package no.nav.common.abac;

import java.util.concurrent.atomic.AtomicInteger;
import no.nav.common.abac.audit.AuditConfig;
import no.nav.common.abac.audit.AuditLogFilter;
import no.nav.common.abac.audit.AuditLogFilterUtils;
import no.nav.common.abac.audit.AuditLogger;
import no.nav.common.abac.audit.AuditRequestInfo;
import no.nav.common.abac.audit.AuditRequestInfoSupplier;
import no.nav.common.abac.audit.SubjectProvider;
import no.nav.common.abac.cef.CefEvent;
import no.nav.common.abac.domain.request.ActionId;
import no.nav.common.abac.domain.request.XacmlRequest;
import no.nav.common.abac.domain.response.Decision;
import no.nav.common.abac.domain.response.XacmlResponse;
import no.nav.common.health.HealthCheckResult;
import no.nav.common.test.junit.SystemPropertiesRule;
import no.nav.common.types.identer.EnhetId;
import no.nav.common.types.identer.Fnr;
import no.nav.common.types.identer.NavIdent;
import no.nav.common.utils.IdUtils;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.Mockito;
import org.slf4j.Logger;

/* loaded from: input_file:no/nav/common/abac/VeilarbPepTest.class */
public class VeilarbPepTest {
    private static final String TEST_SRV_USERNAME = "test";
    private static final String TEST_OIDC_TOKEN = "abc.abc.abc";
    private static final String APPLICATION_NAME = "testapp";
    private final Logger log = (Logger) Mockito.mock(Logger.class);
    private final SubjectProvider subjectProvider = (SubjectProvider) Mockito.mock(SubjectProvider.class);
    private final AuditLogger auditLogger = new AuditLogger(this.log, () -> {
        return Long.valueOf(TIME);
    });
    private final AuditRequestInfoSupplier auditRequestInfoSupplier = () -> {
        return AUDIT_REQUEST_INFO;
    };
    private final AuditLogFilter auditLogFilter = (auditRequestInfo, xacmlRequest, xacmlResponse) -> {
        return true;
    };
    private final AuditConfig auditConfig = new AuditConfig(this.auditLogger, this.auditRequestInfoSupplier, this.auditLogFilter);

    @Rule
    public SystemPropertiesRule systemPropertiesRule = new SystemPropertiesRule();
    private final AbacClient genericPermitClient = abacClientSpyWithResponseFromFile("xacmlresponse-generic-permit.json");
    private final AbacClient genericDenyClient = abacClientSpyWithResponseFromFile("xacmlresponse-generic-deny.json");
    private static final Fnr TEST_FNR = Fnr.of("12345678900");
    private static final NavIdent TEST_VEILEDER_IDENT = NavIdent.of("Z1234");
    private static final EnhetId TEST_ENHET_ID = EnhetId.of("1234");
    private static final long TIME = System.currentTimeMillis();
    private static final String CALL_ID = IdUtils.generateId();
    private static final EnhetId ENHET = EnhetId.of("5678");
    private static final String CONSUMER_ID = "ConsumingApplication";
    private static final String REQUEST_METHOD = "GET";
    private static final String REQUEST_PATH = "/some/path";
    private static final AuditRequestInfo AUDIT_REQUEST_INFO = new AuditRequestInfo(CALL_ID, CONSUMER_ID, REQUEST_METHOD, REQUEST_PATH);

    @Before
    public void setup() {
        this.systemPropertiesRule.setProperty("NAIS_APP_NAME", APPLICATION_NAME);
        Mockito.when(this.subjectProvider.getSubjectFromToken(TEST_OIDC_TOKEN)).thenReturn(TEST_VEILEDER_IDENT.get());
    }

