package com.atlassian.crowd.acceptance.tests.rest.service;

import com.atlassian.crowd.acceptance.rest.RestServer;
import com.atlassian.crowd.model.permission.UserPermission;
import com.atlassian.crowd.plugin.rest.entity.GroupEntity;
import com.google.common.base.Function;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterables;
import com.sun.jersey.api.client.WebResource;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.List;
import java.util.Map;
import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.PutMethod;
import org.apache.commons.httpclient.methods.RequestEntity;
import org.apache.commons.httpclient.methods.StringRequestEntity;
import org.apache.commons.lang3.tuple.Pair;
import org.hamcrest.Matchers;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.junit.Assert;

/* loaded from: input_file:com/atlassian/crowd/acceptance/tests/rest/service/UserPermissionAdminResourceTest.class */
public class UserPermissionAdminResourceTest extends RestCrowdServiceAcceptanceTestCase {
    private static final String ANIMALS = "animals";
    private static final String BADGERS = "badgers";
    private static final String BIRDS = "birds";
    private static final String CATS = "cats";
    private static final String CROWD_ADMINS = "crowd-administrators";
    private static final String CROWD_TESTERS = "crowd-testers";
    private static final String CROWD_USERS = "crowd-users";
    private static final String DOGS = "dogs";
    private static final Long DIRECTORY1_ID = 2L;
    private static final Long DIRECTORY2_ID = 1L;
    private static final String DIRECTORY1_NAME = "Directory One";
    private static final String DIRECTORY2_NAME = "Directory Two";
    public static final String ANON_PERMISSION_DENIED = "The anonymous user does not have permission to access this resource. Admin is required.";
    public static final String USER_PERMISSION_DENIED = "'regularuser' does not have permission to access this resource. Admin is required.";
    public static final String ADMIN_USER = "admin";
    public static final String ADMIN_PW = "admin";
    public static final String USERNAME_PARAM = "username";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/crowd/acceptance/tests/rest/service/UserPermissionAdminResourceTest$Method.class */
    public enum Method {
        GET { // from class: com.atlassian.crowd.acceptance.tests.rest.service.UserPermissionAdminResourceTest.Method.1
            @Override // com.atlassian.crowd.acceptance.tests.rest.service.UserPermissionAdminResourceTest.Method
            public HttpMethod build(String str, RequestEntity requestEntity) {
                return new GetMethod(str);
            }
        },
        PUT { // from class: com.atlassian.crowd.acceptance.tests.rest.service.UserPermissionAdminResourceTest.Method.2
            @Override // com.atlassian.crowd.acceptance.tests.rest.service.UserPermissionAdminResourceTest.Method
            public HttpMethod build(String str, RequestEntity requestEntity) {
                PutMethod putMethod = new PutMethod(str);
                if (requestEntity != null) {
                    putMethod.setRequestEntity(requestEntity);
                }
                return putMethod;
            }
        },
        POST { // from class: com.atlassian.crowd.acceptance.tests.rest.service.UserPermissionAdminResourceTest.Method.3
            @Override // com.atlassian.crowd.acceptance.tests.rest.service.UserPermissionAdminResourceTest.Method
            public HttpMethod build(String str, RequestEntity requestEntity) {
                PostMethod postMethod = new PostMethod(str);
                if (requestEntity != null) {
                    postMethod.setRequestEntity(requestEntity);
                }
                return postMethod;
            }
        };

        public abstract HttpMethod build(String str, RequestEntity requestEntity);
    }

    public UserPermissionAdminResourceTest(String str) {
        super(str);
    }

    public UserPermissionAdminResourceTest(String str, RestServer restServer) {
        super(str, restServer);
    }

    public void testAnonCanNotListPermissions() throws Exception {
        assertPermissionDenied(ANON_PERMISSION_DENIED, callRestEndpoint(Method.GET, "", null, null, null));
    }

    public void testAnonCanNotGrantPermissions() throws Exception {
        assertPermissionDenied(ANON_PERMISSION_DENIED, callRestEndpoint(Method.PUT, "", ImmutableMap.of("permission", UserPermission.SYS_ADMIN.name()), buildGroups(buildGroup(CROWD_ADMINS, DIRECTORY1_ID)), null));
    }

    public void testAnonCanNotRevokePermissions() throws Exception {
        assertPermissionDenied(ANON_PERMISSION_DENIED, callRestEndpoint(Method.POST, "/revoke", null, buildGroup(CROWD_ADMINS, DIRECTORY1_ID), null));
    }

