package pl.allegro.tech.servicemesh.envoycontrol.permissions;

import java.util.Map;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TuplesKt;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.collections.SetsKt;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.Headers;
import okhttp3.Response;
import org.assertj.core.api.AbstractIntegerAssert;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.ObjectAssert;
import org.jetbrains.annotations.NotNull;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.testcontainers.junit.jupiter.Container;
import pl.allegro.tech.servicemesh.envoycontrol.config.BaseEnvoyTest;
import pl.allegro.tech.servicemesh.envoycontrol.config.EnvoyConfig;
import pl.allegro.tech.servicemesh.envoycontrol.config.EnvoyControlTestConfiguration;
import pl.allegro.tech.servicemesh.envoycontrol.config.EnvoyControlTestConfigurationKt;
import pl.allegro.tech.servicemesh.envoycontrol.config.containers.ToxiproxyContainer;
import pl.allegro.tech.servicemesh.envoycontrol.config.envoy.EnvoyContainer;
import pl.allegro.tech.servicemesh.envoycontrol.config.envoycontrol.EnvoyControlRunnerTestApp;
import pl.allegro.tech.servicemesh.envoycontrol.snapshot.EndpointMatch;

/* compiled from: SourceIpBasedAuthenticationTest.kt */
@Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��\"\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0002\b\u0005\b��\u0018�� \u000e2\u00020\u0001:\u0001\u000eB\u0005¢\u0006\u0002\u0010\u0002J\u0010\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u0006H\u0002J\b\u0010\u0007\u001a\u00020\u0004H\u0002J\b\u0010\b\u001a\u00020\u0004H\u0002J\b\u0010\t\u001a\u00020\nH\u0002J\b\u0010\u000b\u001a\u00020\nH\u0002J\b\u0010\f\u001a\u00020\nH\u0007J\b\u0010\r\u001a\u00020\nH\u0007¨\u0006\u000f"}, d2 = {"Lpl/allegro/tech/servicemesh/envoycontrol/permissions/SourceIpBasedAuthenticationTest;", "Lpl/allegro/tech/servicemesh/envoycontrol/config/EnvoyControlTestConfiguration;", "()V", "callEcho2", "Lokhttp3/Response;", "from", "", "callEcho2ThroughEnvoy1", "callEcho2ThroughEnvoy2Ingress", "registerEcho1WithEnvoy1OnIngress", "", "registerEcho2WithEnvoy2OnIngress", "should allow access to selected clients using ip-from-discovery based authentication over plain http", "should allow access to selected clients using ip-from-range based authentication over plain http", "Companion", "envoy-control-tests"})
/* loaded from: input_file:pl/allegro/tech/servicemesh/envoycontrol/permissions/SourceIpBasedAuthenticationTest.class */
public final class SourceIpBasedAuthenticationTest extends EnvoyControlTestConfiguration {
    private static final String prefix = "envoy-control.envoy.snapshot";
    public static final Companion Companion = new Companion(null);

    @Container
    private static final ToxiproxyContainer loremContainer = (ToxiproxyContainer) new ToxiproxyContainer(1).withNetwork(BaseEnvoyTest.Companion.getNetwork());