    @Test
    public void harVeilederTilgangTilEnhet__skal_lage_riktig_request() {
        VeilarbPep veilarbPep = new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig);
        String contentFromJsonFile = TestUtils.getContentFromJsonFile("xacmlrequest-harVeilederTilgangTilEnhet.json");
        ArgumentCaptor forClass = ArgumentCaptor.forClass(String.class);
        Assert.assertTrue(veilarbPep.harVeilederTilgangTilEnhet(TEST_VEILEDER_IDENT, TEST_ENHET_ID));
        ((AbacClient) Mockito.verify(this.genericPermitClient, Mockito.times(1))).sendRawRequest((String) forClass.capture());
        TestUtils.assertJsonEquals(contentFromJsonFile, (String) forClass.getValue());
    }

    @Test
    public void harVeilederTilgangTilEnhet__skal_returnere_false_hvis_ikke_tilgang() {
        Assert.assertFalse(new VeilarbPep(TEST_SRV_USERNAME, this.genericDenyClient, this.subjectProvider, this.auditConfig).harVeilederTilgangTilEnhet(TEST_VEILEDER_IDENT, TEST_ENHET_ID));
    }

    @Test
    public void harTilgangTilEnhet__skal_lage_riktig_request() {
        VeilarbPep veilarbPep = new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig);
        String contentFromJsonFile = TestUtils.getContentFromJsonFile("xacmlrequest-harTilgangTilEnhet.json");
        ArgumentCaptor forClass = ArgumentCaptor.forClass(String.class);
        Assert.assertTrue(veilarbPep.harTilgangTilEnhet(TEST_OIDC_TOKEN, TEST_ENHET_ID));
        ((AbacClient) Mockito.verify(this.genericPermitClient, Mockito.times(1))).sendRawRequest((String) forClass.capture());
        TestUtils.assertJsonEquals(contentFromJsonFile, (String) forClass.getValue());
    }

    @Test
    public void harTilgangTilEnhet__skal_returnere_false_hvis_ikke_tilgang() {
        Assert.assertFalse(new VeilarbPep(TEST_SRV_USERNAME, this.genericDenyClient, this.subjectProvider, this.auditConfig).harTilgangTilEnhet(TEST_OIDC_TOKEN, TEST_ENHET_ID));
    }

    @Test
    public void harTilgangTilEnhetMedSperre__skal_lage_riktig_request() {
        VeilarbPep veilarbPep = new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig);
        String contentFromJsonFile = TestUtils.getContentFromJsonFile("xacmlrequest-harTilgangTilEnhetMedSperre.json");
        ArgumentCaptor forClass = ArgumentCaptor.forClass(String.class);
        Assert.assertTrue(veilarbPep.harTilgangTilEnhetMedSperre(TEST_OIDC_TOKEN, TEST_ENHET_ID));
        ((AbacClient) Mockito.verify(this.genericPermitClient, Mockito.times(1))).sendRawRequest((String) forClass.capture());
        TestUtils.assertJsonEquals(contentFromJsonFile, (String) forClass.getValue());
    }

    @Test
    public void harTilgangTilEnhetMedSperre__skal_returnere_false_hvis_ikke_tilgang() {
        Assert.assertFalse(new VeilarbPep(TEST_SRV_USERNAME, this.genericDenyClient, this.subjectProvider, this.auditConfig).harTilgangTilEnhetMedSperre(TEST_OIDC_TOKEN, TEST_ENHET_ID));
    }

    @Test
    public void harVeilederTilgangTilPerson__skal_lage_riktig_request() {
        VeilarbPep veilarbPep = new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig);
        String contentFromJsonFile = TestUtils.getContentFromJsonFile("xacmlrequest-harVeilederTilgangTilPerson.json");
        ArgumentCaptor forClass = ArgumentCaptor.forClass(String.class);
        Assert.assertTrue(veilarbPep.harVeilederTilgangTilPerson(TEST_VEILEDER_IDENT, ActionId.READ, TEST_FNR));
        ((AbacClient) Mockito.verify(this.genericPermitClient, Mockito.times(1))).sendRawRequest((String) forClass.capture());
        TestUtils.assertJsonEquals(contentFromJsonFile, (String) forClass.getValue());
    }

