package io.stargate.it.http;

import com.datastax.oss.driver.api.core.CqlIdentifier;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.stargate.it.BaseOsgiIntegrationTest;
import io.stargate.it.KeycloakContainer;
import io.stargate.it.driver.CqlSessionExtension;
import io.stargate.it.driver.CqlSessionSpec;
import io.stargate.it.driver.TestKeyspace;
import io.stargate.it.storage.StargateConnectionInfo;
import io.stargate.it.storage.StargateParameters;
import io.stargate.it.storage.StargateSpec;
import java.io.IOException;
import java.time.Duration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import org.assertj.core.api.AbstractIntegerAssert;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.InstanceOfAssertFactories;
import org.assertj.core.api.MapAssert;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;

@ExtendWith({CqlSessionExtension.class})
@CqlSessionSpec(initQueries = {"CREATE ROLE IF NOT EXISTS 'web_user' WITH PASSWORD = 'web_user' AND LOGIN = TRUE", "CREATE TABLE \"Books\"(title text PRIMARY KEY, author text)", "CREATE TABLE \"Secret\"(k int PRIMARY KEY)", "GRANT MODIFY ON TABLE \"Books\" TO web_user"})
@StargateSpec(parametersCustomizer = "buildParameters")
/* loaded from: input_file:io/stargate/it/http/GraphqlJWTAuthTest.class */
public class GraphqlJWTAuthTest extends BaseOsgiIntegrationTest {
    private static String authToken;
    private static KeycloakContainer keycloakContainer;
    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
    private String host;

    public static void buildParameters(StargateParameters.Builder builder) throws IOException {
        keycloakContainer = new KeycloakContainer();
        keycloakContainer.initKeycloakContainer();
        builder.enableAuth(true);
        builder.putSystemProperties("stargate.auth_id", "AuthJwtService");
        builder.putSystemProperties("stargate.auth.jwt_provider_url", String.format("%s/auth/realms/stargate/protocol/openid-connect/certs", keycloakContainer.host()));
    }

    @AfterAll
    public static void teardown() {
        keycloakContainer.stop();
    }

    @BeforeEach
    public void setup(StargateConnectionInfo stargateConnectionInfo) throws IOException {
        this.host = "http://" + stargateConnectionInfo.seedAddress();
        authToken = keycloakContainer.generateJWT();
    }

    @DisplayName("Should execute GraphQL mutation when authorized")
    @Test
    public void mutationTest(@TestKeyspace CqlIdentifier cqlIdentifier) {
        Map<String, Object> graphqlData = getGraphqlData(cqlIdentifier, "mutation {\n  insertBooks(value: {title:\"Moby Dick\", author:\"Herman Melville\"}) {\n    value { title }\n  }\n}");
        Assertions.assertThat((Map) graphqlData).isNotNull();
        ((MapAssert) ((MapAssert) Assertions.assertThat(graphqlData.get("insertBooks")).asInstanceOf(InstanceOfAssertFactories.MAP)).extractingByKey("value").asInstanceOf(InstanceOfAssertFactories.MAP)).extractingByKey("title").isEqualTo("Moby Dick");
    }

    @DisplayName("Should execute batch of GraphQL mutations when authorized")
    @Test
    public void batchTest(@TestKeyspace CqlIdentifier cqlIdentifier) {
        Map<String, Object> graphqlData = getGraphqlData(cqlIdentifier, "mutation {\n  moby: insertBooks(value: {title:\"Moby Dick\", author:\"Herman Melville\"}) {\n    value { title }\n  }\n  catch22: insertBooks(value: {title:\"Catch-22\", author:\"Joseph Heller\"}) {\n    value { title }\n  }\n}\n");
        Assertions.assertThat((Map) graphqlData).isNotNull();
        ((MapAssert) ((MapAssert) Assertions.assertThat(graphqlData.get("moby")).asInstanceOf(InstanceOfAssertFactories.MAP)).extractingByKey("value").asInstanceOf(InstanceOfAssertFactories.MAP)).extractingByKey("title").isEqualTo("Moby Dick");
        ((MapAssert) ((MapAssert) Assertions.assertThat(graphqlData.get("catch22")).asInstanceOf(InstanceOfAssertFactories.MAP)).extractingByKey("value").asInstanceOf(InstanceOfAssertFactories.MAP)).extractingByKey("title").isEqualTo("Catch-22");
    }

    @DisplayName("Should fail to execute GraphQL when not authorized")
    @Test
    public void unauthorizedTest(@TestKeyspace CqlIdentifier cqlIdentifier) {
        Assertions.assertThat(getGraphqlError(cqlIdentifier, "mutation { insertSecret(value: {k:1}) { value { k } } }")).contains("UnauthorizedException");
    }

    private Map<String, Object> getGraphqlData(CqlIdentifier cqlIdentifier, String str) {
        Map<String, Object> graphqlResponse = getGraphqlResponse(cqlIdentifier, str);
        Assertions.assertThat((Map) graphqlResponse).isNotNull();
        Assertions.assertThat(graphqlResponse.get("errors")).isNull();
        return (Map) graphqlResponse.get("data");
    }

    private String getGraphqlError(CqlIdentifier cqlIdentifier, String str) {
        Map<String, Object> graphqlResponse = getGraphqlResponse(cqlIdentifier, str);
        Assertions.assertThat((Map) graphqlResponse).isNotNull();
        List list = (List) graphqlResponse.get("errors");
        Assertions.assertThat(list).hasSize(1);
        return (String) ((Map) list.get(0)).get("message");
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Map<String, Object> getGraphqlResponse(CqlIdentifier cqlIdentifier, String str) {
        try {
            OkHttpClient httpClient = getHttpClient();
            String format = String.format("%s:8080/graphql/%s", this.host, cqlIdentifier.asInternal());
            HashMap hashMap = new HashMap();
            hashMap.put("query", str);
            Response execute = httpClient.newCall(new Request.Builder().post(RequestBody.create(MediaType.parse("application/json; charset=utf-8"), OBJECT_MAPPER.writeValueAsBytes(hashMap))).url(format).build()).execute();
            Assertions.assertThat(execute.body()).isNotNull();
            String string = execute.body().string();
            ((AbstractIntegerAssert) Assertions.assertThat(execute.code()).as("Unexpected error %d: %s", Integer.valueOf(execute.code()), string)).isEqualTo(200);
            return (Map) OBJECT_MAPPER.readValue(string, Map.class);
        } catch (IOException e) {
            org.junit.jupiter.api.Assertions.fail("Unexpected error while sending POST request", e);
            return null;
        }
    }

    private OkHttpClient getHttpClient() {
        return new OkHttpClient.Builder().connectTimeout(Duration.ofMinutes(3L)).callTimeout(Duration.ofMinutes(3L)).readTimeout(Duration.ofMinutes(3L)).writeTimeout(Duration.ofMinutes(3L)).addInterceptor(chain -> {
            return chain.proceed(chain.request().newBuilder().addHeader("X-Cassandra-Token", authToken).build());
        }).build();
    }
}
