package pl.edu.icm.unity.rest;

import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import org.apache.hc.client5.http.classic.HttpClient;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.classic.methods.HttpPost;
import org.apache.hc.core5.http.ClassicHttpRequest;
import org.apache.hc.core5.http.ClassicHttpResponse;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.http.io.entity.StringEntity;
import org.apache.hc.core5.http.message.StatusLine;
import org.apache.hc.core5.http.protocol.HttpContext;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.springframework.test.context.TestPropertySource;
import pl.edu.icm.unity.types.I18nString;
import pl.edu.icm.unity.types.authn.AuthenticationFlowDefinition;
import pl.edu.icm.unity.types.authn.AuthenticationRealm;
import pl.edu.icm.unity.types.authn.RememberMePolicy;
import pl.edu.icm.unity.types.endpoint.EndpointConfiguration;

@TestPropertySource(properties = {"unityConfig: src/test/resources/unityServerRest.conf"})
/* loaded from: input_file:pl/edu/icm/unity/rest/TestJWTAuthentication.class */
public class TestJWTAuthentication extends TestRESTBase {
    private static final String JWT_CONFIG = "unity.jwtauthn.tokenTtl=2\nunity.jwtauthn.credential=MAIN\n";

    @Before
    public void setup() throws Exception {
        setupPasswordAuthn();
        createUsernameUserWithRole("Regular User");
        AuthenticationRealm authenticationRealm = new AuthenticationRealm("testr", "", 10, 100, RememberMePolicy.disallow, 1, 600);
        this.realmsMan.addRealm(authenticationRealm);
        this.authnMan.createAuthenticator("Ajwt", "jwt", JWT_CONFIG, (String) null);
        this.authFlowMan.addAuthenticationFlow(new AuthenticationFlowDefinition("flow1", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new String[]{TestRESTBase.AUTHENTICATOR_REST_PASS, "Ajwt"})));
        this.endpointMan.deploy("JWTMan", "jwtMan", "/jwt", new EndpointConfiguration(new I18nString("jwtMan"), "desc", Lists.newArrayList(new String[]{"flow1"}), JWT_CONFIG, authenticationRealm.getName()));
        Assert.assertEquals(1L, this.endpointMan.getDeployedEndpoints().size());
        this.httpServer.start();
    }

    @Test
    public void tokenIsReturned() throws Exception {
        ClassicHttpResponse executeWithLC = executeWithLC(new HttpGet("/jwt/token"));
        Assert.assertEquals(new StatusLine(executeWithLC).toString(), 200L, executeWithLC.getCode());
        System.out.println("Received token: " + EntityUtils.toString(executeWithLC.getEntity()));
    }

    @Test
    public void tokenIsNotReturnedWithoutAuthn() throws Exception {
        Assert.assertEquals(new StatusLine(execute(new HttpGet("/jwt/token"))).toString(), 500L, r0.getCode());
    }

    @Test
    public void tokenCanBeRefreshed() throws Exception {
        String entityUtils = EntityUtils.toString(executeWithLC(new HttpGet("/jwt/token")).getEntity());
        HttpPost httpPost = new HttpPost("/jwt/refreshToken");
        httpPost.setHeader("Authorization", "Bearer " + entityUtils);
        httpPost.setEntity(new StringEntity(entityUtils));
        ClassicHttpResponse execute = execute(httpPost);
        String entityUtils2 = EntityUtils.toString(execute.getEntity());
        Assert.assertEquals(new StatusLine(execute).toString(), 200L, execute.getCode());
        Assert.assertThat(entityUtils2, CoreMatchers.is(CoreMatchers.not(entityUtils)));
    }

    @Test
    public void invalidatedTokenCantBeRefreshed() throws Exception {
        String entityUtils = EntityUtils.toString(executeWithLC(new HttpGet("/jwt/token")).getEntity());
        HttpPost httpPost = new HttpPost("/jwt/invalidateToken");
        httpPost.setHeader("Authorization", "Bearer " + entityUtils);
        httpPost.setEntity(new StringEntity(entityUtils));
        Assert.assertEquals(new StatusLine(execute(httpPost)).toString(), 204L, r0.getCode());
        HttpPost httpPost2 = new HttpPost("/jwt/refreshToken");
        httpPost2.setHeader("Authorization", "Bearer " + entityUtils);
        httpPost2.setEntity(new StringEntity(entityUtils));
        Assert.assertEquals(new StatusLine(execute(httpPost2)).toString(), 410L, r0.getCode());
    }

    @Test
    public void expiredTokenCantBeUsedForAuthenticationOfRequest() throws Exception {
        String entityUtils = EntityUtils.toString(executeWithLC(new HttpGet("/jwt/token")).getEntity());
        Thread.sleep(2001 - (System.currentTimeMillis() - System.currentTimeMillis()));
        HttpPost httpPost = new HttpPost("/jwt/refreshToken");
        httpPost.setHeader("Authorization", "Bearer " + entityUtils);
        httpPost.setEntity(new StringEntity(entityUtils));
        Assert.assertEquals(new StatusLine(execute(httpPost)).toString(), 500L, r0.getCode());
    }

    private ClassicHttpResponse executeWithLC(ClassicHttpRequest classicHttpRequest) throws Exception {
        HttpClient client = getClient();
        HttpHost httpHost = new HttpHost("https", "localhost", 53456);
        return client.executeOpen(httpHost, classicHttpRequest, getClientContext(httpHost));
    }

    private ClassicHttpResponse execute(ClassicHttpRequest classicHttpRequest) throws Exception {
        return getClient().executeOpen(new HttpHost("https", "localhost", 53456), classicHttpRequest, (HttpContext) null);
    }
}