    @Test
    public void harVeilederTilgangTilPerson__skal_returnere_false_hvis_ikke_tilgang() {
        Assert.assertFalse(new VeilarbPep(TEST_SRV_USERNAME, this.genericDenyClient, this.subjectProvider, this.auditConfig).harVeilederTilgangTilPerson(TEST_VEILEDER_IDENT, ActionId.READ, TEST_FNR));
    }

    @Test
    public void harTilgangTilPerson__skal_lage_riktig_request() {
        VeilarbPep veilarbPep = new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig);
        String contentFromJsonFile = TestUtils.getContentFromJsonFile("xacmlrequest-harTilgangTilPerson.json");
        ArgumentCaptor forClass = ArgumentCaptor.forClass(String.class);
        Assert.assertTrue(veilarbPep.harTilgangTilPerson(TEST_OIDC_TOKEN, ActionId.READ, TEST_FNR));
        ((AbacClient) Mockito.verify(this.genericPermitClient, Mockito.times(1))).sendRawRequest((String) forClass.capture());
        TestUtils.assertJsonEquals(contentFromJsonFile, (String) forClass.getValue());
    }

    @Test
    public void harTilgangTilPerson__skal_returnere_false_hvis_ikke_tilgang() {
        Assert.assertFalse(new VeilarbPep(TEST_SRV_USERNAME, this.genericDenyClient, this.subjectProvider, this.auditConfig).harTilgangTilPerson(TEST_OIDC_TOKEN, ActionId.READ, TEST_FNR));
    }

    @Test
    public void harVeilederTilgangTilKode6__skal_lage_riktig_request() {
        VeilarbPep veilarbPep = new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig);
        String contentFromJsonFile = TestUtils.getContentFromJsonFile("xacmlrequest-harVeilederTilgangTilKode6.json");
        ArgumentCaptor forClass = ArgumentCaptor.forClass(String.class);
        Assert.assertTrue(veilarbPep.harVeilederTilgangTilKode6(TEST_VEILEDER_IDENT));
        ((AbacClient) Mockito.verify(this.genericPermitClient, Mockito.times(1))).sendRawRequest((String) forClass.capture());
        TestUtils.assertJsonEquals(contentFromJsonFile, (String) forClass.getValue());
    }

    @Test
    public void harVeilederTilgangTilKode6__skal_kaste_exception_hvis_ikke_tilgang() {
        Assert.assertFalse(new VeilarbPep(TEST_SRV_USERNAME, this.genericDenyClient, this.subjectProvider, this.auditConfig).harVeilederTilgangTilKode6(TEST_VEILEDER_IDENT));
    }

    @Test
    public void sjekkVeilederTilgangTilKode7__skal_lage_riktig_request() {
        VeilarbPep veilarbPep = new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig);
        String contentFromJsonFile = TestUtils.getContentFromJsonFile("xacmlrequest-harVeilederTilgangTilKode7.json");
        ArgumentCaptor forClass = ArgumentCaptor.forClass(String.class);
        Assert.assertTrue(veilarbPep.harVeilederTilgangTilKode7(TEST_VEILEDER_IDENT));
        ((AbacClient) Mockito.verify(this.genericPermitClient, Mockito.times(1))).sendRawRequest((String) forClass.capture());
        TestUtils.assertJsonEquals(contentFromJsonFile, (String) forClass.getValue());
    }

    @Test
    public void sjekkVeilederTilgangTilKode7__returnere_false_hvis_ikke_tilgang() {
        Assert.assertFalse(new VeilarbPep(TEST_SRV_USERNAME, this.genericDenyClient, this.subjectProvider, this.auditConfig).harVeilederTilgangTilKode7(TEST_VEILEDER_IDENT));
    }

    @Test
    public void sjekkVeilederTilgangTilEgenAnsatt__skal_lage_riktig_request() {
        VeilarbPep veilarbPep = new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig);
        String contentFromJsonFile = TestUtils.getContentFromJsonFile("xacmlrequest-harVeilederTilgangTilEgenAnsatt.json");
        ArgumentCaptor forClass = ArgumentCaptor.forClass(String.class);
        Assert.assertTrue(veilarbPep.harVeilederTilgangTilEgenAnsatt(TEST_VEILEDER_IDENT));
        ((AbacClient) Mockito.verify(this.genericPermitClient, Mockito.times(1))).sendRawRequest((String) forClass.capture());
        TestUtils.assertJsonEquals(contentFromJsonFile, (String) forClass.getValue());
    }

