package com.vmware.xenon.common.test;

import com.vmware.xenon.common.Operation;
import com.vmware.xenon.common.Service;
import com.vmware.xenon.common.ServiceHost;
import com.vmware.xenon.common.UriUtils;
import com.vmware.xenon.common.Utils;
import com.vmware.xenon.services.common.ExampleService;
import com.vmware.xenon.services.common.QueryTask;
import com.vmware.xenon.services.common.ResourceGroupService;
import com.vmware.xenon.services.common.RoleService;
import com.vmware.xenon.services.common.ServiceUriPaths;
import com.vmware.xenon.services.common.UserGroupService;
import com.vmware.xenon.services.common.UserService;
import com.vmware.xenon.services.common.authn.AuthenticationRequest;
import com.vmware.xenon.services.common.authn.BasicAuthenticationUtils;
import java.net.URI;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.junit.Assert;

/* loaded from: input_file:com/vmware/xenon/common/test/AuthorizationHelper.class */
public class AuthorizationHelper {
    private String userGroupLink;
    private String resourceGroupLink;
    private String roleLink;
    VerificationHost host;

    public AuthorizationHelper(VerificationHost verificationHost) {
        this.host = verificationHost;
    }

    public static String createUserService(VerificationHost verificationHost, ServiceHost serviceHost, String str) throws Throwable {
        String[] strArr = new String[1];
        UserService.UserState userState = new UserService.UserState();
        userState.documentSelfLink = str;
        userState.email = str;
        URI buildUri = UriUtils.buildUri(serviceHost, ServiceUriPaths.CORE_AUTHZ_USERS);
        verificationHost.testStart(1L);
        verificationHost.send(Operation.createPost(buildUri).setBody(userState).setCompletion((operation, th) -> {
            if (th != null) {
                verificationHost.failIteration(th);
            } else {
                strArr[0] = ((UserService.UserState) operation.getBody(UserService.UserState.class)).documentSelfLink;
                verificationHost.completeIteration();
            }
        }));
        verificationHost.testWait();
        return strArr[0];
    }

    public void patchUserService(ServiceHost serviceHost, String str, UserService.UserState userState) throws Throwable {
        URI buildUri = UriUtils.buildUri(serviceHost, str);
        this.host.testStart(1L);
        this.host.send(Operation.createPatch(buildUri).setBody(userState).setCompletion((operation, th) -> {
            if (th != null) {
                this.host.failIteration(th);
            } else {
                this.host.completeIteration();
            }
        }));
        this.host.testWait();
    }

    public String findUserServiceLink(String str) throws Throwable {
        QueryTask build = QueryTask.Builder.createDirectTask().setQuery(QueryTask.Query.Builder.create().addFieldClause("documentKind", Utils.buildKind(UserService.UserState.class)).addFieldClause("email", str).build()).build();
        URI buildUri = UriUtils.buildUri(this.host, ServiceUriPaths.CORE_QUERY_TASKS);
        String[] strArr = new String[1];
        TestContext testCreate = this.host.testCreate(1);
        this.host.send(Operation.createPost(buildUri).setBody(build).setCompletion((operation, th) -> {
            if (th != null) {
                testCreate.failIteration(th);
                return;
            }
            QueryTask queryTask = (QueryTask) operation.getBody(QueryTask.class);
            int size = queryTask.results.documentLinks.size();
            if (queryTask.results.documentLinks.size() != 1) {
                testCreate.failIteration(new IllegalStateException(String.format("Could not find user %s, found=%d", str, Integer.valueOf(size))));
            } else {
                strArr[0] = (String) queryTask.results.documentLinks.get(0);
                testCreate.completeIteration();
            }
        }));
        this.host.testWait(testCreate);
        return strArr[0];
    }

    public String login(String str, String str2) throws Throwable {
        String constructBasicAuth = BasicAuthenticationUtils.constructBasicAuth(str, str2);
        URI buildUri = UriUtils.buildUri(this.host, ServiceUriPaths.CORE_AUTHN_BASIC);
        AuthenticationRequest authenticationRequest = new AuthenticationRequest();
        authenticationRequest.requestType = AuthenticationRequest.AuthenticationRequestType.LOGIN;
        String[] strArr = new String[1];
        TestContext testCreate = this.host.testCreate(1);
        this.host.send(Operation.createPost(buildUri).setBody(authenticationRequest).addRequestHeader("Authorization", constructBasicAuth).forceRemote().setCompletion((operation, th) -> {
            if (th != null) {
                testCreate.failIteration(th);
                return;
            }
            strArr[0] = operation.getResponseHeader("x-xenon-auth-token");
            if (strArr[0] == null) {
                testCreate.failIteration(new IllegalStateException("Missing auth token in login response"));
            } else {
                testCreate.completeIteration();
            }
        }));
        this.host.testWait(testCreate);
        Assert.assertTrue(strArr[0] != null);
        return strArr[0];
    }

