package io.vertx.ext.auth.test.oauth2;

import io.vertx.core.Future;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.http.HttpServer;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.JWTOptions;
import io.vertx.ext.auth.PubSecKeyOptions;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.authentication.TokenCredentials;
import io.vertx.ext.auth.authorization.PermissionBasedAuthorization;
import io.vertx.ext.auth.impl.http.SimpleHttpClient;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2FlowType;
import io.vertx.ext.auth.oauth2.OAuth2Options;
import io.vertx.ext.auth.oauth2.authorization.ScopeAuthorization;
import io.vertx.ext.unit.Async;
import io.vertx.ext.unit.TestContext;
import io.vertx.ext.unit.junit.RunTestOnContext;
import io.vertx.ext.unit.junit.VertxUnitRunner;
import java.io.UnsupportedEncodingException;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(VertxUnitRunner.class)
/* loaded from: input_file:io/vertx/ext/auth/test/oauth2/Oauth2TokenScopeTest.class */
public class Oauth2TokenScopeTest {

    @Rule
    public RunTestOnContext rule = new RunTestOnContext();
    private static final String JWT = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6InNjb3BlQSBzY29wZUIgc2NvcGVDIiwiZXhwIjo5OTk5OTk5OTk5LCJuYmYiOjAsImlhdCI6MTQ2NDkwNjY3MSwic3ViIjoiZjE4ODhmNGQtNTE3Mi00MzU5LWJlMGMtYWYzMzg1MDVkODZjIn0.7aJYjGVe4YfdnYTlQH_FYhRCjvctcE7DtWwzxXrbLmM";
    private OAuth2Auth oauth2;
    private HttpServer server;
    private JsonObject config;
    private OAuth2Options oauthConfig;
    private JsonObject fixtureIntrospect;

    @Before
    public void setUp(TestContext testContext) {
        Async async = testContext.async();
        this.fixtureIntrospect = new JsonObject("{  \"active\": true,  \"scope\": \"scopeA scopeB\",  \"client_id\": \"client-id\",  \"username\": \"username\",  \"token_type\": \"bearer\",  \"exp\": 99999999999,  \"iat\": 7200,  \"nbf\": 7200}");
        this.oauthConfig = new OAuth2Options().setFlow(OAuth2FlowType.AUTH_CODE).setClientId("client-id").setClientSecret("client-secret");
        this.oauth2 = OAuth2Auth.create(this.rule.vertx(), this.oauthConfig);
        this.server = this.rule.vertx().createHttpServer().requestHandler(httpServerRequest -> {
            if (httpServerRequest.method() == HttpMethod.POST && "/oauth/introspect".equals(httpServerRequest.path())) {
                httpServerRequest.setExpectMultipart(true).bodyHandler(buffer -> {
                    try {
                        JsonObject queryToJson = SimpleHttpClient.queryToJson(buffer);
                        testContext.assertEquals(this.config.getString("token"), queryToJson.getString("token"));
                        if (this.config.containsKey("token_type_hint")) {
                            testContext.assertEquals(this.config.getString("token_type_hint"), queryToJson.getString("token_type_hint"));
                        }
                    } catch (UnsupportedEncodingException e) {
                        testContext.fail(e);
                    }
                    httpServerRequest.response().putHeader("Content-Type", "application/json").end(this.fixtureIntrospect.encode());
                });
            } else {
                httpServerRequest.response().setStatusCode(400).end();
            }
        }).listen(0, asyncResult -> {
            if (asyncResult.failed()) {
                throw new RuntimeException(asyncResult.cause());
            }
            this.oauthConfig.setSite("http://localhost:" + ((HttpServer) asyncResult.result()).actualPort());
            async.complete();
        });
    }

    @After
    public void tearDown(TestContext testContext) throws Exception {
        Async async = testContext.async();
        Future close = this.server.close();
        testContext.getClass();
        close.onFailure(testContext::fail).onSuccess(r3 -> {
            async.complete();
        });
    }

    @Test
    public void tokenIsValid(TestContext testContext) {
        Async async = testContext.async();
        this.config = new JsonObject().put("token_type", "Bearer").put("access_token", JWT).put("token", JWT);
        this.oauthConfig.addPubSecKey(new PubSecKeyOptions().setAlgorithm("HS256").setBuffer("vertx")).setJWTOptions(new JWTOptions());
        this.oauth2 = OAuth2Auth.create(this.rule.vertx(), this.oauthConfig);
        this.oauth2.authenticate(new TokenCredentials(JWT), asyncResult -> {
            if (asyncResult.failed()) {
                testContext.fail(asyncResult.cause());
            } else {
                testContext.assertFalse(((User) asyncResult.result()).expired());
                async.complete();
            }
        });
    }

