package io.vertx.ext.auth.test.jwt;

import io.vertx.core.Future;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.JWTOptions;
import io.vertx.ext.auth.KeyStoreOptions;
import io.vertx.ext.auth.authentication.CredentialValidationException;
import io.vertx.ext.auth.authentication.TokenCredentials;
import io.vertx.ext.auth.authorization.PermissionBasedAuthorization;
import io.vertx.ext.auth.jwt.JWTAuth;
import io.vertx.ext.auth.jwt.JWTAuthOptions;
import io.vertx.ext.auth.jwt.authorization.JWTAuthorization;
import io.vertx.ext.unit.Async;
import io.vertx.ext.unit.TestContext;
import io.vertx.ext.unit.junit.RunTestOnContext;
import io.vertx.ext.unit.junit.VertxUnitRunner;
import java.nio.charset.StandardCharsets;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.util.Base64;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(VertxUnitRunner.class)
/* loaded from: input_file:io/vertx/ext/auth/test/jwt/JWTAuthProviderTest.class */
public class JWTAuthProviderTest {
    private JWTAuth authProvider;
    private static final String JWT_CLAIMS = "{\"sub\":\"Paulo\",\"exp\":1747055313,\"iat\":1431695313,\"permissions\":[\"read\",\"write\",\"execute\"],\"roles\":[\"admin\",\"developer\",\"user\"]}";
    private static final String JWT_INVALID = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJQYXVsbyIsImlhdCI6MTQwMDE1OTQzNCwiZXhwIjoxNDAwMjQ1ODM0LCJyb2xlcyI6WyJhZG1pbiIsImRldmVsb3BlciIsInVzZXIiXSwicGVybWlzc2lvbnMiOlsicmVhZCIsIndyaXRlIiwiZXhlY3V0ZSJdfQ==.NhHul0OFlmUaatFwNeGBbshVNzac2z_3twEEg57x80s=";
    private String jwtValid;

    @Rule
    public RunTestOnContext rule = new RunTestOnContext();
    private final long exp = LocalDateTime.now().plusDays(1).toEpochSecond(ZoneOffset.UTC);

    @Before
    public void setUp() throws Exception {
        this.authProvider = JWTAuth.create(this.rule.vertx(), getConfig());
        this.jwtValid = this.authProvider.generateToken(new JsonObject(JWT_CLAIMS).put("exp", Long.valueOf(this.exp)));
    }

    private JWTAuthOptions getConfig() {
        return new JWTAuthOptions().setKeyStore(new KeyStoreOptions().setPath("keystore.jceks").setType("jceks").setPassword("secret"));
    }

    @Test
    public void testCreateWithoutFailureWhenAliasIsNotSupported() {
        JWTAuthOptions config = getConfig();
        config.getKeyStore().putPasswordProtection("foo", "not-so-secret");
        JWTAuth.create(this.rule.vertx(), config);
    }

    @Test
    public void testCreateWithoutFailureWhenAliasDoesNotExist() {
        JWTAuthOptions config = getConfig();
        config.getKeyStore().putPasswordProtection("HS384", "not-so-secret");
        JWTAuth.create(this.rule.vertx(), config);
    }

    @Test
    public void testValidJWT(TestContext testContext) {
        Async async = testContext.async();
        Future authenticate = this.authProvider.authenticate(new TokenCredentials(this.jwtValid));
        testContext.getClass();
        authenticate.onFailure(testContext::fail).onSuccess(user -> {
            testContext.assertNotNull(user);
            testContext.assertNotNull(user.subject());
            testContext.assertNotNull(user.principal().getValue("permissions"));
            testContext.assertNotNull(user.principal().getValue("roles"));
            async.complete();
        });
    }

    @Test
    public void testInValidCredentials(TestContext testContext) {
        Async async = testContext.async();
        this.authProvider.authenticate(new JsonObject().put("username", "username").put("password", "password")).onSuccess(user -> {
            testContext.fail("Should have failed");
        }).onFailure(th -> {
            testContext.assertNotNull(th);
            testContext.assertTrue(th instanceof CredentialValidationException);
            async.complete();
        });
    }

    @Test
    public void testInvalidJWT(TestContext testContext) {
        Async async = testContext.async();
        this.authProvider.authenticate(new TokenCredentials(JWT_INVALID)).onSuccess(user -> {
            testContext.fail();
        }).onFailure(th -> {
            testContext.assertNotNull(th);
            async.complete();
        });
    }

