package no.nav.apiapp.security;

import no.nav.apiapp.feil.IngenTilgang;
import no.nav.apiapp.security.veilarbabac.Bruker;
import no.nav.apiapp.security.veilarbabac.VeilarbAbacPepClient;
import no.nav.sbl.dialogarena.common.abac.pep.AbacPersonId;
import no.nav.sbl.dialogarena.common.abac.pep.Pep;
import no.nav.sbl.dialogarena.common.abac.pep.RequestData;
import no.nav.sbl.dialogarena.common.abac.pep.domain.ResourceType;
import no.nav.sbl.dialogarena.common.abac.pep.domain.request.Action;
import no.nav.sbl.dialogarena.common.abac.pep.domain.response.BiasedDecisionResponse;
import no.nav.sbl.dialogarena.common.abac.pep.domain.response.Decision;
import no.nav.sbl.dialogarena.common.abac.pep.domain.response.XacmlResponse;
import org.assertj.core.api.Assertions;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.slf4j.Logger;

/* loaded from: input_file:no/nav/apiapp/security/PepClientComparatorTest.class */
public class PepClientComparatorTest {
    private static final String SYSTEM_TOKEN = "token";
    private final Pep pepOrginal = (Pep) Mockito.mock(Pep.class);
    private final Pep pepSammenligneMed = (Pep) Mockito.mock(Pep.class);
    private final PepClient veilarbPepClient = new PepClient(this.pepSammenligneMed, "veilarb", ResourceType.VeilArbPerson);
    private final Logger log = (Logger) Mockito.mock(Logger.class);
    private final PepClientComparatorImpl sammenligner = new PepClientComparatorImpl(this.log);
    private final Bruker bruker = Bruker.fraFnr("fnr").medAktoerId("aktorId");
    private final String fnr = "fnr";
    private final String enhet = "enhet";
    VeilarbAbacPepClient.Builder builder = VeilarbAbacPepClient.ny().medPep(this.pepOrginal).brukAktoerId(() -> {
        return false;
    }).medSystemUserTokenProvider(() -> {
        return SYSTEM_TOKEN;
    }).medVeilarbAbacUrl("test");
    VeilarbAbacPepClient veilarbAbacPepClient = this.builder.bygg();

    @Test
    public void exceptionVedIngenTilgang__permitForBegge__sjekkLesetilgang() {
        pepPermit(this.pepOrginal);
        pepPermit(this.pepSammenligneMed);
        this.sammenligner.get(() -> {
            this.veilarbAbacPepClient.sjekkLesetilgangTilBruker(this.bruker);
        }, () -> {
            this.veilarbPepClient.sjekkLesetilgangTilFnr("fnr");
        });
        forventIngenLogging();
    }

    @Test
    public void exceptionVedIngenTilgang__permitForBegge__sjekkSkrivegang() {
        pepPermit(this.pepOrginal);
        pepPermit(this.pepSammenligneMed);
        this.sammenligner.get(() -> {
            this.veilarbAbacPepClient.sjekkSkrivetilgangTilBruker(this.bruker);
        }, () -> {
            this.veilarbPepClient.sjekkSkrivetilgangTilFnr("fnr");
        });
        forventIngenLogging();
    }

    @Test
    public void exceptionVedIngenTilgang__permitForOrginal__denyForSammenligneMed() {
        pepPermit(this.pepOrginal);
        pepDeny(this.pepSammenligneMed);
        this.sammenligner.get(() -> {
            this.veilarbAbacPepClient.sjekkLesetilgangTilBruker(this.bruker);
        }, () -> {
            this.veilarbPepClient.sjekkLesetilgangTilFnr("fnr");
        });
        forventLoggetAvvik("Avvik i resultat fra pep sammenligning. Forventet permit fikk deny.");
    }

    @Test
    public void exceptionVedIngenTilgang__denyForOrginal__permitForSammenligneMed() {
        pepDeny(this.pepOrginal);
        pepPermit(this.pepSammenligneMed);
        Assertions.assertThatThrownBy(() -> {
            this.sammenligner.get(() -> {
                this.veilarbAbacPepClient.sjekkLesetilgangTilBruker(this.bruker);
            }, () -> {
                this.veilarbPepClient.sjekkLesetilgangTilFnr("fnr");
            });
        }).isInstanceOf(IngenTilgang.class);
        forventLoggetAvvik("Avvik i resultat fra pep sammenligning. Forventet deny fikk permit.");
    }

