package io.syndesis.server.runtime.credential;

import io.syndesis.common.model.connection.ConfigurationProperty;
import io.syndesis.common.model.connection.Connection;
import io.syndesis.common.model.connection.Connector;
import io.syndesis.server.credential.AcquisitionMethod;
import io.syndesis.server.credential.AcquisitionResponse;
import io.syndesis.server.credential.CredentialFlowState;
import io.syndesis.server.credential.OAuth2CredentialFlowState;
import io.syndesis.server.credential.Type;
import io.syndesis.server.endpoint.v1.state.ClientSideState;
import io.syndesis.server.runtime.BaseITCase;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.NewCookie;
import org.assertj.core.api.Assertions;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.social.oauth2.AccessGrant;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.UriUtils;

/* loaded from: input_file:io/syndesis/server/runtime/credential/CredentialITCase.class */
public class CredentialITCase extends BaseITCase {

    @Autowired
    ClientSideState clientSideState;

    @Test
    public void callbackErrorsShouldBeHandeled() {
        String uuid = UUID.randomUUID().toString();
        ResponseEntity http = http(HttpMethod.GET, "/api/v1/credentials/callback?denied=something", (Object) null, Void.class, (String) null, persistAsCookie(new OAuth2CredentialFlowState.Builder().providerId("test-provider").key(uuid).returnUrl(URI.create("/ui#state")).build()), HttpStatus.TEMPORARY_REDIRECT);
        Assertions.assertThat(http.getStatusCode()).as("Status should be temporarry redirect (307)", new Object[0]).isEqualTo(HttpStatus.TEMPORARY_REDIRECT);
        Assertions.assertThat(http.hasBody()).as("Should not contain HTTP body", new Object[0]).isFalse();
        Assertions.assertThat(http.getHeaders().getLocation().toString()).matches("http.?://localhost:[0-9]*/api/v1/ui#%7B%22connectorId%22:%22test-provider%22,%22message%22:%22Unable%20to%20update%20the%20state%20of%20authorization%22,%22status%22:%22FAILURE%22%7D");
        List list = http.getHeaders().get("Set-Cookie");
        Assertions.assertThat(list).hasSize(1);
        Assertions.assertThat((String) list.get(0)).isEqualTo("cred-o2-" + uuid + "=\"\"; path=/; secure; HttpOnly; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:00 GMT");
    }

    @After
    public void cleanupDatabase() {
        this.dataManager.delete(Connector.class, "test-provider");
        this.dataManager.delete(Connection.class, "test-connection");
    }

    @Before
    public void prepopulateDatabase() {
        Connector build = new Connector.Builder().id("test-provider").putProperty("clientId", new ConfigurationProperty.Builder().addTag("oauth-client-id").build()).putProperty("clientSecret", new ConfigurationProperty.Builder().addTag("oauth-client-secret").build()).putConfiguredProperty("clientId", "a-client-id").putConfiguredProperty("clientSecret", "a-client-secret").build();
        this.dataManager.create(build);
        this.dataManager.create(new Connection.Builder().id("test-connection").connector(build).build());
    }

    @Test
    public void shouldApplyOAuthPropertiesToConnectionUpdates() {
        Assertions.assertThat(http(HttpMethod.PUT, "/api/v1/connections/test-connection", new Connection.Builder().id("test-connection").name("Test connection").connectorId("test-provider").build(), Void.class, this.tokenRule.validToken(), persistAsCookie(new OAuth2CredentialFlowState.Builder().providerId("test-provider").key("key").accessGrant(new AccessGrant("token")).build()), HttpStatus.NO_CONTENT).getStatusCode()).isEqualTo(HttpStatus.NO_CONTENT);
        Connection fetch = this.dataManager.fetch(Connection.class, "test-connection");
        Assertions.assertThat(fetch.isDerived()).isTrue();
        Assertions.assertThat(fetch.getConfiguredProperties()).containsOnly(new Map.Entry[]{Assertions.entry("accessToken", "token"), Assertions.entry("clientId", "appId"), Assertions.entry("clientSecret", "appSecret")});
    }

    @Test
    public void shouldApplyOAuthPropertiesToNewlyCreatedConnections() {
        ResponseEntity http = http(HttpMethod.POST, "/api/v1/connections", new Connection.Builder().name("Test connection").connectorId("test-provider").build(), Connection.class, this.tokenRule.validToken(), persistAsCookie(new OAuth2CredentialFlowState.Builder().providerId("test-provider").key("key").accessGrant(new AccessGrant("token")).build()), HttpStatus.OK);
        Assertions.assertThat(http.hasBody()).as("Should contain created connection", new Object[0]).isTrue();
        Connection connection = (Connection) http.getBody();
        Assertions.assertThat(connection.isDerived()).isTrue();
        Assertions.assertThat(connection.getConfiguredProperties()).containsOnly(new Map.Entry[]{Assertions.entry("accessToken", "token"), Assertions.entry("clientId", "appId"), Assertions.entry("clientSecret", "appSecret")});
    }

