package org.dataone.service.types.v1.util;

import java.io.IOException;
import java.util.Iterator;
import java.util.Set;
import java.util.TreeSet;
import org.dataone.exceptions.MarshallingException;
import org.dataone.service.types.v1.Group;
import org.dataone.service.types.v1.Permission;
import org.dataone.service.types.v1.Person;
import org.dataone.service.types.v1.Session;
import org.dataone.service.types.v1.Subject;
import org.dataone.service.types.v1.SubjectInfo;
import org.dataone.service.types.v1.SystemMetadata;
import org.dataone.service.types.v1.TypeFactory;
import org.dataone.service.util.TypeMarshaller;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/dataone/service/types/v1/util/AuthUtilsTestCase.class */
public class AuthUtilsTestCase {
    private Session standardSession = null;
    private Subject publick = null;
    private Subject authenticated = null;
    private Subject verified = null;

    private Subject buildSubject(String str) {
        Subject subject = new Subject();
        subject.setValue("CN=" + str + ",DC=something,DC=org");
        return subject;
    }

    private Person buildTestPerson(String str) {
        Person person = new Person();
        person.setSubject(buildSubject(str));
        return person;
    }

    private Group buildTestGroup(String str) {
        Group group = new Group();
        group.setSubject(buildSubject(str));
        return group;
    }

    @Before
    public void setupSymbolicSubjects() {
        this.publick = new Subject();
        this.publick.setValue("public");
        this.authenticated = new Subject();
        this.authenticated.setValue("authenticatedUser");
        this.verified = new Subject();
        this.verified.setValue("verifiedUser");
    }

    @Before
    public void createSession() {
        if (this.standardSession == null) {
            Session session = new Session();
            session.setSubject(buildSubject("x"));
            SubjectInfo subjectInfo = new SubjectInfo();
            Person buildTestPerson = buildTestPerson("x");
            Person buildTestPerson2 = buildTestPerson("y");
            Person buildTestPerson3 = buildTestPerson("z");
            buildTestPerson3.setVerified(true);
            buildTestPerson.addEquivalentIdentity(buildTestPerson2.getSubject());
            buildTestPerson.addEquivalentIdentity(buildTestPerson3.getSubject());
            subjectInfo.addPerson(buildTestPerson);
            subjectInfo.addPerson(buildTestPerson2);
            subjectInfo.addPerson(buildTestPerson3);
            session.setSubjectInfo(subjectInfo);
            this.standardSession = session;
        }
    }

    @Test
    public void testAuthorizedClientSubjects_Public() {
        Assert.assertTrue("public should always appear", AuthUtils.authorizedClientSubjects(this.standardSession).contains(this.publick));
    }

    @Test
    public void testAuthorizedClientSubjects_Authenticated() {
        Assert.assertTrue("authenticated should be in the list", AuthUtils.authorizedClientSubjects(this.standardSession).contains(this.authenticated));
    }

    @Test
    public void testAuthorizedClientSubjects_Verified() {
        Assert.assertTrue("verified appears because an equiv identity is verified", AuthUtils.authorizedClientSubjects(this.standardSession).contains(this.verified));
    }

    @Test
    public void testAuthorizedClientSubjects_EquivalentIDs() {
        Set authorizedClientSubjects = AuthUtils.authorizedClientSubjects(this.standardSession);
        Assert.assertTrue("subject list should contain x", authorizedClientSubjects.contains(buildSubject("x")));
        Assert.assertTrue("subject list should contain y", authorizedClientSubjects.contains(buildSubject("y")));
        Assert.assertTrue("subject list should contain z", authorizedClientSubjects.contains(buildSubject("z")));
    }

