package net.krotscheck.kangaroo.authz.admin.v1.resource;

import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import net.krotscheck.kangaroo.authz.admin.v1.auth.exception.OAuth2NotAuthorizedException;
import net.krotscheck.kangaroo.authz.common.database.entity.AbstractAuthzEntity;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.common.database.entity.ClientType;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthToken;
import net.krotscheck.kangaroo.authz.common.database.entity.User;
import net.krotscheck.kangaroo.authz.common.database.entity.UserIdentity;
import net.krotscheck.kangaroo.authz.oauth2.exception.RFC6749;
import net.krotscheck.kangaroo.authz.test.ApplicationBuilder;
import net.krotscheck.kangaroo.common.hibernate.id.IdUtil;
import net.krotscheck.kangaroo.common.hibernate.id.MalformedIdException;
import net.krotscheck.kangaroo.test.jersey.SingletonTestContainerFactory;
import net.krotscheck.kangaroo.test.runner.ParameterizedSingleInstanceTestRunner;
import org.glassfish.jersey.test.spi.TestContainerException;
import org.glassfish.jersey.test.spi.TestContainerFactory;
import org.hibernate.Session;
import org.hibernate.search.query.dsl.TermMatchingContext;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@Parameterized.UseParametersRunnerFactory(ParameterizedSingleInstanceTestRunner.ParameterizedSingleInstanceTestRunnerFactory.class)
@RunWith(Parameterized.class)
/* loaded from: input_file:net/krotscheck/kangaroo/authz/admin/v1/resource/AbstractServiceSearchTest.class */
public abstract class AbstractServiceSearchTest<T extends AbstractAuthzEntity> extends AbstractResourceTest<T> {
    private final Class<T> typingClass;
    private final String tokenScope;
    private final ClientType clientType;
    private final Boolean createUser;
    private Client client;
    private OAuthToken adminAppToken;
    private SingletonTestContainerFactory testContainerFactory;

    public AbstractServiceSearchTest(Class<T> cls, ClientType clientType, String str, Boolean bool) {
        this.typingClass = cls;
        this.tokenScope = str;
        this.clientType = clientType;
        this.createUser = bool;
    }

    protected TestContainerFactory getTestContainerFactory() throws TestContainerException {
        if (this.testContainerFactory == null) {
            this.testContainerFactory = new SingletonTestContainerFactory(super.getTestContainerFactory(), getClass());
        }
        return this.testContainerFactory;
    }

    @Before
    public final void configureData() throws Exception {
        ApplicationBuilder.ApplicationContext build = getAdminContext().getBuilder().client(this.clientType).build();
        this.client = build.getClient();
        User owner = build.getOwner();
        if (this.createUser.booleanValue()) {
            owner = getSecondaryContext().getOwner();
        }
        this.adminAppToken = build.getBuilder().bearerToken(this.client, (UserIdentity) owner.getIdentities().iterator().next(), this.tokenScope).build().getToken();
    }

    protected final List<T> getAccessibleEntities() {
        return getAccessibleEntities(getAdminToken());
    }

    protected final List<T> getOwnedEntities() {
        return getAdminToken().getIdentity() == null ? Collections.emptyList() : getOwnedEntities(getAdminToken().getIdentity().getUser());
    }

    protected final List<T> getOwnedEntities(OAuthToken oAuthToken) {
        OAuthToken oAuthToken2 = (OAuthToken) getAttached((AbstractServiceSearchTest<T>) oAuthToken);
        return oAuthToken2.getIdentity() == null ? Collections.emptyList() : getOwnedEntities(oAuthToken2.getIdentity().getUser());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final List<T> getAccessibleEntities(OAuthToken oAuthToken) {
        Session session = getSession();
        session.getTransaction().begin();
        OAuthToken oAuthToken2 = (OAuthToken) session.get(OAuthToken.class, oAuthToken.getId());
        Set keySet = oAuthToken2.getScopes().keySet();
        session.getTransaction().commit();
        if (!keySet.contains(getAdminScope())) {
            return getOwnedEntities(oAuthToken2);
        }
        session.getTransaction().begin();
        try {
            List<T> list = getSession().createCriteria(this.typingClass).list();
            session.getTransaction().commit();
            return list;
        } catch (Throwable th) {
            session.getTransaction().commit();
            throw th;
        }
    }

    protected abstract List<T> getOwnedEntities(User user);

    protected abstract String[] getSearchIndexFields();

