package com.evolveum.midpoint.model.intest.security;

import com.evolveum.midpoint.model.api.authentication.MidPointUserProfilePrincipal;
import com.evolveum.midpoint.model.intest.AbstractConfiguredModelIntegrationTest;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.security.api.Authorization;
import com.evolveum.midpoint.security.api.AuthorizationConstants;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.test.util.TestUtil;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationPhaseType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ContextConfiguration;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

@ContextConfiguration(locations = {"classpath:ctx-model-intest-test-main.xml"})
@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
/* loaded from: input_file:com/evolveum/midpoint/model/intest/security/TestSecurityPrincipal.class */
public class TestSecurityPrincipal extends AbstractSecurityTest {
    @Override // com.evolveum.midpoint.model.intest.security.AbstractSecurityTest, com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest, com.evolveum.midpoint.model.intest.AbstractConfiguredModelIntegrationTest
    public void initSystem(Task task, OperationResult operationResult) throws Exception {
        super.initSystem(task, operationResult);
    }

    @Test
    public void test010GetUserAdministrator() throws Exception {
        displayTestTitle("test010GetUserAdministrator");
        resetAuthentication();
        MidPointUserProfilePrincipal principal = this.userProfileService.getPrincipal("administrator");
        display("Administrator principal", principal);
        AssertJUnit.assertEquals("Wrong number of authorizations", 1, principal.getAuthorities().size());
        assertHasAuthorizationAllow((Authorization) principal.getAuthorities().iterator().next(), AuthorizationConstants.AUTZ_ALL_URL);
        assertAuthorized(principal, AUTZ_LOOT_URL);
        assertAuthorized(principal, AUTZ_COMMAND_URL);
    }

    @Test
    public void test050GetUserJack() throws Exception {
        displayTestTitle("test050GetUserJack");
        resetAuthentication();
        MidPointUserProfilePrincipal principal = this.userProfileService.getPrincipal("jack");
        assertNoAuthentication();
        assertJack((MidPointPrincipal) principal);
        AssertJUnit.assertTrue("Unexpected authorizations", principal.getAuthorities().isEmpty());
        assertNoAuthentication();
        assertNotAuthorized(principal, AUTZ_LOOT_URL);
        assertNotAuthorized(principal, AUTZ_COMMAND_URL);
        assertNoAuthentication();
    }

    @Test
    public void test051GetUserBarbossa() throws Exception {
        displayTestTitle("test051GetUserBarbossa");
        resetAuthentication();
        MidPointUserProfilePrincipal principal = this.userProfileService.getPrincipal("barbossa");
        display("Principal barbossa", principal);
        AssertJUnit.assertNotNull("No principal for username barbossa", principal);
        AssertJUnit.assertEquals("wrong username", "barbossa", principal.getUsername());
        AssertJUnit.assertEquals("wrong oid", "c0c010c0-d34d-b33f-f00d-111111111112", principal.getOid());
        AssertJUnit.assertTrue("Unexpected authorizations", principal.getAuthorities().isEmpty());
        display("User in principal barbossa", principal.getUser().asPrismObject());
        principal.getUser().asPrismObject().checkConsistence(true, true);
        assertNotAuthorized(principal, AUTZ_LOOT_URL);
        assertNotAuthorized(principal, AUTZ_COMMAND_URL);
    }

    @Test
    public void test052GetUserGuybrush() throws Exception {
        displayTestTitle("test052GetUserGuybrush");
        resetAuthentication();
        MidPointUserProfilePrincipal principal = this.userProfileService.getPrincipal("guybrush");
        display("Principal guybrush", principal);
        AssertJUnit.assertEquals("wrong username", "guybrush", principal.getUsername());
        AssertJUnit.assertEquals("wrong oid", "c0c010c0-d34d-b33f-f00d-111111111116", principal.getOid());
        AssertJUnit.assertTrue("Unexpected authorizations", principal.getAuthorities().isEmpty());
        display("User in principal guybrush", principal.getUser().asPrismObject());
        principal.getUser().asPrismObject().checkConsistence(true, true);
        assertNotAuthorized(principal, AUTZ_LOOT_URL);
        assertNotAuthorized(principal, AUTZ_COMMAND_URL);
    }

    @Test
    public void test060GuybrushConditionalRoleFalse() throws Exception {
        displayTestTitle("test060GuybrushConditionalRoleFalse");
        login("administrator");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", "00000000-0000-0000-0000-00000000aac1");
        resetAuthentication();
        MidPointUserProfilePrincipal principal = this.userProfileService.getPrincipal("guybrush");
        display("Principal guybrush", principal);
        AssertJUnit.assertEquals("wrong username", "guybrush", principal.getUsername());
        AssertJUnit.assertEquals("wrong oid", "c0c010c0-d34d-b33f-f00d-111111111116", principal.getOid());
        AssertJUnit.assertTrue("Unexpected authorizations", principal.getAuthorities().isEmpty());
        display("User in principal guybrush", principal.getUser().asPrismObject());
        principal.getUser().asPrismObject().checkConsistence(true, true);
        assertNotAuthorized(principal, AUTZ_LOOT_URL);
        assertNotAuthorized(principal, AUTZ_COMMAND_URL);
        assertNotAuthorized(principal, AUTZ_SUPERSPECIAL_URL);
        assertNotAuthorized(principal, AUTZ_NONSENSE_URL);
    }

