package com.atlassian.crowd.acceptance.tests.rest.service;

import com.atlassian.crowd.acceptance.rest.RestServer;
import com.atlassian.crowd.model.permission.UserPermission;
import com.atlassian.crowd.plugin.rest.entity.GroupEntity;
import com.google.common.base.Function;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterables;
import com.sun.jersey.api.client.WebResource;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.http.HttpEntity;
import org.apache.http.HttpHost;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.cache.HttpCacheContext;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.BasicAuthCache;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.hamcrest.Matchers;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.junit.Assert;

/* loaded from: input_file:com/atlassian/crowd/acceptance/tests/rest/service/UserPermissionAdminResourceTest.class */
public class UserPermissionAdminResourceTest extends RestCrowdServiceAcceptanceTestCase {
    protected static final String ANIMALS = "animals";
    protected static final String BADGERS = "badgers";
    protected static final String BIRDS = "birds";
    protected static final String CATS = "cats";
    protected static final String CROWD_ADMINS = "crowd-administrators";
    protected static final String CROWD_TESTERS = "crowd-testers";
    protected static final String CROWD_USERS = "crowd-users";
    protected static final String DOGS = "dogs";
    protected static final Long DIRECTORY1_ID = 2L;
    protected static final Long DIRECTORY2_ID = 1L;
    protected static final String DIRECTORY1_NAME = "Directory One";
    protected static final String DIRECTORY2_NAME = "Directory Two";
    public static final String ANON_PERMISSION_DENIED = "You must log in again in order to perform this action.";
    public static final String USER_PERMISSION_DENIED = "You have insufficient permissions to view permitted groups.";
    public static final String ADMIN_USER = "admin";
    public static final String ADMIN_PW = "admin";
    public static final String USERNAME_PARAM = "username";

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/atlassian/crowd/acceptance/tests/rest/service/UserPermissionAdminResourceTest$GroupData.class */
    public class GroupData {
        final UserPermission userPermission;
        final String groupName;
        final Long directoryId;
        final String directoryName;

        public GroupData(UserPermission userPermission, String str, Long l, String str2) {
            this.userPermission = userPermission;
            this.groupName = str;
            this.directoryId = l;
            this.directoryName = str2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/crowd/acceptance/tests/rest/service/UserPermissionAdminResourceTest$Method.class */
    public enum Method {
        GET { // from class: com.atlassian.crowd.acceptance.tests.rest.service.UserPermissionAdminResourceTest.Method.1
            @Override // com.atlassian.crowd.acceptance.tests.rest.service.UserPermissionAdminResourceTest.Method
            public HttpUriRequest build(URI uri, HttpEntity httpEntity) {
                return new HttpGet(uri);
            }
        },
        PUT { // from class: com.atlassian.crowd.acceptance.tests.rest.service.UserPermissionAdminResourceTest.Method.2
            @Override // com.atlassian.crowd.acceptance.tests.rest.service.UserPermissionAdminResourceTest.Method
            public HttpUriRequest build(URI uri, HttpEntity httpEntity) {
                HttpPut httpPut = new HttpPut(uri);
                if (httpEntity != null) {
                    httpPut.setEntity(httpEntity);
                }
                return httpPut;
            }
        },
        POST { // from class: com.atlassian.crowd.acceptance.tests.rest.service.UserPermissionAdminResourceTest.Method.3
            @Override // com.atlassian.crowd.acceptance.tests.rest.service.UserPermissionAdminResourceTest.Method
            public HttpUriRequest build(URI uri, HttpEntity httpEntity) {
                HttpPost httpPost = new HttpPost(uri);
                if (httpEntity != null) {
                    httpPost.setEntity(httpEntity);
                }
                return httpPost;
            }
        };

        public abstract HttpUriRequest build(URI uri, HttpEntity httpEntity);
    }

    public UserPermissionAdminResourceTest(String str) {
        super(str);
    }

    public UserPermissionAdminResourceTest(String str, RestServer restServer) {
        super(str, restServer);
    }

    public void testAnonCanNotListPermissions() throws Exception {
        assertPermissionDenied(ANON_PERMISSION_DENIED, callRestEndpoint(Method.GET, "", null, null, null));
    }

