package io.vertx.ext.web.handler;

import io.vertx.core.http.HttpMethod;
import io.vertx.core.http.HttpServer;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.JWTOptions;
import io.vertx.ext.auth.PubSecKeyOptions;
import io.vertx.ext.auth.impl.jose.JWK;
import io.vertx.ext.auth.impl.jose.JWT;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2FlowType;
import io.vertx.ext.auth.oauth2.OAuth2Options;
import io.vertx.ext.web.WebTestBase;
import io.vertx.ext.web.sstore.SessionStore;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.atomic.AtomicReference;
import org.junit.Test;

/* loaded from: input_file:io/vertx/ext/web/handler/OAuth2AuthHandlerTest.class */
public class OAuth2AuthHandlerTest extends WebTestBase {
    private static final JsonObject fixture = new JsonObject("{  \"access_token\": \"4adc339e0\",  \"refresh_token\": \"ec1a59d298\",  \"token_type\": \"bearer\",  \"expires_in\": 7200}");
    private String redirectURL = null;

    @Override // io.vertx.ext.web.WebTestBase
    public void tearDown() throws Exception {
        super.tearDown();
    }

    @Test
    public void testAuthCodeFlow() throws Exception {
        OAuth2Auth create = OAuth2Auth.create(this.vertx, new OAuth2Options().setClientID("client-id").setFlow(OAuth2FlowType.AUTH_CODE).setClientSecret("client-secret").setSite("http://localhost:10000"));
        CountDownLatch countDownLatch = new CountDownLatch(1);
        HttpServer listen = this.vertx.createHttpServer().requestHandler(httpServerRequest -> {
            if (httpServerRequest.method() == HttpMethod.POST && "/oauth/token".equals(httpServerRequest.path())) {
                httpServerRequest.setExpectMultipart(true).bodyHandler(buffer -> {
                    httpServerRequest.response().putHeader("Content-Type", "application/json").end(fixture.encode());
                });
            } else if (httpServerRequest.method() == HttpMethod.POST && "/oauth/revoke".equals(httpServerRequest.path())) {
                httpServerRequest.setExpectMultipart(true).bodyHandler(buffer2 -> {
                    httpServerRequest.response().end();
                });
            } else {
                httpServerRequest.response().setStatusCode(400).end();
            }
        }).listen(10000, asyncResult -> {
            if (asyncResult.failed()) {
                throw new RuntimeException(asyncResult.cause());
            }
            countDownLatch.countDown();
        });
        countDownLatch.await();
        OAuth2AuthHandler create2 = OAuth2AuthHandler.create(this.vertx, create, "http://localhost:8080/callback");
        create2.setupCallback(this.router.route());
        this.router.route("/protected/*").handler(create2);
        this.router.route("/protected/somepage").handler(routingContext -> {
            assertNotNull(routingContext.user());
            routingContext.response().end("Welcome to the protected resource!");
        });
        testRequest(HttpMethod.GET, "/protected/somepage", null, httpClientResponse -> {
            this.redirectURL = httpClientResponse.getHeader("Location");
            assertNotNull(this.redirectURL);
        }, 302, "Found", null);
        testRequest(HttpMethod.GET, "/callback?state=/protected/somepage&code=1", null, httpClientResponse2 -> {
        }, 200, "OK", "Welcome to the protected resource!");
        listen.close();
    }

    @Test
    public void testAuthCodeFlowBypass() throws Exception {
        OAuth2Auth create = OAuth2Auth.create(this.vertx, new OAuth2Options().setClientID("client-id").setFlow(OAuth2FlowType.AUTH_CODE).setClientSecret("client-secret").setSite("http://localhost:10000"));
        CountDownLatch countDownLatch = new CountDownLatch(1);
        HttpServer listen = this.vertx.createHttpServer().requestHandler(httpServerRequest -> {
            if (httpServerRequest.method() == HttpMethod.POST && "/oauth/token".equals(httpServerRequest.path())) {
                httpServerRequest.setExpectMultipart(true).bodyHandler(buffer -> {
                    httpServerRequest.response().setStatusCode(400).putHeader("Content-Type", "application/json").end(new JsonObject().put("error", 400).put("error_description", "invalid code").encode());
                });
            } else if (httpServerRequest.method() == HttpMethod.POST && "/oauth/revoke".equals(httpServerRequest.path())) {
                httpServerRequest.setExpectMultipart(true).bodyHandler(buffer2 -> {
                    httpServerRequest.response().end();
                });
            } else {
                httpServerRequest.response().setStatusCode(400).end();
            }
        }).listen(10000, asyncResult -> {
            if (asyncResult.failed()) {
                throw new RuntimeException(asyncResult.cause());
            }
            countDownLatch.countDown();
        });
        countDownLatch.await();
        OAuth2AuthHandler create2 = OAuth2AuthHandler.create(this.vertx, create, "http://localhost:8080/callback");
        create2.setupCallback(this.router.route());
        this.router.route("/protected/*").handler(create2);
        this.router.route("/protected/somepage").handler(routingContext -> {
            assertNotNull(routingContext.user());
            routingContext.response().end("Welcome to the protected resource!");
        });
        testRequest(HttpMethod.GET, "/callback?state=/protected/somepage&code=1", 500, "Internal Server Error");
        listen.close();
    }

