package com.e2eq.framework.api.security;

import com.e2eq.framework.model.persistent.security.Rule;
import com.e2eq.framework.model.securityrules.PrincipalContext;
import com.e2eq.framework.model.securityrules.ResourceContext;
import com.e2eq.framework.model.securityrules.RuleContext;
import com.e2eq.framework.model.securityrules.RuleEffect;
import com.e2eq.framework.model.securityrules.SecurityCheckResponse;
import com.e2eq.framework.model.securityrules.SecurityURI;
import com.e2eq.framework.model.securityrules.SecurityURIBody;
import com.e2eq.framework.model.securityrules.SecurityURIHeader;
import com.e2eq.framework.util.IOCase;
import com.e2eq.framework.util.SecurityUtils;
import com.e2eq.framework.util.TestUtils;
import com.e2eq.framework.util.WildCardMatcher;
import io.quarkus.logging.Log;
import io.quarkus.test.junit.QuarkusTest;
import jakarta.inject.Inject;
import org.graalvm.polyglot.Context;
import org.graalvm.polyglot.Source;
import org.graalvm.polyglot.Value;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

@QuarkusTest
/* loaded from: input_file:com/e2eq/framework/api/security/TestSecurity.class */
public class TestSecurity {

    @Inject
    SecurityUtils securityUtils;

    @Inject
    TestUtils testUtils;

    @Test
    public void testWildCardMatcher() {
        boolean wildcardMatch = WildCardMatcher.wildcardMatch("SALESORDER:UPDATE:b2bi.0000000001.end2endlogic.salesOrder.0.34534534", "salesorder:update:b2bi.0000000001.end2endlogic.salesorder.0*", IOCase.INSENSITIVE);
        if (wildcardMatch) {
            Log.debug("Matches");
        } else {
            Log.error("Did not match");
        }
        Assertions.assertTrue(wildcardMatch);
    }

    @Test
    void testWildCardMatcherExactMatch() {
        boolean wildcardMatch = WildCardMatcher.wildcardMatch("user:secuirty:userProfile:view:b2bi:0000000001:end2endlogic.com:0", "user:secuirty:userProfile:view:b2bi:0000000001:end2endlogic.com:0", IOCase.INSENSITIVE);
        if (wildcardMatch) {
            Log.debug("Matches");
        } else {
            Log.error("Did not match");
        }
        Assertions.assertTrue(wildcardMatch);
    }

    @Test
    void testJavaScript() {
        PrincipalContext build = new PrincipalContext.Builder().withDataDomain(this.testUtils.getTestDataDomain()).withDefaultRealm(this.securityUtils.getSystemRealm()).withUserId(this.testUtils.getSystemUserId()).withRoles(new String[]{"user"}).build();
        ResourceContext build2 = new ResourceContext.Builder().withArea("security").withFunctionalDomain("userProfile").withAction("view").build();
        Context build3 = Context.newBuilder(new String[0]).allowAllAccess(true).build();
        build3.getBindings("js").putMember("pcontext", build);
        build3.getBindings("js").putMember("rcontext", build2);
        Assertions.assertTrue(build3.eval("js", "rcontext.getFunctionalDomain() == 'userProfile' && rcontext.getAction() == 'view'").asBoolean());
    }

    void testPython() {
        Context.Builder newBuilder = Context.newBuilder(new String[0]);
        newBuilder.allowAllAccess(true);
        Context build = newBuilder.build();
        build.eval(Source.create("python", "import polyglot\n@polyglot.export_value\ndef foo(externalInput):\n    print('Called with: ' + externalInput)\n    return 'Got output'\n\n"));
        Value member = build.getPolyglotBindings().getMember("foo");
        Assertions.assertTrue(member.canExecute());
        Assertions.assertEquals("Got output", member.execute(new Object[]{"myInput"}).asString());
    }

    @Test
    void testRuleContext() {
        PrincipalContext build = new PrincipalContext.Builder().withDefaultRealm(this.securityUtils.getTestRealm()).withUserId(this.testUtils.getTestUserId()).withRoles(new String[]{"user", "admin"}).withDataDomain(this.testUtils.getTestDataDomain()).build();
        ResourceContext build2 = new ResourceContext.Builder().withArea("security").withFunctionalDomain("userProfile").withAction("view").build();
        RuleContext ruleContext = new RuleContext();
        SecurityURIHeader build3 = new SecurityURIHeader.Builder().withIdentity("user").withArea("security").withFunctionalDomain("userProfile").withAction("view").build();
        SecurityURI securityURI = new SecurityURI(build3, new SecurityURIBody.Builder().withOrgRefName(this.securityUtils.getTestOrgRefName()).withAccountNumber(this.securityUtils.getTestAccountNumber()).withRealm(this.securityUtils.getTestRealm()).withTenantId(this.securityUtils.getTestTenantId()).withOwnerId(SecurityUtils.any).withDataSegment(SecurityUtils.any).build());
        Rule.Builder withFinalRule = new Rule.Builder().withName("view your own userprofile").withSecurityURI(securityURI).withPostconditionScript("pcontext.getUserId() == rcontext.getResourceOwnerId()").withEffect(RuleEffect.ALLOW).withFinalRule(true);
        ruleContext.addRule(build3.m38clone(), withFinalRule.build());
        SecurityURI m36clone = securityURI.m36clone();
        m36clone.getHeader().setFunctionalDomain("credential");
        m36clone.getBody().setOwnerId(this.testUtils.getSecurityUtils().getTestUserId());
        m36clone.getHeader().setAction("update");
        withFinalRule.withName("change your own credential").withSecurityURI(m36clone).withPriority(5);
        ruleContext.addRule(m36clone.getHeader(), withFinalRule.build());
        SecurityURI m36clone2 = m36clone.m36clone();
        m36clone2.getHeader().setFunctionalDomain("userProfile");
        m36clone2.getHeader().setIdentity("admin");
        m36clone2.getBody().setOwnerId(SecurityUtils.any);
        m36clone2.getHeader().setAction("view");
        withFinalRule.withName("admins can see userProfiles").withSecurityURI(m36clone2).withPostconditionScript(null).withPriority(5);
        ruleContext.addRule(m36clone2.getHeader(), withFinalRule.build());
        SecurityURI m36clone3 = m36clone2.m36clone();
        m36clone3.getHeader().setIdentity("admin");
        m36clone3.getBody().setOwnerId(SecurityUtils.any);
        m36clone3.getHeader().setAction("update");
        withFinalRule.withName("admins can change credentials").withSecurityURI(m36clone3).withPriority(5);
        ruleContext.addRule(m36clone3.getHeader(), withFinalRule.build());
        SecurityCheckResponse checkRules = ruleContext.checkRules(build, build2);
        if (checkRules.getFinalEffect() == RuleEffect.ALLOW) {
            Log.debug("Allowed");
        } else {
            Log.debug("Denied");
        }
        Assertions.assertTrue(checkRules.getFinalEffect() == RuleEffect.ALLOW);
    }
}