    @Test
    public void sjekkVeilederTilgangTilEgenAnsatt__returnere_false_hvis_ikke_tilgang() {
        Assert.assertFalse(new VeilarbPep(TEST_SRV_USERNAME, this.genericDenyClient, this.subjectProvider, this.auditConfig).harVeilederTilgangTilEgenAnsatt(TEST_VEILEDER_IDENT));
    }

    @Test
    public void harVeilederTilgangTilEnhet__riktig_audit_log_for_permit() {
        Assert.assertTrue(new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig).harVeilederTilgangTilEnhet(TEST_VEILEDER_IDENT, ENHET));
        ((Logger) Mockito.verify(this.log)).info((String) Mockito.eq(expectCefLogHeader(CefEvent.Severity.INFO) + expectCefLogAttributesEnhetPermit()));
    }

    @Test
    public void harVeilederTilgangTilEnhet__riktig_audit_log_for_deny() {
        Assert.assertFalse(new VeilarbPep(TEST_SRV_USERNAME, this.genericDenyClient, this.subjectProvider, this.auditConfig).harVeilederTilgangTilEnhet(TEST_VEILEDER_IDENT, ENHET));
        ((Logger) Mockito.verify(this.log)).info((String) Mockito.eq(expectCefLogHeader(CefEvent.Severity.WARN) + expectCefLogAttributesEnhetDeny()));
    }

    @Test
    public void harVeilederTilgangTilPerson__riktig_audit_log_for_permit() {
        Assert.assertTrue(new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig).harVeilederTilgangTilPerson(TEST_VEILEDER_IDENT, ActionId.READ, TEST_FNR));
        ((Logger) Mockito.verify(this.log)).info((String) Mockito.eq(expectCefLogHeader(CefEvent.Severity.INFO) + expectCefLogAttributesPersonPermit()));
    }

    @Test
    public void harVeilederTilgangTilPerson__riktig_audit_log_for_deny() {
        Assert.assertFalse(new VeilarbPep(TEST_SRV_USERNAME, this.genericDenyClient, this.subjectProvider, this.auditConfig).harVeilederTilgangTilPerson(TEST_VEILEDER_IDENT, ActionId.READ, TEST_FNR));
        ((Logger) Mockito.verify(this.log)).info((String) Mockito.eq(expectCefLogHeader(CefEvent.Severity.WARN) + expectCefLogAttributesPersonDeny()));
    }

    @Test
    public void harTilgangTilPerson__riktig_audit_log_for_permit() {
        Assert.assertTrue(new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig).harTilgangTilPerson(TEST_OIDC_TOKEN, ActionId.READ, TEST_FNR));
        ((Logger) Mockito.verify(this.log)).info((String) Mockito.eq(expectCefLogHeader(CefEvent.Severity.INFO) + expectCefLogAttributesPersonPermit()));
    }

    @Test
    public void harTilgangTilPerson__riktig_audit_log_for_deny() {
        Assert.assertFalse(new VeilarbPep(TEST_SRV_USERNAME, this.genericDenyClient, this.subjectProvider, this.auditConfig).harTilgangTilPerson(TEST_OIDC_TOKEN, ActionId.READ, TEST_FNR));
        ((Logger) Mockito.verify(this.log)).info((String) Mockito.eq(expectCefLogHeader(CefEvent.Severity.WARN) + expectCefLogAttributesPersonDeny()));
    }

    @Test
    public void harVeilederTilgangTilKode6__riktig_audit_log_for_permit() {
        Assert.assertTrue(new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig).harVeilederTilgangTilKode6(TEST_VEILEDER_IDENT));
        ((Logger) Mockito.verify(this.log)).info((String) Mockito.eq(expectCefLogHeader(CefEvent.Severity.INFO) + expectCefLogAttributesResourcePermit("no.nav.abac.attributter.subject.felles.har_tilgang_kode_6")));
    }

