package io.stargate.it.cql;

import com.datastax.oss.driver.api.core.AllNodesFailedException;
import com.datastax.oss.driver.api.core.CqlIdentifier;
import com.datastax.oss.driver.api.core.CqlSession;
import com.datastax.oss.driver.api.core.CqlSessionBuilder;
import com.datastax.oss.driver.api.core.cql.PreparedStatement;
import com.datastax.oss.driver.api.core.cql.Row;
import com.datastax.oss.driver.api.core.metadata.schema.TableMetadata;
import com.datastax.oss.driver.api.core.servererrors.InvalidQueryException;
import com.datastax.oss.driver.api.core.servererrors.UnauthorizedException;
import io.stargate.it.BaseIntegrationTest;
import io.stargate.it.KeycloakContainer;
import io.stargate.it.TestOrder;
import io.stargate.it.driver.CqlSessionExtension;
import io.stargate.it.driver.CqlSessionSpec;
import io.stargate.it.driver.TestKeyspace;
import io.stargate.it.storage.StargateParameters;
import io.stargate.it.storage.StargateSpec;
import java.io.IOException;
import java.time.Instant;
import java.util.Optional;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.testcontainers.junit.jupiter.Testcontainers;

@ExtendWith({CqlSessionExtension.class})
@CqlSessionSpec(initQueries = {"CREATE ROLE IF NOT EXISTS 'web_user' WITH PASSWORD = 'web_user' AND LOGIN = TRUE", "CREATE KEYSPACE IF NOT EXISTS store2 WITH REPLICATION = {'class':'SimpleStrategy', 'replication_factor':'1'}", "CREATE TABLE IF NOT EXISTS store2.shopping_cart (userid text, item_count int, last_update_timestamp timestamp, PRIMARY KEY (userid, last_update_timestamp));", "INSERT INTO store2.shopping_cart (userid, item_count, last_update_timestamp) VALUES ('9876', 2, toTimeStamp(now()))", "INSERT INTO store2.shopping_cart (userid, item_count, last_update_timestamp) VALUES ('1234', 5, toTimeStamp(now()))", "GRANT MODIFY ON TABLE store2.shopping_cart TO web_user", "GRANT SELECT ON TABLE store2.shopping_cart TO web_user"})
@Order(TestOrder.LAST)
@Testcontainers(disabledWithoutDocker = true)
@StargateSpec(parametersCustomizer = "buildParameters")
/* loaded from: input_file:io/stargate/it/cql/JwtAuthTest.class */
public class JwtAuthTest extends BaseIntegrationTest {
    private final String keyspaceName = "store2";
    private final String tableName = "shopping_cart";
    private static String authToken;
    private static KeycloakContainer keycloakContainer;

    public static void buildParameters(StargateParameters.Builder builder) throws IOException {
        keycloakContainer = new KeycloakContainer();
        keycloakContainer.initKeycloakContainer();
        builder.enableAuth(true);
        builder.putSystemProperties("stargate.auth_id", "AuthJwtService");
        builder.putSystemProperties("stargate.cql_use_auth_service", "true");
        builder.putSystemProperties("stargate.cql_token_max_length", "4096");
        builder.putSystemProperties("stargate.auth.jwt_provider_url", String.format("%s/auth/realms/stargate/protocol/openid-connect/certs", keycloakContainer.host()));
    }

    @AfterAll
    public static void teardown() {
        keycloakContainer.stop();
    }

    @BeforeEach
    public void setup(CqlSession cqlSession) throws IOException {
        cqlSession.execute("DROP TABLE IF EXISTS jwt_auth_test");
        cqlSession.execute("CREATE TABLE jwt_auth_test (k text PRIMARY KEY, v text)");
        authToken = keycloakContainer.generateJWT();
    }

    @Test
    public void invalidCredentials(CqlSessionBuilder cqlSessionBuilder) {
        Assertions.assertThatThrownBy(() -> {
        }).isInstanceOf(AllNodesFailedException.class).hasMessageContaining("Provided username invalid and/or password are incorrect");
    }

    @Test
    public void tokenAuthentication(CqlSessionBuilder cqlSessionBuilder) {
        CqlSession cqlSession = (CqlSession) cqlSessionBuilder.withAuthCredentials("token", authToken).build();
        Throwable th = null;
        try {
            try {
                Assertions.assertThat((Row) cqlSession.execute("SELECT * FROM system.local").one()).isNotNull();
                if (cqlSession != null) {
                    $closeResource(null, cqlSession);
                }
            } catch (Throwable th2) {
                th = th2;
                throw th2;
            }
        } catch (Throwable th3) {
            if (cqlSession != null) {
                $closeResource(th, cqlSession);
            }
            throw th3;
        }
    }