    @Test
    public void testAuthPKCECodeFlow() throws Exception {
        AtomicReference atomicReference = new AtomicReference();
        OAuth2Auth create = OAuth2Auth.create(this.vertx, new OAuth2Options().setClientID("client-id").setFlow(OAuth2FlowType.AUTH_CODE).setClientSecret("client-secret").setSite("http://localhost:10000"));
        CountDownLatch countDownLatch = new CountDownLatch(1);
        HttpServer listen = this.vertx.createHttpServer().requestHandler(httpServerRequest -> {
            if (httpServerRequest.method() == HttpMethod.POST && "/oauth/token".equals(httpServerRequest.path())) {
                httpServerRequest.setExpectMultipart(true).bodyHandler(buffer -> {
                    int i = 0;
                    for (String str : buffer.toString().split("&")) {
                        if (str.equals("code=1")) {
                            i++;
                        }
                        if (str.startsWith("code_verifier=")) {
                            try {
                                MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                                messageDigest.update(str.substring(14).getBytes(StandardCharsets.US_ASCII));
                                if (((String) atomicReference.get()).equals(Base64.getUrlEncoder().withoutPadding().encodeToString(messageDigest.digest()))) {
                                    i++;
                                }
                            } catch (NoSuchAlgorithmException e) {
                                e.printStackTrace();
                            }
                        }
                        if (str.equals("grant_type=authorization_code")) {
                            i++;
                        }
                    }
                    assertEquals(3L, i);
                    httpServerRequest.response().putHeader("Content-Type", "application/json").end(fixture.encode());
                });
            } else if (httpServerRequest.method() == HttpMethod.POST && "/oauth/revoke".equals(httpServerRequest.path())) {
                httpServerRequest.setExpectMultipart(true).bodyHandler(buffer2 -> {
                    httpServerRequest.response().end();
                });
            } else {
                httpServerRequest.response().setStatusCode(400).end();
            }
        }).listen(10000, asyncResult -> {
            if (asyncResult.failed()) {
                throw new RuntimeException(asyncResult.cause());
            }
            countDownLatch.countDown();
        });
        countDownLatch.await();
        this.router.route().handler(SessionHandler.create(SessionStore.create(this.vertx)));
        OAuth2AuthHandler pkceVerifierLength = OAuth2AuthHandler.create(this.vertx, create, "http://localhost:8080/callback").pkceVerifierLength(64);
        pkceVerifierLength.setupCallback(this.router.route("/callback"));
        this.router.route("/protected/*").handler(pkceVerifierLength);
        this.router.route("/protected/somepage").handler(routingContext -> {
            assertNotNull(routingContext.user());
            routingContext.response().end("Welcome to the protected resource!");
        });
        AtomicReference atomicReference2 = new AtomicReference();
        AtomicReference atomicReference3 = new AtomicReference();
        testRequest(HttpMethod.GET, "/protected/somepage", null, httpClientResponse -> {
            this.redirectURL = httpClientResponse.getHeader("Location");
            assertNotNull(this.redirectURL);
            assertTrue(this.redirectURL.contains("&code_challenge="));
            assertTrue(this.redirectURL.contains("&code_challenge_method="));
            String str = null;
            String str2 = null;
            String str3 = null;
            for (String str4 : this.redirectURL.substring(this.redirectURL.indexOf(63) + 1).split("&")) {
                if (str4.startsWith("code_challenge=")) {
                    str = str4.substring(15);
                }
                if (str4.startsWith("code_challenge_method=")) {
                    str2 = str4.substring(22);
                }
                if (str4.startsWith("state=")) {
                    str3 = str4.substring(6);
                }
            }
            assertNotNull(str3);
            assertNotNull(str);
            assertNotNull(str2);
            assertTrue(str.length() >= 43 && str.length() <= 128);
            assertEquals("S256", str2);
            atomicReference.set(str);
            atomicReference3.set(str3);
            atomicReference2.set(httpClientResponse.getHeader("set-cookie"));
        }, 302, "Found", null);
        testRequest(HttpMethod.GET, "/callback?state=" + ((String) atomicReference3.get()) + "&code=1", httpClientRequest -> {
            httpClientRequest.putHeader("cookie", (String) atomicReference2.get());
        }, httpClientResponse2 -> {
        }, 302, "Found", "Redirecting to /protected/somepage.");
        listen.close();
    }