    @Test
    public void harVeilederTilgangTilKode6__riktig_audit_log_for_deny() {
        Assert.assertFalse(new VeilarbPep(TEST_SRV_USERNAME, this.genericDenyClient, this.subjectProvider, this.auditConfig).harVeilederTilgangTilKode6(TEST_VEILEDER_IDENT));
        ((Logger) Mockito.verify(this.log)).info((String) Mockito.eq(expectCefLogHeader(CefEvent.Severity.WARN) + expectCefLogAttributesResourceDeny("no.nav.abac.attributter.subject.felles.har_tilgang_kode_6")));
    }

    @Test
    public void harVeilederTilgangTilKode7__riktig_audit_log_for_permit() {
        Assert.assertTrue(new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig).harVeilederTilgangTilKode7(TEST_VEILEDER_IDENT));
        ((Logger) Mockito.verify(this.log)).info((String) Mockito.eq(expectCefLogHeader(CefEvent.Severity.INFO) + expectCefLogAttributesResourcePermit("no.nav.abac.attributter.subject.felles.har_tilgang_kode_7")));
    }

    @Test
    public void harVeilederTilgangTilKode7__riktig_audit_log_for_deny() {
        Assert.assertFalse(new VeilarbPep(TEST_SRV_USERNAME, this.genericDenyClient, this.subjectProvider, this.auditConfig).harVeilederTilgangTilKode7(TEST_VEILEDER_IDENT));
        ((Logger) Mockito.verify(this.log)).info((String) Mockito.eq(expectCefLogHeader(CefEvent.Severity.WARN) + expectCefLogAttributesResourceDeny("no.nav.abac.attributter.subject.felles.har_tilgang_kode_7")));
    }

    @Test
    public void harVeilederTilgangTilEgenAnsatt__riktig_audit_log_for_permit() {
        Assert.assertTrue(new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig).harVeilederTilgangTilEgenAnsatt(TEST_VEILEDER_IDENT));
        ((Logger) Mockito.verify(this.log)).info((String) Mockito.eq(expectCefLogHeader(CefEvent.Severity.INFO) + expectCefLogAttributesResourcePermit("no.nav.abac.attributter.subject.felles.har_tilgang_egen_ansatt")));
    }

    @Test
    public void harVeilederTilgangTilEgenAnsatt__riktig_audit_log_for_deny() {
        Assert.assertFalse(new VeilarbPep(TEST_SRV_USERNAME, this.genericDenyClient, this.subjectProvider, this.auditConfig).harVeilederTilgangTilEgenAnsatt(TEST_VEILEDER_IDENT));
        ((Logger) Mockito.verify(this.log)).info((String) Mockito.eq(expectCefLogHeader(CefEvent.Severity.WARN) + expectCefLogAttributesResourceDeny("no.nav.abac.attributter.subject.felles.har_tilgang_egen_ansatt")));
    }

    @Test
    public void ingen_audit_log_dersom_audit_config_er_null() {
        Assert.assertTrue(new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, (AuditConfig) null).harTilgangTilPerson(TEST_OIDC_TOKEN, ActionId.READ, TEST_FNR));
        ((Logger) Mockito.verify(this.log, Mockito.never())).info((String) Mockito.any());
    }

    @Test
    public void ingen_audit_log_dersom_audit_logger_er_null() {
        Assert.assertTrue(new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, new AuditConfig((AuditLogger) null, this.auditRequestInfoSupplier, this.auditLogFilter)).harTilgangTilPerson(TEST_OIDC_TOKEN, ActionId.READ, TEST_FNR));
        ((Logger) Mockito.verify(this.log, Mockito.never())).info((String) Mockito.any());
    }

