package io.apicurio.registry.auth;

import io.apicurio.registry.AbstractResourceTestBase;
import io.apicurio.registry.rest.client.RegistryClient;
import io.apicurio.registry.rest.client.RegistryClientFactory;
import io.apicurio.registry.rest.client.exception.ArtifactNotFoundException;
import io.apicurio.registry.rest.v2.beans.ArtifactMetaData;
import io.apicurio.registry.rest.v2.beans.EditableMetaData;
import io.apicurio.registry.rest.v2.beans.Rule;
import io.apicurio.registry.rest.v2.beans.UserInfo;
import io.apicurio.registry.rules.compatibility.CompatibilityLevel;
import io.apicurio.registry.rules.validity.ValidityLevel;
import io.apicurio.registry.types.ArtifactType;
import io.apicurio.registry.types.RuleType;
import io.apicurio.registry.utils.tests.AuthTestProfile;
import io.apicurio.registry.utils.tests.TestUtils;
import io.apicurio.rest.client.auth.Auth;
import io.apicurio.rest.client.auth.BasicAuth;
import io.apicurio.rest.client.auth.OidcAuth;
import io.apicurio.rest.client.auth.exception.AuthErrorHandler;
import io.apicurio.rest.client.auth.exception.ForbiddenException;
import io.apicurio.rest.client.auth.exception.NotAuthorizedException;
import io.apicurio.rest.client.spi.ApicurioHttpClient;
import io.apicurio.rest.client.spi.ApicurioHttpClientFactory;
import io.quarkus.test.junit.QuarkusTest;
import io.quarkus.test.junit.TestProfile;
import java.io.ByteArrayInputStream;
import java.util.Collections;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;

@QuarkusTest
@TestProfile(AuthTestProfile.class)
@Tag("docker")
/* loaded from: input_file:io/apicurio/registry/auth/SimpleAuthTest.class */
public class SimpleAuthTest extends AbstractResourceTestBase {

    @ConfigProperty(name = "registry.auth.token.endpoint")
    String authServerUrlConfigured;
    String adminClientId = "registry-api";
    String developerClientId = "registry-api-dev";
    String readOnlyClientId = "registry-api-readonly";
    String testUsername = "sr-test-user";
    String testPassword = "sr-test-password";
    final String groupId = "authTestGroupId";
    ApicurioHttpClient httpClient;

    private RegistryClient createClient(Auth auth) {
        return RegistryClientFactory.create(this.registryV2ApiUrl, Collections.emptyMap(), auth);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.apicurio.registry.AbstractResourceTestBase
    public RegistryClient createRestClientV2() {
        this.httpClient = ApicurioHttpClientFactory.create(this.authServerUrlConfigured, new AuthErrorHandler());
        return createClient(new OidcAuth(this.httpClient, this.adminClientId, "test1"));
    }

    @Test
    public void testWrongCreds() throws Exception {
        RegistryClient createClient = createClient(new OidcAuth(this.httpClient, this.readOnlyClientId, "test55"));
        Assertions.assertThrows(NotAuthorizedException.class, () -> {
            createClient.listArtifactsInGroup("authTestGroupId");
        });
    }

    @Test
    public void testReadOnly() throws Exception {
        RegistryClient createClient = createClient(new OidcAuth(this.httpClient, this.readOnlyClientId, "test1"));
        String generateArtifactId = TestUtils.generateArtifactId();
        createClient.listArtifactsInGroup("authTestGroupId");
        Assertions.assertThrows(ArtifactNotFoundException.class, () -> {
            createClient.getArtifactMetaData("authTestGroupId", generateArtifactId);
        });
        Assertions.assertThrows(ArtifactNotFoundException.class, () -> {
            createClient.getLatestArtifact("abc", generateArtifactId);
        });
        Assertions.assertThrows(ForbiddenException.class, () -> {
            createClient.createArtifact("testReadOnly", generateArtifactId, ArtifactType.JSON, new ByteArrayInputStream("{}".getBytes()));
        });
        RegistryClient createClient2 = createClient(new OidcAuth(this.httpClient, this.developerClientId, "test1"));
        ArtifactMetaData createArtifact = createClient2.createArtifact("authTestGroupId", generateArtifactId, ArtifactType.JSON, new ByteArrayInputStream("{}".getBytes()));
        TestUtils.retry(() -> {
            return createClient2.getArtifactMetaData("authTestGroupId", createArtifact.getId());
        });
        Assertions.assertNotNull(createClient.getLatestArtifact("authTestGroupId", generateArtifactId));
        UserInfo currentUserInfo = createClient.getCurrentUserInfo();
        Assertions.assertNotNull(currentUserInfo);
        Assertions.assertEquals("service-account-registry-api-readonly", currentUserInfo.getUsername());
        Assertions.assertFalse(currentUserInfo.getAdmin().booleanValue());
        Assertions.assertFalse(currentUserInfo.getDeveloper().booleanValue());
        Assertions.assertTrue(currentUserInfo.getViewer().booleanValue());
    }

