package io.vertx.ext.web.tests.handler;

import io.vertx.core.http.HttpHeaders;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.http.HttpServer;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.authorization.PermissionBasedAuthorization;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2Options;
import io.vertx.ext.auth.oauth2.authorization.ScopeAuthorization;
import io.vertx.ext.web.handler.AuthorizationHandler;
import io.vertx.ext.web.handler.HttpException;
import io.vertx.ext.web.handler.OAuth2AuthHandler;
import io.vertx.ext.web.handler.SessionHandler;
import io.vertx.ext.web.sstore.SessionStore;
import io.vertx.ext.web.tests.WebTestBase;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import org.junit.Test;

/* loaded from: input_file:io/vertx/ext/web/tests/handler/OAuth2ImpersonationTest.class */
public class OAuth2ImpersonationTest extends WebTestBase {
    private static final String USER_SWITCH_KEY = "__vertx.user-switch-ref";
    OAuth2Auth oauth2;
    private static final JsonObject fixture_base = new JsonObject("{  \"sub\": \"base\",  \"access_token\": \"base\",  \"refresh_token\": \"base\",  \"token_type\": \"bearer\",  \"scope\": \"read\",  \"expires_in\": 7200}");
    private static final JsonObject fixture_admin = new JsonObject("{  \"sub\": \"admin\",  \"access_token\": \"admin\",  \"refresh_token\": \"admin\",  \"token_type\": \"bearer\",  \"scope\": \"read write\",  \"expires_in\": 7200}");
    private HttpServer server;

    @Override // io.vertx.ext.web.tests.WebTestBase
    public void tearDown() throws Exception {
        this.server.close();
        super.tearDown();
    }

    @Override // io.vertx.ext.web.tests.WebTestBase
    public void setUp() throws Exception {
        super.setUp();
        this.oauth2 = OAuth2Auth.create(this.vertx, new OAuth2Options().setClientId("client-id").setClientSecret("client-secret").setSite("http://localhost:10000"));
        CountDownLatch countDownLatch = new CountDownLatch(1);
        AtomicBoolean atomicBoolean = new AtomicBoolean(true);
        this.server = this.vertx.createHttpServer();
        this.server.requestHandler(httpServerRequest -> {
            if (httpServerRequest.method() == HttpMethod.POST && "/oauth/token".equals(httpServerRequest.path())) {
                httpServerRequest.setExpectMultipart(true).bodyHandler(buffer -> {
                    httpServerRequest.response().putHeader("Content-Type", "application/json").end(atomicBoolean.compareAndSet(true, false) ? fixture_base.encode() : fixture_admin.encode());
                });
            } else if (httpServerRequest.method() == HttpMethod.POST && "/oauth/revoke".equals(httpServerRequest.path())) {
                httpServerRequest.setExpectMultipart(true).bodyHandler(buffer2 -> {
                    httpServerRequest.response().end();
                });
            } else {
                httpServerRequest.response().setStatusCode(400).end();
            }
        }).listen(10000).onComplete(asyncResult -> {
            if (asyncResult.failed()) {
                throw new RuntimeException(asyncResult.cause());
            }
            countDownLatch.countDown();
        });
        countDownLatch.await();
    }

