package net.krotscheck.kangaroo.authz.admin.v1.auth;

import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import net.krotscheck.kangaroo.authz.admin.v1.servlet.FirstRunContainerLifecycleListener;
import net.krotscheck.kangaroo.authz.admin.v1.servlet.ServletConfigFactory;
import net.krotscheck.kangaroo.authz.admin.v1.test.rule.TestDataResource;
import net.krotscheck.kangaroo.authz.common.database.DatabaseFeature;
import net.krotscheck.kangaroo.common.config.ConfigurationFeature;
import net.krotscheck.kangaroo.common.exception.ExceptionFeature;
import net.krotscheck.kangaroo.test.jersey.ContainerTest;
import net.krotscheck.kangaroo.util.HttpUtil;
import org.glassfish.jersey.server.ResourceConfig;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:net/krotscheck/kangaroo/authz/admin/v1/auth/OAuth2ScopeDynamicFeatureTest.class */
public final class OAuth2ScopeDynamicFeatureTest extends ContainerTest {

    @ClassRule
    public static final TestDataResource TEST_DATA_RESOURCE = new TestDataResource(HIBERNATE_RESOURCE);

    @Path("/first")
    /* loaded from: input_file:net/krotscheck/kangaroo/authz/admin/v1/auth/OAuth2ScopeDynamicFeatureTest$MockService.class */
    public static final class MockService {
        @GET
        @Path("/deny")
        @DenyAll
        @Produces({"application/json"})
        public Response denyAll() {
            return Response.status(Response.Status.OK).build();
        }

        @GET
        @Path("/permit")
        @PermitAll
        @Produces({"application/json"})
        public Response permitAll() {
            return Response.status(Response.Status.OK).build();
        }

        @GET
        @Path("/scopes")
        @ScopesAllowed({"kangaroo:client"})
        @Produces({"application/json"})
        public Response permitScopes() {
            return Response.status(Response.Status.OK).build();
        }
    }

    @Path("/second")
    @ScopesAllowed({"kangaroo:client"})
    /* loaded from: input_file:net/krotscheck/kangaroo/authz/admin/v1/auth/OAuth2ScopeDynamicFeatureTest$SecondMockService.class */
    public static final class SecondMockService {
        @GET
        @Produces({"application/json"})
        public Response permitScopes() {
            return Response.status(Response.Status.OK).build();
        }
    }

    @Path("/third")
    @PermitAll
    /* loaded from: input_file:net/krotscheck/kangaroo/authz/admin/v1/auth/OAuth2ScopeDynamicFeatureTest$ThirdMockService.class */
    public static final class ThirdMockService {
        @GET
        @Produces({"application/json"})
        public Response permitAll() {
            return Response.status(Response.Status.OK).build();
        }
    }

    protected ResourceConfig createApplication() {
        ResourceConfig resourceConfig = new ResourceConfig();
        resourceConfig.register(DatabaseFeature.class);
        resourceConfig.register(OAuth2ScopeDynamicFeature.class);
        resourceConfig.register(MockService.class);
        resourceConfig.register(SecondMockService.class);
        resourceConfig.register(ThirdMockService.class);
        resourceConfig.register(ExceptionFeature.class);
        resourceConfig.register(ConfigurationFeature.class);
        resourceConfig.register(new ServletConfigFactory.Binder());
        resourceConfig.register(new FirstRunContainerLifecycleListener.Binder());
        return resourceConfig;
    }

    @Test
    public void testDenyAllMethod() {
        Assert.assertEquals(401L, target("/first/deny").request().get().getStatus());
    }

    @Test
    public void testPermitAllMethod() {
        Assert.assertEquals(200L, target("/first/permit").request().get().getStatus());
    }

    @Test
    public void testValidScopesMethod() {
        Assert.assertEquals(200L, target("/first/scopes").request().header("Authorization", HttpUtil.authHeaderBearer(TEST_DATA_RESOURCE.getAdminApplication().getBuilder().bearerToken("kangaroo:client").build().getToken().getId())).get().getStatus());
    }

    @Test
    public void testInvalidScopesMethod() {
        Assert.assertEquals(403L, target("/first/scopes").request().header("Authorization", HttpUtil.authHeaderBearer(TEST_DATA_RESOURCE.getAdminApplication().getBuilder().bearerToken("kangaroo:user").build().getToken().getId())).get().getStatus());
    }

    @Test
    public void testValidScopesClass() {
        Assert.assertEquals(200L, target("/second").request().header("Authorization", HttpUtil.authHeaderBearer(TEST_DATA_RESOURCE.getAdminApplication().getBuilder().bearerToken("kangaroo:client").build().getToken().getId())).get().getStatus());
    }

    @Test
    public void testInvalidScopeClass() {
        Assert.assertEquals(403L, target("/second").request().header("Authorization", HttpUtil.authHeaderBearer(TEST_DATA_RESOURCE.getAdminApplication().getBuilder().bearerToken("kangaroo:user").build().getToken().getId())).get().getStatus());
    }

    @Test
    public void testPermitAllClass() {
        Assert.assertEquals(200L, target("/third").request().header("Authorization", HttpUtil.authHeaderBearer(TEST_DATA_RESOURCE.getAdminApplication().getBuilder().bearerToken("kangaroo:user").build().getToken().getId())).get().getStatus());
    }
}