    /* JADX INFO: Access modifiers changed from: protected */
    public final List<T> getSearchResults(String str) {
        return getFullTextSession().createFullTextQuery(((TermMatchingContext) getSearchFactory().buildQueryBuilder().forEntity(this.typingClass).get().keyword().fuzzy().onFields(getSearchIndexFields()).ignoreFieldBridge()).matching(str).createQuery(), new Class[]{this.typingClass}).list();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final OAuthToken getAdminToken() {
        return this.adminAppToken;
    }

    protected final OAuthToken getSecondaryToken() {
        return getSecondaryContext().getToken();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final Boolean isLimitedByClientCredentials() {
        return Boolean.valueOf(this.clientType.equals(ClientType.ClientCredentials) && this.tokenScope.equals(getRegularScope()));
    }

    @Test
    public final void testSearchNoQuery() {
        assertErrorResponse(search(new HashMap(), getAdminToken()), Response.Status.BAD_REQUEST);
    }

    @Test
    public final void testSearchStopWord() {
        HashMap hashMap = new HashMap();
        hashMap.put("q", "and");
        assertErrorResponse(search(hashMap, getAdminToken()), new BadRequestException());
    }

    @Test
    public final void testSearch() throws Exception {
        OAuthToken adminToken = getAdminToken();
        HashMap hashMap = new HashMap();
        hashMap.put("q", "many");
        Response search = search(hashMap, adminToken);
        List<T> searchResults = getSearchResults("many");
        List<T> accessibleEntities = getAccessibleEntities(adminToken);
        Integer valueOf = Integer.valueOf(((List) searchResults.stream().filter(abstractAuthzEntity -> {
            return accessibleEntities.indexOf(abstractAuthzEntity) > -1;
        }).collect(Collectors.toList())).size());
        int min = Math.min(10, valueOf.intValue());
        if (isLimitedByClientCredentials().booleanValue()) {
            assertErrorResponse(search, new RFC6749.InvalidScopeException());
        } else {
            Assert.assertTrue(valueOf.intValue() > 1);
            assertListResponse(search, Integer.valueOf(min), 0, 10, valueOf);
        }
    }

    @Test
    public final void testSearchOffset() {
        Integer num = 1;
        OAuthToken adminToken = getAdminToken();
        HashMap hashMap = new HashMap();
        hashMap.put("q", "many");
        hashMap.put("offset", num.toString());
        Response search = search(hashMap, adminToken);
        List<T> searchResults = getSearchResults("many");
        List<T> accessibleEntities = getAccessibleEntities(adminToken);
        Integer valueOf = Integer.valueOf(((List) searchResults.stream().filter(abstractAuthzEntity -> {
            return accessibleEntities.indexOf(abstractAuthzEntity) > -1;
        }).collect(Collectors.toList())).size());
        int min = Math.min(10, valueOf.intValue() - num.intValue());
        if (isLimitedByClientCredentials().booleanValue()) {
            assertErrorResponse(search, new RFC6749.InvalidScopeException());
        } else {
            Assert.assertTrue(valueOf.intValue() > 1);
            assertListResponse(search, Integer.valueOf(min), num, 10, valueOf);
        }
    }

    @Test
    public final void testSearchLimit() {
        Integer num = 1;
        OAuthToken adminToken = getAdminToken();
        HashMap hashMap = new HashMap();
        hashMap.put("q", "many");
        hashMap.put("limit", num.toString());
        Response search = search(hashMap, adminToken);
        List<T> searchResults = getSearchResults("many");
        List<T> accessibleEntities = getAccessibleEntities(adminToken);
        Integer valueOf = Integer.valueOf(((List) searchResults.stream().filter(abstractAuthzEntity -> {
            return accessibleEntities.indexOf(abstractAuthzEntity) > -1;
        }).collect(Collectors.toList())).size());
        int intValue = num.intValue();
        if (isLimitedByClientCredentials().booleanValue()) {
            assertErrorResponse(search, new RFC6749.InvalidScopeException());
        } else {
            Assert.assertTrue(valueOf.intValue() > 1);
            assertListResponse(search, Integer.valueOf(intValue), 0, num, valueOf);
        }
    }