    public void testAnonCanNotGrantPermissions() throws Exception {
        assertPermissionDenied(ANON_PERMISSION_DENIED, callRestEndpoint(Method.PUT, "", ImmutableMap.of("permission", UserPermission.SYS_ADMIN.name()), buildGroups(buildGroup(CROWD_ADMINS, DIRECTORY1_ID)), null));
    }

    public void testAnonCanNotRevokePermissions() throws Exception {
        assertPermissionDenied(ANON_PERMISSION_DENIED, callRestEndpoint(Method.POST, "/revoke", null, buildGroup(CROWD_ADMINS, DIRECTORY1_ID), null));
    }

    public void testAnonCanNotListGroups() throws Exception {
        assertPermissionDenied(ANON_PERMISSION_DENIED, callRestEndpoint(Method.GET, "/groups", null, null, null));
    }

    public void testCannotRevokeOwnRights() throws Exception {
        assertPermissionDenied("You cannot revoke the permission of group crowd-administrators as it would downgrade your own permissions.", callRestEndpoint(Method.POST, "/revoke", null, new JSONObject("{'group-name':'crowd-administrators','directory-id':" + DIRECTORY1_ID + "}"), new UsernamePasswordCredentials("admin", "admin")));
    }

    public void testListPermissions() throws Exception {
        Pair<Integer, JSONObject> callRestEndpoint = callRestEndpoint(Method.GET, "", null, null, new UsernamePasswordCredentials("admin", "admin"));
        assertEquals(200, ((Integer) callRestEndpoint.getLeft()).intValue());
        JSONObject jSONObject = (JSONObject) callRestEndpoint.getRight();
        Assert.assertThat(getKeysAsList(jSONObject), Matchers.hasItems(new String[]{"last-page", "limit", "results", "size", "start"}));
        List<GroupData> expectedGroupsForTestListPermissions = expectedGroupsForTestListPermissions();
        assertTrue(jSONObject.getBoolean("last-page"));
        assertEquals(0, jSONObject.getInt("limit"));
        assertEquals(expectedGroupsForTestListPermissions.size(), jSONObject.getInt("size"));
        assertEquals(0, jSONObject.getInt("start"));
        assertPermittedGroups(jSONObject.getJSONArray("results"), expectedGroupsForTestListPermissions);
    }

    protected List<GroupData> expectedGroupsForTestListPermissions() {
        return ImmutableList.of(new GroupData(UserPermission.SYS_ADMIN, CROWD_ADMINS, DIRECTORY1_ID, DIRECTORY1_NAME));
    }

    public void testListGroups() throws Exception {
        Pair<Integer, JSONObject> callRestEndpoint = callRestEndpoint(Method.GET, "/groups", null, null, new UsernamePasswordCredentials("admin", "admin"));
        assertEquals(200, ((Integer) callRestEndpoint.getLeft()).intValue());
        JSONObject jSONObject = (JSONObject) callRestEndpoint.getRight();
        List<GroupData> expectedGroupsForTestListGroups = expectedGroupsForTestListGroups();
        JSONArray jSONArray = jSONObject.getJSONArray("results");
        assertEquals(expectedGroupsForTestListGroups.size(), jSONArray.length());
        assertTrue(jSONObject.getBoolean("last-page"));
        assertGroups(jSONArray, expectedGroupsForTestListGroups);
    }

    protected List<GroupData> expectedGroupsForTestListGroups() {
        return ImmutableList.of(new GroupData(null, ANIMALS, DIRECTORY2_ID, DIRECTORY2_NAME), new GroupData(null, BADGERS, DIRECTORY1_ID, DIRECTORY1_NAME), new GroupData(null, BIRDS, DIRECTORY2_ID, DIRECTORY2_NAME), new GroupData(null, CATS, DIRECTORY2_ID, DIRECTORY2_NAME), new GroupData(null, CROWD_ADMINS, DIRECTORY1_ID, DIRECTORY1_NAME), new GroupData(null, CROWD_TESTERS, DIRECTORY1_ID, DIRECTORY1_NAME), new GroupData(null, CROWD_USERS, DIRECTORY1_ID, DIRECTORY1_NAME), new GroupData(null, DOGS, DIRECTORY2_ID, DIRECTORY2_NAME));
    }

