package com.vmware.xenon.common;

import com.vmware.xenon.common.Operation;
import com.vmware.xenon.common.Service;
import com.vmware.xenon.common.ServiceHost;
import com.vmware.xenon.common.test.AuthorizationHelper;
import com.vmware.xenon.common.test.TestContext;
import com.vmware.xenon.common.test.VerificationHost;
import com.vmware.xenon.services.common.AuthorizationContextService;
import com.vmware.xenon.services.common.ExampleService;
import com.vmware.xenon.services.common.QueryTask;
import com.vmware.xenon.services.common.ResourceGroupService;
import com.vmware.xenon.services.common.RoleService;
import com.vmware.xenon.services.common.ServiceHostManagementService;
import com.vmware.xenon.services.common.ServiceUriPaths;
import com.vmware.xenon.services.common.UserGroupService;
import java.util.EnumSet;
import java.util.UUID;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/vmware/xenon/common/TestAuthSetupHelper.class */
public class TestAuthSetupHelper extends BasicTestCase {
    private static final String GUEST_ROLE = "guest-role";
    private static final String GUEST_USER_GROUP = "guest-user-group";
    private static final String GUEST_RESOURCE_GROUP = "guest-resource-group";
    private String adminUser = "admim@localhost";
    private String exampleUser = "example@localhost";
    private String exampleWithManagementServiceUser = "exampleWithManagementService@localhost";

    @Override // com.vmware.xenon.common.BasicTestCase
    public void beforeHostStart(VerificationHost verificationHost) {
        verificationHost.setAuthorizationService(new AuthorizationContextService());
        verificationHost.setAuthorizationEnabled(true);
    }

    @Test
    public void testAuthSetupHelper() throws Throwable {
        this.host.waitForServiceAvailable(ServiceHostManagementService.SELF_LINK);
        OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext());
        makeUsersWithAuthSetupHelper();
        AuthorizationHelper authorizationHelper = new AuthorizationHelper(this.host);
        OperationContext.setAuthorizationContext((Operation.AuthorizationContext) null);
        String login = authorizationHelper.login(this.adminUser, this.adminUser);
        String login2 = authorizationHelper.login(this.exampleUser, this.exampleUser);
        String login3 = authorizationHelper.login(this.exampleWithManagementServiceUser, this.exampleWithManagementServiceUser);
        createExampleDocument(login);
        createExampleDocument(login2);
        Assert.assertTrue(numberExampleDocuments(login) == 2);
        Assert.assertTrue(numberExampleDocuments(login2) == 1);
        getManagementState(login3, true);
        getManagementState(login2, false);
        this.host.log("AuthorizationSetupHelper is working", new Object[0]);
    }

    @Test
    public void testIdempotentCreation() throws Throwable {
        this.host.waitForServiceAvailable(ServiceHostManagementService.SELF_LINK);
        OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext());
        TestContext testCreate = this.host.testCreate(1);
        AuthorizationSetupHelper.create().setHost(this.host).setUserSelfLink(ServiceUriPaths.CORE_AUTHZ_GUEST_USER).setDocumentLink("/discovery/swagger").setUserGroupName(GUEST_USER_GROUP).setResourceGroupName(GUEST_RESOURCE_GROUP).setRoleName(GUEST_ROLE).setVerbs(EnumSet.of(Service.Action.GET)).setCompletion(exc -> {
            if (exc != null) {
                testCreate.failIteration(exc);
            }
            testCreate.completeIteration();
        }).setupRole();
        this.host.testWait(testCreate);
        Assert.assertEquals(200L, this.host.waitForResponse(createDeleteOp(UriUtils.buildUriPath(new String[]{ResourceGroupService.FACTORY_LINK, GUEST_RESOURCE_GROUP}))).getStatusCode());
        Assert.assertEquals(200L, this.host.waitForResponse(createDeleteOp(UriUtils.buildUriPath(new String[]{UserGroupService.FACTORY_LINK, GUEST_USER_GROUP}))).getStatusCode());
        Assert.assertEquals(200L, this.host.waitForResponse(createDeleteOp(UriUtils.buildUriPath(new String[]{RoleService.FACTORY_LINK, GUEST_ROLE}))).getStatusCode());
        TestContext testCreate2 = this.host.testCreate(1);
        AuthorizationSetupHelper.create().setHost(this.host).setUserSelfLink(ServiceUriPaths.CORE_AUTHZ_GUEST_USER).setDocumentLink("/discovery/swagger").setUserGroupName(GUEST_USER_GROUP).setResourceGroupName(GUEST_RESOURCE_GROUP).setRoleName(GUEST_ROLE).setVerbs(EnumSet.of(Service.Action.GET)).setCompletion(exc2 -> {
            if (exc2 != null) {
                testCreate2.failIteration(exc2);
            }
            testCreate2.completeIteration();
        }).setupRole();
        this.host.testWait(testCreate2);
        TestContext testCreate3 = this.host.testCreate(1);
        AuthorizationSetupHelper.create().setHost(this.host).setUserSelfLink(ServiceUriPaths.CORE_AUTHZ_GUEST_USER).setDocumentLink("/discovery/swagger").setUserGroupName(GUEST_USER_GROUP).setResourceGroupName(GUEST_RESOURCE_GROUP).setRoleName(GUEST_ROLE).setVerbs(EnumSet.of(Service.Action.GET)).setCompletion(exc3 -> {
            if (exc3 != null) {
                testCreate3.failIteration(exc3);
            }
            testCreate3.completeIteration();
        }).setupRole();
        this.host.testWait(testCreate3);
    }

    private Operation createDeleteOp(String str) {
        return Operation.createDelete(this.host, str).addRequestHeader("x-xenon-rpl-quorum", "x-xenon-all");
    }