    public void testAnonCanNotListGroups() throws Exception {
        assertPermissionDenied(ANON_PERMISSION_DENIED, callRestEndpoint(Method.GET, "/groups", null, null, null));
    }

    public void testCannotRevokeOwnRights() throws Exception {
        assertPermissionDenied("You cannot revoke the permission of group crowd-administrators as it would downgrade your own permissions.", callRestEndpoint(Method.POST, "/revoke", null, new JSONObject("{'group-name':'crowd-administrators','directory-id':" + DIRECTORY1_ID + "}"), new UsernamePasswordCredentials("admin", "admin")));
    }

    public void testListPermissions() throws Exception {
        Pair<Integer, JSONObject> callRestEndpoint = callRestEndpoint(Method.GET, "", null, null, new UsernamePasswordCredentials("admin", "admin"));
        assertEquals(200, ((Integer) callRestEndpoint.getLeft()).intValue());
        JSONObject jSONObject = (JSONObject) callRestEndpoint.getRight();
        Assert.assertThat(getKeysAsList(jSONObject), Matchers.hasItems(new String[]{"last-page", "limit", "results", "size", "start"}));
        assertTrue(jSONObject.getBoolean("last-page"));
        assertEquals(0, jSONObject.getInt("limit"));
        assertEquals(1, jSONObject.getInt("size"));
        assertEquals(0, jSONObject.getInt("start"));
        JSONArray jSONArray = jSONObject.getJSONArray("results");
        assertEquals(1, jSONArray.length());
        assertPermittedGroup(jSONArray.getJSONObject(0), UserPermission.SYS_ADMIN, CROWD_ADMINS, DIRECTORY1_ID, DIRECTORY1_NAME);
    }

    public void testListGroups() throws Exception {
        Pair<Integer, JSONObject> callRestEndpoint = callRestEndpoint(Method.GET, "/groups", null, null, new UsernamePasswordCredentials("admin", "admin"));
        assertEquals(200, ((Integer) callRestEndpoint.getLeft()).intValue());
        JSONObject jSONObject = (JSONObject) callRestEndpoint.getRight();
        JSONArray jSONArray = jSONObject.getJSONArray("results");
        assertEquals(8, jSONArray.length());
        assertTrue(jSONObject.getBoolean("last-page"));
        assertGroup(jSONArray.getJSONObject(0), ANIMALS, DIRECTORY2_ID, DIRECTORY2_NAME);
        assertGroup(jSONArray.getJSONObject(1), BADGERS, DIRECTORY1_ID, DIRECTORY1_NAME);
        assertGroup(jSONArray.getJSONObject(2), BIRDS, DIRECTORY2_ID, DIRECTORY2_NAME);
        assertGroup(jSONArray.getJSONObject(3), CATS, DIRECTORY2_ID, DIRECTORY2_NAME);
        assertGroup(jSONArray.getJSONObject(4), CROWD_ADMINS, DIRECTORY1_ID, DIRECTORY1_NAME);
        assertGroup(jSONArray.getJSONObject(5), CROWD_TESTERS, DIRECTORY1_ID, DIRECTORY1_NAME);
        assertGroup(jSONArray.getJSONObject(6), CROWD_USERS, DIRECTORY1_ID, DIRECTORY1_NAME);
        assertGroup(jSONArray.getJSONObject(7), DOGS, DIRECTORY2_ID, DIRECTORY2_NAME);
    }

    public void testListGroupsWithParams() throws Exception {
        Pair<Integer, JSONObject> callRestEndpoint = callRestEndpoint(Method.GET, "/groups", ImmutableMap.of("prefix", "c", "limit", "5", "start", "1"), null, new UsernamePasswordCredentials("admin", "admin"));
        assertEquals(200, ((Integer) callRestEndpoint.getLeft()).intValue());
        JSONObject jSONObject = (JSONObject) callRestEndpoint.getRight();
        assertTrue(jSONObject.getBoolean("last-page"));
        assertEquals(5, jSONObject.getInt("limit"));
        assertEquals(3, jSONObject.getInt("size"));
        assertEquals(1, jSONObject.getInt("start"));
        JSONArray jSONArray = jSONObject.getJSONArray("results");
        assertEquals(3, jSONArray.length());
        assertGroup(jSONArray.getJSONObject(0), CROWD_ADMINS, DIRECTORY1_ID, DIRECTORY1_NAME);
        assertGroup(jSONArray.getJSONObject(1), CROWD_TESTERS, DIRECTORY1_ID, DIRECTORY1_NAME);
        assertGroup(jSONArray.getJSONObject(2), CROWD_USERS, DIRECTORY1_ID, DIRECTORY1_NAME);
        Pair<Integer, JSONObject> callRestEndpoint2 = callRestEndpoint(Method.GET, "/groups", ImmutableMap.of("prefix", "c", "limit", "1", "start", AliasResourceTest.MISSING_APPLICATION_ID), null, new UsernamePasswordCredentials("admin", "admin"));
        assertEquals(200, ((Integer) callRestEndpoint2.getLeft()).intValue());
        JSONObject jSONObject2 = (JSONObject) callRestEndpoint2.getRight();
        assertFalse(jSONObject2.getBoolean("last-page"));
        assertEquals(1, jSONObject2.getInt("limit"));
        assertEquals(1, jSONObject2.getInt("size"));
        assertEquals(0, jSONObject2.getInt("start"));
        JSONArray jSONArray2 = jSONObject2.getJSONArray("results");
        assertEquals(1, jSONArray2.length());
        assertGroup(jSONArray2.getJSONObject(0), CATS, DIRECTORY2_ID, DIRECTORY2_NAME);
    }