    @Test
    public void testJWTValidPermission(TestContext testContext) {
        Async async = testContext.async();
        Future authenticate = this.authProvider.authenticate(new TokenCredentials(this.jwtValid));
        testContext.getClass();
        authenticate.onFailure(testContext::fail).onSuccess(user -> {
            testContext.assertNotNull(user);
            JWTAuthorization.create("permissions").getAuthorizations(user, asyncResult -> {
                testContext.assertTrue(asyncResult.succeeded());
                testContext.assertTrue(PermissionBasedAuthorization.create("write").match(user));
                async.complete();
            });
        });
    }

    @Test
    public void testJWTInvalidPermission(TestContext testContext) {
        Async async = testContext.async();
        Future authenticate = this.authProvider.authenticate(new TokenCredentials(this.jwtValid));
        testContext.getClass();
        authenticate.onFailure(testContext::fail).onSuccess(user -> {
            testContext.assertNotNull(user);
            JWTAuthorization.create("permissions").getAuthorizations(user, asyncResult -> {
                testContext.assertTrue(asyncResult.succeeded());
                testContext.assertFalse(PermissionBasedAuthorization.create("drop").match(user));
                async.complete();
            });
        });
    }

    @Test
    public void testGenerateNewToken(TestContext testContext) {
        String generateToken = this.authProvider.generateToken(new JsonObject().put("sub", "Paulo").put("exp", Long.valueOf(this.exp)).put("iat", 1431695313).put("permissions", new JsonArray().add("read").add("write").add("execute")).put("roles", new JsonArray().add("admin").add("developer").add("user")), new JWTOptions().setSubject("Paulo"));
        testContext.assertNotNull(generateToken);
        testContext.assertEquals(this.jwtValid, generateToken);
    }

    @Test
    public void testGenerateNewTokenImmutableClaims() {
        JsonObject put = new JsonObject().put("sub", "Paulo");
        Assert.assertNotEquals(this.authProvider.generateToken(put, new JWTOptions().addPermission("user")), this.authProvider.generateToken(put, new JWTOptions().addPermission("admin")));
    }

    @Test
    public void testTokenWithoutTimestamp(TestContext testContext) {
        Async async = testContext.async();
        String generateToken = this.authProvider.generateToken(new JsonObject().put("sub", "Paulo"), new JWTOptions().setExpiresInMinutes(5).setNoTimestamp(true));
        testContext.assertNotNull(generateToken);
        Future authenticate = this.authProvider.authenticate(new TokenCredentials(generateToken));
        testContext.getClass();
        authenticate.onFailure(testContext::fail).onSuccess(user -> {
            testContext.assertNotNull(user);
            testContext.assertTrue(user.attributes().getJsonObject("accessToken").containsKey("exp"));
            testContext.assertFalse(user.attributes().getJsonObject("accessToken").containsKey("iat"));
            async.complete();
        });
    }

    @Test
    public void testTokenWithTimestamp(TestContext testContext) {
        Async async = testContext.async();
        String generateToken = this.authProvider.generateToken(new JsonObject().put("sub", "Paulo"), new JWTOptions());
        testContext.assertNotNull(generateToken);
        Future authenticate = this.authProvider.authenticate(new TokenCredentials(generateToken));
        testContext.getClass();
        authenticate.onFailure(testContext::fail).onSuccess(user -> {
            testContext.assertNotNull(user);
            testContext.assertTrue(user.attributes().getJsonObject("accessToken").containsKey("iat"));
            async.complete();
        });
    }

    @Test
    public void testExpiration(TestContext testContext) {
        Async async = testContext.async();
        String generateToken = this.authProvider.generateToken(new JsonObject().put("sub", "Paulo"), new JWTOptions().setExpiresInSeconds(1).setNoTimestamp(true));
        testContext.assertNotNull(generateToken);
        this.rule.vertx().setTimer(2000L, l -> {
            this.authProvider.authenticate(new TokenCredentials(generateToken)).onSuccess(user -> {
                testContext.fail("Should have failed");
            }).onFailure(th -> {
                testContext.assertNotNull(th);
                async.complete();
            });
        });
    }

