package com.vmware.xenon.common;

import com.vmware.xenon.common.Operation;
import com.vmware.xenon.common.ServiceHost;
import com.vmware.xenon.common.test.AuthorizationHelper;
import com.vmware.xenon.common.test.TestContext;
import com.vmware.xenon.common.test.TestRequestSender;
import com.vmware.xenon.common.test.VerificationHost;
import com.vmware.xenon.services.common.AuthCredentialsService;
import com.vmware.xenon.services.common.AuthorizationContextService;
import com.vmware.xenon.services.common.AuthorizationTokenCacheService;
import com.vmware.xenon.services.common.ExampleService;
import com.vmware.xenon.services.common.MinimalTestService;
import com.vmware.xenon.services.common.UserService;
import com.vmware.xenon.services.common.authn.BasicAuthenticationService;
import com.vmware.xenon.services.common.authn.BasicAuthenticationUtils;
import java.net.URI;
import java.util.UUID;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/vmware/xenon/common/TestExternalAuth.class */
public class TestExternalAuth extends BasicTestCase {
    private String userServiceJane = null;
    private String userServiceJohn = null;
    VerificationHost externalAuthHost = null;
    private static final String USER_JANE = "jane";
    private static final String USER_JANE_EMAIL = "jane@doe.com";
    private static final String USER_JOHN = "john";
    private static final String USER_JOHN_EMAIL = "john@doe.com";

    @Override // com.vmware.xenon.common.BasicTestCase
    public void initializeHost(VerificationHost verificationHost) throws Exception {
        try {
            this.externalAuthHost = createHost();
            VerificationHost.initialize(this.externalAuthHost, VerificationHost.buildDefaultServiceHostArguments(0));
            this.externalAuthHost.setAuthorizationService(new AuthorizationContextService());
            this.externalAuthHost.setAuthorizationEnabled(true);
            this.externalAuthHost.start();
            this.externalAuthHost.setSystemAuthorizationContext();
            this.userServiceJane = createUsers(this.externalAuthHost, USER_JANE, USER_JANE_EMAIL);
            this.userServiceJohn = createUsers(this.externalAuthHost, USER_JOHN, USER_JOHN_EMAIL);
            this.externalAuthHost.resetAuthorizationContext();
            ServiceHost.Arguments buildDefaultServiceHostArguments = VerificationHost.buildDefaultServiceHostArguments(0);
            buildDefaultServiceHostArguments.authProviderHostUri = this.externalAuthHost.getUri().toString();
            buildDefaultServiceHostArguments.isAuthorizationEnabled = true;
            VerificationHost.initialize(this.host, buildDefaultServiceHostArguments);
            Utils.registerKind(UserService.UserState.class, Utils.buildKind(UserService.UserState.class));
        } catch (Throwable th) {
            throw new Exception(th);
        }
    }

    @Override // com.vmware.xenon.common.BasicTestCase
    public void beforeHostTearDown(VerificationHost verificationHost) {
        this.externalAuthHost.tearDown();
    }

    private String createUsers(VerificationHost verificationHost, String str, String str2) throws Throwable {
        AuthorizationHelper authorizationHelper = new AuthorizationHelper(verificationHost);
        String createUserService = authorizationHelper.createUserService(verificationHost, str2);
        authorizationHelper.createRoles(verificationHost, str2);
        AuthCredentialsService.AuthCredentialsServiceState authCredentialsServiceState = new AuthCredentialsService.AuthCredentialsServiceState();
        authCredentialsServiceState.userEmail = str2;
        authCredentialsServiceState.privateKey = str2;
        new TestRequestSender(verificationHost).sendAndWait(Operation.createPost(UriUtils.buildUri(verificationHost, "/core/auth/credentials")).setBody(authCredentialsServiceState));
        return createUserService;
    }

