package org.gcube.common.keycloak;

import java.net.URL;

import org.gcube.common.keycloak.model.ModelUtils;
import org.gcube.common.keycloak.model.TokenResponse;
import org.gcube.common.scope.api.ScopeProvider;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class TestKeycloakClient {

    protected static final Logger logger = LoggerFactory.getLogger(TestKeycloakClient.class);

    private static final String DEV_ENDPOINT = "http://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token";
    private static final String CLIENT_ID = "keycloak-client";
    private static final String CLIENT_SECRET = "38f76152-2b7c-418f-9b67-66f4cc2f401e";
    private static final String TEST_AUDIENCE = "conductor-server";

    @Before
    public void setUp() throws Exception {
        ScopeProvider.instance.set("/gcube");
    }

    @After
    public void tearDown() throws Exception {
    }

    @Test
    public void testEndpointDiscovery() throws Exception {
        logger.info("Start testing Keycloak endpoint discovery...");
        URL url = KeycloakClientFactory.newInstance().findTokenEndpointURL();
        Assert.assertNotNull(url);
        Assert.assertTrue(url.getProtocol().equals("https"));
    }

    @Test
    public void testQueryUMATokenWithDiscoveryInCurrentScope() throws Exception {
        logger.info("Start testing query UMA token from Keycloak with endpoint discovery and current scope...");
        TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(CLIENT_ID, CLIENT_SECRET, null);
        TestModels.checkTokenResponse(tr);
        TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(tr), "service-account-" + CLIENT_ID);
    }

    @Test
    public void testQueryUMATokenWithDiscovery() throws Exception {
        logger.info("Start testing query UMA token from Keycloak with endpoint discovery...");
        TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(CLIENT_ID, CLIENT_SECRET, TEST_AUDIENCE,
                null);

        TestModels.checkTokenResponse(tr);
        TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(tr), "service-account-" + CLIENT_ID);
    }

    @Test
    public void testQueryUMAToken() throws Exception {
        logger.info("Start testing query UMA token from Keycloak with URL...");
        TokenResponse tr = KeycloakClientFactory.newInstance()
                .queryUMAToken(new URL(DEV_ENDPOINT), CLIENT_ID, CLIENT_SECRET, TEST_AUDIENCE, null);

        TestModels.checkTokenResponse(tr);
        TestModels.checkAccessToken(ModelUtils.getAccessTokenFrom(tr), "service-account-" + CLIENT_ID);
    }

}