    public void testListGroupsWithParams() throws Exception {
        Pair<Integer, JSONObject> callRestEndpoint = callRestEndpoint(Method.GET, "/groups", ImmutableMap.of("prefix", "cr", "limit", "5", "start", AliasResourceTest.MISSING_APPLICATION_ID), null, new UsernamePasswordCredentials("admin", "admin"));
        assertEquals(200, ((Integer) callRestEndpoint.getLeft()).intValue());
        JSONObject jSONObject = (JSONObject) callRestEndpoint.getRight();
        assertTrue(jSONObject.getBoolean("last-page"));
        assertEquals(5, jSONObject.getInt("limit"));
        assertEquals(3, jSONObject.getInt("size"));
        assertEquals(0, jSONObject.getInt("start"));
        JSONArray jSONArray = jSONObject.getJSONArray("results");
        assertEquals(3, jSONArray.length());
        assertGroup(jSONArray.getJSONObject(0), CROWD_ADMINS, DIRECTORY1_ID, DIRECTORY1_NAME);
        assertGroup(jSONArray.getJSONObject(1), CROWD_TESTERS, DIRECTORY1_ID, DIRECTORY1_NAME);
        assertGroup(jSONArray.getJSONObject(2), CROWD_USERS, DIRECTORY1_ID, DIRECTORY1_NAME);
        Pair<Integer, JSONObject> callRestEndpoint2 = callRestEndpoint(Method.GET, "/groups", ImmutableMap.of("prefix", "c", "limit", "1", "start", AliasResourceTest.MISSING_APPLICATION_ID), null, new UsernamePasswordCredentials("admin", "admin"));
        assertEquals(200, ((Integer) callRestEndpoint2.getLeft()).intValue());
        JSONObject jSONObject2 = (JSONObject) callRestEndpoint2.getRight();
        assertFalse(jSONObject2.getBoolean("last-page"));
        assertEquals(1, jSONObject2.getInt("limit"));
        assertEquals(1, jSONObject2.getInt("size"));
        assertEquals(0, jSONObject2.getInt("start"));
        JSONArray jSONArray2 = jSONObject2.getJSONArray("results");
        assertEquals(1, jSONArray2.length());
        assertGroup(jSONArray2.getJSONObject(0), CATS, DIRECTORY2_ID, DIRECTORY2_NAME);
    }

    public void testRevokePermissions() throws Exception {
        testGrantPermissions();
        Pair<Integer, JSONObject> callRestEndpoint = callRestEndpoint(Method.POST, "/revoke", null, buildGroup(DOGS, DIRECTORY2_ID), new UsernamePasswordCredentials("admin", "admin"));
        assertEquals(204, ((Integer) callRestEndpoint.getLeft()).intValue());
        assertNull((JSONObject) callRestEndpoint.getRight());
        Pair<Integer, JSONObject> callRestEndpoint2 = callRestEndpoint(Method.GET, "", ImmutableMap.of("permission", UserPermission.SYS_ADMIN.name()), null, new UsernamePasswordCredentials("admin", "admin"));
        assertEquals(200, ((Integer) callRestEndpoint2.getLeft()).intValue());
        JSONObject jSONObject = (JSONObject) callRestEndpoint2.getRight();
        List<GroupData> expectedGroupsForTestRevokePermissions = expectedGroupsForTestRevokePermissions();
        assertTrue(jSONObject.getBoolean("last-page"));
        assertEquals(0, jSONObject.getInt("limit"));
        assertEquals(expectedGroupsForTestRevokePermissions.size(), jSONObject.getInt("size"));
        assertEquals(0, jSONObject.getInt("start"));
        JSONArray jSONArray = jSONObject.getJSONArray("results");
        assertEquals(expectedGroupsForTestRevokePermissions.size(), jSONArray.length());
        assertPermittedGroups(jSONArray, expectedGroupsForTestRevokePermissions());
        assertPermissionDenied(USER_PERMISSION_DENIED, callRestEndpoint(Method.GET, "", ImmutableMap.of("permission", UserPermission.SYS_ADMIN.name()), null, new UsernamePasswordCredentials("regularuser", "regularuser")));
    }

