package io.vertx.ext.auth.test.oauth2;

import io.vertx.core.http.HttpMethod;
import io.vertx.core.http.HttpServer;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.authorization.PermissionBasedAuthorization;
import io.vertx.ext.auth.impl.http.SimpleHttpClient;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2FlowType;
import io.vertx.ext.auth.oauth2.OAuth2Options;
import io.vertx.ext.auth.oauth2.authorization.ScopeAuthorization;
import io.vertx.test.core.VertxTestBase;
import java.io.UnsupportedEncodingException;
import java.util.concurrent.CountDownLatch;
import org.junit.Test;

/* loaded from: input_file:io/vertx/ext/auth/test/oauth2/OAuth2IntrospectTest.class */
public class OAuth2IntrospectTest extends VertxTestBase {
    private static final JsonObject fixtureIntrospect = new JsonObject("{  \"active\": true,  \"scope\": \"scopeA scopeB\",  \"client_id\": \"client-id\",  \"username\": \"username\",  \"token_type\": \"bearer\",  \"exp\": 99999999999,  \"iat\": 7200,  \"nbf\": 7200}");
    private static final JsonObject fixtureGoogle = new JsonObject("{  \"audience\": \"8819981768.apps.googleusercontent.com\",  \"user_id\": \"123456789\",  \"scope\": \"profile email\",  \"expires_in\": 436}");
    private static final JsonObject fixtureKeycloak = new JsonObject("{  \"active\": true,  \"exp\": 99999999999,  \"iat\": 1465313839,  \"aud\": \"hello-world-authz-service\",\n  \"nbf\": 0}");
    private static final String token = "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJhdXRob3JpemF0aW9uIjp7InBlcm1pc3Npb25zIjpbeyJyZXNvdXJjZV9zZXRfaWQiOiJkMmZlOTg0My02NDYyLTRiZmMtYmFiYS1iNTc4N2JiNmUwZTciLCJyZXNvdXJjZV9zZXRfbmFtZSI6IkhlbGxvIFdvcmxkIFJlc291cmNlIn1dfSwianRpIjoiZDYxMDlhMDktNzhmZC00OTk4LWJmODktOTU3MzBkZmQwODkyLTE0NjQ5MDY2Nzk0MDUiLCJleHAiOjk5OTk5OTk5OTksIm5iZiI6MCwiaWF0IjoxNDY0OTA2NjcxLCJzdWIiOiJmMTg4OGY0ZC01MTcyLTQzNTktYmUwYy1hZjMzODUwNWQ4NmMiLCJ0eXAiOiJrY19ldHQiLCJhenAiOiJoZWxsby13b3JsZC1hdXRoei1zZXJ2aWNlIn0";
    private static final JsonObject oauthIntrospect = new JsonObject().put("token", token);
    private OAuth2Auth oauth2;
    private HttpServer server;
    private JsonObject config;
    private JsonObject fixture;
    private final OAuth2Options oauthConfig = new OAuth2Options().setFlow(OAuth2FlowType.AUTH_CODE).setClientID("client-id").setClientSecret("client-secret").setSite("http://localhost:8080").setIntrospectionPath("/oauth/introspect");

