package org.projectnessie.jaxrs;

import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.UUID;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.assertj.core.api.AbstractThrowableAssert;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.InstanceOfAssertFactories;
import org.assertj.core.api.ThrowingConsumer;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.function.Executable;
import org.projectnessie.api.params.FetchOption;
import org.projectnessie.error.NessieForbiddenException;
import org.projectnessie.jaxrs.ext.NessieAccessChecker;
import org.projectnessie.model.Branch;
import org.projectnessie.model.CommitMeta;
import org.projectnessie.model.ContentKey;
import org.projectnessie.model.Detached;
import org.projectnessie.model.IcebergTable;
import org.projectnessie.model.Operation;
import org.projectnessie.model.Reference;
import org.projectnessie.model.Tag;
import org.projectnessie.services.authz.AbstractBatchAccessChecker;
import org.projectnessie.services.authz.AccessContext;
import org.projectnessie.services.authz.BatchAccessChecker;
import org.projectnessie.services.authz.Check;
import org.projectnessie.versioned.DetachedRef;
import org.testcontainers.shaded.com.google.common.collect.ImmutableMap;

/* loaded from: input_file:org/projectnessie/jaxrs/AbstractRestAccessChecks.class */
public abstract class AbstractRestAccessChecks extends AbstractTestRest {
    private static final String VIEW_MSG = "Must not view detached references";
    private static final String COMMITS_MSG = "Must not list from detached references";
    private static final String ENTITIES_MSG = "Must not get entities from detached references";
    private static final String READ_MSG = "Must not read from detached references";
    private static final Map<Check.CheckType, String> CHECK_TYPE_MSG = ImmutableMap.of(Check.CheckType.VIEW_REFERENCE, VIEW_MSG, Check.CheckType.LIST_COMMIT_LOG, COMMITS_MSG, Check.CheckType.READ_ENTITY_VALUE, ENTITIES_MSG, Check.CheckType.READ_ENTRIES, READ_MSG);

    @Test
    public void forbiddenContentKeys(@NessieAccessChecker Consumer<Function<AccessContext, BatchAccessChecker>> consumer) throws Exception {
        Branch createBranch = createBranch("forbiddenContentKeys");
        ContentKey of = ContentKey.of(new String[]{"forbidden_1"});
        ContentKey of2 = ContentKey.of(new String[]{"forbidden_2"});
        ContentKey of3 = ContentKey.of(new String[]{"id_forbidden_1"});
        ContentKey of4 = ContentKey.of(new String[]{"id_forbidden_2"});
        ContentKey of5 = ContentKey.of(new String[]{"allowed_1"});
        ContentKey of6 = ContentKey.of(new String[]{"allowed_2"});
        String uuid = UUID.randomUUID().toString();
        String uuid2 = UUID.randomUUID().toString();
        Branch commit = getApi().commitMultipleOperations().branchName(createBranch.getName()).hash(createBranch.getHash()).commitMeta(CommitMeta.builder().message("no security context").build()).operation(Operation.Put.of(of, IcebergTable.of(of.getName(), 42L, 42, 42, 42))).operation(Operation.Put.of(of3, IcebergTable.of(of3.getName(), 42L, 42, 42, 42, uuid))).operation(Operation.Put.of(of5, IcebergTable.of(of5.getName(), 42L, 42, 42, 42))).operation(Operation.Put.of(of2, IcebergTable.of(of2.getName(), 42L, 42, 42, 42))).operation(Operation.Put.of(of4, IcebergTable.of(of4.getName(), 42L, 42, 42, 42, uuid2))).operation(Operation.Put.of(of6, IcebergTable.of(of6.getName(), 42L, 42, 42, 42))).commit();
        ThrowingConsumer throwingConsumer = collection -> {
            Assertions.assertThat(getApi().getEntries().reference(commit).get().getEntries()).extracting((v0) -> {
                return v0.getName();
            }).containsExactlyInAnyOrderElementsOf(collection);
            Assertions.assertThat(getApi().getCommitLog().reference(commit).fetch(FetchOption.ALL).get().getLogEntries()).hasSize(1).element(0).extracting((v0) -> {
                return v0.getOperations();
            }).asInstanceOf(InstanceOfAssertFactories.list(Operation.class)).map((v0) -> {
                return v0.getKey();
            }).containsExactlyInAnyOrderElementsOf(collection);
        };
        throwingConsumer.accept(Arrays.asList(of5, of6, of, of2, of3, of4));
        consumer.accept(accessContext -> {
            return new AbstractBatchAccessChecker() { // from class: org.projectnessie.jaxrs.AbstractRestAccessChecks.1
                public Map<Check, String> check() {
                    Stream filter = getChecks().stream().filter(check -> {
                        return check.type() == Check.CheckType.READ_CONTENT_KEY;
                    });
                    String str = uuid;
                    String str2 = uuid2;
                    return (Map) filter.filter(check2 -> {
                        return check2.key().getName().startsWith("forbidden") || check2.contentId().equals(str) || check2.contentId().equals(str2);
                    }).collect(Collectors.toMap(Function.identity(), check3 -> {
                        return "Forbidden key " + check3.key().getName();
                    }));
                }
            };
        });
        throwingConsumer.accept(Arrays.asList(of5, of6));
    }

