package org.eclipse.sensinact.northbound.rest.integration;

import jakarta.ws.rs.core.Application;
import jakarta.ws.rs.core.Response;
import java.net.http.HttpResponse;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Dictionary;
import java.util.Map;
import org.eclipse.sensinact.core.push.DataUpdate;
import org.eclipse.sensinact.core.push.dto.GenericDto;
import org.eclipse.sensinact.northbound.query.api.EResultType;
import org.eclipse.sensinact.northbound.query.dto.result.ResponseGetDTO;
import org.eclipse.sensinact.northbound.query.dto.result.TypedResponse;
import org.eclipse.sensinact.northbound.security.api.Authenticator;
import org.eclipse.sensinact.northbound.security.api.UserInfo;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ValueSource;
import org.opentest4j.AssertionFailedError;
import org.osgi.framework.BundleContext;
import org.osgi.service.cm.Configuration;
import org.osgi.test.common.annotation.InjectBundleContext;
import org.osgi.test.common.annotation.InjectService;
import org.osgi.test.common.annotation.Property;
import org.osgi.test.common.annotation.config.InjectConfiguration;
import org.osgi.test.common.annotation.config.WithConfiguration;
import org.osgi.test.common.service.ServiceAware;

@WithConfiguration(pid = "sensinact.session.manager", properties = {@Property(key = "auth.policy", value = {"ALLOW_ALL"})})
/* loaded from: input_file:org/eclipse/sensinact/northbound/rest/integration/SecureAccessTest.class */
public class SecureAccessTest {
    private static final String PROVIDER = "RestSecureAccessProvider";
    private static final String SERVICE = "service";
    private static final String RESOURCE = "resource";
    private static final Integer VALUE = 42;
    private static final String TOKEN = "Open Sesame";
    private static final String TOKEN_HEADER = "Bearer Open Sesame";
    private static final String USER = "Alice";
    private static final String CREDENTIAL = "Secret";
    private static final String BASIC_HEADER = "Basic QWxpY2U6U2VjcmV0";

    @InjectService
    DataUpdate push;

    @InjectBundleContext
    BundleContext ctx;
    final TestUtils utils = new TestUtils();

    /* loaded from: input_file:org/eclipse/sensinact/northbound/rest/integration/SecureAccessTest$BasicValidator.class */
    private static class BasicValidator implements Authenticator {
        private final String user;
        private final String credential;

        public BasicValidator(String str, String str2) {
            this.user = str;
            this.credential = str2;
        }

        public UserInfo authenticate(String str, String str2) {
            if (this.user.equals(str) && this.credential.equals(str2)) {
                return new TestUserInfo();
            }
            return null;
        }

        public String getRealm() {
            return "test2";
        }

        public Authenticator.Scheme getScheme() {
            return Authenticator.Scheme.USER_PASSWORD;
        }
    }

    /* loaded from: input_file:org/eclipse/sensinact/northbound/rest/integration/SecureAccessTest$TestUserInfo.class */
    private static class TestUserInfo implements UserInfo {
        private TestUserInfo() {
        }

        public String getUserId() {
            return "testUser";
        }

        public boolean isMemberOfGroup(String str) {
            return false;
        }

        public boolean isAnonymous() {
            return false;
        }

        public boolean isAuthenticated() {
            return true;
        }
    }

    /* loaded from: input_file:org/eclipse/sensinact/northbound/rest/integration/SecureAccessTest$TokenValidator.class */
    private static class TokenValidator implements Authenticator {
        private final String token;

        public TokenValidator(String str) {
            this.token = str;
        }

        public UserInfo authenticate(String str, String str2) {
            if (str2.equals(this.token)) {
                return new TestUserInfo();
            }
            return null;
        }

        public String getRealm() {
            return "test";
        }

        public Authenticator.Scheme getScheme() {
            return Authenticator.Scheme.TOKEN;
        }
    }

    @BeforeEach
    public void await(@InjectConfiguration(withConfig = @WithConfiguration(pid = "sensinact.northbound.rest", location = "?", properties = {@Property(key = "allow.anonymous", value = {"false"}), @Property(key = "fizz", value = {"buzz"})})) Configuration configuration, @InjectService(filter = "(fizz=buzz)", cardinality = 0) ServiceAware<Application> serviceAware) throws InterruptedException {
        serviceAware.waitForService(5000L);
        for (int i = 0; i < 10; i++) {
            try {
            } catch (Exception e) {
                e.printStackTrace();
            }
            if (this.utils.queryStatus("/").statusCode() == 503) {
                return;
            }
            Thread.sleep(200L);
        }
        throw new AssertionFailedError("REST API did not appear");
    }

    @ValueSource(strings = {TOKEN_HEADER, BASIC_HEADER})
    @ParameterizedTest
    void resourceGet(String str) throws Exception {
        GenericDto makeDto = this.utils.makeDto(PROVIDER, SERVICE, RESOURCE, VALUE, Integer.class);
        Instant truncatedTo = Instant.now().truncatedTo(ChronoUnit.MILLIS);
        this.push.pushUpdate(makeDto).getValue();
        String join = String.join("/", "providers", PROVIDER, "services", SERVICE, "resources", RESOURCE, "GET");
        Assertions.assertEquals(Response.Status.SERVICE_UNAVAILABLE.getStatusCode(), this.utils.queryStatus(join).statusCode());
        this.ctx.registerService(Authenticator.class, new TokenValidator(TOKEN), (Dictionary) null);
        this.ctx.registerService(Authenticator.class, new BasicValidator(USER, CREDENTIAL), (Dictionary) null);
        Thread.sleep(500L);
        HttpResponse<?> queryStatus = this.utils.queryStatus(join);
        Assertions.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), queryStatus.statusCode());
        Assertions.assertEquals("Bearer realm=test, Basic realm=test2", queryStatus.headers().firstValue("WWW-Authenticate").get());
        TypedResponse<?> typedResponse = (TypedResponse) this.utils.queryJson(join, TypedResponse.class, Map.of("Authorization", str));
        this.utils.assertResultSuccess(typedResponse, EResultType.GET_RESPONSE, PROVIDER, SERVICE, RESOURCE);
        ResponseGetDTO responseGetDTO = (ResponseGetDTO) this.utils.convert(typedResponse, ResponseGetDTO.class);
        Assertions.assertEquals(RESOURCE, responseGetDTO.name);
        Assertions.assertEquals(VALUE, responseGetDTO.value);
        Assertions.assertEquals(makeDto.type.getName(), responseGetDTO.type);
        Assertions.assertFalse(Instant.ofEpochMilli(responseGetDTO.timestamp).isBefore(truncatedTo), "Timestamp wasn't updated");
    }
}