    protected List<GroupData> expectedGroupsForTestRevokePermissions() {
        return ImmutableList.of(new GroupData(UserPermission.SYS_ADMIN, CROWD_ADMINS, DIRECTORY1_ID, DIRECTORY1_NAME));
    }

    public void testGrantPermissions() throws Exception {
        intendToModifyData();
        addUserToGroup("regularuser", DOGS);
        assertPermissionDenied(USER_PERMISSION_DENIED, callRestEndpoint(Method.GET, "", null, null, new UsernamePasswordCredentials("regularuser", "regularuser")));
        Pair<Integer, JSONObject> callRestEndpoint = callRestEndpoint(Method.PUT, "", ImmutableMap.of("permission", UserPermission.ADMIN.name()), buildGroups(buildGroup(DOGS, DIRECTORY2_ID)), new UsernamePasswordCredentials("admin", "admin"));
        assertEquals(204, ((Integer) callRestEndpoint.getLeft()).intValue());
        assertNull((JSONObject) callRestEndpoint.getRight());
        Pair<Integer, JSONObject> callRestEndpoint2 = callRestEndpoint(Method.GET, "", null, null, new UsernamePasswordCredentials("regularuser", "regularuser"));
        assertEquals(200, ((Integer) callRestEndpoint2.getLeft()).intValue());
        JSONObject jSONObject = (JSONObject) callRestEndpoint2.getRight();
        List<GroupData> expectedGroupsForTestGrantPermissions = expectedGroupsForTestGrantPermissions();
        assertTrue(jSONObject.getBoolean("last-page"));
        assertEquals(0, jSONObject.getInt("limit"));
        assertEquals(expectedGroupsForTestGrantPermissions.size(), jSONObject.getInt("size"));
        assertEquals(0, jSONObject.getInt("start"));
        assertPermittedGroups(jSONObject.getJSONArray("results"), expectedGroupsForTestGrantPermissions);
    }

    protected List<GroupData> expectedGroupsForTestGrantPermissions() {
        return ImmutableList.of(new GroupData(UserPermission.SYS_ADMIN, CROWD_ADMINS, DIRECTORY1_ID, DIRECTORY1_NAME), new GroupData(UserPermission.ADMIN, DOGS, DIRECTORY2_ID, DIRECTORY2_NAME));
    }

    private void addUserToGroup(String str, String str2) {
        intendToModifyData();
        WebResource webResource = getWebResource("crowd", "qybhDMZh", getBaseUriBuilder().path("user").path("group").path("direct").queryParam(USERNAME_PARAM, new Object[]{"{username}"}).queryParam("groupname", new Object[]{"{groupname}"}).build(new Object[]{str, str2}));
        getWebResource("crowd", "qybhDMZh", getBaseUriBuilder().path("user").path("group").path("direct").queryParam(USERNAME_PARAM, new Object[]{"{username}"}).build(new Object[]{str})).entity(GroupEntity.newMinimalGroupEntity(str2, "crowd", URI.create("random")), MT).post();
        assertEquals(str2, ((GroupEntity) webResource.get(GroupEntity.class)).getName());
    }

    private static void assertGroup(JSONObject jSONObject, String str, Long l, String str2) throws JSONException {
        Assert.assertThat(getKeysAsList(jSONObject), Matchers.hasItems(new String[]{"directory-id", "directory-name", "group-name"}));
        assertEquals(str2, jSONObject.getString("directory-name"));
        assertEquals(l, Long.valueOf(jSONObject.getLong("directory-id")));
        assertEquals(str, jSONObject.getString("group-name"));
    }

    private static void assertGroups(JSONArray jSONArray, List<GroupData> list) throws JSONException {
        assertEquals(list.size(), jSONArray.length());
        int i = 0;
        for (GroupData groupData : list) {
            assertGroup(jSONArray.getJSONObject(i), groupData.groupName, groupData.directoryId, groupData.directoryName);
            i++;
        }
    }

