package org.factcast.itests.security;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import io.grpc.CallCredentials;
import io.grpc.Metadata;
import io.grpc.StatusRuntimeException;
import java.util.List;
import java.util.Objects;
import java.util.UUID;
import lombok.Generated;
import net.devh.boot.grpc.client.channelfactory.GrpcChannelFactory;
import org.assertj.core.api.Assertions;
import org.factcast.client.grpc.FactCastGrpcChannelFactory;
import org.factcast.client.grpc.FactCastGrpcClientProperties;
import org.factcast.client.grpc.GrpcStubs;
import org.factcast.client.grpc.GrpcStubsImpl;
import org.factcast.core.Fact;
import org.factcast.core.FactCast;
import org.factcast.core.spec.FactSpec;
import org.factcast.core.subscription.Subscription;
import org.factcast.core.subscription.SubscriptionRequest;
import org.factcast.core.subscription.observer.FactObserver;
import org.factcast.grpc.api.conv.ProtoConverter;
import org.factcast.test.AbstractFactCastIntegrationTest;
import org.factcast.test.FactcastTestConfig;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;

@FactcastTestConfig(securityEnabled = true)
@ContextConfiguration(classes = {TestApplication.class})
@TestPropertySource(locations = {"/application-separate-creds.properties"})
/* loaded from: input_file:org/factcast/itests/security/ClientWithSeparateCredentialsTest.class */
class ClientWithSeparateCredentialsTest extends AbstractFactCastIntegrationTest {

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    private static final Logger log = LoggerFactory.getLogger(ClientWithSeparateCredentialsTest.class);

    @Autowired
    private FactCast fc;

    @Autowired
    private GrpcChannelFactory grpcChannelFactory;

    @Autowired
    private JdbcTemplate jdbcTemplate;

    @Autowired
    private FactCastGrpcClientProperties factCastGrpcClientProperties;
    private final ProtoConverter converter = new ProtoConverter();
    private final FactObserver nopFactObserver = fact -> {
    };
    private GrpcStubs stubs;

    ClientWithSeparateCredentialsTest() {
    }

    @BeforeEach
    void setup() {
        this.jdbcTemplate.batchUpdate("INSERT INTO fact(header,payload) VALUES (cast(? as jsonb),cast (? as jsonb))", List.of(Fact.of("{\"id\":\"" + UUID.randomUUID() + "\", \"ns\":\"users\",\"type\":\"UserCreated\"}", "{}"), Fact.of("{\"id\":\"" + UUID.randomUUID() + "\", \"ns\":\"no-permissions\",\"type\":\"UserCreated\"}", "{}")), Integer.MAX_VALUE, (preparedStatement, fact) -> {
            preparedStatement.setString(1, fact.jsonHeader());
            preparedStatement.setString(2, fact.jsonPayload());
        });
        this.stubs = new GrpcStubsImpl(FactCastGrpcChannelFactory.createDefault(this.grpcChannelFactory), "factstore", new Metadata(), (CallCredentials) null, this.factCastGrpcClientProperties);
    }

    @Test
    void allowedToPublish() {
        this.fc.publish(Fact.of("{\"id\":\"" + UUID.randomUUID() + "\", \"ns\":\"users\",\"type\":\"UserCreated\"}", "{}"));
    }

    @Test
    void failsToPublish() {
        Assertions.assertThatThrownBy(() -> {
            this.fc.publish(Fact.of("{\"id\":\"" + UUID.randomUUID() + "\", \"ns\":\"no-permissions\",\"type\":\"UserCreated\"}", "{}"));
        }).isInstanceOf(StatusRuntimeException.class).hasMessageContaining("PERMISSION_DENIED");
    }

    @Test
    void allowedToCatchup() throws Exception {
        Subscription subscribe = this.fc.subscribe(SubscriptionRequest.catchup(FactSpec.ns("users").type("UserCreated")).fromScratch(), this.nopFactObserver);
        try {
            subscribe.awaitCatchup();
            if (subscribe != null) {
                subscribe.close();
            }
        } catch (Throwable th) {
            if (subscribe != null) {
                try {
                    subscribe.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void failsToCatchup() throws Exception {
        Subscription subscribe = this.fc.subscribe(SubscriptionRequest.catchup(FactSpec.ns("no-permissions").type("UserCreated")).fromScratch(), this.nopFactObserver);
        try {
            Objects.requireNonNull(subscribe);
            Assertions.assertThatThrownBy(subscribe::awaitCatchup).isInstanceOf(StatusRuntimeException.class).hasMessageContaining("PERMISSION_DENIED");
            if (subscribe != null) {
                subscribe.close();
            }
        } catch (Throwable th) {
            if (subscribe != null) {
                try {
                    subscribe.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void allowedToFollow() throws Exception {
        Subscription subscribe = this.fc.subscribe(SubscriptionRequest.follow(FactSpec.ns("users").type("UserCreated")).fromScratch(), this.nopFactObserver);
        try {
            subscribe.awaitCatchup();
            if (subscribe != null) {
                subscribe.close();
            }
        } catch (Throwable th) {
            if (subscribe != null) {
                try {
                    subscribe.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void failsToFollow() throws Exception {
        Subscription subscribe = this.fc.subscribe(SubscriptionRequest.follow(FactSpec.ns("no-permissions").type("UserCreated")).fromScratch(), this.nopFactObserver);
        try {
            Objects.requireNonNull(subscribe);
            Assertions.assertThatThrownBy(subscribe::awaitCatchup).isInstanceOf(StatusRuntimeException.class).hasMessageContaining("PERMISSION_DENIED");
            if (subscribe != null) {
                subscribe.close();
            }
        } catch (Throwable th) {
            if (subscribe != null) {
                try {
                    subscribe.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void allowedToEnumerate() {
        Assertions.assertThat(this.fc.enumerateNamespaces()).contains(new String[]{"users"});
        Assertions.assertThat(this.fc.enumerateTypes("users")).contains(new String[]{"UserCreated"});
    }

    @Test
    void failsToEnumerate() {
        Assertions.assertThat(this.fc.enumerateNamespaces()).doesNotContain(new String[]{"no-permissions"});
        Assertions.assertThatThrownBy(() -> {
            this.fc.enumerateTypes("no-permissions");
        }).isInstanceOf(StatusRuntimeException.class).hasMessageContaining("PERMISSION_DENIED");
    }

    @Test
    void failsUnauthenticatedHandshake() {
        Assertions.assertThatThrownBy(() -> {
            this.stubs.blocking().handshake(this.converter.empty());
        }).isInstanceOf(StatusRuntimeException.class).hasMessageContaining("UNAUTHENTICATED");
    }
}