    public void setUp() throws Exception {
        super.setUp();
        this.oauth2 = OAuth2Auth.create(this.vertx, this.oauthConfig);
        CountDownLatch countDownLatch = new CountDownLatch(1);
        this.server = this.vertx.createHttpServer().requestHandler(httpServerRequest -> {
            if (httpServerRequest.method() == HttpMethod.POST && "/oauth/introspect".equals(httpServerRequest.path())) {
                httpServerRequest.setExpectMultipart(true).bodyHandler(buffer -> {
                    try {
                        JsonObject queryToJson = SimpleHttpClient.queryToJson(buffer);
                        assertEquals(this.config.getString("token"), queryToJson.getString("token"));
                        if (this.config.containsKey("token_type_hint")) {
                            assertEquals(this.config.getString("token_type_hint"), queryToJson.getString("token_type_hint"));
                        }
                    } catch (UnsupportedEncodingException e) {
                        fail(e);
                    }
                    httpServerRequest.response().putHeader("Content-Type", "application/json").end(this.fixture.encode());
                });
            } else if (httpServerRequest.method() == HttpMethod.POST && "/oauth/tokeninfo".equals(httpServerRequest.path())) {
                httpServerRequest.setExpectMultipart(true).bodyHandler(buffer2 -> {
                    try {
                        assertEquals(this.config, SimpleHttpClient.queryToJson(buffer2));
                    } catch (UnsupportedEncodingException e) {
                        fail(e);
                    }
                    httpServerRequest.response().putHeader("Content-Type", "application/json").end(this.fixture.encode());
                });
            } else {
                httpServerRequest.response().setStatusCode(400).end();
            }
        }).listen(8080, asyncResult -> {
            if (asyncResult.failed()) {
                throw new RuntimeException(asyncResult.cause());
            }
            countDownLatch.countDown();
        });
        countDownLatch.await();
    }

    public void tearDown() throws Exception {
        this.server.close();
        super.tearDown();
    }

    @Test
    public void introspectAccessToken() {
        this.config = oauthIntrospect;
        this.fixture = fixtureIntrospect;
        this.oauth2.authenticate(new JsonObject().put("access_token", token).put("token_type", "Bearer"), asyncResult -> {
            if (asyncResult.failed()) {
                fail(asyncResult.cause().getMessage());
                return;
            }
            User user = (User) asyncResult.result();
            assertNotNull(user);
            JsonObject copy = user.principal().copy();
            copy.remove("expires_at");
            copy.remove("access_token");
            assertEquals(fixtureIntrospect.copy().getMap(), copy.getMap());
            ScopeAuthorization.create(" ").getAuthorizations(user, asyncResult -> {
                if (asyncResult.failed()) {
                    fail(asyncResult.cause().getMessage());
                } else if (PermissionBasedAuthorization.create("scopeB").match(user)) {
                    testComplete();
                } else {
                    fail("Should be allowed");
                }
            });
        });
        await();
    }

    @Test
    public void introspectAccessTokenGoogleWay() {
        this.config = oauthIntrospect;
        this.fixture = fixtureGoogle;
        this.oauth2.authenticate(new JsonObject().put("access_token", token).put("token_type", "Bearer"), asyncResult -> {
            if (asyncResult.failed()) {
                fail(asyncResult.cause().getMessage());
                return;
            }
            User user = (User) asyncResult.result();
            assertNotNull(user);
            assertEquals(fixtureGoogle.copy().getMap(), user.principal().copy().getMap());
            ScopeAuthorization.create(" ").getAuthorizations(user, asyncResult -> {
                if (asyncResult.failed()) {
                    fail(asyncResult.cause().getMessage());
                } else if (PermissionBasedAuthorization.create("profile").match(user)) {
                    this.oauth2.authenticate(user.principal().put("access_token", token).put("token_type", "Bearer"), asyncResult -> {
                        if (asyncResult.failed()) {
                            fail(asyncResult.cause());
                        } else {
                            testComplete();
                        }
                    });
                } else {
                    fail("Should be allowed");
                }
            });
        });
        await();
    }

    @Test
    public void introspectAccessTokenKeyCloakWay() {
        this.config = oauthIntrospect;
        this.fixture = fixtureKeycloak;
        this.oauth2.authenticate(new JsonObject().put("access_token", token).put("token_type", "Bearer"), asyncResult -> {
            if (asyncResult.failed()) {
                fail(asyncResult.cause());
                return;
            }
            User user = (User) asyncResult.result();
            assertNotNull(user);
            assertNotNull(user.principal());
            testComplete();
        });
        await();
    }
}