    @Container
    private static final ToxiproxyContainer ipsumContainer = (ToxiproxyContainer) new ToxiproxyContainer(1).withNetwork(BaseEnvoyTest.Companion.getNetwork());
    private static final Function0<Map<String, Object>> properties = new Function0<Map<String, ? extends Object>>() { // from class: pl.allegro.tech.servicemesh.envoycontrol.permissions.SourceIpBasedAuthenticationTest$Companion$properties$1
        @NotNull
        public final Map<String, Object> invoke() {
            EndpointMatch endpointMatch = new EndpointMatch();
            endpointMatch.setPath("/status/");
            return MapsKt.mapOf(new Pair[]{TuplesKt.to("envoy-control.envoy.snapshot.incoming-permissions.enabled", true), TuplesKt.to("envoy-control.envoy.snapshot.outgoing-permissions.services-allowed-to-use-wildcard", SetsKt.setOf("echo")), TuplesKt.to("envoy-control.envoy.snapshot.incoming-permissions.source-ip-authentication.ip-from-service-discovery.enabled-for-incoming-services", CollectionsKt.listOf("echo")), TuplesKt.to("envoy-control.envoy.snapshot.incoming-permissions.source-ip-authentication.ip-from-range.lorem", SourceIpBasedAuthenticationTest.Companion.getLoremContainer().ipAddress() + "/32"), TuplesKt.to("envoy-control.envoy.snapshot.routes.status.create-virtual-cluster", true), TuplesKt.to("envoy-control.envoy.snapshot.routes.status.endpoints", CollectionsKt.mutableListOf(new EndpointMatch[]{endpointMatch})), TuplesKt.to("envoy-control.envoy.snapshot.routes.status.enabled", true)});
        }
    };
    private static final EnvoyConfig echo2EnvoyConfig = EnvoyConfig.copy$default(EnvoyControlTestConfigurationKt.getEcho2EnvoyAuthConfig(), null, null, "node:\n  metadata:\n    proxy_settings:\n      incoming:\n        endpoints:\n          - path: \"/secured_endpoint\"\n            clients: [\"echo\", \"lorem\"]", null, null, null, 59, null);

    /* compiled from: SourceIpBasedAuthenticationTest.kt */
    @Metadata(mv = {1, 1, 16}, bv = {1, 0, 3}, k = 1, d1 = {"��0\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\u0010$\n��\n\u0002\u0010\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\b\u0010\u0011\u001a\u00020\u0012H\u0007R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n��R\u001e\u0010\u0005\u001a\n \u0007*\u0004\u0018\u00010\u00060\u00068\u0006X\u0087\u0004¢\u0006\b\n��\u001a\u0004\b\b\u0010\tR\u001e\u0010\n\u001a\n \u0007*\u0004\u0018\u00010\u00060\u00068\u0006X\u0087\u0004¢\u0006\b\n��\u001a\u0004\b\u000b\u0010\tR\u000e\u0010\f\u001a\u00020\rX\u0082T¢\u0006\u0002\n��R \u0010\u000e\u001a\u0014\u0012\u0010\u0012\u000e\u0012\u0004\u0012\u00020\r\u0012\u0004\u0012\u00020\u00010\u00100\u000fX\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0013"}, d2 = {"Lpl/allegro/tech/servicemesh/envoycontrol/permissions/SourceIpBasedAuthenticationTest$Companion;", "", "()V", "echo2EnvoyConfig", "Lpl/allegro/tech/servicemesh/envoycontrol/config/EnvoyConfig;", "ipsumContainer", "Lpl/allegro/tech/servicemesh/envoycontrol/config/containers/ToxiproxyContainer;", "kotlin.jvm.PlatformType", "getIpsumContainer", "()Lpl/allegro/tech/servicemesh/envoycontrol/config/containers/ToxiproxyContainer;", "loremContainer", "getLoremContainer", "prefix", "", "properties", "Lkotlin/Function0;", "", "setupTest", "", "envoy-control-tests"})
    /* loaded from: input_file:pl/allegro/tech/servicemesh/envoycontrol/permissions/SourceIpBasedAuthenticationTest$Companion.class */
    public static final class Companion {
        public final ToxiproxyContainer getLoremContainer() {
            return SourceIpBasedAuthenticationTest.loremContainer;
        }

        public final ToxiproxyContainer getIpsumContainer() {
            return SourceIpBasedAuthenticationTest.ipsumContainer;
        }

        @JvmStatic
        @BeforeAll
        public final void setupTest() {
            EnvoyControlTestConfiguration.Companion.setup$default(EnvoyControlTestConfiguration.Companion, EnvoyControlTestConfigurationKt.getEcho1EnvoyAuthConfig(), SourceIpBasedAuthenticationTest.echo2EnvoyConfig, null, new Function1<Integer, EnvoyControlRunnerTestApp>() { // from class: pl.allegro.tech.servicemesh.envoycontrol.permissions.SourceIpBasedAuthenticationTest$Companion$setupTest$1
                public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                    return invoke(((Number) obj).intValue());
                }