    public void setUserGroupLink(String str) {
        this.userGroupLink = str;
    }

    public void setResourceGroupLink(String str) {
        this.resourceGroupLink = str;
    }

    public void setRoleLink(String str) {
        this.roleLink = str;
    }

    public String getUserGroupLink() {
        return this.userGroupLink;
    }

    public String getResourceGroupLink() {
        return this.resourceGroupLink;
    }

    public String getRoleLink() {
        return this.roleLink;
    }

    public String createUserService(ServiceHost serviceHost, String str) throws Throwable {
        return createUserService(this.host, serviceHost, str);
    }

    public String getUserGroupName(String str) {
        return str.substring(0, str.indexOf("@")) + "-user-group";
    }

    public Collection<String> createRoles(ServiceHost serviceHost, String str) throws Throwable {
        String substring = str.substring(0, str.indexOf("@"));
        String createUserGroup = createUserGroup(serviceHost, getUserGroupName(str), QueryTask.Query.Builder.create().addFieldClause("email", str).build());
        setUserGroupLink(createUserGroup);
        String createResourceGroup = createResourceGroup(serviceHost, substring + "-resource-group", QueryTask.Query.Builder.create().addFieldClause("documentKind", Utils.buildKind(ExampleService.ExampleServiceState.class)).addFieldClause("name", substring).build());
        setResourceGroupLink(createResourceGroup);
        String createResourceGroup2 = createResourceGroup(serviceHost, "any-query-task-resource-group", QueryTask.Query.Builder.create().addFieldClause("documentKind", Utils.buildKind(QueryTask.class)).addFieldClause("documentAuthPrincipalLink", UriUtils.buildUriPath(new String[]{ServiceUriPaths.CORE_AUTHZ_USERS, str})).build());
        HashSet hashSet = new HashSet();
        String createRole = createRole(serviceHost, createUserGroup, createResourceGroup, new HashSet(Arrays.asList(Service.Action.GET, Service.Action.POST)));
        setRoleLink(createRole);
        hashSet.add(createRole);
        hashSet.add(createRole(serviceHost, createUserGroup, createResourceGroup, new HashSet(Collections.singletonList(Service.Action.PATCH))));
        hashSet.add(createRole(serviceHost, createUserGroup, createResourceGroup2, new HashSet(Arrays.asList(Service.Action.GET, Service.Action.POST, Service.Action.PATCH, Service.Action.DELETE))));
        return hashSet;
    }

    public String createUserGroup(ServiceHost serviceHost, String str, QueryTask.Query query) throws Throwable {
        URI buildUri = UriUtils.buildUri(serviceHost, ServiceUriPaths.CORE_AUTHZ_USER_GROUPS);
        String path = UriUtils.extendUri(buildUri, str).getPath();
        UserGroupService.UserGroupState userGroupState = new UserGroupService.UserGroupState();
        userGroupState.documentSelfLink = path;
        userGroupState.query = query;
        this.host.sendAndWaitExpectSuccess(Operation.createPost(buildUri).setBody(userGroupState));
        return path;
    }

    public String createResourceGroup(ServiceHost serviceHost, String str, QueryTask.Query query) throws Throwable {
        URI buildUri = UriUtils.buildUri(serviceHost, ServiceUriPaths.CORE_AUTHZ_RESOURCE_GROUPS);
        String path = UriUtils.extendUri(buildUri, str).getPath();
        ResourceGroupService.ResourceGroupState resourceGroupState = new ResourceGroupService.ResourceGroupState();
        resourceGroupState.documentSelfLink = path;
        resourceGroupState.query = query;
        this.host.sendAndWaitExpectSuccess(Operation.createPost(buildUri).setBody(resourceGroupState));
        return path;
    }

    public String createRole(ServiceHost serviceHost, String str, String str2, Set<Service.Action> set) throws Throwable {
        String substring = str.substring(str.lastIndexOf(47) + 1);
        String substring2 = str2.substring(str2.lastIndexOf(47) + 1);
        String str3 = "";
        for (Service.Action action : set) {
            str3 = str3.isEmpty() ? action.toString() : str3 + "+" + action.toString();
        }
        String str4 = substring + "-" + substring2 + "-" + str3;
        RoleService.RoleState roleState = new RoleService.RoleState();
        roleState.documentSelfLink = UriUtils.buildUriPath(new String[]{ServiceUriPaths.CORE_AUTHZ_ROLES, str4});
        roleState.userGroupLink = str;
        roleState.resourceGroupLink = str2;
        roleState.verbs = set;
        roleState.policy = RoleService.Policy.ALLOW;
        this.host.sendAndWaitExpectSuccess(Operation.createPost(UriUtils.buildUri(serviceHost, ServiceUriPaths.CORE_AUTHZ_ROLES)).setBody(roleState));
        return roleState.documentSelfLink;
    }
}