    @Test
    public void testSwitchUser() throws Exception {
        this.router.route().handler(SessionHandler.create(SessionStore.create(this.vertx)));
        this.router.route("/user-switch/impersonate").handler(routingContext -> {
            routingContext.userContext().loginHint(routingContext.request().getParam("login_hint")).impersonate(routingContext.request().getParam("redirect_uri")).onFailure(th -> {
                if (th instanceof HttpException) {
                    routingContext.fail(th);
                } else {
                    routingContext.fail(500);
                }
            });
        });
        this.router.route("/user-switch/undo").handler(routingContext2 -> {
            routingContext2.userContext().loginHint(routingContext2.request().getParam("login_hint")).restore(routingContext2.request().getParam("redirect_uri")).onFailure(th -> {
                if (th instanceof HttpException) {
                    routingContext2.fail(th);
                } else {
                    routingContext2.fail(500);
                }
            });
        });
        this.router.route("/protected/*").handler(OAuth2AuthHandler.create(this.vertx, this.oauth2, "http://localhost:8080/callback").setupCallback(this.router.route("/callback")));
        AtomicReference atomicReference = new AtomicReference();
        this.router.route("/protected/base").handler(AuthorizationHandler.create(PermissionBasedAuthorization.create("read")).addAuthorizationProvider(ScopeAuthorization.create())).handler(routingContext3 -> {
            assertNotNull(routingContext3.user());
            atomicReference.set(routingContext3.user());
            routingContext3.end("OK");
        });
        this.router.route("/protected/admin").handler(AuthorizationHandler.create(PermissionBasedAuthorization.create("write")).addAuthorizationProvider(ScopeAuthorization.create())).handler(routingContext4 -> {
            assertNotNull(routingContext4.user());
            System.out.println(routingContext4.user().principal().encodePrettily());
            User user = (User) atomicReference.get();
            assertNotNull(user);
            assertFalse(user.equals(routingContext4.user()));
            User user2 = (User) routingContext4.session().get(USER_SWITCH_KEY);
            assertNotNull(user2);
            assertEquals(user2, user);
            routingContext4.response().end("Welcome to the 2nd protected resource!");
        });
        AtomicReference atomicReference2 = new AtomicReference();
        AtomicReference atomicReference3 = new AtomicReference();
        testRequest(HttpMethod.GET, "/protected/base", null, httpClientResponse -> {
            String header = httpClientResponse.getHeader("Location");
            assertNotNull(header);
            for (String str : header.substring(header.indexOf(63) + 1).split("&")) {
                if (str.startsWith("state=")) {
                    atomicReference2.set(str.substring(6));
                }
            }
            String str2 = httpClientResponse.headers().get("set-cookie");
            assertNotNull(str2);
            atomicReference3.set(str2.substring(0, str2.indexOf(59)));
        }, 302, "Found", null);
        testRequest(HttpMethod.GET, "/callback?state=" + ((String) atomicReference2.get()) + "&code=1", httpClientRequest -> {
            httpClientRequest.putHeader(HttpHeaders.COOKIE, (CharSequence) atomicReference3.get());
        }, httpClientResponse2 -> {
            String str = httpClientResponse2.headers().get("set-cookie");
            assertNotNull(str);
            atomicReference3.set(str.substring(0, str.indexOf(59)));
            atomicReference2.set(httpClientResponse2.getHeader(HttpHeaders.LOCATION));
        }, 302, "Found", null);
        testRequest(HttpMethod.GET, (String) atomicReference2.get(), httpClientRequest2 -> {
            httpClientRequest2.putHeader(HttpHeaders.COOKIE, (CharSequence) atomicReference3.get());
        }, httpClientResponse3 -> {
        }, 200, "OK", "OK");
        testRequest(HttpMethod.GET, "/protected/admin", httpClientRequest3 -> {
            httpClientRequest3.putHeader(HttpHeaders.COOKIE, (CharSequence) atomicReference3.get());
        }, httpClientResponse4 -> {
        }, 403, "Forbidden", null);
        testRequest(HttpMethod.GET, "/user-switch/impersonate?redirect_uri=/protected/admin&login_hint=admin", httpClientRequest4 -> {
        }, httpClientResponse5 -> {
        }, 401, "Unauthorized", null);
        testRequest(HttpMethod.GET, "/user-switch/impersonate?redirect_uri=/protected/admin&login_hint=admin", httpClientRequest5 -> {
            httpClientRequest5.putHeader(HttpHeaders.COOKIE, (CharSequence) atomicReference3.get());
        }, httpClientResponse6 -> {
            String str = httpClientResponse6.headers().get("set-cookie");
            assertNotNull(str);
            assertFalse(str.substring(0, str.indexOf(59)).equals(atomicReference3.get()));
            atomicReference3.set(str.substring(0, str.indexOf(59)));
            atomicReference2.set(httpClientResponse6.getHeader(HttpHeaders.LOCATION));
        }, 302, "Found", null);
        testRequest(HttpMethod.GET, (String) atomicReference2.get(), httpClientRequest6 -> {
        }, httpClientResponse7 -> {
            assertNotNull(httpClientResponse7.getHeader("Location"));
            String str = httpClientResponse7.headers().get("set-cookie");
            assertNotNull(str);
            assertFalse(str.substring(0, str.indexOf(59)).equals(atomicReference3.get()));
        }, 302, "Found", null);
        testRequest(HttpMethod.GET, (String) atomicReference2.get(), httpClientRequest7 -> {
            httpClientRequest7.putHeader(HttpHeaders.COOKIE, (CharSequence) atomicReference3.get());
        }, httpClientResponse8 -> {
            String header = httpClientResponse8.getHeader("Location");
            assertNotNull(header);
            boolean z = false;
            for (String str : header.substring(header.indexOf(63) + 1).split("&")) {
                if (str.startsWith("state=")) {
                    atomicReference2.set(str.substring(6));
                }
                if (str.startsWith("login_hint=")) {
                    z = true;
                }
            }
            assertTrue(z);
            assertNull(httpClientResponse8.headers().get("set-cookie"));
        }, 302, "Found", null);
        testRequest(HttpMethod.GET, "/callback?state=" + ((String) atomicReference2.get()) + "&code=1", httpClientRequest8 -> {
            httpClientRequest8.putHeader(HttpHeaders.COOKIE, (CharSequence) atomicReference3.get());
        }, httpClientResponse9 -> {
            String str = httpClientResponse9.headers().get("set-cookie");
            assertNotNull(str);
            atomicReference3.set(str.substring(0, str.indexOf(59)));
            atomicReference2.set(httpClientResponse9.getHeader(HttpHeaders.LOCATION));
        }, 302, "Found", null);
        testRequest(HttpMethod.GET, (String) atomicReference2.get(), httpClientRequest9 -> {
            httpClientRequest9.putHeader(HttpHeaders.COOKIE, (CharSequence) atomicReference3.get());
        }, httpClientResponse10 -> {
        }, 200, "OK", "Welcome to the 2nd protected resource!");
        testRequest(HttpMethod.GET, "/user-switch/undo?redirect_uri=/protected/base", httpClientRequest10 -> {
            httpClientRequest10.putHeader(HttpHeaders.COOKIE, (CharSequence) atomicReference3.get());
        }, httpClientResponse11 -> {
            String str = httpClientResponse11.headers().get("set-cookie");
            assertNotNull(str);
            assertFalse(str.substring(0, str.indexOf(59)).equals(atomicReference3.get()));
            atomicReference3.set(str.substring(0, str.indexOf(59)));
            atomicReference2.set(httpClientResponse11.getHeader(HttpHeaders.LOCATION));
        }, 302, "Found", null);
        testRequest(HttpMethod.GET, (String) atomicReference2.get(), httpClientRequest11 -> {
            httpClientRequest11.putHeader(HttpHeaders.COOKIE, (CharSequence) atomicReference3.get());
        }, httpClientResponse12 -> {
        }, 200, "OK", "OK");
        testRequest(HttpMethod.GET, "/protected/admin", httpClientRequest12 -> {
            httpClientRequest12.putHeader(HttpHeaders.COOKIE, (CharSequence) atomicReference3.get());
        }, httpClientResponse13 -> {
        }, 403, "Forbidden", null);
    }
}