    @Test
    public void testAuthentication() throws Throwable {
        Assert.assertTrue(new TestRequestSender(this.host).sendAndWait(Operation.createPost(UriUtils.buildUri(this.host, BasicAuthenticationService.SELF_LINK)).setBody(new Object()).addRequestHeader("Authorization", BasicAuthenticationUtils.constructBasicAuth(USER_JANE_EMAIL, USER_JANE_EMAIL))).getStatusCode() == 200);
    }

    @Test
    public void testDocumentAccess() throws Throwable {
        URI buildFactoryUri = UriUtils.buildFactoryUri(this.host, ExampleService.class);
        this.host.assumeIdentity(this.userServiceJane);
        this.host.doFactoryChildServiceStart(null, 1L, ExampleService.ExampleServiceState.class, operation -> {
            ExampleService.ExampleServiceState exampleServiceState = new ExampleService.ExampleServiceState();
            exampleServiceState.name = USER_JANE;
            operation.setBody(exampleServiceState);
        }, buildFactoryUri);
        Assert.assertTrue(this.host.getFactoryState(buildFactoryUri).documentCount.longValue() == 1);
        this.host.assumeIdentity(this.userServiceJohn);
        this.host.doFactoryChildServiceStart(null, 1L, ExampleService.ExampleServiceState.class, operation2 -> {
            ExampleService.ExampleServiceState exampleServiceState = new ExampleService.ExampleServiceState();
            exampleServiceState.name = USER_JOHN;
            operation2.setBody(exampleServiceState);
        }, buildFactoryUri);
        Assert.assertTrue(this.host.getExpandedFactoryState(buildFactoryUri).documentCount.longValue() == 1);
        this.host.setSystemAuthorizationContext();
        Assert.assertTrue(this.host.getFactoryState(buildFactoryUri).documentCount.longValue() == 2);
        Service minimalTestService = new MinimalTestService();
        this.host.addPrivilegedService(MinimalTestService.class);
        this.host.startServiceAndWait(minimalTestService, UUID.randomUUID().toString(), null);
        Operation.AuthorizationContext assumeIdentity = this.host.assumeIdentity(this.userServiceJane);
        Assert.assertNotNull(this.host.getAuthorizationContext(minimalTestService, assumeIdentity.getToken()));
        this.host.setSystemAuthorizationContext();
        TestContext testCreate = testCreate(1);
        TestContext testCreate2 = testCreate(1);
        TestRequestSender testRequestSender = new TestRequestSender(this.host);
        this.host.startSubscriptionService(Operation.createPost(this.externalAuthHost, AuthorizationTokenCacheService.SELF_LINK).setReferer(this.host.getUri()).setCompletion((operation3, th) -> {
            if (th != null) {
                testCreate2.failIteration(th);
            } else {
                testCreate2.completeIteration();
            }
        }), operation4 -> {
            TestContext testCreate3 = testCreate(1);
            this.host.broadcastRequest("/core/node-selectors/default", false, Operation.createPatch(this.host, AuthorizationTokenCacheService.SELF_LINK).setReferer(this.host.getUri()).setBody(operation4.getBody(AuthorizationTokenCacheService.AuthorizationTokenCacheServiceState.class)).setCompletion((operation4, th2) -> {
                if (th2 != null) {
                    testCreate3.failIteration(th2);
                } else {
                    testCreate3.completeIteration();
                }
            }));
            try {
                testWait(testCreate3);
            } catch (Throwable th3) {
                testCreate.failIteration(th3);
            }
            if (this.host.getAuthorizationContext(minimalTestService, assumeIdentity.getToken()) != null) {
                testCreate.failIteration(new IllegalStateException("Auth context was not null"));
            } else {
                testCreate.completeIteration();
            }
        });
        testWait(testCreate2);
        testRequestSender.sendAndWait(Operation.createDelete(this.externalAuthHost, this.userServiceJane));
        testWait(testCreate);
        this.host.resetAuthorizationContext();
    }
}