    @Test
    public void testAuthorizedClientSubjects_DaisyChainEquivalentIDs() {
        Session session = new Session();
        session.setSubject(buildSubject("x"));
        SubjectInfo subjectInfo = new SubjectInfo();
        Person buildTestPerson = buildTestPerson("x");
        Person buildTestPerson2 = buildTestPerson("y");
        Person buildTestPerson3 = buildTestPerson("z");
        buildTestPerson3.setVerified(true);
        buildTestPerson.addEquivalentIdentity(buildTestPerson2.getSubject());
        buildTestPerson2.addEquivalentIdentity(buildTestPerson3.getSubject());
        subjectInfo.addPerson(buildTestPerson);
        subjectInfo.addPerson(buildTestPerson2);
        subjectInfo.addPerson(buildTestPerson3);
        session.setSubjectInfo(subjectInfo);
        Set authorizedClientSubjects = AuthUtils.authorizedClientSubjects(this.standardSession);
        Assert.assertTrue("subject list contains x", authorizedClientSubjects.contains(buildSubject("x")));
        Assert.assertTrue("subject list contains y", authorizedClientSubjects.contains(buildSubject("y")));
        Assert.assertTrue("subject list contains z", authorizedClientSubjects.contains(buildSubject("z")));
    }

    @Test
    public void testAuthorizedClientSubjects_DaisyChainVerified() {
        Session session = new Session();
        session.setSubject(buildSubject("x"));
        SubjectInfo subjectInfo = new SubjectInfo();
        Person buildTestPerson = buildTestPerson("x");
        Person buildTestPerson2 = buildTestPerson("y");
        Person buildTestPerson3 = buildTestPerson("z");
        buildTestPerson3.setVerified(true);
        buildTestPerson.addEquivalentIdentity(buildTestPerson2.getSubject());
        buildTestPerson2.addEquivalentIdentity(buildTestPerson3.getSubject());
        subjectInfo.addPerson(buildTestPerson);
        subjectInfo.addPerson(buildTestPerson2);
        subjectInfo.addPerson(buildTestPerson3);
        session.setSubjectInfo(subjectInfo);
        Assert.assertTrue("subject list contains x", AuthUtils.authorizedClientSubjects(session).contains(this.verified));
    }

    @Test
    public void testAuthorizedClientSubjects_EmptySession_isPublic() {
        Set authorizedClientSubjects = AuthUtils.authorizedClientSubjects(new Session());
        Assert.assertTrue("empty session should revert to public", authorizedClientSubjects.contains(this.publick));
        Assert.assertTrue("empty session should have only 1 subject (public)", authorizedClientSubjects.size() == 1);
    }

    @Test
    public void testAuthorizedClientSubjects_Null_isPublic() {
        Set authorizedClientSubjects = AuthUtils.authorizedClientSubjects((Session) null);
        Assert.assertTrue("null session should revert to public", authorizedClientSubjects.contains(this.publick));
        Assert.assertTrue("null session should have only 1 subject (public)", authorizedClientSubjects.size() == 1);
    }

    @Test
    public void testAuthorizedClientSubjects_PublicNotAuthenticated() {
        Session session = new Session();
        session.setSubject(this.publick);
        session.setSubjectInfo(new SubjectInfo());
        Assert.assertFalse("public subject in session, should not have authenticated", AuthUtils.authorizedClientSubjects(session).contains(this.authenticated));
    }

    @Test
    public void testAuthorizedClientSubjects_GroupTransitive() {
        Session session = new Session();
        session.setSubject(buildSubject("x"));
        SubjectInfo subjectInfo = new SubjectInfo();
        Person buildTestPerson = buildTestPerson("x");
        buildTestPerson.addIsMemberOf(buildSubject("groupA"));
        Person buildTestPerson2 = buildTestPerson("y");
        buildTestPerson.addEquivalentIdentity(buildSubject("y"));
        buildTestPerson2.addEquivalentIdentity(buildSubject("x"));
        buildTestPerson2.addIsMemberOf(buildSubject("groupB"));
        Person buildTestPerson3 = buildTestPerson("z");
        buildTestPerson.addEquivalentIdentity(buildSubject("z"));
        buildTestPerson3.addEquivalentIdentity(buildSubject("x"));
        buildTestPerson3.addIsMemberOf(buildSubject("groupC"));
        subjectInfo.addPerson(buildTestPerson);
        subjectInfo.addPerson(buildTestPerson2);
        subjectInfo.addPerson(buildTestPerson3);
        subjectInfo.addGroup(buildTestGroup("groupA"));
        subjectInfo.addGroup(buildTestGroup("groupB"));
        subjectInfo.addGroup(buildTestGroup("groupC"));
        session.setSubjectInfo(subjectInfo);
        Set authorizedClientSubjects = AuthUtils.authorizedClientSubjects(session);
        Assert.assertTrue("subject list should contain groupA", authorizedClientSubjects.contains(buildSubject("groupA")));
        Assert.assertTrue("subject list should contain groupB", authorizedClientSubjects.contains(buildSubject("groupB")));
        Assert.assertTrue("subject list should contain groupC", authorizedClientSubjects.contains(buildSubject("groupC")));
    }