    @Test
    public void testRoleSetupWithLinks() throws Throwable {
        this.host.waitForServiceAvailable(ServiceHostManagementService.SELF_LINK);
        OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext());
        EnumSet of = EnumSet.of(Service.Action.GET);
        this.host.testStart(1L);
        AuthorizationSetupHelper.create().setHost(this.host).setUserSelfLink(ServiceUriPaths.CORE_AUTHZ_GUEST_USER).setDocumentLink("/discovery/swagger").setUserGroupName(GUEST_USER_GROUP).setResourceGroupName(GUEST_RESOURCE_GROUP).setRoleName(GUEST_ROLE).setVerbs(of).setCompletion(this.host.getCompletion()).setupRole();
        this.host.testWait();
        Assert.assertEquals(GUEST_USER_GROUP, UriUtils.getLastPathSegment(((UserGroupService.UserGroupState) Utils.fromJson(queryDocuments(Utils.buildKind(UserGroupService.UserGroupState.class), 1).documents.values().iterator().next(), UserGroupService.UserGroupState.class)).documentSelfLink));
        Assert.assertEquals(GUEST_RESOURCE_GROUP, UriUtils.getLastPathSegment(((ResourceGroupService.ResourceGroupState) Utils.fromJson(queryDocuments(Utils.buildKind(ResourceGroupService.ResourceGroupState.class), 1).documents.values().iterator().next(), ResourceGroupService.ResourceGroupState.class)).documentSelfLink));
        RoleService.RoleState roleState = (RoleService.RoleState) Utils.fromJson(queryDocuments(Utils.buildKind(RoleService.RoleState.class), 1).documents.values().iterator().next(), RoleService.RoleState.class);
        Assert.assertEquals(UriUtils.buildUriPath(new String[]{UserGroupService.FACTORY_LINK, GUEST_USER_GROUP}), roleState.userGroupLink);
        Assert.assertEquals(UriUtils.buildUriPath(new String[]{ResourceGroupService.FACTORY_LINK, GUEST_RESOURCE_GROUP}), roleState.resourceGroupLink);
        Assert.assertEquals(GUEST_ROLE, UriUtils.getLastPathSegment(roleState.documentSelfLink));
        Assert.assertEquals(roleState.verbs, of);
    }

    @Test
    public void testRoleSetupWithQueries() throws Throwable {
        this.host.waitForServiceAvailable(ServiceHostManagementService.SELF_LINK);
        OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext());
        this.host.testStart(1L);
        QueryTask.Query build = QueryTask.Query.Builder.create().addFieldClause("documentSelfLink", ServiceUriPaths.CORE_AUTHZ_GUEST_USER).build();
        QueryTask.Query build2 = QueryTask.Query.Builder.create().addFieldClause("documentSelfLink", "/discovery/swagger", QueryTask.Query.Occurance.SHOULD_OCCUR).build();
        AuthorizationSetupHelper.create().setHost(this.host).setUserGroupQuery(build).setResourceQuery(build2).setRoleName(GUEST_ROLE).setCompletion(this.host.getCompletion()).setupRole();
        this.host.testWait();
        UserGroupService.UserGroupState userGroupState = (UserGroupService.UserGroupState) Utils.fromJson(queryDocuments(Utils.buildKind(UserGroupService.UserGroupState.class), 1).documents.values().iterator().next(), UserGroupService.UserGroupState.class);
        Assert.assertEquals(((QueryTask.Query) build.booleanClauses.get(0)).term.propertyName, ((QueryTask.Query) userGroupState.query.booleanClauses.get(0)).term.propertyName);
        Assert.assertEquals(((QueryTask.Query) build.booleanClauses.get(0)).term.matchValue, ((QueryTask.Query) userGroupState.query.booleanClauses.get(0)).term.matchValue);
        ResourceGroupService.ResourceGroupState resourceGroupState = (ResourceGroupService.ResourceGroupState) Utils.fromJson(queryDocuments(Utils.buildKind(ResourceGroupService.ResourceGroupState.class), 1).documents.values().iterator().next(), ResourceGroupService.ResourceGroupState.class);
        Assert.assertEquals(((QueryTask.Query) build2.booleanClauses.get(0)).term.propertyName, ((QueryTask.Query) resourceGroupState.query.booleanClauses.get(0)).term.propertyName);
        Assert.assertEquals(((QueryTask.Query) build2.booleanClauses.get(0)).term.matchValue, ((QueryTask.Query) resourceGroupState.query.booleanClauses.get(0)).term.matchValue);
        Assert.assertEquals(GUEST_ROLE, UriUtils.getLastPathSegment(((RoleService.RoleState) Utils.fromJson(queryDocuments(Utils.buildKind(RoleService.RoleState.class), 1).documents.values().iterator().next(), RoleService.RoleState.class)).documentSelfLink));
    }