    @Test
    public void ingen_audit_log_dersom_request_info_er_null() {
        Assert.assertTrue(new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, new AuditConfig(this.auditLogger, () -> {
            return null;
        }, this.auditLogFilter)).harTilgangTilPerson(TEST_OIDC_TOKEN, ActionId.READ, TEST_FNR));
        ((Logger) Mockito.verify(this.log, Mockito.never())).info((String) Mockito.any());
    }

    @Test
    public void ingen_audit_log_dersom_request_info_supplier_er_null() {
        Assert.assertTrue(new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, new AuditConfig(this.auditLogger, (AuditRequestInfoSupplier) null, this.auditLogFilter)).harTilgangTilPerson(TEST_OIDC_TOKEN, ActionId.READ, TEST_FNR));
        ((Logger) Mockito.verify(this.log, Mockito.never())).info((String) Mockito.any());
    }

    @Test
    public void gir_audit_log_dersom_audit_log_filter_er_null() {
        Assert.assertTrue(new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, new AuditConfig(this.auditLogger, this.auditRequestInfoSupplier, (AuditLogFilter) null)).harTilgangTilPerson(TEST_OIDC_TOKEN, ActionId.READ, TEST_FNR));
        ((Logger) Mockito.verify(this.log)).info((String) Mockito.any());
    }

    @Test
    public void ingen_audit_log_dersom_det_filtreres_bort() {
        AtomicInteger atomicInteger = new AtomicInteger();
        AuditRequestInfoSupplier auditRequestInfoSupplier = () -> {
            return new AuditRequestInfo(CALL_ID, CONSUMER_ID, REQUEST_METHOD, atomicInteger.get() == 0 ? "/logg/denne" : "/ikke/logg/denne");
        };
        String str = "no.nav.abac.attributter.resource.veilarb.enhet.eiendel";
        String str2 = "/ikke/logg/denne";
        VeilarbPep veilarbPep = new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, new AuditConfig(this.auditLogger, auditRequestInfoSupplier, AuditLogFilterUtils.and(AuditLogFilterUtils.not(AuditLogFilterUtils.anyResourceAttributeFilter((v1) -> {
            return r0.equals(v1);
        })), AuditLogFilterUtils.not(AuditLogFilterUtils.pathFilter((v1) -> {
            return r1.equals(v1);
        })))));
        veilarbPep.harTilgangTilPerson(TEST_OIDC_TOKEN, ActionId.READ, TEST_FNR);
        veilarbPep.harTilgangTilEnhetMedSperre(TEST_OIDC_TOKEN, TEST_ENHET_ID);
        atomicInteger.getAndIncrement();
        veilarbPep.harTilgangTilPerson(TEST_OIDC_TOKEN, ActionId.READ, TEST_FNR);
        ((Logger) Mockito.verify(this.log, Mockito.times(1))).info((String) Mockito.any());
        ((Logger) Mockito.verify(this.log, Mockito.never())).info(Mockito.contains("/ikke/logg/denne"));
        ((Logger) Mockito.verify(this.log, Mockito.times(1))).info(Mockito.contains("/logg/denne"));
    }

    @Test
    public void harTilgangTilOppfolging__skal_lage_riktig_request() {
        VeilarbPep veilarbPep = new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig);
        String contentFromJsonFile = TestUtils.getContentFromJsonFile("xacmlrequest-harTilgangTilOppfolging.json");
        ArgumentCaptor forClass = ArgumentCaptor.forClass(String.class);
        Assert.assertTrue(veilarbPep.harTilgangTilOppfolging(TEST_OIDC_TOKEN));
        ((AbacClient) Mockito.verify(this.genericPermitClient, Mockito.times(1))).sendRawRequest((String) forClass.capture());
        TestUtils.assertJsonEquals(contentFromJsonFile, (String) forClass.getValue());
    }

    @Test
    public void harTilgangTilOppfolging__riktig_audit_log_for_permit() {
        Assert.assertTrue(new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig).harTilgangTilOppfolging(TEST_OIDC_TOKEN));
        ((Logger) Mockito.verify(this.log)).info((String) Mockito.eq(expectCefLogHeader(CefEvent.Severity.INFO) + expectCefLogAttributesResourcePermit("no.nav.abac.attributter.resource.veilarb")));
    }