    @Test
    public void testAuthorizedClientSubjects_GroupTransitive_DaisyChainEquivID() {
        Session session = new Session();
        session.setSubject(buildSubject("x"));
        SubjectInfo subjectInfo = new SubjectInfo();
        Person buildTestPerson = buildTestPerson("x");
        Group buildTestGroup = buildTestGroup("groupA");
        buildTestGroup.addHasMember(buildTestPerson.getSubject());
        buildTestPerson.addIsMemberOf(buildTestGroup.getSubject());
        Person buildTestPerson2 = buildTestPerson("y");
        Group buildTestGroup2 = buildTestGroup("groupB");
        buildTestGroup2.addHasMember(buildTestPerson2.getSubject());
        buildTestPerson2.addIsMemberOf(buildTestGroup2.getSubject());
        buildTestPerson.addEquivalentIdentity(buildSubject("y"));
        buildTestPerson2.addEquivalentIdentity(buildSubject("x"));
        Person buildTestPerson3 = buildTestPerson("z");
        Group buildTestGroup3 = buildTestGroup("groupC");
        buildTestGroup3.addHasMember(buildTestPerson3.getSubject());
        buildTestPerson3.addIsMemberOf(buildTestGroup3.getSubject());
        buildTestPerson2.addEquivalentIdentity(buildSubject("z"));
        buildTestPerson3.addEquivalentIdentity(buildSubject("y"));
        subjectInfo.addPerson(buildTestPerson);
        subjectInfo.addPerson(buildTestPerson2);
        subjectInfo.addPerson(buildTestPerson3);
        subjectInfo.addGroup(buildTestGroup);
        subjectInfo.addGroup(buildTestGroup2);
        subjectInfo.addGroup(buildTestGroup3);
        session.setSubjectInfo(subjectInfo);
        Set authorizedClientSubjects = AuthUtils.authorizedClientSubjects(session);
        Assert.assertTrue("subject list should contain groupA", authorizedClientSubjects.contains(buildSubject("groupA")));
        Assert.assertTrue("subject list should contain groupB", authorizedClientSubjects.contains(buildSubject("groupB")));
        Assert.assertTrue("subject list should contain groupC", authorizedClientSubjects.contains(buildSubject("groupC")));
    }

    @Test
    public void testAuthorizedClientSubjects_RecursionInfiniteLoopTest() {
        Session session = new Session();
        session.setSubject(buildSubject("x"));
        SubjectInfo subjectInfo = new SubjectInfo();
        Person buildTestPerson = buildTestPerson("x");
        Group buildTestGroup = buildTestGroup("groupA");
        buildTestGroup.addHasMember(buildTestPerson.getSubject());
        buildTestPerson.addIsMemberOf(buildTestGroup.getSubject());
        Person buildTestPerson2 = buildTestPerson("y");
        Group buildTestGroup2 = buildTestGroup("groupB");
        buildTestGroup2.addHasMember(buildTestPerson2.getSubject());
        buildTestPerson2.addIsMemberOf(buildTestGroup2.getSubject());
        buildTestPerson.addEquivalentIdentity(buildSubject("y"));
        buildTestPerson2.addEquivalentIdentity(buildSubject("x"));
        Person buildTestPerson3 = buildTestPerson("z");
        Group buildTestGroup3 = buildTestGroup("groupC");
        buildTestGroup3.addHasMember(buildTestPerson3.getSubject());
        buildTestPerson3.addIsMemberOf(buildTestGroup3.getSubject());
        buildTestPerson2.addEquivalentIdentity(buildSubject("z"));
        buildTestPerson3.addEquivalentIdentity(buildSubject("y"));
        Person buildTestPerson4 = buildTestPerson("w");
        Group buildTestGroup4 = buildTestGroup("groupD");
        buildTestGroup4.addHasMember(buildTestPerson4.getSubject());
        buildTestPerson4.addIsMemberOf(buildTestGroup4.getSubject());
        buildTestPerson3.addEquivalentIdentity(buildSubject("w"));
        buildTestPerson4.addEquivalentIdentity(buildSubject("z"));
        buildTestPerson.addEquivalentIdentity(buildSubject("w"));
        buildTestPerson4.addEquivalentIdentity(buildSubject("x"));
        subjectInfo.addPerson(buildTestPerson4);
        subjectInfo.addPerson(buildTestPerson);
        subjectInfo.addPerson(buildTestPerson2);
        subjectInfo.addPerson(buildTestPerson3);
        subjectInfo.addGroup(buildTestGroup);
        subjectInfo.addGroup(buildTestGroup2);
        subjectInfo.addGroup(buildTestGroup3);
        subjectInfo.addGroup(buildTestGroup4);
        session.setSubjectInfo(subjectInfo);
        Set authorizedClientSubjects = AuthUtils.authorizedClientSubjects(session);
        Assert.assertTrue("subject list should contain groupA", authorizedClientSubjects.contains(buildSubject("groupA")));
        Assert.assertTrue("subject list should contain groupB", authorizedClientSubjects.contains(buildSubject("groupB")));
        Assert.assertTrue("subject list should contain groupC", authorizedClientSubjects.contains(buildSubject("groupC")));
        Assert.assertTrue("subject list should contain groupC", authorizedClientSubjects.contains(buildSubject("groupD")));
    }