    private void makeUsersWithAuthSetupHelper() throws Throwable {
        this.host.testStart(3L);
        AuthorizationSetupHelper.create().setHost(this.host).setUserEmail(this.adminUser).setUserPassword(this.adminUser).setIsAdmin(true).setCompletion(this.host.getCompletion()).start();
        AuthorizationSetupHelper.create().setHost(this.host).setUserEmail(this.exampleUser).setUserPassword(this.exampleUser).setIsAdmin(false).setDocumentKind(Utils.buildKind(ExampleService.ExampleServiceState.class)).setCompletion(this.host.getCompletion()).start();
        AuthorizationSetupHelper.create().setHost(this.host).setUserEmail(this.exampleWithManagementServiceUser).setUserPassword(this.exampleWithManagementServiceUser).setIsAdmin(false).setDocumentLink(ServiceHostManagementService.SELF_LINK).setCompletion(this.host.getCompletion()).start();
        this.host.testWait();
    }

    private void createExampleDocument(String str) throws Throwable {
        ExampleService.ExampleServiceState exampleServiceState = new ExampleService.ExampleServiceState();
        exampleServiceState.name = UUID.randomUUID().toString();
        Operation completion = Operation.createPost(UriUtils.buildFactoryUri(this.host, ExampleService.class)).setBody(exampleServiceState).forceRemote().addRequestHeader("x-xenon-auth-token", str).setCompletion(this.host.getCompletion());
        clearClientCookieJar();
        this.host.testStart(1L);
        this.host.send(completion);
        this.host.testWait();
    }

    private int numberExampleDocuments(String str) throws Throwable {
        Integer[] numArr = new Integer[1];
        Operation completion = Operation.createGet(UriUtils.buildFactoryUri(this.host, ExampleService.class)).forceRemote().addRequestHeader("x-xenon-auth-token", str).setCompletion((operation, th) -> {
            if (th != null) {
                this.host.failIteration(th);
                return;
            }
            ServiceDocumentQueryResult serviceDocumentQueryResult = (ServiceDocumentQueryResult) operation.getBody(ServiceDocumentQueryResult.class);
            Assert.assertTrue((serviceDocumentQueryResult == null || serviceDocumentQueryResult.documentLinks == null) ? false : true);
            numArr[0] = Integer.valueOf(serviceDocumentQueryResult.documentLinks.size());
            this.host.completeIteration();
        });
        clearClientCookieJar();
        this.host.testStart(1L);
        this.host.send(completion);
        this.host.testWait();
        return numArr[0].intValue();
    }

    private void getManagementState(String str, boolean z) throws Throwable {
        this.host.testStart(1L);
        this.host.send(Operation.createGet(UriUtils.buildUri(this.host, ServiceHostManagementService.SELF_LINK)).addRequestHeader("x-xenon-auth-token", str).setCompletion((operation, th) -> {
            if (th != null) {
                if (z) {
                    this.host.failIteration(th);
                    return;
                } else {
                    this.host.completeIteration();
                    return;
                }
            }
            if (((ServiceHost.ServiceHostState) operation.getBody(ServiceHost.ServiceHostState.class)).httpPort != this.host.getPort()) {
                this.host.failIteration(new IllegalStateException("mgmt service state is not correct"));
            } else {
                this.host.completeIteration();
            }
        }));
        this.host.testWait();
    }

    private void clearClientCookieJar() {
        this.host.getClient().clearCookieJar();
    }

    private ServiceDocumentQueryResult queryDocuments(String str, int i) throws Throwable {
        QueryTask.QuerySpecification querySpecification = new QueryTask.QuerySpecification();
        querySpecification.query.setTermPropertyName("documentKind").setTermMatchValue(str);
        querySpecification.options = EnumSet.of(QueryTask.QuerySpecification.QueryOption.EXPAND_CONTENT);
        return this.host.createAndWaitSimpleDirectQuery(this.host.getUri(), querySpecification, i, i, (TestResults) null);
    }

    @Test
    public void testCompletionHandlerWhenUserExists() throws Throwable {
        this.host.waitForServiceAvailable(ServiceHostManagementService.SELF_LINK);
        OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext());
        makeUsersWithAuthSetupHelper();
        boolean[] zArr = new boolean[1];
        TestContext testCreate = this.host.testCreate(1);
        AuthorizationSetupHelper.create().setHost(this.host).setUserEmail(this.adminUser).setUserPassword(this.adminUser).setIsAdmin(true).setCompletion(exc -> {
            if (exc != null) {
                testCreate.failIteration(exc);
            } else {
                zArr[0] = true;
                testCreate.completeIteration();
            }
        }).start();
        testCreate.await();
        Assert.assertTrue("completion handler must be called when trying to create an existing user", zArr[0]);
    }
}