    @Test
    public void useKeyspace(CqlSessionBuilder cqlSessionBuilder) {
        CqlSession cqlSession = (CqlSession) cqlSessionBuilder.withAuthCredentials("token", authToken).build();
        try {
            Assertions.assertThatThrownBy(() -> {
                cqlSession.execute("SELECT * FROM shopping_cart");
            }).isInstanceOf(InvalidQueryException.class).hasMessage("No keyspace has been specified. USE a keyspace, or explicitly specify keyspace.tablename");
            cqlSession.execute(String.format("USE %s", "store2"));
            Assertions.assertThat((Row) cqlSession.execute("SELECT * FROM shopping_cart").one()).isNotNull();
            if (cqlSession != null) {
                $closeResource(null, cqlSession);
            }
        } catch (Throwable th) {
            if (cqlSession != null) {
                $closeResource(null, cqlSession);
            }
            throw th;
        }
    }

    @Test
    public void createKeyspaceUnauthorized(CqlSessionBuilder cqlSessionBuilder) {
        CqlSession cqlSession = (CqlSession) cqlSessionBuilder.withAuthCredentials("token", authToken).build();
        try {
            Assertions.assertThatThrownBy(() -> {
                cqlSession.execute("CREATE KEYSPACE IF NOT EXISTS foo WITH REPLICATION = {'class':'SimpleStrategy', 'replication_factor':'1'}");
            }).isInstanceOf(UnauthorizedException.class).hasMessage("User web_user has no CREATE permission on <all keyspaces> or any of its parents");
            if (cqlSession != null) {
                $closeResource(null, cqlSession);
            }
        } catch (Throwable th) {
            if (cqlSession != null) {
                $closeResource(null, cqlSession);
            }
            throw th;
        }
    }

    @Test
    public void createTableUnauthorized(CqlSessionBuilder cqlSessionBuilder, @TestKeyspace CqlIdentifier cqlIdentifier) {
        CqlSession cqlSession = (CqlSession) cqlSessionBuilder.withAuthCredentials("token", authToken).build();
        Throwable th = null;
        try {
            try {
                Assertions.assertThatThrownBy(() -> {
                    cqlSession.execute(String.format("CREATE TABLE IF NOT EXISTS %s.test (k INT PRIMARY KEY)", cqlIdentifier.asCql(false)));
                }).isInstanceOf(UnauthorizedException.class).hasMessageMatching(this.backend.isDse() ? "User web_user has no CREATE permission on <all tables in ks_\\d*_JwtAuthTest> or any of its parents" : "User web_user has no CREATE permission on <keyspace ks_\\d*_JwtAuthTest> or any of its parents");
                if (cqlSession != null) {
                    $closeResource(null, cqlSession);
                }
            } catch (Throwable th2) {
                th = th2;
                throw th2;
            }
        } catch (Throwable th3) {
            if (cqlSession != null) {
                $closeResource(th, cqlSession);
            }
            throw th3;
        }
    }

    @Test
    public void insertPreparedStatement(CqlSessionBuilder cqlSessionBuilder) {
        CqlSession cqlSession = (CqlSession) cqlSessionBuilder.withAuthCredentials("token", authToken).build();
        Throwable th = null;
        try {
            try {
                PreparedStatement prepare = cqlSession.prepare(String.format("INSERT INTO %s.%s (userid, item_count, last_update_timestamp) VALUES (?, ?, ?)", "store2", "shopping_cart"));
                Instant now = Instant.now();
                cqlSession.execute(prepare.bind(new Object[]{"9876", 0, now}));
                Row row = (Row) cqlSession.execute(String.format("SELECT * FROM %s.%s WHERE userid=? AND last_update_timestamp=?", "store2", "shopping_cart"), new Object[]{"9876", now}).one();
                Assertions.assertThat(row).isNotNull();
                Assertions.assertThat(row.getInt("item_count")).isEqualTo(0);
                if (cqlSession != null) {
                    $closeResource(null, cqlSession);
                }
            } catch (Throwable th2) {
                th = th2;
                throw th2;
            }
        } catch (Throwable th3) {
            if (cqlSession != null) {
                $closeResource(th, cqlSession);
            }
            throw th3;
        }
    }