    @Test
    public void exceptionVedIngenTilgang__permitForOrginal__feilForSammenligneMed() {
        pepPermit(this.pepOrginal);
        pepFeil(this.pepSammenligneMed);
        this.sammenligner.get(() -> {
            this.veilarbAbacPepClient.sjekkLesetilgangTilBruker(this.bruker);
        }, () -> {
            this.veilarbPepClient.sjekkLesetilgangTilFnr("fnr");
        });
        forventLoggetFeil();
    }

    @Test
    public void exceptionVedIngenTilgang__denyForOrginal__feilForSammenligneMed() {
        pepDeny(this.pepOrginal);
        pepFeil(this.pepSammenligneMed);
        Assertions.assertThatThrownBy(() -> {
            this.sammenligner.get(() -> {
                this.veilarbAbacPepClient.sjekkLesetilgangTilBruker(this.bruker);
            }, () -> {
                this.veilarbPepClient.sjekkLesetilgangTilFnr("fnr");
            });
        }).isInstanceOf(IngenTilgang.class);
        forventLoggetFeil();
    }

    @Test
    public void exceptionVedIngenTilgang__feilForOrginal__permitForSammenligneMed() {
        pepFeil(this.pepOrginal);
        pepPermit(this.pepSammenligneMed);
        Assertions.assertThatThrownBy(() -> {
            this.sammenligner.get(() -> {
                this.veilarbAbacPepClient.sjekkLesetilgangTilBruker(this.bruker);
            }, () -> {
                this.veilarbPepClient.sjekkLesetilgangTilFnr("fnr");
            });
        }).isInstanceOf(IngenTilgang.class);
        forventLoggetAvvik("Avvik i resultat fra pep sammenligning. Forventet deny fikk permit.");
    }

    @Test
    public void exceptionVedIngenTilgang__feilForOrginal__denyForSammenligneMed() {
        pepFeil(this.pepOrginal);
        pepDeny(this.pepSammenligneMed);
        Assertions.assertThatThrownBy(() -> {
            this.sammenligner.get(() -> {
                this.veilarbAbacPepClient.sjekkLesetilgangTilBruker(this.bruker);
            }, () -> {
                this.veilarbPepClient.sjekkLesetilgangTilFnr("fnr");
            });
        }).isInstanceOf(IngenTilgang.class);
        forventIngenLogging();
    }

    @Test
    public void exceptionVedIngenTilgang__feilForOrginal__feilForSammenligneMed() {
        pepFeil(this.pepOrginal);
        pepFeil(this.pepSammenligneMed);
        Assertions.assertThatThrownBy(() -> {
            this.sammenligner.get(() -> {
                this.veilarbAbacPepClient.sjekkLesetilgangTilBruker(this.bruker);
            }, () -> {
                this.veilarbPepClient.sjekkLesetilgangTilFnr("fnr");
            });
        }).isInstanceOf(IngenTilgang.class);
        forventLoggetFeil();
    }

    @Test
    public void exceptionVedIngenTilgang__denyForBegge() {
        pepDeny(this.pepOrginal);
        pepDeny(this.pepSammenligneMed);
        Assertions.assertThatThrownBy(() -> {
            this.sammenligner.get(() -> {
                this.veilarbAbacPepClient.sjekkLesetilgangTilBruker(this.bruker);
            }, () -> {
                this.veilarbPepClient.sjekkLesetilgangTilFnr("fnr");
            });
        }).isInstanceOf(IngenTilgang.class);
        forventIngenLogging();
    }

    @Test
    public void booleanForTilgangssjekk__permitForBegge__harTilgangTilEnhet() {
        pepPermit(this.pepOrginal);
        pepPermit(this.pepSammenligneMed);
        Assert.assertTrue(this.sammenligner.get(() -> {
            return Boolean.valueOf(this.veilarbAbacPepClient.harTilgangTilEnhet("enhet"));
        }, () -> {
            return Boolean.valueOf(this.veilarbPepClient.harTilgangTilEnhet("enhet"));
        }));
        forventIngenLogging();
    }

    @Test
    public void booleanForTilgangssjekk__permitForOrginal__denyForSammenligneMed() {
        pepPermit(this.pepOrginal);
        pepDeny(this.pepSammenligneMed);
        Assert.assertTrue(this.sammenligner.get(() -> {
            return Boolean.valueOf(this.veilarbAbacPepClient.harTilgangTilEnhet("enhet"));
        }, () -> {
            return Boolean.valueOf(this.veilarbPepClient.harTilgangTilEnhet("enhet"));
        }));
        forventLoggetAvvik("Avvik i resultat fra pep sammenligning. Forventet permit fikk deny.");
    }