                @NotNull
                public final EnvoyControlRunnerTestApp invoke(int i) {
                    Function0 function0;
                    function0 = SourceIpBasedAuthenticationTest.properties;
                    return new EnvoyControlRunnerTestApp((Map) function0.invoke(), i, null, 0, 0, 28, null);
                }
            }, null, 0, 2, null, null, null, null, false, 4020, null);
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @Test
    /* renamed from: should allow access to selected clients using ip-from-discovery based authentication over plain http, reason: not valid java name */
    public final void m334x60fbe108() {
        registerEcho1WithEnvoy1OnIngress();
        registerEcho2WithEnvoy2OnIngress();
        EnvoyControlTestConfiguration.Companion.untilAsserted$default(EnvoyControlTestConfiguration.Companion, null, new Function0<AbstractIntegerAssert<?>>() { // from class: pl.allegro.tech.servicemesh.envoycontrol.permissions.SourceIpBasedAuthenticationTest$should allow access to selected clients using ip-from-discovery based authentication over plain http$1
            public final AbstractIntegerAssert<?> invoke() {
                Response callEcho2ThroughEnvoy1;
                Response callEcho2ThroughEnvoy2Ingress;
                EnvoyControlTestConfiguration.Companion.getEnvoyContainer2().admin().resetCounters();
                callEcho2ThroughEnvoy1 = SourceIpBasedAuthenticationTest.this.callEcho2ThroughEnvoy1();
                callEcho2ThroughEnvoy2Ingress = SourceIpBasedAuthenticationTest.this.callEcho2ThroughEnvoy2Ingress();
                String statValue = EnvoyControlTestConfiguration.Companion.getEnvoyContainer2().admin().statValue("http.ingress_http.rbac.denied");
                Integer valueOf = statValue != null ? Integer.valueOf(Integer.parseInt(statValue)) : null;
                String statValue2 = EnvoyControlTestConfiguration.Companion.getEnvoyContainer2().admin().statValue("listener.0.0.0.0_5001.ssl.handshake");
                Integer valueOf2 = statValue2 != null ? Integer.valueOf(Integer.parseInt(statValue2)) : null;
                SourceIpBasedAuthenticationTest sourceIpBasedAuthenticationTest = SourceIpBasedAuthenticationTest.this;
                SourceIpBasedAuthenticationTest sourceIpBasedAuthenticationTest2 = SourceIpBasedAuthenticationTest.this;
                ObjectAssert<Response> assertThat = Assertions.assertThat(callEcho2ThroughEnvoy1);
                Intrinsics.checkExpressionValueIsNotNull(assertThat, "assertThat(requestFromEcho1Response)");
                sourceIpBasedAuthenticationTest.isFrom(sourceIpBasedAuthenticationTest2.isOk(assertThat), BaseEnvoyTest.Companion.getEchoContainer2());
                SourceIpBasedAuthenticationTest sourceIpBasedAuthenticationTest3 = SourceIpBasedAuthenticationTest.this;
                ObjectAssert<Response> assertThat2 = Assertions.assertThat(callEcho2ThroughEnvoy2Ingress);
                Intrinsics.checkExpressionValueIsNotNull(assertThat2, "assertThat(directRequestResponse)");
                sourceIpBasedAuthenticationTest3.isForbidden(assertThat2);
                Assertions.assertThat(valueOf2).isZero();
                return Assertions.assertThat(valueOf).isOne();
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        }, 1, null);
    }

