package io.vertx.ext.auth.test.oauth2;

import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.authorization.PermissionBasedAuthorization;
import io.vertx.ext.auth.authorization.RoleBasedAuthorization;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2ClientOptions;
import io.vertx.ext.auth.oauth2.OAuth2FlowType;
import io.vertx.ext.auth.oauth2.authorization.KeycloakAuthorization;
import io.vertx.ext.auth.oauth2.authorization.ScopeAuthorization;
import io.vertx.ext.auth.oauth2.providers.KeycloakAuth;
import io.vertx.ext.unit.Async;
import io.vertx.ext.unit.TestContext;
import io.vertx.ext.unit.junit.RunTestOnContext;
import io.vertx.ext.unit.junit.VertxUnitRunnerWithParametersFactory;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@Parameterized.UseParametersRunnerFactory(VertxUnitRunnerWithParametersFactory.class)
@RunWith(Parameterized.class)
/* loaded from: input_file:io/vertx/ext/auth/test/oauth2/OAuth2KeycloakIT.class */
public class OAuth2KeycloakIT {

    @Rule
    public RunTestOnContext rule = new RunTestOnContext();
    private OAuth2Auth keycloak;
    private final String site;

    @Parameterized.Parameters
    public static List<String> sites() {
        return Arrays.asList("http://localhost:8888", "https://localhost:9443");
    }

    public OAuth2KeycloakIT(String str) {
        this.site = str;
    }

    @Before
    public void setUp(TestContext testContext) {
        Async async = testContext.async();
        OAuth2ClientOptions site = new OAuth2ClientOptions().setFlow(OAuth2FlowType.PASSWORD).setClientID("public-client").setTenant("vertx-test").setSite(this.site + "/auth/realms/{tenant}");
        site.setTrustAll(true);
        KeycloakAuth.discover(this.rule.vertx(), site, asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            this.keycloak = (OAuth2Auth) asyncResult.result();
            async.complete();
        });
    }

    @Test
    public void shouldLoginWithUsernamePassword(TestContext testContext) {
        Async async = testContext.async();
        this.keycloak.authenticate(new JsonObject().put("username", "test-user").put("password", "tiger"), asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            testContext.assertNotNull(asyncResult.result());
            async.complete();
        });
    }

    @Test
    public void shouldLoginWithAccessToken(TestContext testContext) {
        Async async = testContext.async();
        this.keycloak.authenticate(new JsonObject().put("username", "test-user").put("password", "tiger"), asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            testContext.assertNotNull(asyncResult.result());
            this.keycloak.authenticate(new JsonObject().put("access_token", ((User) asyncResult.result()).principal().getString("access_token")).put("token_type", "Bearer"), asyncResult -> {
                testContext.assertTrue(asyncResult.succeeded());
                testContext.assertNotNull(asyncResult.result());
                async.complete();
            });
        });
    }

    @Test
    public void shouldFailLoginWithInvalidToken(TestContext testContext) {
        Async async = testContext.async();
        this.keycloak.authenticate(new JsonObject().put("access_token", "aaaaaaaaaaaaaaaaaa").put("token_type", "Bearer"), asyncResult -> {
            testContext.assertTrue(asyncResult.failed());
            testContext.assertNotNull(asyncResult.cause());
            async.complete();
        });
    }

    @Test
    public void shouldIntrospectAccessToken(TestContext testContext) {
        Async async = testContext.async();
        this.keycloak.authenticate(new JsonObject().put("username", "test-user").put("password", "tiger"), asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            testContext.assertNotNull(asyncResult.result());
            User user = (User) asyncResult.result();
            OAuth2ClientOptions clientSecret = new OAuth2ClientOptions().setFlow(OAuth2FlowType.PASSWORD).setClientID("confidential-client").setTenant("vertx-test").setSite(this.site + "/auth/realms/{realm}").setClientSecret("62b8de48-672e-4287-bb1e-6af39aec045e");
            clientSecret.setTrustAll(true);
            KeycloakAuth.discover(this.rule.vertx(), clientSecret, asyncResult -> {
                testContext.assertTrue(asyncResult.succeeded());
                ((OAuth2Auth) asyncResult.result()).authenticate(user.principal(), asyncResult -> {
                    testContext.assertTrue(asyncResult.succeeded());
                    async.complete();
                });
            });
        });
    }

