package no.nav.apiapp.security;

import com.github.tomakehurst.wiremock.client.WireMock;
import com.github.tomakehurst.wiremock.junit.WireMockRule;
import java.util.HashMap;
import no.nav.apiapp.feil.IngenTilgang;
import no.nav.brukerdialog.security.context.SubjectRule;
import no.nav.brukerdialog.security.domain.IdentType;
import no.nav.common.auth.SsoToken;
import no.nav.common.auth.Subject;
import no.nav.sbl.dialogarena.common.abac.pep.PepImpl;
import no.nav.sbl.dialogarena.common.abac.pep.domain.ResourceType;
import no.nav.sbl.dialogarena.common.abac.pep.service.AbacService;
import no.nav.sbl.dialogarena.common.abac.pep.service.AbacServiceConfig;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;

/* loaded from: input_file:no/nav/apiapp/security/PepClientIntegrationTest.class */
public class PepClientIntegrationTest {
    private PepClient pepClient;

    @Rule
    public SubjectRule subjectRule = new SubjectRule();

    @Rule
    public WireMockRule wireMockRule = new WireMockRule(0);
    private final String FNR = "00000000000";
    private final String ENHET = "enhet123";
    private final String PRIVELIGERT_VEILEDER = "veileder_priviligert";
    private final String LITE_PRIVELIGERT_VEILEDER = "veileder_lite_priviligert";
    String permitResponse = "{\n  \"Response\": {\n    \"Decision\": \"Permit\",\n    \"Status\": {\n      \"StatusCode\": {\n        \"Value\": \"Value\",\n        \"StatusCode\": {\n          \"Value\": \"Value\"\n        }\n      }\n    }\n  }\n}";
    String denyResponse = "{\n  \"Response\": {\n    \"Decision\": \"Deny\",\n    \"Status\": {\n      \"StatusCode\": {\n        \"Value\": \"Value\",\n        \"StatusCode\": {\n          \"Value\": \"Value\"\n        }\n      }\n    },\n    \"AssociatedAdvice\": {\n      \"Id\": \"Id\",\n      \"AttributeAssignment\": [\n        {\n          \"AttributeId\": \"AttributeId\",\n          \"Value\": \"Value\",\n          \"Category\": \"Category\",\n          \"DataType\": \"DataType\"\n        }\n      ]\n    }\n  }\n}";

    @Before
    public void setup() {
        this.pepClient = setupPepClient();
        setupAbacResponse();
    }

    private PepClient setupPepClient() {
        return new PepClient(new PepImpl(new AbacService(AbacServiceConfig.builder().username("username").password("password").endpointUrl("http://localhost:" + this.wireMockRule.port()).build())), "veilarb", ResourceType.VeilArbPerson);
    }

    private void setVeileder(String str) {
        this.subjectRule.setSubject(new Subject(str, IdentType.InternBruker, SsoToken.oidcToken("token" + str, new HashMap())));
    }

    @Test
    public void sjekkTilgangTilFnr_veilederHarTilgang() {
        setVeileder("veileder_priviligert");
        this.pepClient.sjekkLesetilgangTilFnr("00000000000");
    }

    @Test
    public void sjekkTilgangTilFnr_veilederHarIkkeTilgang() {
        setVeileder("veileder_lite_priviligert");
        Assertions.assertThatThrownBy(() -> {
            this.pepClient.sjekkLesetilgangTilFnr("00000000000");
        }).isExactlyInstanceOf(IngenTilgang.class);
    }

    @Test
    public void harTilgangTilEnhet_veilederHarTilgang() {
        setVeileder("veileder_priviligert");
        Assertions.assertThat(this.pepClient.harTilgangTilEnhet("enhet123")).isTrue();
    }

    @Test
    public void harTilgangTilEnhet_veilederHarIkkeTilgang() {
        setVeileder("veileder_lite_priviligert");
        Assertions.assertThat(this.pepClient.harTilgangTilEnhet("enhet123")).isFalse();
    }

    private void setupAbacResponse() {
        gittPermitResponseFnr();
        gittDenyResponseFnr();
        gittPermitResponseEnhet();
        gittDenyResponseEnhet();
    }

    private void gittPermitResponseFnr() {
        WireMock.givenThat(WireMock.post(WireMock.urlEqualTo("/")).withRequestBody(WireMock.containing("veileder_priviligert")).withRequestBody(WireMock.containing("00000000000")).willReturn(WireMock.aResponse().withStatus(200).withBody(this.permitResponse)));
    }

    private void gittDenyResponseFnr() {
        WireMock.givenThat(WireMock.post(WireMock.urlEqualTo("/")).withRequestBody(WireMock.containing("veileder_lite_priviligert")).withRequestBody(WireMock.containing("00000000000")).willReturn(WireMock.aResponse().withStatus(200).withBody(this.denyResponse)));
    }

    private void gittPermitResponseEnhet() {
        WireMock.givenThat(WireMock.post(WireMock.urlEqualTo("/")).withRequestBody(WireMock.containing("veileder_priviligert")).withRequestBody(WireMock.containing("no.nav.abac.attributter.resource.veilarb.kontor_laas")).withRequestBody(WireMock.containing("enhet123")).willReturn(WireMock.aResponse().withStatus(200).withBody(this.permitResponse)));
    }

    private void gittDenyResponseEnhet() {
        WireMock.givenThat(WireMock.post(WireMock.urlEqualTo("/")).withRequestBody(WireMock.containing("veileder_lite_priviligert")).withRequestBody(WireMock.containing("no.nav.abac.attributter.resource.veilarb.kontor_laas")).withRequestBody(WireMock.containing("enhet123")).willReturn(WireMock.aResponse().withStatus(200).withBody(this.denyResponse)));
    }
}