    @Test
    public void test061GuybrushConditionalRoleTrue() throws Exception {
        displayTestTitle("test061GuybrushConditionalRoleTrue");
        login("administrator");
        Task createTask = createTask("test061GuybrushConditionalRoleTrue");
        modifyUserReplace("c0c010c0-d34d-b33f-f00d-111111111116", UserType.F_SUBTYPE, createTask, createTask.getResult(), new Object[]{"special"});
        resetAuthentication();
        TestUtil.displayWhen("test061GuybrushConditionalRoleTrue");
        MidPointUserProfilePrincipal principal = this.userProfileService.getPrincipal("guybrush");
        TestUtil.displayThen("test061GuybrushConditionalRoleTrue");
        display("Principal guybrush", principal);
        AssertJUnit.assertEquals("wrong username", "guybrush", principal.getUsername());
        AssertJUnit.assertEquals("wrong oid", "c0c010c0-d34d-b33f-f00d-111111111116", principal.getOid());
        display("User in principal guybrush", principal.getUser().asPrismObject());
        principal.getUser().asPrismObject().checkConsistence(true, true);
        assertAuthorized(principal, AUTZ_SUPERSPECIAL_URL);
        assertNotAuthorized(principal, AUTZ_LOOT_URL);
        assertNotAuthorized(principal, AUTZ_COMMAND_URL);
        assertNotAuthorized(principal, AUTZ_CAPSIZE_URL);
        assertNotAuthorized(principal, AUTZ_NONSENSE_URL);
    }

    @Test
    public void test062GuybrushConditionalRoleUnassign() throws Exception {
        displayTestTitle("test062GuybrushConditionalRoleUnassign");
        login("administrator");
        unassignRole("c0c010c0-d34d-b33f-f00d-111111111116", "00000000-0000-0000-0000-00000000aac1");
        resetAuthentication();
        MidPointUserProfilePrincipal principal = this.userProfileService.getPrincipal("guybrush");
        display("Principal guybrush", principal);
        AssertJUnit.assertEquals("wrong username", "guybrush", principal.getUsername());
        AssertJUnit.assertEquals("wrong oid", "c0c010c0-d34d-b33f-f00d-111111111116", principal.getOid());
        AssertJUnit.assertTrue("Unexpected authorizations", principal.getAuthorities().isEmpty());
        display("User in principal guybrush", principal.getUser().asPrismObject());
        principal.getUser().asPrismObject().checkConsistence(true, true);
        assertNotAuthorized(principal, AUTZ_LOOT_URL);
        assertNotAuthorized(principal, AUTZ_COMMAND_URL);
    }

    @Test
    public void test100JackRolePirate() throws Exception {
        displayTestTitle("test100JackRolePirate");
        login("administrator");
        Task createTask = createTask("test100JackRolePirate");
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", createTask, createTask.getResult());
        resetAuthentication();
        MidPointUserProfilePrincipal principal = this.userProfileService.getPrincipal("jack");
        assertJack((MidPointPrincipal) principal);
        AssertJUnit.assertEquals("Wrong number of authorizations", 1, principal.getAuthorities().size());
        assertHasAuthorizationAllow((Authorization) principal.getAuthorities().iterator().next(), AUTZ_LOOT_URL);
        assertAuthorized(principal, AUTZ_LOOT_URL, AuthorizationPhaseType.EXECUTION);
        assertNotAuthorized(principal, AUTZ_LOOT_URL, AuthorizationPhaseType.REQUEST);
        assertNotAuthorized(principal, AUTZ_LOOT_URL, null);
        assertNotAuthorized(principal, AUTZ_COMMAND_URL);
        assertCompiledUserProfile(principal).assertAdditionalMenuLinks(1).assertUserDashboardLinks(2).assertObjectCollectionViews(3).assertObjectForms(2).assertUserDashboardWidgets(2);
    }

    @Test
    public void test109JackUnassignRolePirate() throws Exception {
        displayTestTitle("test109JackUnassignRolePirate");
        login("administrator");
        Task createTask = createTask("test109JackUnassignRolePirate");
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", createTask, createTask.getResult());
        resetAuthentication();
        MidPointUserProfilePrincipal principal = this.userProfileService.getPrincipal("jack");
        assertJack((MidPointPrincipal) principal);
        AssertJUnit.assertEquals("Wrong number of authorizations", 0, principal.getAuthorities().size());
        assertNotAuthorized(principal, AUTZ_LOOT_URL);
        assertNotAuthorized(principal, AUTZ_COMMAND_URL);
        assertCompiledUserProfile(principal).assertAdditionalMenuLinks(0).assertUserDashboardLinks(1).assertObjectCollectionViews(3).assertObjectForms(1).assertUserDashboardWidgets(0);
    }