    @Test
    public void testAuthorizedClientSubjects_RecursionInfiniteLoopTest_Live() throws InstantiationException, IllegalAccessException, IOException, MarshallingException {
        Session session = new Session();
        SubjectInfo subjectInfo = (SubjectInfo) TypeMarshaller.unmarshalTypeFromStream(SubjectInfo.class, getClass().getResourceAsStream("/org/dataone/service/samples/v1/loopedSubjectInfo.xml"));
        session.setSubjectInfo(subjectInfo);
        session.setSubject(subjectInfo.getPerson(0).getSubject());
        Set authorizedClientSubjects = AuthUtils.authorizedClientSubjects(session);
        Iterator it = authorizedClientSubjects.iterator();
        while (it.hasNext()) {
            System.out.println(((Subject) it.next()).getValue());
        }
        Assert.assertTrue("subject list should contain New Group", authorizedClientSubjects.contains(TypeFactory.buildSubject("CN=New Group,DC=dataone,DC=org")));
    }

    @Test
    public void testIsAuthorized_AccessPolicy() {
        SystemMetadata systemMetadata = new SystemMetadata();
        systemMetadata.setAccessPolicy(AccessUtil.createSingleRuleAccessPolicy(new String[]{buildSubject("x").getValue(), buildSubject("y").getValue()}, new Permission[]{Permission.WRITE}));
        systemMetadata.setRightsHolder(buildSubject("qq"));
        TreeSet treeSet = new TreeSet();
        treeSet.add(buildSubject("z"));
        treeSet.add(buildSubject("y"));
        treeSet.add(buildSubject("x"));
        Assert.assertTrue("x should be able to read the object", AuthUtils.isAuthorized(treeSet, Permission.READ, systemMetadata));
        Assert.assertTrue("x should be able to write the object", AuthUtils.isAuthorized(treeSet, Permission.WRITE, systemMetadata));
        Assert.assertFalse("x should NOT be able to change the object", AuthUtils.isAuthorized(treeSet, Permission.CHANGE_PERMISSION, systemMetadata));
        Assert.assertFalse("testRightsHolder should be able to change the object", AuthUtils.isAuthorized(treeSet, Permission.CHANGE_PERMISSION, systemMetadata));
    }

    @Test
    public void testIsAuthorized_RightsHolder() {
        SystemMetadata systemMetadata = new SystemMetadata();
        systemMetadata.setAccessPolicy(AccessUtil.createSingleRuleAccessPolicy(new String[]{buildSubject("x").getValue(), buildSubject("y").getValue()}, new Permission[]{Permission.WRITE}));
        systemMetadata.setRightsHolder(buildSubject("testRightsHolder"));
        TreeSet treeSet = new TreeSet();
        treeSet.add(buildSubject("testRightsHolder"));
        Assert.assertTrue("testRightsHolder should be able to change the object", AuthUtils.isAuthorized(treeSet, Permission.CHANGE_PERMISSION, systemMetadata));
    }
}