    @Test
    public void testAuthCodeFlowBadSetup() throws Exception {
        OAuth2Auth create = OAuth2Auth.create(this.vertx, new OAuth2Options().setFlow(OAuth2FlowType.AUTH_CODE).setClientID("client-id").setClientSecret("client-secret").setSite("http://localhost:10000"));
        CountDownLatch countDownLatch = new CountDownLatch(1);
        HttpServer listen = this.vertx.createHttpServer().requestHandler(httpServerRequest -> {
            if (httpServerRequest.method() == HttpMethod.POST && "/oauth/token".equals(httpServerRequest.path())) {
                httpServerRequest.setExpectMultipart(true).bodyHandler(buffer -> {
                    httpServerRequest.response().putHeader("Content-Type", "application/json").end(fixture.encode());
                });
            } else if (httpServerRequest.method() == HttpMethod.POST && "/oauth/revoke".equals(httpServerRequest.path())) {
                httpServerRequest.setExpectMultipart(true).bodyHandler(buffer2 -> {
                    httpServerRequest.response().end();
                });
            } else {
                httpServerRequest.response().setStatusCode(400).end();
            }
        }).listen(10000, asyncResult -> {
            if (asyncResult.failed()) {
                throw new RuntimeException(asyncResult.cause());
            }
            countDownLatch.countDown();
        });
        countDownLatch.await();
        this.router.route().handler(OAuth2AuthHandler.create(this.vertx, create, "http://localhost:8080/callback").setupCallback(this.router.route()));
        this.router.route("/protected/somepage").handler(routingContext -> {
            assertNotNull(routingContext.user());
            routingContext.response().end("Welcome to the protected resource!");
        });
        testRequest(HttpMethod.GET, "/protected/somepage", null, httpClientResponse -> {
            this.redirectURL = httpClientResponse.getHeader("Location");
            assertNotNull(this.redirectURL);
        }, 302, "Found", null);
        testRequest(HttpMethod.GET, "/callback?state=/protected/somepage&code=1", null, httpClientResponse2 -> {
        }, 500, "Internal Server Error", "Internal Server Error");
        this.router.clear();
        this.router.route().handler(OAuth2AuthHandler.create(this.vertx, create, "http://localhost:8080/callback").setupCallback(this.router.route()));
        this.router.route("/protected/somepage").handler(routingContext2 -> {
            assertNotNull(routingContext2.user());
            routingContext2.response().end("Welcome to the protected resource!");
        });
        testRequest(HttpMethod.GET, "/protected/somepage", null, httpClientResponse3 -> {
            this.redirectURL = httpClientResponse3.getHeader("Location");
            assertNotNull(this.redirectURL);
        }, 302, "Found", null);
        testRequest(HttpMethod.GET, "/callback?state=/protected/somepage&code=1", null, httpClientResponse4 -> {
        }, 200, "OK", "Welcome to the protected resource!");
        listen.close();
    }

    @Test
    public void testPasswordFlow() throws Exception {
        OAuth2Auth create = OAuth2Auth.create(this.vertx, new OAuth2Options().setClientID("client-id").setClientSecret("client-secret").setSite("http://localhost:10000").setFlow(OAuth2FlowType.PASSWORD));
        CountDownLatch countDownLatch = new CountDownLatch(1);
        HttpServer listen = this.vertx.createHttpServer().requestHandler(httpServerRequest -> {
            if (httpServerRequest.method() == HttpMethod.POST && "/oauth/token".equals(httpServerRequest.path())) {
                httpServerRequest.setExpectMultipart(true).bodyHandler(buffer -> {
                    String buffer = buffer.toString();
                    assertTrue(buffer.contains("username=paulo"));
                    assertTrue(buffer.contains("password=bananas"));
                    assertTrue(buffer.contains("grant_type=password"));
                    httpServerRequest.response().putHeader("Content-Type", "application/json").end(fixture.encode());
                });
            } else if (httpServerRequest.method() == HttpMethod.POST && "/oauth/revoke".equals(httpServerRequest.path())) {
                httpServerRequest.setExpectMultipart(true).bodyHandler(buffer2 -> {
                    httpServerRequest.response().end();
                });
            } else {
                httpServerRequest.response().setStatusCode(400).end();
            }
        }).listen(10000, asyncResult -> {
            if (asyncResult.failed()) {
                throw new RuntimeException(asyncResult.cause());
            }
            countDownLatch.countDown();
        });
        countDownLatch.await();
        this.router.route("/protected/*").handler(BasicAuthHandler.create(create));
        this.router.route("/protected/somepage").handler(routingContext -> {
            assertNotNull(routingContext.user());
            routingContext.response().end("Welcome to the protected resource!");
        });
        testRequest(HttpMethod.GET, "/protected/somepage", httpClientRequest -> {
            httpClientRequest.putHeader("Authorization", "Basic " + Base64.getEncoder().encodeToString("paulo:bananas".getBytes(StandardCharsets.UTF_8)));
        }, httpClientResponse -> {
        }, 200, "OK", "Welcome to the protected resource!");
        testRequest(HttpMethod.GET, "/protected/somepage", 401, "Unauthorized");
        listen.close();
    }