    @Test
    public final void testSearchByOwner() {
        OAuthToken adminToken = getAdminToken();
        User owner = getSecondaryContext().getOwner();
        HashMap hashMap = new HashMap();
        hashMap.put("q", "many");
        hashMap.put("owner", IdUtil.toString(owner.getId()));
        List<T> searchResults = getSearchResults("many");
        List<T> ownedEntities = getOwnedEntities(owner);
        List<T> accessibleEntities = getAccessibleEntities(adminToken);
        Integer valueOf = Integer.valueOf(((List) searchResults.stream().filter(abstractAuthzEntity -> {
            return ownedEntities.indexOf(abstractAuthzEntity) > -1;
        }).filter(abstractAuthzEntity2 -> {
            return accessibleEntities.indexOf(abstractAuthzEntity2) > -1;
        }).collect(Collectors.toList())).size());
        int min = Math.min(10, valueOf.intValue());
        Response search = search(hashMap, adminToken);
        if (isLimitedByClientCredentials().booleanValue()) {
            assertErrorResponse(search, new RFC6749.InvalidScopeException());
        } else if (!getAdminScope().equals(this.tokenScope) && !adminToken.getIdentity().getUser().equals(owner)) {
            assertErrorResponse(search, new RFC6749.InvalidScopeException());
        } else {
            Assert.assertTrue(valueOf.intValue() > 0);
            assertListResponse(search, Integer.valueOf(min), 0, 10, valueOf);
        }
    }

    @Test
    public final void testSearchBySelf() {
        OAuthToken adminToken = getAdminToken();
        if (adminToken.getIdentity() == null) {
            Assert.assertTrue(true);
            return;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("q", "single");
        hashMap.put("owner", IdUtil.toString(adminToken.getIdentity().getUser().getId()));
        List<T> searchResults = getSearchResults("single");
        List<T> ownedEntities = getOwnedEntities(adminToken);
        Integer valueOf = Integer.valueOf(((List) searchResults.stream().filter(abstractAuthzEntity -> {
            return ownedEntities.indexOf(abstractAuthzEntity) > -1;
        }).collect(Collectors.toList())).size());
        int min = Math.min(10, valueOf.intValue());
        Response search = search(hashMap, adminToken);
        Assert.assertTrue(valueOf.intValue() > 0);
        assertListResponse(search, Integer.valueOf(min), 0, 10, valueOf);
    }

    @Test
    public final void testSearchByInvalidOwner() {
        OAuthToken adminToken = getAdminToken();
        HashMap hashMap = new HashMap();
        hashMap.put("q", "many");
        hashMap.put("owner", IdUtil.toString(IdUtil.next()));
        Response search = search(hashMap, adminToken);
        if (this.tokenScope.equals(getAdminScope())) {
            assertErrorResponse(search, Response.Status.BAD_REQUEST);
        } else {
            assertErrorResponse(search, new RFC6749.InvalidScopeException());
        }
    }

    @Test
    public final void testSearchByMalformedOwner() {
        HashMap hashMap = new HashMap();
        hashMap.put("q", "single");
        hashMap.put("owner", "malformed");
        assertErrorResponse(search(hashMap, getAdminToken()), new MalformedIdException());
    }

    @Test
    public final void testSearchNoResults() {
        HashMap hashMap = new HashMap();
        hashMap.put("q", "lolcat");
        Response search = search(hashMap, getAdminToken());
        if (isLimitedByClientCredentials().booleanValue()) {
            assertErrorResponse(search, new RFC6749.InvalidScopeException());
        } else {
            assertListResponse(search, 0, 0, 10, 0);
        }
    }

    @Test
    public final void testSearchNoAuth() {
        HashMap hashMap = new HashMap();
        hashMap.put("q", "single");
        assertErrorResponse(search(hashMap, null), new OAuth2NotAuthorizedException((UriInfo) null, (String[]) null));
    }
}