    @Test
    public void testGoodIssuer(TestContext testContext) {
        Async async = testContext.async();
        String generateToken = this.authProvider.generateToken(new JsonObject().put("sub", "Paulo"), new JWTOptions().setIssuer("https://vertx.io"));
        testContext.assertNotNull(generateToken);
        Future authenticate = this.authProvider.authenticate(new TokenCredentials(generateToken));
        testContext.getClass();
        authenticate.onFailure(testContext::fail).onSuccess(user -> {
            testContext.assertNotNull(user);
            async.complete();
        });
    }

    @Test
    public void testBadIssuer(TestContext testContext) {
        Async async = testContext.async();
        this.authProvider = JWTAuth.create(this.rule.vertx(), getConfig().setJWTOptions(new JWTOptions().setIssuer("https://vertx.io")));
        String generateToken = this.authProvider.generateToken(new JsonObject().put("sub", "Paulo"), new JWTOptions().setIssuer("https://auth0.io"));
        testContext.assertNotNull(generateToken);
        this.authProvider.authenticate(new TokenCredentials(generateToken)).onSuccess(user -> {
            testContext.fail("Should have failed");
        }).onFailure(th -> {
            testContext.assertNotNull(th);
            async.complete();
        });
    }

    @Test
    public void testGoodAudience(TestContext testContext) {
        Async async = testContext.async();
        this.authProvider = JWTAuth.create(this.rule.vertx(), getConfig().setJWTOptions(new JWTOptions().addAudience("b").addAudience("d")));
        String generateToken = this.authProvider.generateToken(new JsonObject().put("sub", "Paulo"), new JWTOptions().addAudience("a").addAudience("b").addAudience("c"));
        testContext.assertNotNull(generateToken);
        Future authenticate = this.authProvider.authenticate(new TokenCredentials(generateToken));
        testContext.getClass();
        authenticate.onFailure(testContext::fail).onSuccess(user -> {
            testContext.assertNotNull(user);
            async.complete();
        });
    }

    @Test
    public void testBadAudience(TestContext testContext) {
        Async async = testContext.async();
        this.authProvider = JWTAuth.create(this.rule.vertx(), getConfig().setJWTOptions(new JWTOptions().addAudience("e").addAudience("d")));
        String generateToken = this.authProvider.generateToken(new JsonObject().put("sub", "Paulo"), new JWTOptions().addAudience("a").addAudience("b").addAudience("c"));
        testContext.assertNotNull(generateToken);
        this.authProvider.authenticate(new TokenCredentials(generateToken)).onSuccess(user -> {
            testContext.fail("Should have failed");
        }).onFailure(th -> {
            testContext.assertNotNull(th);
            async.complete();
        });
    }

    @Test
    public void testGenerateNewTokenES256(TestContext testContext) {
        Async async = testContext.async();
        this.authProvider = JWTAuth.create(this.rule.vertx(), new JWTAuthOptions().setKeyStore(new KeyStoreOptions().setPath("es256-keystore.jceks").setType("jceks").setPassword("secret")));
        String generateToken = this.authProvider.generateToken(new JsonObject().put("sub", "paulo"), new JWTOptions().setAlgorithm("ES256"));
        testContext.assertNotNull(generateToken);
        this.authProvider.authenticate(new TokenCredentials(generateToken), asyncResult -> {
            if (asyncResult.failed()) {
                asyncResult.cause().printStackTrace();
                testContext.fail();
            }
            testContext.assertNotNull(asyncResult.result());
            async.complete();
        });
    }

    @Test
    public void testGenerateNewTokenWithMacSecret(TestContext testContext) {
        Async async = testContext.async();
        this.authProvider = JWTAuth.create(this.rule.vertx(), new JWTAuthOptions().addJwk(new JsonObject().put("kty", "oct").put("k", "notasecret")));
        String generateToken = this.authProvider.generateToken(new JsonObject(), new JWTOptions().setAlgorithm("HS256"));
        testContext.assertNotNull(generateToken);
        Future authenticate = this.authProvider.authenticate(new TokenCredentials(generateToken));
        testContext.getClass();
        authenticate.onFailure(testContext::fail).onSuccess(user -> {
            testContext.assertNotNull(user);
            async.complete();
        });
    }

