package io.vertx.ext.auth.test.oauth2;

import io.vertx.core.Handler;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.http.HttpServer;
import io.vertx.core.http.HttpServerRequest;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2ClientOptions;
import io.vertx.ext.auth.oauth2.OAuth2FlowType;
import io.vertx.ext.auth.oauth2.providers.GoogleAuth;
import io.vertx.test.core.VertxTestBase;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicLong;
import org.junit.Test;

/* loaded from: input_file:io/vertx/ext/auth/test/oauth2/OAuth2KeyRotationTest.class */
public class OAuth2KeyRotationTest extends VertxTestBase {
    private static final JsonObject fixtureJwks = new JsonObject("{\"keys\":  [       {    \"kty\":\"RSA\",    \"n\": \"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw\",    \"e\":\"AQAB\",    \"alg\":\"RS256\",    \"kid\":\"1\"   }  ]}");
    protected OAuth2Auth oauth2;
    private HttpServer server;
    private int connectionCounter;
    final AtomicInteger cnt = new AtomicInteger(0);
    final AtomicLong then = new AtomicLong();
    private Handler<HttpServerRequest> requestHandler;

    public void setUp() throws Exception {
        super.setUp();
        this.oauth2 = OAuth2Auth.create(this.vertx, new OAuth2ClientOptions().setFlow(OAuth2FlowType.AUTH_CODE).setClientID("client-id").setClientSecret("client-secret").setJwkPath("/oauth/jwks").setSite("http://localhost:8080"));
        CountDownLatch countDownLatch = new CountDownLatch(1);
        this.server = this.vertx.createHttpServer().connectionHandler(httpConnection -> {
            this.connectionCounter++;
        }).requestHandler(httpServerRequest -> {
            if (httpServerRequest.method() == HttpMethod.GET && "/oauth/jwks".equals(httpServerRequest.path())) {
                httpServerRequest.bodyHandler(buffer -> {
                    if (this.cnt.compareAndSet(0, 1)) {
                        this.then.set(System.currentTimeMillis());
                        httpServerRequest.response().putHeader("Content-Type", "application/json").putHeader("Cache-Control", "public, max-age=5, must-revalidate, no-transform").end(fixtureJwks.encode());
                    } else if (this.cnt.compareAndSet(1, 2)) {
                        this.requestHandler.handle(httpServerRequest);
                    } else {
                        fail("Too many calls on the mock");
                    }
                });
            } else {
                httpServerRequest.response().setStatusCode(400).end();
            }
        }).listen(8080, asyncResult -> {
            if (asyncResult.failed()) {
                throw new RuntimeException(asyncResult.cause());
            }
            countDownLatch.countDown();
        });
        this.connectionCounter = 0;
        countDownLatch.await();
    }

    public void tearDown() throws Exception {
        this.server.close();
        super.tearDown();
    }

    @Test
    public void testLoadJWK() {
        GoogleAuth.create(this.vertx, "", "").loadJWK(asyncResult -> {
            assertFalse(asyncResult.failed());
            testComplete();
        });
        await();
    }

    @Test
    public void testAutoRefresh() {
        this.requestHandler = httpServerRequest -> {
            if (this.then.get() + 5000 > System.currentTimeMillis()) {
                fail("wrong timing: " + (System.currentTimeMillis() - this.then.get()));
            } else {
                httpServerRequest.response().putHeader("Content-Type", "application/json").end(fixtureJwks.encode());
                this.vertx.runOnContext(r3 -> {
                    testComplete();
                });
            }
        };
        this.oauth2.loadJWK(asyncResult -> {
            if (asyncResult.failed()) {
                fail(asyncResult.cause().getMessage());
            }
        });
        await();
    }

    @Test
    public void testMissingKey() {
        this.requestHandler = httpServerRequest -> {
            fail("Unexpected, missing key was not called");
        };
        String str = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjIifQ.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.NYY8FXsouaKSuMafoNshtQ997X4x1Jta0GEtl3BAJGY";
        this.oauth2.loadJWK(asyncResult -> {
            if (asyncResult.failed()) {
                fail(asyncResult.cause());
            } else {
                this.oauth2.missingKeyHandler(str2 -> {
                    if ("HS256#<null>".equals(str2)) {
                        testComplete();
                    } else {
                        fail("wrong key id");
                    }
                }).authenticate(new JsonObject().put("access_token", str), asyncResult -> {
                    if (asyncResult.failed()) {
                        return;
                    }
                    fail("we don't have such key");
                });
            }
        });
        await();
    }
}