    @Test
    public void tokenIsValid_withIntrospection(TestContext testContext) {
        Async async = testContext.async();
        this.config = new JsonObject().put("token_type", "Bearer").put("access_token", "opaqueToken").put("token", "opaqueToken");
        this.oauthConfig.setIntrospectionPath("/oauth/introspect").setJWTOptions(new JWTOptions());
        this.oauth2 = OAuth2Auth.create(this.rule.vertx(), this.oauthConfig);
        this.oauth2.authenticate(new TokenCredentials("opaqueToken"), asyncResult -> {
            if (asyncResult.failed()) {
                testContext.fail(asyncResult.cause());
                return;
            }
            User user = (User) asyncResult.result();
            testContext.assertFalse(user.expired());
            ScopeAuthorization.create(" ").getAuthorizations(user, asyncResult -> {
                testContext.assertTrue(asyncResult.succeeded());
                testContext.assertTrue(PermissionBasedAuthorization.create("scopeA").match(user));
                testContext.assertTrue(PermissionBasedAuthorization.create("scopeB").match(user));
                async.complete();
            });
        });
    }

    @Test
    public void tokenIsNotValid(TestContext testContext) {
        Async async = testContext.async();
        this.config = new JsonObject().put("token_type", "Bearer").put("access_token", JWT).put("token", JWT);
        this.oauthConfig.addPubSecKey(new PubSecKeyOptions().setAlgorithm("HS256").setBuffer("vertx")).setJWTOptions(new JWTOptions());
        this.oauth2 = OAuth2Auth.create(this.rule.vertx(), this.oauthConfig);
        this.oauth2.authenticate(new TokenCredentials(JWT), asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            ScopeAuthorization.create(" ").getAuthorizations((User) asyncResult.result(), asyncResult -> {
                testContext.assertTrue(asyncResult.succeeded());
                testContext.assertFalse(PermissionBasedAuthorization.create("scopeX").match((User) asyncResult.result()));
                testContext.assertFalse(PermissionBasedAuthorization.create("scopeB").match((User) asyncResult.result()));
                async.complete();
            });
        });
    }

    @Test
    public void tokenIsNotValid_withIntrospection(TestContext testContext) {
        Async async = testContext.async();
        this.config = new JsonObject().put("token_type", "Bearer").put("access_token", "opaqueToken").put("token", "opaqueToken");
        this.oauthConfig.setIntrospectionPath("/oauth/introspect").setJWTOptions(new JWTOptions());
        this.oauth2 = OAuth2Auth.create(this.rule.vertx(), this.oauthConfig);
        this.oauth2.authenticate(new TokenCredentials("opaqueToken"), asyncResult -> {
            testContext.assertTrue(asyncResult.succeeded());
            ScopeAuthorization.create(" ").getAuthorizations((User) asyncResult.result(), asyncResult -> {
                testContext.assertTrue(asyncResult.succeeded());
                testContext.assertTrue(PermissionBasedAuthorization.create("scopeA").match((User) asyncResult.result()));
                testContext.assertTrue(PermissionBasedAuthorization.create("scopeB").match((User) asyncResult.result()));
                testContext.assertFalse(PermissionBasedAuthorization.create("scopeX").match((User) asyncResult.result()));
                async.complete();
            });
        });
    }

    @Test
    public void shouldNotFailWhenNoIntrospectionScope(TestContext testContext) {
        Async async = testContext.async();
        this.fixtureIntrospect = new JsonObject("{  \"active\": true,  \"client_id\": \"client-id\",  \"username\": \"username\",  \"token_type\": \"bearer\",  \"exp\": 99999999999,  \"iat\": 7200,  \"nbf\": 7200}");
        this.config = new JsonObject().put("token_type", "Bearer").put("access_token", "opaqueToken").put("token", "opaqueToken");
        this.oauthConfig.setIntrospectionPath("/oauth/introspect").setJWTOptions(new JWTOptions());
        this.oauth2 = OAuth2Auth.create(this.rule.vertx(), this.oauthConfig);
        this.oauth2.authenticate(new TokenCredentials("opaqueToken"), asyncResult -> {
            if (asyncResult.failed()) {
                testContext.fail("Test should have not failed");
                return;
            }
            User user = (User) asyncResult.result();
            testContext.assertEquals("username", user.principal().getValue("username"));
            testContext.assertNull(user.principal().getValue("scope"));
            async.complete();
        });
    }

    @Test
    public void shouldNotFailWhenNoScopeRequired(TestContext testContext) {
        Async async = testContext.async();
        this.config = new JsonObject().put("token_type", "Bearer").put("access_token", JWT).put("token", JWT);
        this.oauthConfig.setJWTOptions(new JWTOptions()).addPubSecKey(new PubSecKeyOptions().setAlgorithm("HS256").setBuffer("vertx"));
        this.oauth2 = OAuth2Auth.create(this.rule.vertx(), this.oauthConfig);
        this.oauth2.authenticate(new TokenCredentials(JWT), asyncResult -> {
            if (asyncResult.failed()) {
                testContext.fail("Test should have not failed");
            } else {
                testContext.assertNotNull((User) asyncResult.result());
                async.complete();
            }
        });
    }
}