    @Test
    public void booleanForTilgangssjekk__denyForOrginal__permitForSammenligneMed() {
        pepDeny(this.pepOrginal);
        pepPermit(this.pepSammenligneMed);
        Assert.assertFalse(this.sammenligner.get(() -> {
            return Boolean.valueOf(this.veilarbAbacPepClient.harTilgangTilEnhet("enhet"));
        }, () -> {
            return Boolean.valueOf(this.veilarbPepClient.harTilgangTilEnhet("enhet"));
        }));
        forventLoggetAvvik("Avvik i resultat fra pep sammenligning. Forventet deny fikk permit.");
    }

    @Test
    public void booleanForTilgangssjekk__permitForOrginal__feilForSammenligneMed() {
        pepPermit(this.pepOrginal);
        pepFeil(this.pepSammenligneMed);
        Assert.assertTrue(this.sammenligner.get(() -> {
            return Boolean.valueOf(this.veilarbAbacPepClient.harTilgangTilEnhet("enhet"));
        }, () -> {
            return Boolean.valueOf(this.veilarbPepClient.harTilgangTilEnhet("enhet"));
        }));
        forventLoggetFeil();
    }

    @Test
    public void booleanForTilgangssjekk__denyForOrginal__feilForSammenligneMed() {
        pepDeny(this.pepOrginal);
        pepFeil(this.pepSammenligneMed);
        Assert.assertFalse(this.sammenligner.get(() -> {
            return Boolean.valueOf(this.veilarbAbacPepClient.harTilgangTilEnhet("enhet"));
        }, () -> {
            return Boolean.valueOf(this.veilarbPepClient.harTilgangTilEnhet("enhet"));
        }));
        forventLoggetFeil();
    }

    @Test
    public void booleanForTilgangssjekk__feilForOrginal__permitForSammenligneMed() {
        pepFeil(this.pepOrginal);
        pepPermit(this.pepSammenligneMed);
        Assert.assertFalse(this.sammenligner.get(() -> {
            return Boolean.valueOf(this.veilarbAbacPepClient.harTilgangTilEnhet("enhet"));
        }, () -> {
            return Boolean.valueOf(this.veilarbPepClient.harTilgangTilEnhet("enhet"));
        }));
        forventLoggetAvvik("Avvik i resultat fra pep sammenligning. Forventet deny fikk permit.");
    }

    @Test
    public void booleanForTilgangssjekk__feilForOrginal__denyForSammenligneMed() {
        pepFeil(this.pepOrginal);
        pepDeny(this.pepSammenligneMed);
        Assert.assertFalse(this.sammenligner.get(() -> {
            return Boolean.valueOf(this.veilarbAbacPepClient.harTilgangTilEnhet("enhet"));
        }, () -> {
            return Boolean.valueOf(this.veilarbPepClient.harTilgangTilEnhet("enhet"));
        }));
        forventIngenLogging();
    }

    @Test
    public void booleanForTilgangssjekk__feilForOrginal__feilForSammenligneMed() {
        pepFeil(this.pepOrginal);
        pepFeil(this.pepSammenligneMed);
        Assert.assertFalse(this.sammenligner.get(() -> {
            return Boolean.valueOf(this.veilarbAbacPepClient.harTilgangTilEnhet("enhet"));
        }, () -> {
            return Boolean.valueOf(this.veilarbPepClient.harTilgangTilEnhet("enhet"));
        }));
        forventLoggetFeil();
    }

    @Test
    public void booleanForTilgangssjekk__denyForBegge() {
        pepDeny(this.pepOrginal);
        pepDeny(this.pepSammenligneMed);
        Assert.assertFalse(this.sammenligner.get(() -> {
            return Boolean.valueOf(this.veilarbAbacPepClient.harTilgangTilEnhet("enhet"));
        }, () -> {
            return Boolean.valueOf(this.veilarbPepClient.harTilgangTilEnhet("enhet"));
        }));
        forventIngenLogging();
    }