    @Test
    public void testValidateTokenWithInvalidMacSecret(TestContext testContext) {
        Async async = testContext.async();
        this.authProvider = JWTAuth.create(this.rule.vertx(), new JWTAuthOptions().addJwk(new JsonObject().put("kty", "oct").put("k", Base64.getUrlEncoder().encodeToString("a bad secret".getBytes(StandardCharsets.UTF_8)))));
        this.authProvider.authenticate(new TokenCredentials("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1MDE3ODUyMDZ9.08K_rROcCmKTF1cKfPCli2GQFYIOP8dePxeS1SE4dc8")).onSuccess(user -> {
            testContext.fail("Should have failed");
        }).onFailure(th -> {
            testContext.assertNotNull(th);
            async.complete();
        });
    }

    @Test
    public void testValidateTokenWithValidMacSecret(TestContext testContext) {
        Async async = testContext.async();
        this.authProvider = JWTAuth.create(this.rule.vertx(), new JWTAuthOptions().addJwk(new JsonObject().put("kty", "oct").put("k", Base64.getUrlEncoder().encodeToString("notasecret".getBytes(StandardCharsets.UTF_8)))));
        Future authenticate = this.authProvider.authenticate(new TokenCredentials("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1MDE3ODUyMDZ9.08K_rROcCmKTF1cKfPCli2GQFYIOP8dePxeS1SE4dc8"));
        testContext.getClass();
        authenticate.onFailure(testContext::fail).onSuccess(user -> {
            testContext.assertNotNull(user);
            async.complete();
        });
    }

    @Test
    public void testGenerateNewTokenForceAlgorithm(TestContext testContext) {
        Async async = testContext.async();
        this.authProvider = JWTAuth.create(this.rule.vertx(), new JWTAuthOptions().setKeyStore(new KeyStoreOptions().setPath("keystore.jceks").setType("jceks").setPassword("secret")));
        String generateToken = this.authProvider.generateToken(new JsonObject(), new JWTOptions().setAlgorithm("RS256"));
        testContext.assertNotNull(generateToken);
        Future authenticate = this.authProvider.authenticate(new TokenCredentials(generateToken));
        testContext.getClass();
        authenticate.onFailure(testContext::fail).onSuccess(user -> {
            testContext.assertNotNull(user);
            async.complete();
        });
    }

    @Test
    public void testAcceptInvalidJWT(TestContext testContext) {
        Async async = testContext.async();
        String[] split = JWT_INVALID.split("\\.");
        JsonObject jsonObject = new JsonObject(new String(Base64.getUrlDecoder().decode(split[0].getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
        jsonObject.put("alg", "none");
        String encodeToString = Base64.getUrlEncoder().encodeToString(jsonObject.encode().getBytes(StandardCharsets.UTF_8));
        new JsonObject(new String(Base64.getUrlDecoder().decode(split[1].getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8)).put("exp", Long.valueOf(System.currentTimeMillis() + 10000));
        this.authProvider.authenticate(new TokenCredentials(encodeToString + "." + Base64.getUrlEncoder().encodeToString(jsonObject.encode().getBytes(StandardCharsets.UTF_8)) + "." + split[2])).onSuccess(user -> {
            testContext.fail("Should have failed");
        }).onFailure(th -> {
            testContext.assertNotNull(th);
            async.complete();
        });
    }

    @Test
    public void testAlgNone(TestContext testContext) throws Exception {
        Async async = testContext.async();
        JWTAuth create = JWTAuth.create(this.rule.vertx(), new JWTAuthOptions());
        String generateToken = create.generateToken(new JsonObject().put("sub", "UserUnderTest").put("aud", "OrganizationUnderTest").put("iat", 1431695313).put("exp", Long.valueOf(LocalDateTime.now().plusDays(1L).toEpochSecond(ZoneOffset.UTC))).put("roles", new JsonArray().add("admin").add("developer").add("user")).put("permissions", new JsonArray().add("read").add("write").add("execute")), new JWTOptions().setSubject("UserUnderTest").setAlgorithm("none"));
        testContext.assertNotNull(generateToken);
        Future authenticate = create.authenticate(new TokenCredentials(generateToken));
        testContext.getClass();
        authenticate.onFailure(testContext::fail).onSuccess(user -> {
            testContext.assertNotNull(user);
            async.complete();
        });
    }

    @Test
    public void testLeeway(TestContext testContext) {
        Async async = testContext.async();
        this.authProvider = JWTAuth.create(this.rule.vertx(), getConfig().setJWTOptions(new JWTOptions().setLeeway(0)));
        String generateToken = this.authProvider.generateToken(new JsonObject().put("sub", "Paulo").put("exp", Long.valueOf(System.currentTimeMillis() / 1000)));
        testContext.assertNotNull(generateToken);
        this.authProvider.authenticate(new TokenCredentials(generateToken)).onSuccess(user -> {
            testContext.fail("Should have failed");
        }).onFailure(th -> {
            async.complete();
        });
    }