    private static void assertPermittedGroup(JSONObject jSONObject, UserPermission userPermission, String str, Long l, String str2) throws JSONException {
        Assert.assertThat(getKeysAsList(jSONObject), Matchers.hasItems(new String[]{"directory-id", "directory-name", "group-name", "permission"}));
        assertEquals(str2, jSONObject.getString("directory-name"));
        assertEquals(l, Long.valueOf(jSONObject.getLong("directory-id")));
        assertEquals(str, jSONObject.getString("group-name"));
        assertEquals(userPermission.name(), jSONObject.getString("permission"));
    }

    private static void assertPermittedGroups(JSONArray jSONArray, List<GroupData> list) throws JSONException {
        assertEquals(list.size(), jSONArray.length());
        int i = 0;
        for (GroupData groupData : list) {
            assertPermittedGroup(jSONArray.getJSONObject(i), groupData.userPermission, groupData.groupName, groupData.directoryId, groupData.directoryName);
            i++;
        }
    }

    private static void assertPermissionDenied(String str, Pair<Integer, JSONObject> pair) throws JSONException {
        assertEquals(401, ((Integer) pair.getLeft()).intValue());
        Assert.assertThat(getKeysAsList((JSONObject) pair.getRight()), Matchers.hasItems(new String[]{"message", "reason"}));
        assertEquals(str, ((JSONObject) pair.getRight()).getString("message"));
        assertEquals("PERMISSION_DENIED", ((JSONObject) pair.getRight()).getString("reason"));
    }

    private static List<String> getKeysAsList(JSONObject jSONObject) {
        return ImmutableList.copyOf(jSONObject.keys());
    }

    private static JSONArray buildGroups(JSONObject... jSONObjectArr) throws JSONException {
        return new JSONArray(jSONObjectArr);
    }

    private static JSONObject buildGroup(String str, Long l) throws JSONException {
        return new JSONObject("{'group-name':'" + str + "','directory-id':" + l + "}");
    }

    private Pair<Integer, JSONObject> callRestEndpoint(Method method, String str, Map<String, String> map, Object obj, Credentials credentials) throws IOException, URISyntaxException, JSONException {
        URI uri;
        StringEntity stringEntity = obj == null ? null : new StringEntity(obj.toString(), ContentType.create("application/json"));
        String str2 = getBaseUriBuilder("permissions").build(new Object[0]).toString() + "/admin" + str;
        CloseableHttpClient createDefault = HttpClients.createDefault();
        URI build = getServerUriBuilder().build(new Object[0]);
        HttpCacheContext create = HttpCacheContext.create();
        if (credentials != null) {
            HttpHost httpHost = new HttpHost(build.getHost(), build.getPort());
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            basicCredentialsProvider.setCredentials(new AuthScope(httpHost), credentials);
            create.setCredentialsProvider(basicCredentialsProvider);
            BasicAuthCache basicAuthCache = new BasicAuthCache();
            basicAuthCache.put(httpHost, new BasicScheme());
            create.setAuthCache(basicAuthCache);
        }
        if (map != null) {
            URIBuilder uRIBuilder = new URIBuilder(str2);
            uRIBuilder.addParameters(ImmutableList.copyOf(Iterables.transform(map.entrySet(), new Function<Map.Entry<String, String>, NameValuePair>() { // from class: com.atlassian.crowd.acceptance.tests.rest.service.UserPermissionAdminResourceTest.1
                public NameValuePair apply(Map.Entry<String, String> entry) {
                    return new BasicNameValuePair(entry.getKey(), entry.getValue());
                }
            })));
            uri = uRIBuilder.build();
        } else {
            uri = new URI(str2);
        }
        HttpUriRequest build2 = method.build(uri, stringEntity);
        if (stringEntity != null) {
            build2.addHeader("Content-Type", "application/json");
        }
        build2.addHeader("Accept", "application/json");
        HttpResponse execute = createDefault.execute(build2, create);
        HttpEntity entity = execute.getEntity();
        if (entity != null) {
            Assert.assertThat(execute.getFirstHeader("Content-Type").getValue(), Matchers.containsString("application/json"));
        }
        return Pair.of(Integer.valueOf(execute.getStatusLine().getStatusCode()), entity == null ? null : new JSONObject(EntityUtils.toString(entity)));
    }
}
