package no.nav.apiapp.securitylevel;

import javax.ws.rs.client.Client;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import no.nav.common.auth.SecurityLevel;
import no.nav.fo.apiapp.rest.JettyTestUtils;
import no.nav.sbl.dialogarena.common.jetty.Jetty;
import no.nav.sbl.dialogarena.test.junit.SystemPropertiesRule;
import no.nav.sbl.rest.RestUtils;
import no.nav.testconfig.security.JwtTestTokenIssuer;
import no.nav.testconfig.security.OidcProviderTestRule;
import org.assertj.core.api.Assertions;
import org.junit.After;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;

/* loaded from: input_file:no/nav/apiapp/securitylevel/ApiAppSecurityLevelAuthorizationTest.class */
public class ApiAppSecurityLevelAuthorizationTest {

    @ClassRule
    public static OidcProviderTestRule oidcProviderTestRule = new OidcProviderTestRule(JettyTestUtils.tilfeldigPort());

    @Rule
    public SystemPropertiesRule systemPropertiesRule = new SystemPropertiesRule();
    private static Jetty jetty;
    private Client client;
    private UriBuilder uriBuilder;

    @Before
    public void start() {
        JettyTestUtils.setupContext();
        this.systemPropertiesRule.setProperty("AAD_B2C_DISCOVERY_URL", oidcProviderTestRule.getDiscoveryUri());
        this.systemPropertiesRule.setProperty("AAD_B2C_CLIENTID_USERNAME", oidcProviderTestRule.getAudience());
        jetty = JettyTestUtils.nyJettyForTest(ApplicationConfigWithSecurityLevels.class);
        this.client = RestUtils.createClient();
        this.uriBuilder = JettyTestUtils.uriBuilder("/api-app/api", jetty);
    }

    @After
    public void stopJetty() {
        jetty.stop.run();
    }

    @Test
    public void api_app_security_level_authorization() {
        Assertions.assertThat(get("/default", SecurityLevel.Level4).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/default?foo=123&bar=321", SecurityLevel.Level4).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/default/path", SecurityLevel.Level4).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/default/path?foo=123&bar=321", SecurityLevel.Level4).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/level4", SecurityLevel.Level4).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/level4?foo=123&bar=321", SecurityLevel.Level4).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/level4/path", SecurityLevel.Level4).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/level4/path?foo=123&bar=321", SecurityLevel.Level4).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/level4/with/long/path", SecurityLevel.Level4).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/level4/with/long/path?foo=123&bar=321", SecurityLevel.Level4).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/level2", SecurityLevel.Level4).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/level2?foo=123&bar=321", SecurityLevel.Level4).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/level2/path", SecurityLevel.Level4).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/level2/path?foo=123&bar=321", SecurityLevel.Level4).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/level2/with/long/path", SecurityLevel.Level4).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/level2/with/long/path?foo=123&bar=321", SecurityLevel.Level4).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/default", SecurityLevel.Level3).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/default/path", SecurityLevel.Level3).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/level4", SecurityLevel.Level3).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level4/path", SecurityLevel.Level3).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level4/with/long/path", SecurityLevel.Level3).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level2", SecurityLevel.Level3).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/level2/path", SecurityLevel.Level3).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/level2/with/long/path", SecurityLevel.Level3).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/default", SecurityLevel.Level2).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/default/path", SecurityLevel.Level2).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level4", SecurityLevel.Level2).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level4/path", SecurityLevel.Level2).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level4/with/long/path", SecurityLevel.Level2).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level2", SecurityLevel.Level2).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/level2/path", SecurityLevel.Level2).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/level2/with/long/path", SecurityLevel.Level2).getStatus()).isEqualTo(200);
        Assertions.assertThat(get("/default", SecurityLevel.Level1).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/default/path", SecurityLevel.Level1).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level4", SecurityLevel.Level1).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level4/path", SecurityLevel.Level1).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level4/with/long/path", SecurityLevel.Level1).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level2", SecurityLevel.Level1).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level2/path", SecurityLevel.Level1).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level2/with/long/path", SecurityLevel.Level1).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/default", SecurityLevel.Ukjent).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/default/path", SecurityLevel.Ukjent).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level4", SecurityLevel.Ukjent).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level4/path", SecurityLevel.Ukjent).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level4/with/long/path", SecurityLevel.Ukjent).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level2", SecurityLevel.Ukjent).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level2/path", SecurityLevel.Ukjent).getStatus()).isEqualTo(401);
        Assertions.assertThat(get("/level2/with/long/path", SecurityLevel.Ukjent).getStatus()).isEqualTo(401);
    }

    private Response get(String str, SecurityLevel securityLevel) {
        return this.client.target(this.uriBuilder.toString() + str).request().header("Authorization", "Bearer " + oidcProviderTestRule.getToken(new JwtTestTokenIssuer.Claims("0").setClaim("acr", securityLevel))).get();
    }
}