    @Test
    public void shouldInitiateCredentialFlow() throws UnsupportedEncodingException {
        ResponseEntity post = post("/api/v1/connectors/test-provider/credentials", Collections.singletonMap("returnUrl", "/ui#state"), AcquisitionResponse.class, this.tokenRule.validToken(), HttpStatus.ACCEPTED);
        Assertions.assertThat(post.hasBody()).as("Should present a acquisition response in the HTTP body", new Object[0]).isTrue();
        AcquisitionResponse acquisitionResponse = (AcquisitionResponse) post.getBody();
        Assertions.assertThat(acquisitionResponse.getType()).isEqualTo(Type.OAUTH2);
        String redirectUrl = acquisitionResponse.getRedirectUrl();
        Assertions.assertThat(redirectUrl).as("Should redirect to Salesforce and containthe correct callback URL", new Object[0]).startsWith("https://test/oauth2/authorize?client_id=testClientId&response_type=code&redirect_uri=").contains(new CharSequence[]{UriUtils.encode("/api/v1/credentials/callback", "ASCII")});
        Assertions.assertThat((String) UriComponentsBuilder.fromHttpUrl(redirectUrl).build().getQueryParams().getFirst("state")).as("state parameter should be set", new Object[0]).isNotEmpty();
        AcquisitionResponse.State state = acquisitionResponse.state();
        Assertions.assertThat(state).as("acquisition response should contain the state instruction", new Object[0]).isNotNull();
        Assertions.assertThat(state.persist()).isEqualByComparingTo(AcquisitionResponse.State.Persist.COOKIE);
        Assertions.assertThat(state.spec()).isNotEmpty();
        CredentialFlowState credentialFlowState = (CredentialFlowState) this.clientSideState.restoreFrom(Cookie.valueOf(state.spec()), CredentialFlowState.class);
        Assertions.assertThat(credentialFlowState).as("The flow state should be as expected", new Object[0]).isEqualToIgnoringGivenFields(new OAuth2CredentialFlowState.Builder().key("test-state").providerId("test-provider").build(), new String[]{"returnUrl"});
        URI returnUrl = credentialFlowState.getReturnUrl();
        Assertions.assertThat(returnUrl).isNotNull();
        Assertions.assertThat(returnUrl.isAbsolute()).isTrue();
        Assertions.assertThat(returnUrl.getPath()).isEqualTo("/ui");
        Assertions.assertThat(returnUrl.getFragment()).isEqualTo("state");
    }

    @Test
    public void shouldProvideCredentialsApplicableTo() {
        ResponseEntity responseEntity = get("/api/v1/connectors/test-provider/credentials", AcquisitionMethod.class, this.tokenRule.validToken(), HttpStatus.OK);
        Assertions.assertThat(responseEntity.hasBody()).as("Should present a acquisition method in the HTTP body", new Object[0]).isTrue();
        AcquisitionMethod acquisitionMethod = (AcquisitionMethod) responseEntity.getBody();
        Assertions.assertThat(acquisitionMethod).isEqualTo(new AcquisitionMethod.Builder().type(Type.OAUTH2).label("test-provider").icon("test-provider").label("test-provider").description("test-provider").configured(true).build());
    }

    @Test
    public void shouldReceiveCallbacksFromResourceProviders() {
        OAuth2CredentialFlowState build = new OAuth2CredentialFlowState.Builder().providerId("test-provider").key(UUID.randomUUID().toString()).returnUrl(URI.create("/ui#state")).build();
        ResponseEntity http = http(HttpMethod.GET, "/api/v1/credentials/callback?state=test-state&code=code", (Object) null, Void.class, (String) null, persistAsCookie(build), HttpStatus.TEMPORARY_REDIRECT);
        Assertions.assertThat(http.getStatusCode()).as("Status should be temporarry redirect (307)", new Object[0]).isEqualTo(HttpStatus.TEMPORARY_REDIRECT);
        Assertions.assertThat(http.hasBody()).as("Should not contain HTTP body", new Object[0]).isFalse();
        Assertions.assertThat(http.getHeaders().getLocation().toString()).matches("http.?://localhost:[0-9]*/api/v1/ui#%7B%22connectorId%22:%22test-provider%22,%22message%22:%22Successfully%20authorized%20Syndesis's%20access%22,%22status%22:%22SUCCESS%22%7D");
        List list = http.getHeaders().get("Set-Cookie");
        Assertions.assertThat(list).hasSize(1);
        OAuth2CredentialFlowState oAuth2CredentialFlowState = (OAuth2CredentialFlowState) this.clientSideState.restoreFrom(Cookie.valueOf((String) list.get(0)), OAuth2CredentialFlowState.class);
        Assertions.assertThat(oAuth2CredentialFlowState).isEqualToIgnoringGivenFields(new OAuth2CredentialFlowState.Builder().createFrom(build).code("code").build(), new String[]{"accessGrant"});
        Assertions.assertThat(oAuth2CredentialFlowState.getAccessGrant()).isEqualToComparingFieldByField(new AccessGrant("token"));
    }

    private HttpHeaders persistAsCookie(OAuth2CredentialFlowState oAuth2CredentialFlowState) {
        NewCookie persist = this.clientSideState.persist(oAuth2CredentialFlowState.persistenceKey(), "/", oAuth2CredentialFlowState);
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add("Cookie", persist.toString());
        return httpHeaders;
    }
}