    @Test
    /* renamed from: should allow access to selected clients using ip-from-range based authentication over plain http, reason: not valid java name */
    public final void m335x86e7de1b() {
        EnvoyControlTestConfiguration.Companion companion = EnvoyControlTestConfiguration.Companion;
        ToxiproxyContainer toxiproxyContainer = loremContainer;
        Intrinsics.checkExpressionValueIsNotNull(toxiproxyContainer, "loremContainer");
        String createProxyToEnvoyIngress = companion.createProxyToEnvoyIngress(toxiproxyContainer, EnvoyControlTestConfiguration.Companion.getEnvoyContainer2());
        EnvoyControlTestConfiguration.Companion companion2 = EnvoyControlTestConfiguration.Companion;
        ToxiproxyContainer toxiproxyContainer2 = ipsumContainer;
        Intrinsics.checkExpressionValueIsNotNull(toxiproxyContainer2, "ipsumContainer");
        String createProxyToEnvoyIngress2 = companion2.createProxyToEnvoyIngress(toxiproxyContainer2, EnvoyControlTestConfiguration.Companion.getEnvoyContainer2());
        Response callEcho2 = callEcho2(createProxyToEnvoyIngress);
        Response callEcho22 = callEcho2(createProxyToEnvoyIngress2);
        String statValue = EnvoyControlTestConfiguration.Companion.getEnvoyContainer2().admin().statValue("http.ingress_http.rbac.denied");
        Integer valueOf = statValue != null ? Integer.valueOf(Integer.parseInt(statValue)) : null;
        String statValue2 = EnvoyControlTestConfiguration.Companion.getEnvoyContainer2().admin().statValue("listener.0.0.0.0_5001.ssl.handshake");
        Integer valueOf2 = statValue2 != null ? Integer.valueOf(Integer.parseInt(statValue2)) : null;
        ObjectAssert<Response> assertThat = Assertions.assertThat(callEcho2);
        Intrinsics.checkExpressionValueIsNotNull(assertThat, "assertThat(requestFromLoremResponse)");
        isFrom(isOk(assertThat), BaseEnvoyTest.Companion.getEchoContainer2());
        ObjectAssert<Response> assertThat2 = Assertions.assertThat(callEcho22);
        Intrinsics.checkExpressionValueIsNotNull(assertThat2, "assertThat(requestFromIpsumResponse)");
        isForbidden(assertThat2);
        Assertions.assertThat(valueOf2).isZero();
        Assertions.assertThat(valueOf).isOne();
    }

    private final void registerEcho1WithEnvoy1OnIngress() {
        BaseEnvoyTest.Companion.registerService$default(BaseEnvoyTest.Companion, "echo", "echo", EnvoyControlTestConfiguration.Companion.getEnvoyContainer1().ipAddress(), EnvoyContainer.INGRESS_LISTENER_CONTAINER_PORT, null, 16, null);
    }

    private final void registerEcho2WithEnvoy2OnIngress() {
        BaseEnvoyTest.Companion.registerService$default(BaseEnvoyTest.Companion, "echo2", "echo2", EnvoyControlTestConfiguration.Companion.getEnvoyContainer2().ipAddress(), EnvoyContainer.INGRESS_LISTENER_CONTAINER_PORT, null, 16, null);
    }

    private final Response callEcho2(String str) {
        return EnvoyControlTestConfiguration.Companion.call$default(EnvoyControlTestConfiguration.Companion, null, str, null, "/secured_endpoint", null, null, null, 117, null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Response callEcho2ThroughEnvoy2Ingress() {
        EnvoyControlTestConfiguration.Companion companion = EnvoyControlTestConfiguration.Companion;
        Headers of = Headers.of(new String[0]);
        Intrinsics.checkExpressionValueIsNotNull(of, "Headers.of()");
        return companion.callLocalService("/secured_endpoint", of, EnvoyControlTestConfiguration.Companion.getEnvoyContainer2());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Response callEcho2ThroughEnvoy1() {
        return EnvoyControlTestConfiguration.Companion.callService$default(EnvoyControlTestConfiguration.Companion, "echo2", null, null, "/secured_endpoint", 6, null);
    }

    @JvmStatic
    @BeforeAll
    public static final void setupTest() {
        Companion.setupTest();
    }
}