    @Test
    public void harTilgangTilOppfolging__riktig_audit_log_for_deny() {
        Assert.assertFalse(new VeilarbPep(TEST_SRV_USERNAME, this.genericDenyClient, this.subjectProvider, this.auditConfig).harTilgangTilOppfolging(TEST_OIDC_TOKEN));
        ((Logger) Mockito.verify(this.log)).info((String) Mockito.eq(expectCefLogHeader(CefEvent.Severity.WARN) + expectCefLogAttributesResourceDeny("no.nav.abac.attributter.resource.veilarb")));
    }

    @Test
    public void harVeilederTilgangTilModia__skal_lage_riktig_request() {
        VeilarbPep veilarbPep = new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig);
        String contentFromJsonFile = TestUtils.getContentFromJsonFile("xacmlrequest-harVeilederTilgangTilModia.json");
        ArgumentCaptor forClass = ArgumentCaptor.forClass(String.class);
        Assert.assertTrue(veilarbPep.harVeilederTilgangTilModia(TEST_OIDC_TOKEN));
        ((AbacClient) Mockito.verify(this.genericPermitClient, Mockito.times(1))).sendRawRequest((String) forClass.capture());
        TestUtils.assertJsonEquals(contentFromJsonFile, (String) forClass.getValue());
    }

    @Test
    public void harVeilederTilgangTilModia__riktig_audit_log_for_permit() {
        Assert.assertTrue(new VeilarbPep(TEST_SRV_USERNAME, this.genericPermitClient, this.subjectProvider, this.auditConfig).harVeilederTilgangTilModia(TEST_OIDC_TOKEN));
        ((Logger) Mockito.verify(this.log)).info((String) Mockito.eq(expectCefLogHeader(CefEvent.Severity.INFO) + expectCefLogAttributesModiaResourcePermit("no.nav.abac.attributter.resource.modia")));
    }

    @Test
    public void harVeilederTilgangTilModia__riktig_audit_log_for_deny() {
        Assert.assertFalse(new VeilarbPep(TEST_SRV_USERNAME, this.genericDenyClient, this.subjectProvider, this.auditConfig).harVeilederTilgangTilModia(TEST_OIDC_TOKEN));
        ((Logger) Mockito.verify(this.log)).info((String) Mockito.eq(expectCefLogHeader(CefEvent.Severity.WARN) + expectCefLogAttributesModiaResourceDeny("no.nav.abac.attributter.resource.modia")));
    }

    private AbacClient abacClientSpyWithResponseFromFile(final String str) {
        return (AbacClient) Mockito.spy(new AbacClient() { // from class: no.nav.common.abac.VeilarbPepTest.1
            public HealthCheckResult checkHealth() {
                return HealthCheckResult.healthy();
            }

            public String sendRawRequest(String str2) {
                return TestUtils.getContentFromJsonFile(str);
            }

            public XacmlResponse sendRequest(XacmlRequest xacmlRequest) {
                return XacmlMapper.mapRawResponse(sendRawRequest(XacmlMapper.mapRequestToEntity(xacmlRequest)));
            }
        });
    }

    private String expectCefLogHeader(CefEvent.Severity severity) {
        return String.format("CEF:0|%s|Sporingslogg|1.0|audit:access|ABAC Sporingslogg|%s|", APPLICATION_NAME, severity);
    }

    private String expectCefLogAttributesEnhetPermit() {
        String str = CALL_ID;
        Decision decision = Decision.Permit;
        String id = ActionId.READ.getId();
        EnhetId enhetId = ENHET;
        long j = TIME;
        NavIdent navIdent = TEST_VEILEDER_IDENT;
        return "sproc=" + str + " flexString1=" + decision + " request=/some/path act=" + id + " cs2=" + enhetId + " requestContext=no.nav.abac.attributter.resource.felles.enhet sourceServiceName=veilarb requestMethod=GET end=" + j + " flexString1Label=Decision suid=" + str + " dproc=ConsumingApplication";
    }