    @Test
    public void testDevRole() throws Exception {
        RegistryClient createClient = createClient(new OidcAuth(this.httpClient, this.developerClientId, "test1"));
        String generateArtifactId = TestUtils.generateArtifactId();
        try {
            createClient.listArtifactsInGroup("authTestGroupId");
            createClient.createArtifact("authTestGroupId", generateArtifactId, ArtifactType.JSON, new ByteArrayInputStream("{}".getBytes()));
            TestUtils.retry(() -> {
                return createClient.getArtifactMetaData("authTestGroupId", generateArtifactId);
            });
            Assertions.assertNotNull(createClient.getLatestArtifact("authTestGroupId", generateArtifactId));
            Rule rule = new Rule();
            rule.setType(RuleType.VALIDITY);
            rule.setConfig(ValidityLevel.NONE.name());
            createClient.createArtifactRule("authTestGroupId", generateArtifactId, rule);
            Assertions.assertThrows(ForbiddenException.class, () -> {
                createClient.createGlobalRule(rule);
            });
            UserInfo currentUserInfo = createClient.getCurrentUserInfo();
            Assertions.assertNotNull(currentUserInfo);
            Assertions.assertEquals("service-account-registry-api-dev", currentUserInfo.getUsername());
            Assertions.assertFalse(currentUserInfo.getAdmin().booleanValue());
            Assertions.assertTrue(currentUserInfo.getDeveloper().booleanValue());
            Assertions.assertFalse(currentUserInfo.getViewer().booleanValue());
            createClient.deleteArtifact("authTestGroupId", generateArtifactId);
        } catch (Throwable th) {
            createClient.deleteArtifact("authTestGroupId", generateArtifactId);
            throw th;
        }
    }

    @Test
    public void testAdminRole() throws Exception {
        RegistryClient createClient = createClient(new OidcAuth(this.httpClient, this.adminClientId, "test1"));
        String generateArtifactId = TestUtils.generateArtifactId();
        try {
            createClient.listArtifactsInGroup("authTestGroupId");
            createClient.createArtifact("authTestGroupId", generateArtifactId, ArtifactType.JSON, new ByteArrayInputStream("{}".getBytes()));
            TestUtils.retry(() -> {
                return createClient.getArtifactMetaData("authTestGroupId", generateArtifactId);
            });
            Assertions.assertNotNull(createClient.getLatestArtifact("authTestGroupId", generateArtifactId));
            Rule rule = new Rule();
            rule.setType(RuleType.VALIDITY);
            rule.setConfig(ValidityLevel.NONE.name());
            createClient.createArtifactRule("authTestGroupId", generateArtifactId, rule);
            createClient.createGlobalRule(rule);
            UserInfo currentUserInfo = createClient.getCurrentUserInfo();
            Assertions.assertNotNull(currentUserInfo);
            Assertions.assertEquals("service-account-registry-api", currentUserInfo.getUsername());
            Assertions.assertTrue(currentUserInfo.getAdmin().booleanValue());
            Assertions.assertFalse(currentUserInfo.getDeveloper().booleanValue());
            Assertions.assertFalse(currentUserInfo.getViewer().booleanValue());
            createClient.deleteArtifact("authTestGroupId", generateArtifactId);
        } catch (Throwable th) {
            createClient.deleteArtifact("authTestGroupId", generateArtifactId);
            throw th;
        }
    }

    @Test
    public void testAdminRoleBasicAuth() throws Exception {
        RegistryClient createClient = createClient(new BasicAuth(this.testUsername, this.testPassword));
        String generateArtifactId = TestUtils.generateArtifactId();
        try {
            createClient.listArtifactsInGroup("authTestGroupId");
            createClient.createArtifact("authTestGroupId", generateArtifactId, ArtifactType.JSON, new ByteArrayInputStream("{}".getBytes()));
            TestUtils.retry(() -> {
                return createClient.getArtifactMetaData("authTestGroupId", generateArtifactId);
            });
            Assertions.assertNotNull(createClient.getLatestArtifact("authTestGroupId", generateArtifactId));
            Rule rule = new Rule();
            rule.setType(RuleType.VALIDITY);
            rule.setConfig(ValidityLevel.NONE.name());
            createClient.createArtifactRule("authTestGroupId", generateArtifactId, rule);
            createClient.createGlobalRule(rule);
            createClient.deleteArtifact("authTestGroupId", generateArtifactId);
        } catch (Throwable th) {
            createClient.deleteArtifact("authTestGroupId", generateArtifactId);
            throw th;
        }
    }

    @Test
    public void testOwnerOnlyAuthorization() throws Exception {
        RegistryClient createClient = createClient(new OidcAuth(this.httpClient, this.developerClientId, "test1"));
        RegistryClient createClient2 = createClient(new OidcAuth(this.httpClient, this.adminClientId, "test1"));
        String generateArtifactId = TestUtils.generateArtifactId();
        createClient2.createArtifact("authTestGroupId", generateArtifactId, ArtifactType.JSON, new ByteArrayInputStream("{}".getBytes()));
        EditableMetaData editableMetaData = new EditableMetaData();
        editableMetaData.setName("Updated Name");
        Assertions.assertThrows(ForbiddenException.class, () -> {
            createClient.updateArtifactMetaData("authTestGroupId", generateArtifactId, editableMetaData);
        });
        createClient2.updateArtifactMetaData("authTestGroupId", generateArtifactId, editableMetaData);
        String generateArtifactId2 = TestUtils.generateArtifactId();
        createClient.createArtifact("authTestGroupId", generateArtifactId2, ArtifactType.JSON, new ByteArrayInputStream("{}".getBytes()));
        Rule rule = new Rule();
        rule.setType(RuleType.COMPATIBILITY);
        rule.setConfig(CompatibilityLevel.BACKWARD.name());
        createClient2.createArtifactRule("authTestGroupId", generateArtifactId2, rule);
    }
}
