package org.apache.james.jmap;

import io.restassured.RestAssured;
import java.util.List;
import java.util.Optional;
import org.apache.james.GuiceJamesServer;
import org.apache.james.core.Username;
import org.apache.james.jmap.draft.JmapGuiceProbe;
import org.apache.james.utils.DataProbeImpl;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Test;

/* loaded from: input_file:org/apache/james/jmap/ModularizeJmapDraftAuthenticationStrategyTest.class */
public abstract class ModularizeJmapDraftAuthenticationStrategyTest {
    public static String DOMAIN = "domain.tld";
    public static Username BOB = Username.of("bob@" + DOMAIN);
    public static String BOB_PASSWORD = "123456";
    public static Optional<List<String>> ALLOW_AUTHENTICATION_STRATEGY = Optional.of(List.of(AllowAuthenticationStrategy.class.getCanonicalName()));
    public static Optional<List<String>> DENY_AUTHENTICATION_STRATEGY = Optional.of(List.of(DenyAuthenticationStrategy.class.getCanonicalName()));
    public static Optional<List<String>> DEFAULT_STRATEGIES = Optional.empty();
    private GuiceJamesServer jmapServer;
    private AccessToken bobAccessToken;

    protected abstract GuiceJamesServer createJmapServer(Optional<List<String>> optional) throws Exception;

    public void setupJamesServerWithCustomAuthenticationStrategy(Optional<List<String>> optional) throws Throwable {
        this.jmapServer = createJmapServer(optional);
        this.jmapServer.start();
        RestAssured.requestSpecification = JMAPTestingConstants.jmapRequestSpecBuilder.setPort(this.jmapServer.getProbe(JmapGuiceProbe.class).getJmapPort().getValue()).build();
        this.jmapServer.getProbe(DataProbeImpl.class).fluent().addDomain(DOMAIN).addUser(BOB.asString(), BOB_PASSWORD);
        this.bobAccessToken = HttpJmapAuthentication.authenticateJamesUser(JmapURIBuilder.baseUri(this.jmapServer), BOB, BOB_PASSWORD);
    }

    @After
    public void teardown() {
        this.jmapServer.stop();
    }

    @Test
    public void getAuthenticationRouteWithAllowAuthenticationStrategyShouldSucceed() throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(ALLOW_AUTHENTICATION_STRATEGY);
        RestAssured.given().when().get("/authentication", new Object[0]).then().statusCode(200).body("api", Matchers.equalTo("/jmap"), new Object[0]).body("eventSource", Matchers.both(Matchers.isA(String.class)).and(Matchers.notNullValue()), new Object[0]).body("upload", Matchers.equalTo("/upload"), new Object[0]).body("download", Matchers.equalTo("/download"), new Object[0]);
    }

    @Test
    public void getFilterWithAllowAuthenticationStrategyShouldNotRequiredAnyAuthentication() throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(ALLOW_AUTHENTICATION_STRATEGY);
        RestAssured.given().body("[[\"getFilter\", {}, \"#0\"]]").when().post("/jmap", new Object[0]).then().statusCode(200).body("[0][0]", CoreMatchers.equalTo("filter"), new Object[0]).body("[0][1].singleton", Matchers.hasSize(0), new Object[0]);
    }

    @Test
    public void getAuthenticationRouteWithDenyAuthenticationStrategyShouldReturnUnauthorizedCode() throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(DENY_AUTHENTICATION_STRATEGY);
        RestAssured.given().when().get("/authentication", new Object[0]).then().statusCode(401);
    }

    @Test
    public void getAuthenticationRouteWhenDefaultAuthenticationStrategiesWithNonAuthenticationShouldReturnUnauthorizedCode() throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(DEFAULT_STRATEGIES);
        RestAssured.given().when().get("/authentication", new Object[0]).then().statusCode(401);
    }

    @Test
    public void getAuthenticationRouteWhenDefaultAuthenticationStrategiesWithValidAccessTokenShouldSucceed() throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(DEFAULT_STRATEGIES);
        RestAssured.given().header("Authorization", this.bobAccessToken.asString(), new Object[0]).when().get("/authentication", new Object[0]).then().statusCode(200).body("api", Matchers.equalTo("/jmap"), new Object[0]).body("eventSource", Matchers.both(Matchers.isA(String.class)).and(Matchers.notNullValue()), new Object[0]).body("upload", Matchers.equalTo("/upload"), new Object[0]).body("download", Matchers.equalTo("/download"), new Object[0]);
    }

    @Test
    public void getFilterWhenDenyAuthenticationStrategyWithNonAuthenticationShouldReturnUnauthorizedCode() throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(DENY_AUTHENTICATION_STRATEGY);
        RestAssured.given().body("[[\"getFilter\", {}, \"#0\"]]").when().post("/jmap", new Object[0]).then().statusCode(401);
    }

    @Test
    public void getFilterWhenDenyAuthenticationStrategyWithValidAccessTokenShouldReturnUnauthorizedCode() throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(DENY_AUTHENTICATION_STRATEGY);
        RestAssured.given().header("Authorization", this.bobAccessToken.asString(), new Object[0]).body("[[\"getFilter\", {}, \"#0\"]]").when().post("/jmap", new Object[0]).then().statusCode(401);
    }

    @Test
    public void getFilterWhenDefaultAuthenticationStrategiesWithValidAccessTokenShouldSucceed() throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(DEFAULT_STRATEGIES);
        RestAssured.given().header("Authorization", this.bobAccessToken.asString(), new Object[0]).body("[[\"getFilter\", {}, \"#0\"]]").when().post("/jmap", new Object[0]).then().statusCode(200).body("[0][0]", CoreMatchers.equalTo("filter"), new Object[0]).body("[0][1].singleton", Matchers.hasSize(0), new Object[0]);
    }

    @Test
    public void getFilterWhenDefaultAuthenticationStrategiesWithNonAuthenticationShouldFail() throws Throwable {
        setupJamesServerWithCustomAuthenticationStrategy(DEFAULT_STRATEGIES);
        RestAssured.given().body("[[\"getFilter\", {}, \"#0\"]]").when().post("/jmap", new Object[0]).then().statusCode(401);
    }
}