    private String expectCefLogAttributesEnhetDeny() {
        return "sproc=" + CALL_ID + " flexString2Label=deny_policy request=/some/path cs5Label=deny_rule cs3=cause cs2=" + ENHET + " cs5=deny_rule requestMethod=GET suid=" + TEST_VEILEDER_IDENT + " dproc=ConsumingApplication flexString1=" + Decision.Deny + " act=" + ActionId.READ.getId() + " requestContext=no.nav.abac.attributter.resource.felles.enhet sourceServiceName=veilarb cs3Label=deny_cause end=" + TIME + " flexString1Label=Decision flexString2=deny_policy";
    }

    private String expectCefLogAttributesPersonPermit() {
        String str = CALL_ID;
        Decision decision = Decision.Permit;
        String id = ActionId.READ.getId();
        String str2 = TEST_FNR.get();
        long j = TIME;
        NavIdent navIdent = TEST_VEILEDER_IDENT;
        return "sproc=" + str + " flexString1=" + decision + " request=/some/path act=" + id + " duid=" + str2 + " requestContext=no.nav.abac.attributter.resource.felles.person sourceServiceName=veilarb requestMethod=GET end=" + j + " flexString1Label=Decision suid=" + str + " dproc=ConsumingApplication";
    }

    private String expectCefLogAttributesPersonDeny() {
        return "sproc=" + CALL_ID + " flexString2Label=deny_policy request=/some/path cs5Label=deny_rule cs3=cause duid=" + TEST_FNR.get() + " cs5=deny_rule requestMethod=GET suid=" + TEST_VEILEDER_IDENT + " dproc=ConsumingApplication flexString1=" + Decision.Deny + " act=" + ActionId.READ.getId() + " requestContext=no.nav.abac.attributter.resource.felles.person sourceServiceName=veilarb cs3Label=deny_cause end=" + TIME + " flexString1Label=Decision flexString2=deny_policy";
    }

    private String expectCefLogAttributesResourcePermit(String str) {
        String str2 = CALL_ID;
        Decision decision = Decision.Permit;
        long j = TIME;
        NavIdent navIdent = TEST_VEILEDER_IDENT;
        return "sproc=" + str2 + " flexString1=" + decision + " request=/some/path requestContext=" + str + " sourceServiceName=veilarb requestMethod=GET end=" + j + " flexString1Label=Decision suid=" + str2 + " dproc=ConsumingApplication";
    }

    private String expectCefLogAttributesResourceDeny(String str) {
        return "sproc=" + CALL_ID + " flexString2Label=deny_policy request=/some/path cs5Label=deny_rule cs3=cause cs5=deny_rule requestMethod=GET suid=" + TEST_VEILEDER_IDENT + " dproc=ConsumingApplication flexString1=" + Decision.Deny + " requestContext=" + str + " sourceServiceName=veilarb cs3Label=deny_cause end=" + TIME + " flexString1Label=Decision flexString2=deny_policy";
    }

    private String expectCefLogAttributesModiaResourcePermit(String str) {
        String str2 = CALL_ID;
        Decision decision = Decision.Permit;
        long j = TIME;
        NavIdent navIdent = TEST_VEILEDER_IDENT;
        return "sproc=" + str2 + " flexString1=" + decision + " request=/some/path requestContext=" + str + " sourceServiceName=modia requestMethod=GET end=" + j + " flexString1Label=Decision suid=" + str2 + " dproc=ConsumingApplication";
    }

    private String expectCefLogAttributesModiaResourceDeny(String str) {
        return "sproc=" + CALL_ID + " flexString2Label=deny_policy request=/some/path cs5Label=deny_rule cs3=cause cs5=deny_rule requestMethod=GET suid=" + TEST_VEILEDER_IDENT + " dproc=ConsumingApplication flexString1=" + Decision.Deny + " requestContext=" + str + " sourceServiceName=modia cs3Label=deny_cause end=" + TIME + " flexString1Label=Decision flexString2=deny_policy";
    }
}
