package io.stargate.it.http;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.stargate.it.KeycloakContainer;
import io.stargate.it.driver.CqlSessionExtension;
import io.stargate.it.driver.CqlSessionSpec;
import io.stargate.it.storage.StargateParameters;
import io.stargate.it.storage.StargateSpec;
import io.stargate.web.models.Keyspace;
import io.stargate.web.restapi.models.ColumnDefinition;
import io.stargate.web.restapi.models.GetResponseWrapper;
import io.stargate.web.restapi.models.PrimaryKey;
import io.stargate.web.restapi.models.RESTResponseWrapper;
import io.stargate.web.restapi.models.TableAdd;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.junit.jupiter.api.extension.Extensions;
import org.testcontainers.junit.jupiter.Testcontainers;

@CqlSessionSpec(initQueries = {"CREATE ROLE IF NOT EXISTS 'web_user' WITH PASSWORD = 'web_user' AND LOGIN = TRUE", "CREATE KEYSPACE IF NOT EXISTS store1 WITH REPLICATION = {'class':'SimpleStrategy', 'replication_factor':'1'}", "CREATE TABLE IF NOT EXISTS store1.shopping_cart (userid text, item_count int, last_update_timestamp timestamp, PRIMARY KEY (userid, last_update_timestamp));", "INSERT INTO store1.shopping_cart (userid, item_count, last_update_timestamp) VALUES ('9876', 2, toTimeStamp(now()))", "INSERT INTO store1.shopping_cart (userid, item_count, last_update_timestamp) VALUES ('1234', 5, toTimeStamp(now()))", "GRANT MODIFY ON TABLE store1.shopping_cart TO web_user", "GRANT SELECT ON TABLE store1.shopping_cart TO web_user"})
@ApiServiceSpec(parametersCustomizer = "buildApiServiceParameters")
@Testcontainers(disabledWithoutDocker = true)
@StargateSpec(parametersCustomizer = "buildParameters")
@Extensions({@ExtendWith({CqlSessionExtension.class}), @ExtendWith({ApiServiceExtension.class})})
/* loaded from: input_file:io/stargate/it/http/RestApiJWTAuthTest.class */
public class RestApiJWTAuthTest extends BaseRestApiTest {
    private static final ObjectMapper objectMapper = new ObjectMapper();
    private final String keyspaceName = "store1";
    private final String tableName = "shopping_cart";
    private String restUrlBase;
    private static String authToken;
    private static KeycloakContainer keycloakContainer;

    public static void buildParameters(StargateParameters.Builder builder) throws IOException {
        keycloakContainer = new KeycloakContainer();
        keycloakContainer.initKeycloakContainer();
        builder.enableAuth(true);
        builder.putSystemProperties("stargate.auth_id", "AuthJwtService");
        builder.putSystemProperties("stargate.auth.jwt_provider_url", String.format("%s/auth/realms/stargate/protocol/openid-connect/certs", keycloakContainer.host()));
    }

    @AfterAll
    public static void teardown() {
        keycloakContainer.stop();
    }

    @BeforeEach
    public void setup(ApiServiceConnectionInfo apiServiceConnectionInfo) throws IOException {
        this.restUrlBase = "http://" + apiServiceConnectionInfo.host() + ":" + apiServiceConnectionInfo.port();
        objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        authToken = keycloakContainer.generateJWT();
    }

    @Test
    public void getKeyspacesv2() throws IOException {
        Assertions.assertThat((List) objectMapper.convertValue(((RESTResponseWrapper) objectMapper.readValue(RestUtils.get(authToken, String.format("%s/v2/schemas/keyspaces", this.restUrlBase), 200), RESTResponseWrapper.class)).getData(), new TypeReference<List<Keyspace>>() { // from class: io.stargate.it.http.RestApiJWTAuthTest.1
        })).anySatisfy(keyspace -> {
            Assertions.assertThat(keyspace).isEqualToComparingFieldByField(new Keyspace("system", (List) null));
        });
    }

    @Test
    public void getRowsV2() throws IOException {
        for (Map map : (List) objectMapper.convertValue(((GetResponseWrapper) objectMapper.readValue(RestUtils.get(authToken, String.format("%s/v2/keyspaces/%s/%s/%s", this.restUrlBase, "store1", "shopping_cart", "9876"), 200), GetResponseWrapper.class)).getData(), new TypeReference<List<Map<String, Object>>>() { // from class: io.stargate.it.http.RestApiJWTAuthTest.2
        })) {
            Assertions.assertThat(map.get("userid")).isEqualTo("9876");
            Assertions.assertThat(((Integer) map.get("item_count")).intValue()).isGreaterThan(0);
            Assertions.assertThat(map.get("last_update_timestamp")).isNotNull();
        }
    }

    @Disabled("SGv2 does not currently support Row Level Access Control (RLAC)")
    @Test
    public void getRowsV2NotAuthorized() throws IOException {
        RestUtils.get(authToken, String.format("%s/v2/keyspaces/%s/%s/%s", this.restUrlBase, "store1", "shopping_cart", "1234"), 401);
    }

