package no.nav.sbl.dialogarena.common.abac.pep;

import java.io.IOException;
import java.util.ArrayList;
import no.nav.brukerdialog.security.context.SubjectRule;
import no.nav.common.auth.TestSubjectUtils;
import no.nav.sbl.dialogarena.common.abac.pep.domain.request.XacmlRequest;
import no.nav.sbl.dialogarena.common.abac.pep.domain.response.Decision;
import no.nav.sbl.dialogarena.common.abac.pep.domain.response.Response;
import no.nav.sbl.dialogarena.common.abac.pep.domain.response.XacmlResponse;
import no.nav.sbl.dialogarena.common.abac.pep.exception.AbacException;
import no.nav.sbl.dialogarena.common.abac.pep.exception.PepException;
import no.nav.sbl.dialogarena.common.abac.pep.service.AbacService;
import no.nav.sbl.dialogarena.common.abac.pep.service.AbacServiceConfig;
import no.nav.sbl.dialogarena.common.abac.pep.utils.SecurityUtilsTest;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;

/* loaded from: input_file:no/nav/sbl/dialogarena/common/abac/pep/PepImplTest.class */
public class PepImplTest {

    @InjectMocks
    PepImpl pep;

    @Mock
    AbacService abacService;

    @Rule
    public SubjectRule subjectRule = new SubjectRule(TestSubjectUtils.buildDefault());

    @Before
    public void setup() {
        MockitoAnnotations.initMocks(this);
        Mockito.when(this.abacService.getAbacServiceConfig()).thenReturn(AbacServiceConfig.builder().username("username").build());
    }

    @Test
    public void returnsDecisionForToken() throws AbacException, IOException, NoSuchFieldException, PepException {
        Mockito.when(this.abacService.askForPermission((XacmlRequest) ArgumentMatchers.any(XacmlRequest.class))).thenReturn(getMockResponse(Decision.Permit));
        MatcherAssert.assertThat(this.pep.isServiceCallAllowedWithOidcToken(SecurityUtilsTest.TOKEN, "Foreldrepenger", MockXacmlRequest.FNR).getBiasedDecision(), CoreMatchers.is(Decision.Permit));
    }

    @Test
    public void returnsDecision() throws AbacException, IOException, NoSuchFieldException, PepException {
        Mockito.when(this.abacService.askForPermission((XacmlRequest) ArgumentMatchers.any(XacmlRequest.class))).thenReturn(getMockResponse(Decision.Permit));
        MatcherAssert.assertThat(this.pep.isServiceCallAllowedWithIdent("A111111", "Foreldrepenger", MockXacmlRequest.FNR).getBiasedDecision(), CoreMatchers.is(Decision.Permit));
    }

    @Test
    public void returnsDenyForNotApplicable() throws AbacException, IOException, NoSuchFieldException, PepException {
        Mockito.when(this.abacService.askForPermission((XacmlRequest) ArgumentMatchers.any(XacmlRequest.class))).thenReturn(getMockResponse(Decision.NotApplicable));
        MatcherAssert.assertThat(this.pep.isServiceCallAllowedWithIdent("A111111", "Foreldrepenger", MockXacmlRequest.FNR).getBiasedDecision(), CoreMatchers.is(Decision.Deny));
    }

    @Test(expected = PepException.class)
    public void decisionIndeterminateThrowsException() throws AbacException, IOException, NoSuchFieldException, PepException {
        Mockito.when(this.abacService.askForPermission((XacmlRequest) ArgumentMatchers.any(XacmlRequest.class))).thenReturn(getMockResponse(Decision.Indeterminate));
        MatcherAssert.assertThat(this.pep.isServiceCallAllowedWithIdent("A111111", "Foreldrepenger", MockXacmlRequest.FNR).getBiasedDecision(), CoreMatchers.is(Decision.Deny));
    }

    @Test(expected = IllegalArgumentException.class)
    public void nullFnrThrowsIllegalArgumentException() throws PepException {
        this.pep.isServiceCallAllowedWithIdent("Z999000", "veilarb", (AbacPersonId) null);
    }

    @Test(expected = IllegalArgumentException.class)
    public void notNumericFnrThrowsIllegalArgumentException() throws PepException {
        this.pep.isServiceCallAllowedWithIdent("Z999000", "veilarb", AbacPersonId.fnr("xxxxxx4444"));
    }

    @Test(expected = IllegalArgumentException.class)
    public void wrongLengthOfFnrThrowsIllegalArgumentException() throws PepException {
        this.pep.isServiceCallAllowedWithIdent("Z999000", "veilarb", AbacPersonId.fnr("xxxx4444"));
    }

    private XacmlResponse getMockResponse(Decision decision) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Response().withDecision(decision));
        return new XacmlResponse().withResponse(arrayList);
    }
}