    @Test
    public void shouldGetPermissionsFromToken(TestContext testContext) {
        Async async = testContext.async();
        this.keycloak.authenticate(new JsonObject().put("username", "test-user").put("password", "tiger"), asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            testContext.assertNotNull(asyncResult.result());
            User user = (User) asyncResult.result();
            Arrays.asList("profile", "email", "realm:offline_access", "realm:user", "confidential-client:test", "account:manage-account", "account:manage-account-links", "account:view-profile");
            ScopeAuthorization.create(" ").getAuthorizations(user, asyncResult -> {
                testContext.assertTrue(asyncResult.succeeded());
                testContext.assertTrue(((Set) asyncResult.result()).contains(PermissionBasedAuthorization.create("profile")));
                testContext.assertTrue(((Set) asyncResult.result()).contains(PermissionBasedAuthorization.create("email")));
                KeycloakAuthorization.create().getAuthorizations(user, asyncResult -> {
                    testContext.assertTrue(asyncResult.succeeded());
                    testContext.assertTrue(((Set) asyncResult.result()).contains(RoleBasedAuthorization.create("offline_access")));
                    testContext.assertTrue(((Set) asyncResult.result()).contains(RoleBasedAuthorization.create("user")));
                    testContext.assertTrue(((Set) asyncResult.result()).contains(RoleBasedAuthorization.create("test").setResource("confidential-client")));
                    testContext.assertTrue(((Set) asyncResult.result()).contains(RoleBasedAuthorization.create("manage-account").setResource("account")));
                    testContext.assertTrue(((Set) asyncResult.result()).contains(RoleBasedAuthorization.create("manage-account-links").setResource("account")));
                    testContext.assertTrue(((Set) asyncResult.result()).contains(RoleBasedAuthorization.create("view-profile").setResource("account")));
                    async.complete();
                });
            });
        });
    }

    @Test
    public void shouldGetPermissionsFromTokenButPermissionIsNotAllowed(TestContext testContext) {
        Async async = testContext.async();
        this.keycloak.authenticate(new JsonObject().put("username", "test-user").put("password", "tiger"), asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            testContext.assertNotNull(asyncResult.result());
            ((User) asyncResult.result()).isAuthorized("sudo", asyncResult -> {
                testContext.assertTrue(asyncResult.succeeded());
                testContext.assertFalse(((Boolean) asyncResult.result()).booleanValue());
                async.complete();
            });
        });
    }

    @Test
    public void shouldLoadTheUserInfo(TestContext testContext) {
        Async async = testContext.async();
        this.keycloak.authenticate(new JsonObject().put("username", "test-user").put("password", "tiger"), asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            testContext.assertNotNull(asyncResult.result());
            this.keycloak.userInfo((User) asyncResult.result(), asyncResult -> {
                testContext.assertTrue(asyncResult.succeeded());
                testContext.assertNotNull(asyncResult.result());
                testContext.assertEquals("test-user", ((JsonObject) asyncResult.result()).getString("preferred_username"));
                async.complete();
            });
        });
    }

    @Test
    public void shouldRefreshAToken(TestContext testContext) {
        Async async = testContext.async();
        this.keycloak.authenticate(new JsonObject().put("username", "test-user").put("password", "tiger"), asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            testContext.assertNotNull(asyncResult.result());
            User user = (User) asyncResult.result();
            String string = user.principal().getString("access_token");
            this.keycloak.refresh(user, asyncResult -> {
                testContext.assertTrue(asyncResult.succeeded());
                testContext.assertNotEquals(string, ((User) asyncResult.result()).principal().getString("access_token"));
                async.complete();
            });
        });
    }

    @Test
    public void shouldReloadJWK(TestContext testContext) {
        Async async = testContext.async();
        this.keycloak.jWKSet(asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            this.keycloak.authenticate(new JsonObject().put("username", "test-user").put("password", "tiger"), asyncResult -> {
                testContext.assertTrue(asyncResult.succeeded());
                testContext.assertNotNull(asyncResult.result());
                testContext.assertNotNull(((User) asyncResult.result()).principal().getJsonObject("accessToken"));
                async.complete();
            });
        });
    }
}