    @Test
    public void testBearerOnly() throws Exception {
        this.router.route("/protected/*").handler(OAuth2AuthHandler.create(this.vertx, OAuth2Auth.create(this.vertx, new OAuth2Options().setFlow(OAuth2FlowType.AUTH_CODE).setClientID("client-id"))));
        this.router.route("/protected/somepage").handler(routingContext -> {
            assertNotNull(routingContext.user());
            routingContext.response().end("Welcome to the protected resource!");
        });
        testRequest(HttpMethod.GET, "/protected/somepage", 401, "Unauthorized");
        testRequest(HttpMethod.GET, "/protected/somepage", httpClientRequest -> {
            httpClientRequest.putHeader("Authorization", "Bearer 4adc339e0");
        }, 401, "Unauthorized", "Unauthorized");
    }

    @Test
    public void testBearerOnlyWithJWT() throws Exception {
        OAuth2Auth create = OAuth2Auth.create(this.vertx, new OAuth2Options().setClientID("dummy-client").addPubSecKey(new PubSecKeyOptions().setAlgorithm("RS256").setBuffer("-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuIC9Qvwoe/3tUpHkcUp\nvWmzQqnZtz3HBKbxzc/jBTxUHefJDs88Xjw5nNXhl4tXkHzFRAZHtDnwX074/2oc\nPRSWaBjHYXB771af91UPrc9fb4lh3W1a8hmQU6sgKlQVwDnUuePDkCmwKCsuyX0M\nwxuwOwEUo4r15NBh/H7FvuHVPnqWK1/kliYtQukF3svQkpZT6/puQ0bEOefROLB+\nEAPM0OAaDyknjxCZJenk9FIyC6skOKVaxW7CcE54lIUjS1GKFQc44/+T+u0VKSmh\nrRdBNcAhXmdpwjLoDTy/I8z+uqkKitdEVczCdleNqeb6b1kjPWS3VbLXxY/LIYlz\nuQIDAQAB\n-----END PUBLIC KEY-----")));
        assertNotNull(create);
        JWT addJWK = new JWT().addJWK(new JWK(new PubSecKeyOptions().setAlgorithm("RS256").setBuffer("-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCa4gL1C/Ch7/e1\nSkeRxSm9abNCqdm3PccEpvHNz+MFPFQd58kOzzxePDmc1eGXi1eQfMVEBke0OfBf\nTvj/ahw9FJZoGMdhcHvvVp/3VQ+tz19viWHdbVryGZBTqyAqVBXAOdS548OQKbAo\nKy7JfQzDG7A7ARSjivXk0GH8fsW+4dU+epYrX+SWJi1C6QXey9CSllPr+m5DRsQ5\n59E4sH4QA8zQ4BoPKSePEJkl6eT0UjILqyQ4pVrFbsJwTniUhSNLUYoVBzjj/5P6\n7RUpKaGtF0E1wCFeZ2nCMugNPL8jzP66qQqK10RVzMJ2V42p5vpvWSM9ZLdVstfF\nj8shiXO5AgMBAAECggEAIriwOQcoNuV4/qdcTA2LQe9ERJmXOUEcMKrMYntMRYw0\nv0+K/0ruGaIeuE4qeLLAOp/+CTXvNTQX8wXdREUhd3/6B/QmHm39GrasveHP1gM7\nPeHqkp1FWijo9hjS6SpYhfNxAQtSeCsgVqD3qCvkhIjchR3E5rTsUxN0JAq3ggb9\nWCJ2LUxOOTHAWL4cv7FIKfwU/bwjBdHbSLuh7em4IE8tzcFgh49281APprGb4a3d\nCPlIZC+CQmTFKPGzT0WDNc3EbPPKcx8ECRf1Zo94Tqnzv7FLgCmr0o4O9e6E3yss\nUwp7EKPUQyAwBkc+pHwqUmOPqHB+z28JUOwqoD0vQQKBgQDNiXSydWh9BUWAleQU\nfgSF0bjlt38HVcyMKGC1xQhi8VeAfLJxGCGbdxsPFNCtMPDLRRyd4xHBmsCmPPli\nCFHD1UbfNuKma6azl6A86geuTolgrHoxp57tZwoBpG9JHoTA53pfBPxb8q39YXKh\nDSXsJVldxsHwzFAklj3ZqzWq3QKBgQDA6M/VW3SXEt1NWwMI+WGa/QKHDjLDhZzF\nF3iQTtzDDmA4louAzX1