplicationContext build = getAdminContext().getBuilder().client(ClientType.Implicit).authenticator(AuthenticatorType.Test).bearerToken("kangaroo:application").user().build();
        ((SecurityContext) Mockito.doReturn(build.getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application_admin");
        User user = build.getUser();
        Assert.assertEquals(user, this.service.resolveOwnershipFilter(user.getId()));
    }

    @Test
    public void testRequestUserFilterNonAdminNoFilter() {
        ApplicationBuilder.ApplicationContext build = getAdminContext().getBuilder().client(ClientType.Implicit).authenticator(AuthenticatorType.Test).bearerToken("kangaroo:application").build();
        ((SecurityContext) Mockito.doReturn(build.getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application");
        build.getUser();
        Assert.assertEquals(build.getUser(), this.service.resolveOwnershipFilter((BigInteger) null));
    }

    @Test(expected = RFC6749.InvalidScopeException.class)
    public void testRequestUserFilterNonAdminFilter() {
        ApplicationBuilder.ApplicationContext build = getAdminContext().getBuilder().client(ClientType.Implicit).authenticator(AuthenticatorType.Test).bearerToken("kangaroo:application").user().build();
        ((SecurityContext) Mockito.doReturn(build.getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application");
        this.service.resolveOwnershipFilter(build.getUser().getId());
    }

    @Test
    public void testRequestUserFilterNonAdminFilterSelf() {
        ApplicationBuilder.ApplicationContext build = getAdminContext().getBuilder().client(ClientType.Implicit).authenticator(AuthenticatorType.Test).bearerToken("kangaroo:application").build();
        ((SecurityContext) Mockito.doReturn(build.getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application");
        User user = build.getToken().getIdentity().getUser();
        Assert.assertEquals(user, this.service.resolveOwnershipFilter(user.getId()));
    }

    @Test(expected = RFC6749.InvalidScopeException.class)
    public void testRequestUserFilterNonAdminClientCredentials() {
        ApplicationBuilder.ApplicationContext build = getAdminContext().getBuilder().client(ClientType.ClientCredentials).authenticator(AuthenticatorType.Test).bearerToken("kangaroo:application").build();
        ((SecurityContext) Mockito.doReturn(build.getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application");
        this.service.resolveOwnershipFilter(build.getUser().getId());
    }

    @Test(expected = BadRequestException.class)
    public void testRequireEntityInputNullEntity() {
        this.service.requireEntityInput(Application.class, (AbstractAuthzEntity) null);
    }

    @Test(expected = BadRequestException.class)
    public void testRequireEntityInputNoIdEntity() {
        this.service.requireEntityInput(Application.class, new Application());
    }

    @Test
    public void testRequireValidEntity() {
        ((SecurityContext) Mockito.doReturn(getAdminContext().getBuilder().client(ClientType.Implicit).authenticator(AuthenticatorType.Test).bearerToken("kangaroo:application").build().getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application_admin");
        Assert.assertEquals(userApp.getApplication(), this.service.requireEntityInput(Application.class, userApp.getApplication()));
    }

    @Test
    public void testResolveFilterEntityNoEntityAdmin() {
        ((SecurityContext) Mockito.doReturn(getAdminContext().getBuilder().client(ClientType.Implicit).authenticator(AuthenticatorType.Test).bearerToken("kangaroo:application").build().getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application_admin");
        Assert.assertNull(this.service.resolveFilterEntity(Application.class, (BigInteger) null));
    }

    @Test(expected = BadRequestException.class)
    public void testResolveFilterEntityNonexistentEntityIdAdmin() {
        ((SecurityContext) Mockito.doReturn(getAdminContext().getBuilder().client(ClientType.Implicit).authenticator(AuthenticatorType.Test).bearerToken("kangaroo:application").build().getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application_admin");
        this.service.resolveFilterEntity(Application.class, IdUtil.next());
    }

    @Test
    public void testResolveFilterEntityValidEntityIdAdmin() {
        ((SecurityContext) Mockito.doReturn(getAdminContext().getBuilder().client(ClientType.Implicit).authenticator(AuthenticatorType.Test).bearerToken("kangaroo:application").build().getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application_admin");
        Assert.assertEquals(userApp.getApplication(), this.service.resolveFilterEntity(Application.class, userApp.getApplication().getId()));
    }

    @Test(expected = RFC6749.InvalidScopeException.class)
    public void testResolveFilterEntityInvalidScope() {
        ((SecurityContext) Mockito.doReturn(getAdminContext().getBuilder().client(ClientType.Implicit).authenticator(AuthenticatorType.Test).bearerToken("kangaroo:application").build().getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:user");
        this.service.resolveFilterEntity(Application.class, userApp.getApplication().getId());
    }

    @Test
    public void testResolveFilterEntityNullEntityIdNonAdmin() {
        ((SecurityContext) Mockito.doReturn(getAdminContext().getBuilder().client(ClientType.Implicit).authenticator(AuthenticatorType.Test).bearerToken("kangaroo:application").build().getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application");
        Assert.assertNull(this.service.resolveFilterEntity(Application.class, (BigInteger) null));
    }

    @Test(expected = BadRequestException.class)
    public void testResolveFilterEntityNonexistentEntityIdNonAdmin() {
        ((SecurityContext) Mockito.doReturn(getAdminContext().getBuilder().client(ClientType.Implicit).authenticator(AuthenticatorType.Test).bearerToken("kangaroo:application").build().getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application");
        this.service.resolveFilterEntity(Application.class, IdUtil.next());
    }

    @Test(expected = RFC6749.InvalidScopeException.class)
    public void testResolveFilterEntityNoTokenIdentity() {
        ApplicationBuilder.ApplicationContext build = getAdminContext().getBuilder().client(ClientType.ClientCredentials).bearerToken("kangaroo:application").build();
        ((SecurityContext) Mockito.doReturn(build.getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application");
        this.service.resolveFilterEntity(Application.class, build.getApplication().getId());
    }

    @Test(expected = BadRequestException.class)
    public void testResolveFilterEntityNonAdminNonOwner() {
        ApplicationBuilder.ApplicationContext build = getAdminContext().getBuilder().user().identity().build();
        ApplicationBuilder.ApplicationContext build2 = userApp.getBuilder().owner(build.getUser()).build();
        ((SecurityContext) Mockito.doReturn(build.getBuilder().user().identity().bearerToken("kangaroo:application").build().getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application");
        this.service.resolveFilterEntity(Application.class, build2.getApplication().getId());
    }

    @Test
    public void testResolveFilterEntityNonAdminOwner() {
        ApplicationBuilder.ApplicationContext build = getAdminContext().getBuilder().user().identity().bearerToken("kangaroo:application").build();
        ApplicationBuilder.ApplicationContext build2 = userApp.getBuilder().owner(build.getUser()).build();
        ((SecurityContext) Mockito.doReturn(build.getToken()).when(this.mockContext)).getUserPrincipal();
        ((SecurityContext) Mockito.doReturn(true).when(this.mockContext)).isUserInRole("kangaroo:application");
        Assert.assertEquals(build.getUser(), this.service.resolveFilterEntity(Application.class, build2.getApplication().getId()).getOwner());
    }
}