    public void testRevokePermissions() throws Exception {
        testGrantPermissions();
        Pair<Integer, JSONObject> callRestEndpoint = callRestEndpoint(Method.POST, "/revoke", null, buildGroup(DOGS, DIRECTORY2_ID), new UsernamePasswordCredentials("admin", "admin"));
        assertEquals(204, ((Integer) callRestEndpoint.getLeft()).intValue());
        assertNull((JSONObject) callRestEndpoint.getRight());
        Pair<Integer, JSONObject> callRestEndpoint2 = callRestEndpoint(Method.GET, "", ImmutableMap.of("permission", UserPermission.SYS_ADMIN.name()), null, new UsernamePasswordCredentials("admin", "admin"));
        assertEquals(200, ((Integer) callRestEndpoint2.getLeft()).intValue());
        JSONObject jSONObject = (JSONObject) callRestEndpoint2.getRight();
        assertTrue(jSONObject.getBoolean("last-page"));
        assertEquals(0, jSONObject.getInt("limit"));
        assertEquals(1, jSONObject.getInt("size"));
        assertEquals(0, jSONObject.getInt("start"));
        JSONArray jSONArray = jSONObject.getJSONArray("results");
        assertEquals(1, jSONArray.length());
        assertPermittedGroup(jSONArray.getJSONObject(0), UserPermission.SYS_ADMIN, CROWD_ADMINS, DIRECTORY1_ID, DIRECTORY1_NAME);
        assertPermissionDenied(USER_PERMISSION_DENIED, callRestEndpoint(Method.GET, "", ImmutableMap.of("permission", UserPermission.SYS_ADMIN.name()), null, new UsernamePasswordCredentials("regularuser", "regularuser")));
    }

    public void testGrantPermissions() throws Exception {
        intendToModifyData();
        addUserToGroup("regularuser", DOGS);
        assertPermissionDenied(USER_PERMISSION_DENIED, callRestEndpoint(Method.GET, "", null, null, new UsernamePasswordCredentials("regularuser", "regularuser")));
        Pair<Integer, JSONObject> callRestEndpoint = callRestEndpoint(Method.PUT, "", ImmutableMap.of("permission", UserPermission.ADMIN.name()), buildGroups(buildGroup(DOGS, DIRECTORY2_ID)), new UsernamePasswordCredentials("admin", "admin"));
        assertEquals(204, ((Integer) callRestEndpoint.getLeft()).intValue());
        assertNull((JSONObject) callRestEndpoint.getRight());
        Pair<Integer, JSONObject> callRestEndpoint2 = callRestEndpoint(Method.GET, "", null, null, new UsernamePasswordCredentials("regularuser", "regularuser"));
        assertEquals(200, ((Integer) callRestEndpoint2.getLeft()).intValue());
        JSONObject jSONObject = (JSONObject) callRestEndpoint2.getRight();
        assertTrue(jSONObject.getBoolean("last-page"));
        assertEquals(0, jSONObject.getInt("limit"));
        assertEquals(2, jSONObject.getInt("size"));
        assertEquals(0, jSONObject.getInt("start"));
        JSONArray jSONArray = jSONObject.getJSONArray("results");
        assertEquals(2, jSONArray.length());
        assertPermittedGroup(jSONArray.getJSONObject(0), UserPermission.SYS_ADMIN, CROWD_ADMINS, DIRECTORY1_ID, DIRECTORY1_NAME);
        assertPermittedGroup(jSONArray.getJSONObject(1), UserPermission.ADMIN, DOGS, DIRECTORY2_ID, DIRECTORY2_NAME);
    }

