package org.springframework.cloud.skipper.server.local.security;

import org.hamcrest.Matchers;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.rules.RuleChain;
import org.junit.rules.TestRule;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.result.MockMvcResultHandlers;
import org.springframework.test.web.servlet.result.MockMvcResultMatchers;

/* loaded from: input_file:org/springframework/cloud/skipper/server/local/security/LocalServerSecurityWithOAuth2Tests.class */
public class LocalServerSecurityWithOAuth2Tests {
    private static final OAuth2ServerResource oAuth2ServerResource = new OAuth2ServerResource();
    private static final LocalSkipperResource localSkipperResource = new LocalSkipperResource(new String[]{"classpath:/", "classpath:/org/springframework/cloud/skipper/server/local/security/"}, new String[]{"application", "oauthConfig"});

    @ClassRule
    public static TestRule springSkipperAndOauthServer = RuleChain.outerRule(oAuth2ServerResource).around(localSkipperResource);

    @Test
    public void testAccessRootUrlWithoutCredentials() throws Exception {
        localSkipperResource.getMockMvc().perform(MockMvcRequestBuilders.get("/", new Object[0])).andDo(MockMvcResultHandlers.print()).andExpect(MockMvcResultMatchers.status().isUnauthorized());
    }

    @Test
    public void testAccessApiUrlWithBasicAuthCredentials() throws Exception {
        localSkipperResource.getWebApplicationContext().getEnvironment().getPropertySources();
        localSkipperResource.getMockMvc().perform(MockMvcRequestBuilders.get("/api", new Object[0]).header("Authorization", new Object[]{SecurityTestUtils.basicAuthorizationHeader("user", "secret10")})).andDo(MockMvcResultHandlers.print()).andExpect(MockMvcResultMatchers.status().isOk());
    }

    @Test
    public void testAccessRootUrlWithBasicAuthCredentials() throws Exception {
        localSkipperResource.getWebApplicationContext().getEnvironment().getPropertySources();
        localSkipperResource.getMockMvc().perform(MockMvcRequestBuilders.get("/", new Object[0]).header("Authorization", new Object[]{SecurityTestUtils.basicAuthorizationHeader("user", "secret10")})).andDo(MockMvcResultHandlers.print()).andExpect(MockMvcResultMatchers.status().is3xxRedirection());
    }

    @Test
    public void testAccessRootUrlWithBasicAuthCredentialsWrongPassword() throws Exception {
        localSkipperResource.getMockMvc().perform(MockMvcRequestBuilders.get("/", new Object[0]).header("Authorization", new Object[]{SecurityTestUtils.basicAuthorizationHeader("user", "wrong-password")})).andDo(MockMvcResultHandlers.print()).andExpect(MockMvcResultMatchers.status().isUnauthorized());
    }

    @Test
    public void testThatAccessToActuatorEndpointPromptsSecurity() throws Exception {
        localSkipperResource.getMockMvc().perform(MockMvcRequestBuilders.get("/actuator/env", new Object[0])).andDo(MockMvcResultHandlers.print()).andExpect(MockMvcResultMatchers.status().isUnauthorized());
    }

    @Test
    public void testAccessToActuatorEndpointWithBasicAuthCredentialsWrongPassword() throws Exception {
        localSkipperResource.getMockMvc().perform(MockMvcRequestBuilders.get("/actuator/env", new Object[0]).header("Authorization", new Object[]{SecurityTestUtils.basicAuthorizationHeader("user", "wrong-password")})).andDo(MockMvcResultHandlers.print()).andExpect(MockMvcResultMatchers.status().isUnauthorized());
    }

    @Test
    public void testThatAccessToActuatorEndpointWithBasicAuthCredentialsSucceeds() throws Exception {
        localSkipperResource.getMockMvc().perform(MockMvcRequestBuilders.get("/actuator/env", new Object[0]).header("Authorization", new Object[]{SecurityTestUtils.basicAuthorizationHeader("user", "secret10")})).andDo(MockMvcResultHandlers.print()).andExpect(MockMvcResultMatchers.status().isOk());
    }

    @Test
    public void testThatAccessToActuatorEndpointRootWithBasicAuthCredentialsSucceeds() throws Exception {
        localSkipperResource.getMockMvc().perform(MockMvcRequestBuilders.get("/actuator", new Object[0]).header("Authorization", new Object[]{SecurityTestUtils.basicAuthorizationHeader("user", "secret10")})).andDo(MockMvcResultHandlers.print()).andExpect(MockMvcResultMatchers.status().isOk());
    }

    @Test
    public void testAccessRootUrlWithOAuth2AccessToken() throws Exception {
        ClientCredentialsResourceDetails clientCredentialsResourceDetails = new ClientCredentialsResourceDetails();
        clientCredentialsResourceDetails.setClientId("myclient");
        clientCredentialsResourceDetails.setClientSecret("mysecret");
        clientCredentialsResourceDetails.setGrantType("client_credentials");
        clientCredentialsResourceDetails.setAccessTokenUri("http://localhost:" + oAuth2ServerResource.getOauth2ServerPort() + "/oauth/token");
        localSkipperResource.getMockMvc().perform(MockMvcRequestBuilders.get("/api", new Object[0]).header("Authorization", new Object[]{"bearer " + new OAuth2RestTemplate(clientCredentialsResourceDetails).getAccessToken().getValue()})).andDo(MockMvcResultHandlers.print()).andExpect(MockMvcResultMatchers.status().isOk());
    }

    @Test
    public void testAccessAboutUrlWithOAuth2AccessToken() throws Exception {
        ClientCredentialsResourceDetails clientCredentialsResourceDetails = new ClientCredentialsResourceDetails();
        clientCredentialsResourceDetails.setClientId("myclient");
        clientCredentialsResourceDetails.setClientSecret("mysecret");
        clientCredentialsResourceDetails.setGrantType("client_credentials");
        clientCredentialsResourceDetails.setAccessTokenUri("http://localhost:" + oAuth2ServerResource.getOauth2ServerPort() + "/oauth/token");
        localSkipperResource.getMockMvc().perform(MockMvcRequestBuilders.get("/api/about", new Object[0]).header("Authorization", new Object[]{"bearer " + new OAuth2RestTemplate(clientCredentialsResourceDetails).getAccessToken().getValue()})).andDo(MockMvcResultHandlers.print()).andExpect(MockMvcResultMatchers.status().isOk()).andExpect(MockMvcResultMatchers.jsonPath("$.versionInfo.server.name", Matchers.is("Spring Cloud Skipper Server"))).andExpect(MockMvcResultMatchers.jsonPath("$.versionInfo.server.version", Matchers.notNullValue()));
    }

    @Test
    public void testAccessRootUrlWithWrongOAuth2AccessToken() throws Exception {
        localSkipperResource.getMockMvc().perform(MockMvcRequestBuilders.get("/", new Object[0]).header("Authorization", new Object[]{"bearer 123456"})).andDo(MockMvcResultHandlers.print()).andExpect(MockMvcResultMatchers.status().isUnauthorized());
    }
}
