package pl.edu.icm.unity.rest;

import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import org.apache.hc.client5.http.classic.HttpClient;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.classic.methods.HttpPost;
import org.apache.hc.core5.http.ClassicHttpRequest;
import org.apache.hc.core5.http.ClassicHttpResponse;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.http.io.entity.StringEntity;
import org.apache.hc.core5.http.message.StatusLine;
import org.apache.hc.core5.http.protocol.HttpContext;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.test.context.TestPropertySource;
import pl.edu.icm.unity.base.authn.AuthenticationFlowDefinition;
import pl.edu.icm.unity.base.authn.AuthenticationRealm;
import pl.edu.icm.unity.base.authn.RememberMePolicy;
import pl.edu.icm.unity.base.endpoint.EndpointConfiguration;
import pl.edu.icm.unity.base.i18n.I18nString;

@TestPropertySource(properties = {"unityConfig: src/test/resources/unityServerRest.conf"})
/* loaded from: input_file:pl/edu/icm/unity/rest/TestJWTAuthentication.class */
public class TestJWTAuthentication extends TestRESTBase {
    private static final String JWT_CONFIG = "unity.jwtauthn.tokenTtl=2\nunity.jwtauthn.credential=MAIN\n";

    @BeforeEach
    public void setup() throws Exception {
        setupPasswordAuthn();
        createUsernameUserWithRole("Regular User");
        AuthenticationRealm authenticationRealm = new AuthenticationRealm("testr", "", 10, 100, RememberMePolicy.disallow, 1, 600);
        this.realmsMan.addRealm(authenticationRealm);
        this.authnMan.createAuthenticator("Ajwt", "jwt", JWT_CONFIG, (String) null);
        this.authFlowMan.addAuthenticationFlow(new AuthenticationFlowDefinition("flow1", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new String[]{TestRESTBase.AUTHENTICATOR_REST_PASS, "Ajwt"})));
        this.endpointMan.deploy("JWTMan", "jwtMan", "/jwt", new EndpointConfiguration(new I18nString("jwtMan"), "desc", Lists.newArrayList(new String[]{"flow1"}), JWT_CONFIG, authenticationRealm.getName()));
        Assertions.assertEquals(1, this.endpointMan.getDeployedEndpoints().size());
        this.httpServer.start();
    }

    @Test
    public void tokenIsReturned() throws Exception {
        ClassicHttpResponse executeWithLC = executeWithLC(new HttpGet("/jwt/token"));
        Assertions.assertEquals(200, executeWithLC.getCode(), new StatusLine(executeWithLC).toString());
        System.out.println("Received token: " + EntityUtils.toString(executeWithLC.getEntity()));
    }

    @Test
    public void tokenIsNotReturnedWithoutAuthn() throws Exception {
        ClassicHttpResponse execute = execute(new HttpGet("/jwt/token"));
        Assertions.assertEquals(500, execute.getCode(), new StatusLine(execute).toString());
    }

    @Test
    public void tokenCanBeRefreshed() throws Exception {
        String entityUtils = EntityUtils.toString(executeWithLC(new HttpGet("/jwt/token")).getEntity());
        HttpPost httpPost = new HttpPost("/jwt/refreshToken");
        httpPost.setHeader("Authorization", "Bearer " + entityUtils);
        httpPost.setEntity(new StringEntity(entityUtils));
        ClassicHttpResponse execute = execute(httpPost);
        String entityUtils2 = EntityUtils.toString(execute.getEntity());
        Assertions.assertEquals(200, execute.getCode(), new StatusLine(execute).toString());
        org.assertj.core.api.Assertions.assertThat(entityUtils2).isNotEqualTo(entityUtils);
    }

    @Test
    public void invalidatedTokenCantBeRefreshed() throws Exception {
        String entityUtils = EntityUtils.toString(executeWithLC(new HttpGet("/jwt/token")).getEntity());
        HttpPost httpPost = new HttpPost("/jwt/invalidateToken");
        httpPost.setHeader("Authorization", "Bearer " + entityUtils);
        httpPost.setEntity(new StringEntity(entityUtils));
        ClassicHttpResponse execute = execute(httpPost);
        Assertions.assertEquals(204, execute.getCode(), new StatusLine(execute).toString());
        HttpPost httpPost2 = new HttpPost("/jwt/refreshToken");
        httpPost2.setHeader("Authorization", "Bearer " + entityUtils);
        httpPost2.setEntity(new StringEntity(entityUtils));
        ClassicHttpResponse execute2 = execute(httpPost2);
        Assertions.assertEquals(410, execute2.getCode(), new StatusLine(execute2).toString());
    }

    @Test
    public void expiredTokenCantBeUsedForAuthenticationOfRequest() throws Exception {
        String entityUtils = EntityUtils.toString(executeWithLC(new HttpGet("/jwt/token")).getEntity());
        Thread.sleep(2001 - (System.currentTimeMillis() - System.currentTimeMillis()));
        HttpPost httpPost = new HttpPost("/jwt/refreshToken");
        httpPost.setHeader("Authorization", "Bearer " + entityUtils);
        httpPost.setEntity(new StringEntity(entityUtils));
        ClassicHttpResponse execute = execute(httpPost);
        Assertions.assertEquals(500, execute.getCode(), new StatusLine(execute).toString());
    }

    private ClassicHttpResponse executeWithLC(ClassicHttpRequest classicHttpRequest) throws Exception {
        HttpClient client = getClient();
        HttpHost httpHost = new HttpHost("https", "localhost", 53456);
        return client.executeOpen(httpHost, classicHttpRequest, getClientContext(httpHost));
    }

    private ClassicHttpResponse execute(ClassicHttpRequest classicHttpRequest) throws Exception {
        return getClient().executeOpen(new HttpHost("https", "localhost", 53456), classicHttpRequest, (HttpContext) null);
    }
}