    private void addUserToGroup(String str, String str2) {
        intendToModifyData();
        WebResource webResource = getWebResource("crowd", "qybhDMZh", getBaseUriBuilder().path("user").path("group").path("direct").queryParam(USERNAME_PARAM, new Object[]{"{username}"}).queryParam("groupname", new Object[]{"{groupname}"}).build(new Object[]{str, str2}));
        getWebResource("crowd", "qybhDMZh", getBaseUriBuilder().path("user").path("group").path("direct").queryParam(USERNAME_PARAM, new Object[]{"{username}"}).build(new Object[]{str})).entity(GroupEntity.newMinimalGroupEntity(str2, "crowd", URI.create("random")), MT).post();
        assertEquals(str2, ((GroupEntity) webResource.get(GroupEntity.class)).getName());
    }

    private void assertGroup(JSONObject jSONObject, String str, Long l, String str2) throws JSONException {
        Assert.assertThat(getKeysAsList(jSONObject), Matchers.hasItems(new String[]{"directory-id", "directory-name", "group-name"}));
        assertEquals(str2, jSONObject.getString("directory-name"));
        assertEquals(l, Long.valueOf(jSONObject.getLong("directory-id")));
        assertEquals(str, jSONObject.getString("group-name"));
    }

    private void assertPermittedGroup(JSONObject jSONObject, UserPermission userPermission, String str, Long l, String str2) throws JSONException {
        Assert.assertThat(getKeysAsList(jSONObject), Matchers.hasItems(new String[]{"directory-id", "directory-name", "group-name", "permission"}));
        assertEquals(str2, jSONObject.getString("directory-name"));
        assertEquals(l, Long.valueOf(jSONObject.getLong("directory-id")));
        assertEquals(str, jSONObject.getString("group-name"));
        assertEquals(userPermission.name(), jSONObject.getString("permission"));
    }

    private void assertPermissionDenied(String str, Pair<Integer, JSONObject> pair) throws JSONException {
        assertEquals(401, ((Integer) pair.getLeft()).intValue());
        Assert.assertThat(getKeysAsList((JSONObject) pair.getRight()), Matchers.hasItems(new String[]{"message", "reason"}));
        assertEquals(str, ((JSONObject) pair.getRight()).getString("message"));
        assertEquals("PERMISSION_DENIED", ((JSONObject) pair.getRight()).getString("reason"));
    }

    private static List<String> getKeysAsList(JSONObject jSONObject) {
        return ImmutableList.copyOf(jSONObject.keys());
    }

    private static JSONArray buildGroups(JSONObject... jSONObjectArr) throws JSONException {
        return new JSONArray(jSONObjectArr);
    }

    private static JSONObject buildGroup(String str, Long l) throws JSONException {
        return new JSONObject("{'group-name':'" + str + "','directory-id':" + l + "}");
    }

    private Pair<Integer, JSONObject> callRestEndpoint(Method method, String str, Map<String, String> map, Object obj, Credentials credentials) throws IOException, URISyntaxException, JSONException {
        StringRequestEntity stringRequestEntity = obj == null ? null : new StringRequestEntity(obj.toString(), "application/json", "us-ascii");
        String str2 = getBaseUriBuilder("permissions", "1").build(new Object[0]).toString() + "/admin" + str;
        HttpClient httpClient = new HttpClient();
        httpClient.getParams().setAuthenticationPreemptive(true);
        URI build = getServerUriBuilder().build(new Object[0]);
        if (credentials != null) {
            httpClient.getState().setCredentials(new AuthScope(build.getHost(), build.getPort(), AuthScope.ANY_REALM), credentials);
        }
        HttpMethod build2 = method.build(str2, stringRequestEntity);
        build2.addRequestHeader("content-type", "application/json");
        if (map != null) {
            build2.setQueryString((NameValuePair[]) Iterables.toArray(Iterables.transform(map.entrySet(), new Function<Map.Entry<String, String>, NameValuePair>() { // from class: com.atlassian.crowd.acceptance.tests.rest.service.UserPermissionAdminResourceTest.1
                public NameValuePair apply(Map.Entry<String, String> entry) {
                    return new NameValuePair(entry.getKey(), entry.getValue());
                }
            }), NameValuePair.class));
        }
        httpClient.executeMethod(build2);
        String responseBodyAsString = build2.getResponseBodyAsString();
        return Pair.of(Integer.valueOf(build2.getStatusCode()), responseBodyAsString == null ? null : new JSONObject(responseBodyAsString));
    }
}