    @Test
    public void insertPreparedStatementNotAuthorized(CqlSessionBuilder cqlSessionBuilder, @TestKeyspace CqlIdentifier cqlIdentifier) {
        CqlSession cqlSession = (CqlSession) cqlSessionBuilder.withAuthCredentials("token", authToken).build();
        try {
            PreparedStatement prepare = cqlSession.prepare(String.format("INSERT INTO %s.jwt_auth_test (k, v) VALUES (?, ?)", cqlIdentifier.asCql(false)));
            Assertions.assertThatThrownBy(() -> {
                cqlSession.execute(prepare.bind(new Object[]{"foo", "bar"}));
            }).isInstanceOf(UnauthorizedException.class).hasMessageMatching(this.backend.isDse() ? "User web_user has no UPDATE permission on <table ks_\\d*_JwtAuthTest.jwt_auth_test> or any of its parents" : "User web_user has no MODIFY permission on <table ks_\\d*_JwtAuthTest.jwt_auth_test> or any of its parents");
            if (cqlSession != null) {
                $closeResource(null, cqlSession);
            }
        } catch (Throwable th) {
            if (cqlSession != null) {
                $closeResource(null, cqlSession);
            }
            throw th;
        }
    }

    @Test
    public void insert(CqlSessionBuilder cqlSessionBuilder) {
        CqlSession cqlSession = (CqlSession) cqlSessionBuilder.withAuthCredentials("token", authToken).build();
        Throwable th = null;
        try {
            try {
                Instant now = Instant.now();
                cqlSession.execute(String.format("INSERT INTO %s.%s (userid, item_count, last_update_timestamp) VALUES (?, ?, ?)", "store2", "shopping_cart"), new Object[]{"9876", 1, now});
                Row row = (Row) cqlSession.execute(String.format("SELECT * FROM %s.%s WHERE userid=? AND last_update_timestamp=?", "store2", "shopping_cart"), new Object[]{"9876", now}).one();
                Assertions.assertThat(row).isNotNull();
                Assertions.assertThat(row.getInt("item_count")).isEqualTo(1);
                if (cqlSession != null) {
                    $closeResource(null, cqlSession);
                }
            } catch (Throwable th2) {
                th = th2;
                throw th2;
            }
        } catch (Throwable th3) {
            if (cqlSession != null) {
                $closeResource(th, cqlSession);
            }
            throw th3;
        }
    }

    @Test
    public void insertNotAuthorized(CqlSessionBuilder cqlSessionBuilder, @TestKeyspace CqlIdentifier cqlIdentifier) {
        CqlSession cqlSession = (CqlSession) cqlSessionBuilder.withAuthCredentials("token", authToken).build();
        Throwable th = null;
        try {
            try {
                Assertions.assertThatThrownBy(() -> {
                    cqlSession.execute(String.format("INSERT INTO %s.jwt_auth_test (k, v) VALUES (?, ?)", cqlIdentifier.asCql(false)), new Object[]{"foo", "bar"});
                }).isInstanceOf(UnauthorizedException.class).hasMessageMatching(this.backend.isDse() ? "User web_user has no UPDATE permission on <table ks_\\d*_JwtAuthTest.jwt_auth_test> or any of its parents" : "User web_user has no MODIFY permission on <table ks_\\d*_JwtAuthTest.jwt_auth_test> or any of its parents");
                if (cqlSession != null) {
                    $closeResource(null, cqlSession);
                }
            } catch (Throwable th2) {
                th = th2;
                throw th2;
            }
        } catch (Throwable th3) {
            if (cqlSession != null) {
                $closeResource(th, cqlSession);
            }
            throw th3;
        }
    }

    @Test
    public void selectNotAuthorized(CqlSessionBuilder cqlSessionBuilder, @TestKeyspace CqlIdentifier cqlIdentifier) {
        CqlSession cqlSession = (CqlSession) cqlSessionBuilder.withAuthCredentials("token", authToken).build();
        Throwable th = null;
        try {
            try {
                Assertions.assertThatThrownBy(() -> {
                }).isInstanceOf(UnauthorizedException.class).hasMessageMatching("User web_user has no SELECT permission on <table ks_\\d*_JwtAuthTest.jwt_auth_test> or any of its parents");
                if (cqlSession != null) {
                    $closeResource(null, cqlSession);
                }
            } catch (Throwable th2) {
                th = th2;
                throw th2;
            }
        } catch (Throwable th3) {
            if (cqlSession != null) {
                $closeResource(th, cqlSession);
            }
            throw th3;
        }
    }