cykNo6Y7SpORi0ralml65iwT2HZtE8w9vbw4LNmBiHmlX\nAvpZSHT6/7nQeiFtxZu9cyw4GGpNSaeqp4Cq6TGYmfbq4nIdryzUU2AgsqSZyrra\nxh7K+2I4jQKBgGjC8xQy+7sdgLt1qvc29B8xMkkEKl8WwFeADSsY7plf4fW/mURD\nxH11S/l35pUgKNuysk9Xealws1kIIyRwkRx8DM+hLg0dOa64Thg+QQP7S9JWl0HP\n6hWfO15y7bYbNBcO5TShWe+T1lMb5E1qYjXnI5HEyP1vZjn/yi60MXqRAoGAe6F4\n+QLIwL1dSOMoGctBS4QU55so23e41fNJ2CpCf1uqPPn2Y9DOI/aYpxbv6n20xMTI\nO2+of37h6h1lUhX38XGZ7YOm15sn5ZTJ/whZuDbFzh9HZ0N6oTq7vyOelPO8WblJ\n077pgyRBQ51mhzGqKFVayPnUVZ/Ais7oEyxycU0CgYEAzEUhmN22ykywh0My83z/\n7yl2tyrlv2hcZbaP7+9eHdUafGG8jMTVD7jxhzAbiSo2UeyHUnAItDnLetLh89K6\n0oF3/rZLqugtb+f48dgRE/SDF4Itgp5fDqWHLhEW7ZhWCFlFgZ3sq0XryIxzFof0\nO/Fd1NnotirzTnob5ReblIM=\n-----END PRIVATE KEY-----\n")));
        assertNotNull(addJWK);
        this.router.route("/protected/*").handler(OAuth2AuthHandler.create(this.vertx, create));
        this.router.route("/protected/somepage").handler(routingContext -> {
            assertNotNull(routingContext.user());
            routingContext.response().end("Welcome to the protected resource!");
        });
        testRequest(HttpMethod.GET, "/protected/somepage", 401, "Unauthorized");
        testRequest(HttpMethod.GET, "/protected/somepage", httpClientRequest -> {
            httpClientRequest.putHeader("Authorization", "Bearer 4adc339e0");
        }, 401, "Unauthorized", "Unauthorized");
        String sign = addJWK.sign(new JsonObject("{\n      \"iss\": \"https://server.example.com\",\n      \"aud\": \"s6BhdRkqt3\",\n      \"jti\": \"a-123\",\n      \"exp\": 999999999999,\n      \"iat\": 1311280970,\n      \"sub\": \"24400320\",\n      \"upn\": \"jdoe@server.example.com\",\n      \"groups\": [\"red-group\", \"green-group\", \"admin-group\", \"admin\"]\n}"), new JWTOptions().setAlgorithm("RS256"));
        testRequest(HttpMethod.GET, "/protected/somepage", httpClientRequest2 -> {
            httpClientRequest2.putHeader("Authorization", "Bearer " + sign);
        }, 200, "OK", "Welcome to the protected resource!");
        String sign2 = addJWK.sign(new JsonObject("{\n      \"iss\": \"https://server.example.com\",\n      \"aud\": \"s6BhdRkqt3\",\n      \"jti\": \"a-123\",\n      \"exp\": 1311280970,\n      \"iat\": 1311280970,\n      \"sub\": \"24400320\",\n      \"upn\": \"jdoe@server.example.com\",\n      \"groups\": [\"red-group\", \"green-group\", \"admin-group\", \"admin\"]\n}"), new JWTOptions().setAlgorithm("RS256"));
        testRequest(HttpMethod.GET, "/protected/somepage", httpClientRequest3 -> {
            httpClientRequest3.putHeader("Authorization", "Bearer " + sign2);
        }, 401, "Unauthorized", "Unauthorized");
    }
}