    @Test
    public void testLeeway2(TestContext testContext) {
        Async async = testContext.async();
        this.authProvider = JWTAuth.create(this.rule.vertx(), getConfig().setJWTOptions(new JWTOptions().setLeeway(0)));
        String generateToken = this.authProvider.generateToken(new JsonObject().put("sub", "Paulo").put("iat", Long.valueOf((System.currentTimeMillis() / 1000) + 2)));
        testContext.assertNotNull(generateToken);
        this.authProvider.authenticate(new TokenCredentials(generateToken)).onSuccess(user -> {
            testContext.fail("Should have failed");
        }).onFailure(th -> {
            async.complete();
        });
    }

    @Test
    public void testLeeway3(TestContext testContext) {
        Async async = testContext.async();
        this.authProvider = JWTAuth.create(this.rule.vertx(), getConfig().setJWTOptions(new JWTOptions().setLeeway(5)));
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        String generateToken = this.authProvider.generateToken(new JsonObject().put("sub", "Paulo").put("exp", Long.valueOf(currentTimeMillis)).put("iat", Long.valueOf(currentTimeMillis)));
        testContext.assertNotNull(generateToken);
        Future authenticate = this.authProvider.authenticate(new TokenCredentials(generateToken));
        testContext.getClass();
        authenticate.onFailure(testContext::fail).onSuccess(user -> {
            async.complete();
        });
    }

    @Test
    public void testLeeway4(TestContext testContext) {
        Async async = testContext.async();
        this.authProvider = JWTAuth.create(this.rule.vertx(), getConfig().setJWTOptions(new JWTOptions().setLeeway(5)));
        String generateToken = this.authProvider.generateToken(new JsonObject().put("sub", "Paulo").put("iat", Long.valueOf((System.currentTimeMillis() / 1000) + 2)));
        testContext.assertNotNull(generateToken);
        Future authenticate = this.authProvider.authenticate(new TokenCredentials(generateToken));
        testContext.getClass();
        authenticate.onFailure(testContext::fail).onSuccess(user -> {
            async.complete();
        });
    }

    @Test
    public void testJWKShouldNotCrash() {
        this.authProvider = JWTAuth.create(this.rule.vertx(), new JWTAuthOptions().addJwk(new JsonObject().put("kty", "RSA").put("n", "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw").put("e", "AQAB").put("alg", "RS256").put("kid", "2011-04-29")));
    }

    @Test
    public void testValidateTokenWithIgnoreExpired(TestContext testContext) throws InterruptedException {
        Async async = testContext.async();
        this.authProvider = JWTAuth.create(this.rule.vertx(), new JWTAuthOptions().addJwk(new JsonObject().put("kty", "oct").put("k", "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow")).setJWTOptions(new JWTOptions().setIgnoreExpiration(true)));
        String generateToken = this.authProvider.generateToken(new JsonObject(), new JWTOptions().setExpiresInSeconds(1).setSubject("subject").setAlgorithm("HS256"));
        Thread.sleep(1001L);
        Future authenticate = this.authProvider.authenticate(new TokenCredentials(generateToken));
        testContext.getClass();
        authenticate.onFailure(testContext::fail).onSuccess(user -> {
            testContext.assertNotNull(user);
            async.complete();
        });
    }

    @Test
    public void testGenerateClaimsAndCheck(TestContext testContext) {
        Async async = testContext.async();
        Future authenticate = this.authProvider.authenticate(new TokenCredentials(this.authProvider.generateToken(new JsonObject().put("sub", "Paulo"), new JWTOptions().addPermission("user"))));
        testContext.getClass();
        authenticate.onFailure(testContext::fail).onSuccess(user -> {
            testContext.assertNotNull(user);
            testContext.assertTrue(PermissionBasedAuthorization.create("user").match(user));
            user.clearCache();
            JWTAuthorization.create("permissions").getAuthorizations(user, asyncResult -> {
                testContext.assertTrue(asyncResult.succeeded());
                testContext.assertTrue(PermissionBasedAuthorization.create("user").match(user));
                async.complete();
            });
        });
    }
}