    @Test
    public void update(CqlSessionBuilder cqlSessionBuilder) {
        CqlSession cqlSession = (CqlSession) cqlSessionBuilder.withAuthCredentials("token", authToken).build();
        Throwable th = null;
        try {
            try {
                Instant now = Instant.now();
                cqlSession.execute(String.format("INSERT INTO %s.%s (userid, item_count, last_update_timestamp) VALUES (?, ?, ?)", "store2", "shopping_cart"), new Object[]{"9876", 2, now});
                cqlSession.execute(String.format("UPDATE %s.%s set item_count = ? WHERE userid = ? AND last_update_timestamp = ?", "store2", "shopping_cart"), new Object[]{3, "9876", now});
                Row row = (Row) cqlSession.execute(String.format("SELECT * FROM %s.%s WHERE userid=? AND last_update_timestamp=?", "store2", "shopping_cart"), new Object[]{"9876", now}).one();
                Assertions.assertThat(row).isNotNull();
                Assertions.assertThat(row.getInt("item_count")).isEqualTo(3);
                if (cqlSession != null) {
                    $closeResource(null, cqlSession);
                }
            } catch (Throwable th2) {
                th = th2;
                throw th2;
            }
        } catch (Throwable th3) {
            if (cqlSession != null) {
                $closeResource(th, cqlSession);
            }
            throw th3;
        }
    }

    @Test
    public void updateNotAuthorized(CqlSessionBuilder cqlSessionBuilder, @TestKeyspace CqlIdentifier cqlIdentifier) {
        CqlSession cqlSession = (CqlSession) cqlSessionBuilder.withAuthCredentials("token", authToken).build();
        Throwable th = null;
        try {
            try {
                Assertions.assertThatThrownBy(() -> {
                    cqlSession.execute(String.format("UPDATE %s.jwt_auth_test set v = ? where k = ?", cqlIdentifier.asCql(false)), new Object[]{"bar", "foo"});
                }).isInstanceOf(UnauthorizedException.class).hasMessageMatching(this.backend.isDse() ? "User web_user has no UPDATE permission on <table ks_\\d*_JwtAuthTest.jwt_auth_test> or any of its parents" : "User web_user has no MODIFY permission on <table ks_\\d*_JwtAuthTest.jwt_auth_test> or any of its parents");
                if (cqlSession != null) {
                    $closeResource(null, cqlSession);
                }
            } catch (Throwable th2) {
                th = th2;
                throw th2;
            }
        } catch (Throwable th3) {
            if (cqlSession != null) {
                $closeResource(th, cqlSession);
            }
            throw th3;
        }
    }

    @Test
    public void createAlterDropTable(CqlSession cqlSession, @TestKeyspace CqlIdentifier cqlIdentifier) {
        cqlSession.execute("CREATE TABLE foo(k int PRIMARY KEY)");
        Assertions.assertThat(cqlSession.getMetadata().getKeyspace(cqlIdentifier)).hasValueSatisfying(keyspaceMetadata -> {
            Assertions.assertThat(keyspaceMetadata.getTable("foo")).isNotEmpty();
        });
        cqlSession.execute("ALTER TABLE foo ADD v int");
        Optional flatMap = cqlSession.getMetadata().getKeyspace(cqlIdentifier).flatMap(keyspaceMetadata2 -> {
            return keyspaceMetadata2.getTable("foo");
        });
        Assertions.assertThat(flatMap).isPresent();
        Assertions.assertThat(((TableMetadata) flatMap.get()).getName().asInternal()).isEqualTo("foo");
        Assertions.assertThat(((TableMetadata) flatMap.get()).getColumns().keySet()).containsExactly(new CqlIdentifier[]{CqlIdentifier.fromInternal("k"), CqlIdentifier.fromInternal("v")});
        Assertions.assertThat(cqlSession.getMetadata().getKeyspace(cqlIdentifier).flatMap(keyspaceMetadata3 -> {
            return keyspaceMetadata3.getTable("foo");
        })).hasValue((TableMetadata) flatMap.get());
        cqlSession.execute("DROP TABLE foo");
        Assertions.assertThat(cqlSession.getMetadata().getKeyspace(cqlIdentifier)).hasValueSatisfying(keyspaceMetadata4 -> {
            Assertions.assertThat(keyspaceMetadata4.getTable("foo")).isEmpty();
        });
    }

    private static /* synthetic */ void $closeResource(Throwable th, AutoCloseable autoCloseable) {
        if (th == null) {
            autoCloseable.close();
            return;
        }
        try {
            autoCloseable.close();
        } catch (Throwable th2) {
            th.addSuppressed(th2);
        }
    }
}