    @Test
    public void test110GuybrushRoleNicePirate() throws Exception {
        displayTestTitle("test110GuybrushRoleNicePirate");
        login("administrator");
        Task createTask = createTask("test110GuybrushRoleNicePirate");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", "12345678-d34d-b33f-f00d-555555556677", createTask, createTask.getResult());
        resetAuthentication();
        displayWhen("test110GuybrushRoleNicePirate");
        MidPointUserProfilePrincipal principal = this.userProfileService.getPrincipal("guybrush");
        displayThen("test110GuybrushRoleNicePirate");
        display("Principal guybrush", principal);
        AssertJUnit.assertEquals("Wrong number of authorizations", 2, principal.getAuthorities().size());
        assertNotAuthorized(principal, AUTZ_LOOT_URL);
        assertNotAuthorized(principal, AUTZ_COMMAND_URL);
    }

    @Test
    public void test111GuybrushRoleCaptain() throws Exception {
        displayTestTitle("test111GuybrushRoleCaptain");
        login("administrator");
        Task createTask = createTask("test111GuybrushRoleCaptain");
        assignRole("c0c010c0-d34d-b33f-f00d-111111111116", "12345678-d34d-b33f-f00d-55555555cccc", createTask, createTask.getResult());
        resetAuthentication();
        displayWhen("test111GuybrushRoleCaptain");
        MidPointUserProfilePrincipal principal = this.userProfileService.getPrincipal("guybrush");
        displayThen("test111GuybrushRoleCaptain");
        display("Principal guybrush", principal);
        AssertJUnit.assertEquals("Wrong number of authorizations", 3, principal.getAuthorities().size());
        assertNotAuthorized(principal, AUTZ_LOOT_URL);
        assertAuthorized(principal, AUTZ_COMMAND_URL);
    }

    @Test
    public void test119GuybrushUnassignRoles() throws Exception {
        displayTestTitle("test119GuybrushUnassignRoles");
        login("administrator");
        Task createTask = createTask("test119GuybrushUnassignRoles");
        OperationResult result = createTask.getResult();
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-555555556666", createTask, result);
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "12345678-d34d-b33f-f00d-55555555cccc", createTask, result);
        resetAuthentication();
        displayWhen("test119GuybrushUnassignRoles");
        MidPointUserProfilePrincipal principal = this.userProfileService.getPrincipal("jack");
        displayThen("test119GuybrushUnassignRoles");
        AssertJUnit.assertEquals("Wrong number of authorizations", 0, principal.getAuthorities().size());
        assertNotAuthorized(principal, AUTZ_LOOT_URL);
        assertNotAuthorized(principal, AUTZ_COMMAND_URL);
    }

    @Test
    public void test120JackRoleIndirectPirate() throws Exception {
        displayTestTitle("test120JackRoleIndirectPirate");
        login("administrator");
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User before", user);
        assertAssignments(user, 0);
        assignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "67680a40-582c-11e7-b5b1-abcfbb047b34");
        resetAuthentication();
        displayWhen("test120JackRoleIndirectPirate");
        MidPointUserProfilePrincipal principal = this.userProfileService.getPrincipal("jack");
        displayThen("test120JackRoleIndirectPirate");
        display("Principal guybrush", principal);
        AssertJUnit.assertEquals("Wrong number of authorizations", 1, principal.getAuthorities().size());
        assertAuthorized(principal, AUTZ_LOOT_URL, AuthorizationPhaseType.EXECUTION);
        login("administrator");
        unassignRole(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "67680a40-582c-11e7-b5b1-abcfbb047b34");
    }

    @Test
    public void test122JackOrgIndirectPirate() throws Exception {
        displayTestTitle("test122JackOrgIndirectPirate");
        login("administrator");
        PrismObject user = getUser(AbstractConfiguredModelIntegrationTest.USER_JACK_OID);
        display("User before", user);
        assertAssignments(user, 0);
        assignOrg(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "59024142-5830-11e7-80e6-ffbee06efb45");
        resetAuthentication();
        displayWhen("test122JackOrgIndirectPirate");
        MidPointUserProfilePrincipal principal = this.userProfileService.getPrincipal("jack");
        displayThen("test122JackOrgIndirectPirate");
        display("Principal guybrush", principal);
        AssertJUnit.assertEquals("Wrong number of authorizations", 1, principal.getAuthorities().size());
        assertAuthorized(principal, AUTZ_LOOT_URL, AuthorizationPhaseType.EXECUTION);
        login("administrator");
        unassignOrg(AbstractConfiguredModelIntegrationTest.USER_JACK_OID, "59024142-5830-11e7-80e6-ffbee06efb45");
    }
}