    @Test
    public void veilarbPepClient__booleanForTilgangssjekk__kasterExceptionVedFeil() {
        Pep pep = (Pep) Mockito.mock(Pep.class);
        PepClient pepClient = new PepClient(pep, "veilarb", ResourceType.VeilArbPerson);
        Pep pep2 = (Pep) Mockito.mock(Pep.class);
        PepClient pepClient2 = new PepClient(pep2, "veilarb", ResourceType.VeilArbPerson);
        pepFeil(pep);
        pepPermit(pep2);
        Assertions.assertThatThrownBy(() -> {
            this.sammenligner.get(() -> {
                return Boolean.valueOf(pepClient.harTilgangTilEnhet("enhet"));
            }, () -> {
                return Boolean.valueOf(pepClient2.harTilgangTilEnhet("enhet"));
            });
        }).isInstanceOf(RuntimeException.class);
        forventIngenLogging();
    }

    @Test
    public void veilarbPepClient__exceptionVedIngenTilgang__kasterExceptionVedFeil() {
        Pep pep = (Pep) Mockito.mock(Pep.class);
        PepClient pepClient = new PepClient(pep, "veilarb", ResourceType.VeilArbPerson);
        Pep pep2 = (Pep) Mockito.mock(Pep.class);
        PepClient pepClient2 = new PepClient(pep2, "veilarb", ResourceType.VeilArbPerson);
        pepFeil(pep);
        pepPermit(pep2);
        Assertions.assertThatThrownBy(() -> {
            this.sammenligner.get(() -> {
                pepClient.sjekkSkrivetilgangTilFnr("fnr");
            }, () -> {
                pepClient2.sjekkSkrivetilgangTilAktorId("aktorId");
            });
        }).isInstanceOf(RuntimeException.class);
        forventIngenLogging();
    }

    private void pepPermit(Pep pep) {
        Mockito.when(pep.harInnloggetBrukerTilgangTilPerson((AbacPersonId) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (Action.ActionId) ArgumentMatchers.any(), (ResourceType) ArgumentMatchers.any())).thenReturn(new BiasedDecisionResponse(Decision.Permit, (XacmlResponse) null));
        Mockito.when(pep.nyRequest()).thenReturn(new RequestData());
        Mockito.when(pep.harTilgang((RequestData) ArgumentMatchers.any(RequestData.class))).thenReturn(new BiasedDecisionResponse(Decision.Permit, (XacmlResponse) null));
    }

    private void pepDeny(Pep pep) {
        Mockito.when(pep.harInnloggetBrukerTilgangTilPerson((AbacPersonId) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (Action.ActionId) ArgumentMatchers.any(), (ResourceType) ArgumentMatchers.any())).thenReturn(new BiasedDecisionResponse(Decision.Deny, (XacmlResponse) null));
        Mockito.when(pep.nyRequest()).thenReturn(new RequestData());
        Mockito.when(pep.harTilgang((RequestData) ArgumentMatchers.any(RequestData.class))).thenReturn(new BiasedDecisionResponse(Decision.Deny, (XacmlResponse) null));
    }

    private void pepFeil(Pep pep) {
        Mockito.when(pep.harInnloggetBrukerTilgangTilPerson((AbacPersonId) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (Action.ActionId) ArgumentMatchers.any(), (ResourceType) ArgumentMatchers.any())).thenThrow(new Throwable[]{new RuntimeException("feil")});
        Mockito.when(pep.nyRequest()).thenReturn(new RequestData());
        Mockito.when(pep.harTilgang((RequestData) ArgumentMatchers.any(RequestData.class))).thenThrow(new Throwable[]{new RuntimeException("feil")});
    }

    private void forventIngenLogging() {
        ((Logger) Mockito.verify(this.log, Mockito.never())).warn((String) ArgumentMatchers.any());
        ((Logger) Mockito.verify(this.log, Mockito.never())).warn((String) ArgumentMatchers.any(), (Throwable) ArgumentMatchers.any(Throwable.class));
    }

    private void forventLoggetAvvik(String str) {
        ((Logger) Mockito.verify(this.log)).warn(str);
        ((Logger) Mockito.verify(this.log, Mockito.never())).warn((String) ArgumentMatchers.any(), (Throwable) ArgumentMatchers.any(Throwable.class));
    }

    private void forventLoggetFeil() {
        ((Logger) Mockito.verify(this.log)).warn((String) Mockito.eq("Feil i kall mot pep for sammenligning"), (Throwable) ArgumentMatchers.any(Throwable.class));
        ((Logger) Mockito.verify(this.log, Mockito.never())).warn((String) ArgumentMatchers.any());
    }
}