    @Test
    public void detachedRefAccessChecks(@NessieAccessChecker Consumer<Function<AccessContext, BatchAccessChecker>> consumer) throws Exception {
        AbstractBatchAccessChecker abstractBatchAccessChecker = new AbstractBatchAccessChecker() { // from class: org.projectnessie.jaxrs.AbstractRestAccessChecks.2
            public Map<Check, String> check() {
                LinkedHashMap linkedHashMap = new LinkedHashMap();
                getChecks().forEach(check -> {
                    String str = (String) AbstractRestAccessChecks.CHECK_TYPE_MSG.get(check.type());
                    if (str != null) {
                        if (check.ref() instanceof DetachedRef) {
                            linkedHashMap.put(check, str);
                        } else {
                            Assertions.assertThat(check.ref().getName()).isNotEqualTo("DETACHED");
                        }
                    }
                });
                return linkedHashMap;
            }
        };
        consumer.accept(accessContext -> {
            return abstractBatchAccessChecker;
        });
        Branch createBranch = createBranch("committerAndAuthor");
        Branch createBranch2 = createBranch("committerAndAuthorMerge");
        Branch createBranch3 = createBranch("committerAndAuthorTransplant");
        IcebergTable of = IcebergTable.of("meep", 42L, 42, 42, 42);
        ContentKey of2 = ContentKey.of(new String[]{"meep"});
        Branch commit = getApi().commitMultipleOperations().branchName(createBranch.getName()).hash(createBranch.getHash()).commitMeta(CommitMeta.builder().message("no security context").build()).operation(Operation.Put.of(of2, of)).commit();
        Assertions.assertThat(Stream.of((Object[]) new Reference[]{Detached.of(commit.getHash()), Branch.of("DETACHED", commit.getHash()), Tag.of("DETACHED", commit.getHash())})).allSatisfy(reference -> {
            org.junit.jupiter.api.Assertions.assertAll(new Executable[]{() -> {
                ((AbstractThrowableAssert) Assertions.assertThatThrownBy(() -> {
                    getApi().getCommitLog().reference(reference).get();
                }).describedAs("ref='%s', getCommitLog", new Object[]{reference})).isInstanceOf(NessieForbiddenException.class).hasMessageContaining(COMMITS_MSG);
            }, () -> {
                ((AbstractThrowableAssert) Assertions.assertThatThrownBy(() -> {
                    getApi().mergeRefIntoBranch().fromRef(reference).branch(createBranch2).merge();
                }).describedAs("ref='%s', mergeRefIntoBranch", new Object[]{reference})).isInstanceOf(NessieForbiddenException.class).hasMessageContaining(VIEW_MSG);
            }, () -> {
                ((AbstractThrowableAssert) Assertions.assertThatThrownBy(() -> {
                    getApi().transplantCommitsIntoBranch().fromRefName(reference.getName()).hashesToTransplant(Collections.singletonList(reference.getHash())).branch(createBranch3).transplant();
                }).describedAs("ref='%s', transplantCommitsIntoBranch", new Object[]{reference})).isInstanceOf(NessieForbiddenException.class).hasMessageContaining(VIEW_MSG);
            }, () -> {
                ((AbstractThrowableAssert) Assertions.assertThatThrownBy(() -> {
                    getApi().getEntries().reference(reference).get();
                }).describedAs("ref='%s', getEntries", new Object[]{reference})).isInstanceOf(NessieForbiddenException.class).hasMessageContaining(READ_MSG);
            }, () -> {
                ((AbstractThrowableAssert) Assertions.assertThatThrownBy(() -> {
                    getApi().getContent().reference(reference).key(of2).get();
                }).describedAs("ref='%s', getContent", new Object[]{reference})).isInstanceOf(NessieForbiddenException.class).hasMessageContaining(ENTITIES_MSG);
            }, () -> {
                ((AbstractThrowableAssert) Assertions.assertThatThrownBy(() -> {
                    getApi().getDiff().fromRef(reference).toRef(createBranch).get();
                }).describedAs("ref='%s', getDiff1", new Object[]{reference})).isInstanceOf(NessieForbiddenException.class).hasMessageContaining(VIEW_MSG);
            }, () -> {
                ((AbstractThrowableAssert) Assertions.assertThatThrownBy(() -> {
                    getApi().getDiff().fromRef(createBranch).toRef(reference).get();
                }).describedAs("ref='%s', getDiff2", new Object[]{reference})).isInstanceOf(NessieForbiddenException.class).hasMessageContaining(VIEW_MSG);
            }});
        });
    }
}