    @Test
    public void updateRowV2() throws IOException {
        String instant = now().toString();
        addRowV2("9876", instant, "88");
        HashMap hashMap = new HashMap();
        hashMap.put("item_count", "27");
        Assertions.assertThat((Map) objectMapper.convertValue(((RESTResponseWrapper) objectMapper.readValue(RestUtils.put(authToken, String.format("%s/v2/keyspaces/%s/%s/%s/%s", this.restUrlBase, "store1", "shopping_cart", "9876", URLEncoder.encode(instant, "UTF-8")), objectMapper.writeValueAsString(hashMap), 200), RESTResponseWrapper.class)).getData(), Map.class)).containsAllEntriesOf(hashMap);
    }

    @Disabled("SGv2 does not currently support Row Level Access Control (RLAC)")
    @Test
    public void updateRowV2NotAuthorized() throws IOException {
        String instant = now().toString();
        HashMap hashMap = new HashMap();
        hashMap.put("userid", "1234");
        hashMap.put("last_update_timestamp", instant);
        hashMap.put("item_count", "27");
        RestUtils.put(authToken, String.format("%s/v2/keyspaces/%s/%s/%s/%s", this.restUrlBase, "store1", "shopping_cart", "1234", URLEncoder.encode(instant, "UTF-8")), objectMapper.writeValueAsString(hashMap), 401);
    }

    @Disabled("SGv2 does not currently support Row Level Access Control (RLAC)")
    @Test
    public void addRowV2NotAuthorized() throws IOException {
        String instant = now().toString();
        HashMap hashMap = new HashMap();
        hashMap.put("userid", "1234");
        hashMap.put("item_count", "0");
        hashMap.put("last_update_timestamp", instant);
        RestUtils.post(authToken, String.format("%s/v2/keyspaces/%s/%s", this.restUrlBase, "store1", "shopping_cart"), objectMapper.writeValueAsString(hashMap), 401);
    }

    @Test
    public void queryRowV2() throws IOException {
        String instant = now().toString();
        addRowV2("9876", instant, "99");
        List list = (List) objectMapper.readValue(RestUtils.get(authToken, String.format("%s/v2/keyspaces/%s/%s?where=%s&raw=true", this.restUrlBase, "store1", "shopping_cart", String.format("{\"userid\":{\"$eq\":\"%s\"},\"last_update_timestamp\":{\"$eq\":\"%s\"}}", "9876", instant)), 200), new TypeReference<List<Map<String, Object>>>() { // from class: io.stargate.it.http.RestApiJWTAuthTest.3
        });
        Assertions.assertThat(((Map) list.get(0)).get("userid")).isEqualTo("9876");
        Assertions.assertThat(((Map) list.get(0)).get("item_count")).isEqualTo(99);
    }

    @Disabled("SGv2 does not currently support Row Level Access Control (RLAC)")
    @Test
    public void queryRowV2NotAuthorized() throws IOException {
        RestUtils.get(authToken, String.format("%s/v2/keyspaces/%s/%s?where=%s&raw=true", this.restUrlBase, "store1", "shopping_cart", String.format("{\"userid\":{\"$eq\":\"%s\"},\"last_update_timestamp\":{\"$eq\":\"%s\"}}", "1234", now().toString())), 401);
    }

    @Test
    public void deleteRowV2() throws IOException {
        String instant = now().toString();
        addRowV2("9876", instant, "88");
        RestUtils.delete(authToken, String.format("%s/v2/keyspaces/%s/%s/%s/%s", this.restUrlBase, "store1", "shopping_cart", "9876", URLEncoder.encode(instant, "UTF-8")), 204);
    }

    @Disabled("SGv2 does not currently support Row Level Access Control (RLAC)")
    @Test
    public void deleteRowV2NotAuthorized() throws IOException {
        RestUtils.delete(authToken, String.format("%s/v2/keyspaces/%s/%s/%s/%s", this.restUrlBase, "store1", "shopping_cart", "1234", URLEncoder.encode(now().toString(), "UTF-8")), 401);
    }

    @Test
    public void createTableV2NotAuthorized() throws IOException {
        TableAdd tableAdd = new TableAdd();
        tableAdd.setName("tbl1");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new ColumnDefinition("k", "uuid"));
        arrayList.add(new ColumnDefinition("v", "text"));
        tableAdd.setColumnDefinitions(arrayList);
        PrimaryKey primaryKey = new PrimaryKey();
        primaryKey.setPartitionKey(Collections.singletonList("k"));
        tableAdd.setPrimaryKey(primaryKey);
        RestUtils.post(authToken, String.format("%s/v2/schemas/keyspaces/%s/tables", this.restUrlBase, "store1"), objectMapper.writeValueAsString(tableAdd), 401);
    }

    private void addRowV2(String str, String str2, String str3) throws IOException {
        HashMap hashMap = new HashMap();
        hashMap.put("userid", str);
        hashMap.put("item_count", str3);
        hashMap.put("last_update_timestamp", str2);
        RestUtils.post(authToken, String.format("%s/v2/keyspaces/%s/%s", this.restUrlBase, "store1", "shopping_cart"), objectMapper.writeValueAsString(hashMap), 201);
    }
}
