package io.apicurio.registry.auth;

import io.apicurio.common.apps.config.Info;
import io.apicurio.registry.AbstractResourceTestBase;
import io.apicurio.registry.rest.client.AdminClient;
import io.apicurio.registry.rest.client.RegistryClient;
import io.apicurio.registry.rest.v2.beans.SortBy;
import io.apicurio.registry.rest.v2.beans.SortOrder;
import io.apicurio.registry.utils.tests.AuthTestProfileAuthenticatedReadAccess;
import io.apicurio.registry.utils.tests.JWKSMockServer;
import io.apicurio.rest.client.auth.OidcAuth;
import io.apicurio.rest.client.auth.exception.AuthErrorHandler;
import io.apicurio.rest.client.auth.exception.ForbiddenException;
import io.apicurio.rest.client.spi.ApicurioHttpClient;
import io.apicurio.rest.client.spi.ApicurioHttpClientFactory;
import io.quarkus.test.junit.QuarkusTest;
import io.quarkus.test.junit.TestProfile;
import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.util.List;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;

@QuarkusTest
@TestProfile(AuthTestProfileAuthenticatedReadAccess.class)
@Tag("slow")
/* loaded from: input_file:io/apicurio/registry/auth/AuthTestAuthenticatedReadAccess.class */
public class AuthTestAuthenticatedReadAccess extends AbstractResourceTestBase {

    @ConfigProperty(name = "registry.auth.token.endpoint")
    @Info(category = "auth", description = "Auth token endpoint", availableSince = "2.1.0.Final")
    String authServerUrl;
    final String groupId = getClass().getSimpleName() + "Group";
    ApicurioHttpClient httpClient;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.apicurio.registry.AbstractResourceTestBase
    public RegistryClient createRestClientV2() {
        this.httpClient = ApicurioHttpClientFactory.create(this.authServerUrl, new AuthErrorHandler());
        return createClient(new OidcAuth(this.httpClient, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.apicurio.registry.AbstractResourceTestBase
    public AdminClient createAdminClientV2() {
        this.httpClient = ApicurioHttpClientFactory.create(this.authServerUrl, new AuthErrorHandler());
        return createAdminClient(new OidcAuth(this.httpClient, JWKSMockServer.ADMIN_CLIENT_ID, "test1"));
    }

    @Test
    public void testReadOperationWithNoRole() throws Exception {
        RegistryClient createClient = createClient(new OidcAuth(this.httpClient, JWKSMockServer.NO_ROLE_CLIENT_ID, "test1"));
        Assertions.assertTrue(createClient.searchArtifacts(this.groupId, (String) null, (String) null, (List) null, (List) null, (SortBy) null, (SortOrder) null, (Integer) null, (Integer) null).getCount().intValue() >= 0);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream("{\r\n    \"type\" : \"record\",\r\n    \"name\" : \"userInfo\",\r\n    \"namespace\" : \"my.example\",\r\n    \"fields\" : [{\"name\" : \"age\", \"type\" : \"int\"}]\r\n}".getBytes(StandardCharsets.UTF_8));
        Assertions.assertThrows(ForbiddenException.class, () -> {
            createClient.createArtifact(this.groupId, "testReadOperationWithNoRole", "AVRO", byteArrayInputStream);
        });
    }
}
