package org.graylog2.security;

import com.mongodb.DuplicateKeyException;
import com.mongodb.client.model.Filters;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.assertj.core.api.AbstractStringAssert;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.ThrowingConsumer;
import org.bson.Document;
import org.bson.types.ObjectId;
import org.graylog.testing.completebackend.ContainerizedGraylogBackend;
import org.graylog.testing.completebackend.apis.Sharing;
import org.graylog.testing.mongodb.MongoDBFixtures;
import org.graylog.testing.mongodb.MongoDBInstance;
import org.graylog2.plugin.database.ValidationException;
import org.graylog2.security.AccessTokenImpl;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/graylog2/security/AccessTokenServiceImplTest.class */
public class AccessTokenServiceImplTest {

    @Rule
    public final MongoDBInstance mongodb = MongoDBInstance.createForClass();
    private AccessTokenService accessTokenService;

    @Before
    public void setupService() {
        AccessTokenCipher accessTokenCipher = (AccessTokenCipher) Mockito.mock(AccessTokenCipher.class);
        Mockito.when(accessTokenCipher.encrypt(ArgumentMatchers.anyString())).then(invocationOnMock -> {
            return StringUtils.reverse((String) invocationOnMock.getArgument(0));
        });
        Mockito.when(accessTokenCipher.decrypt(ArgumentMatchers.anyString())).then(invocationOnMock2 -> {
            return StringUtils.reverse((String) invocationOnMock2.getArgument(0));
        });
        this.accessTokenService = new AccessTokenServiceImpl(this.mongodb.mongoConnection(), accessTokenCipher);
    }

    @After
    public void tearDown() {
        this.mongodb.mongoConnection().getMongoDatabase().drop();
    }

    @Test
    public void testLoadNoToken() throws Exception {
        Assert.assertNull("No token should have been returned", this.accessTokenService.load("foobar"));
    }

    @Test
    @MongoDBFixtures({"accessTokensSingleToken.json"})
    public void testLoadSingleToken() throws Exception {
        AccessToken load = this.accessTokenService.load("foobar");
        Assert.assertNotNull("Matching token should have been returned", load);
        Assert.assertEquals("foobar", load.getToken());
        Assert.assertEquals("web", load.getName());
        Assert.assertEquals(ContainerizedGraylogBackend.ROOT_PASSWORD_PLAINTEXT, load.getUserName());
        Assert.assertEquals(DateTime.parse("2015-03-14T15:09:26.540Z"), load.getLastAccess());
    }

    @Test
    @MongoDBFixtures({"accessTokensMultipleTokens.json"})
    public void testLoadAll() throws Exception {
        Assert.assertNotNull("Should have returned token list", this.accessTokenService.loadAll(ContainerizedGraylogBackend.ROOT_PASSWORD_PLAINTEXT));
        Assert.assertEquals(2L, r0.size());
    }

    @Test
    @MongoDBFixtures({"accessTokensMultipleTokens.json"})
    public void testLoadById() {
        Assertions.assertThat(this.accessTokenService.loadById("54e3deadbeefdeadbeefaffe")).isNotNull().satisfies(new ThrowingConsumer[]{accessToken -> {
            Assertions.assertThat(accessToken.getId()).isEqualTo("54e3deadbeefdeadbeefaffe");
            Assertions.assertThat(accessToken.getName()).isEqualTo("web");
        }});
        Assertions.assertThat(this.accessTokenService.loadById("54f9deadbeefdeadbeefaffe")).isNotNull().satisfies(new ThrowingConsumer[]{accessToken2 -> {
            Assertions.assertThat(accessToken2.getId()).isEqualTo("54f9deadbeefdeadbeefaffe");
            Assertions.assertThat(accessToken2.getName()).isEqualTo("rest");
        }});
        Assertions.assertThat(this.accessTokenService.loadById("54f9deadbeefdeadbeef0000")).as("check that loading a non-existent token returns null", new Object[0]).isNull();
    }

    @Test
    public void testCreate() throws Exception {
        Assert.assertEquals(0L, this.accessTokenService.loadAll(ContainerizedGraylogBackend.ROOT_PASSWORD_PLAINTEXT).size());
        AccessToken create = this.accessTokenService.create(ContainerizedGraylogBackend.ROOT_PASSWORD_PLAINTEXT, "web");
        Assert.assertEquals(1L, this.accessTokenService.loadAll(ContainerizedGraylogBackend.ROOT_PASSWORD_PLAINTEXT).size());
        Assert.assertNotNull("Should have returned token", create);
        Assert.assertEquals("Username before and after saving should be equal", ContainerizedGraylogBackend.ROOT_PASSWORD_PLAINTEXT, create.getUserName());
        Assert.assertEquals("Token before and after saving should be equal", "web", create.getName());
        Assert.assertNotNull("Token should not be null", create.getToken());
    }

    @Test
    public void testCreateEncryptsToken() throws Exception {
        Assertions.assertThat(this.accessTokenService.loadAll("jane")).isEmpty();
        AccessToken create = this.accessTokenService.create("jane", "very-secret");
        Assertions.assertThat(this.accessTokenService.loadAll("jane")).hasSize(1);
        Assertions.assertThat(create.getUserName()).isEqualTo("jane");
        Assertions.assertThat(create.getName()).isEqualTo("very-secret");
        Assertions.assertThat(create.getLastAccess()).isEqualTo(new DateTime(0L, DateTimeZone.UTC));
        Assertions.assertThat(create.getToken()).isNotBlank();
        Assertions.assertThat((Map) this.mongodb.mongoConnection().getMongoDatabase().getCollection("access_tokens").find(Filters.eq("_id", new ObjectId(create.getId()))).first()).as("check that token %s/%s exists", new Object[]{create.getId(), create.getName()}).isNotNull().satisfies(new ThrowingConsumer[]{map -> {
            Document document = (Document) map;
            ((AbstractStringAssert) Assertions.assertThat(document.getString("token")).as("check for token %s/%s to be encrypted", new Object[]{create.getId(), create.getName()})).isEqualTo(StringUtils.reverse(create.getToken()));
            Assertions.assertThat(document.getInteger("token_type")).as("check that token type is set for %s/%s", new Object[]{create.getId(), create.getName()}).isEqualTo(AccessTokenImpl.Type.AES_SIV.getIntValue());
        }});
    }

    @Test
    @MongoDBFixtures({"accessTokensSingleToken.json"})
    public void testTouch() throws Exception {
        this.accessTokenService.setLastAccessCache(1L, TimeUnit.NANOSECONDS);
        AccessToken load = this.accessTokenService.load("foobar");
        DateTime dateTime = this.accessTokenService.touch(load);
        Thread.sleep(1L, 0);
        Assertions.assertThat(this.accessTokenService.touch(load)).isGreaterThan(dateTime);
    }

    @Test
    public void testSave() throws Exception {
        Assert.assertNull(this.accessTokenService.load("foobar"));
        Assert.assertEquals(0L, this.accessTokenService.loadAll(ContainerizedGraylogBackend.ROOT_PASSWORD_PLAINTEXT).size());
        AccessToken create = this.accessTokenService.create(ContainerizedGraylogBackend.ROOT_PASSWORD_PLAINTEXT, "web");
        create.setToken("foobar");
        this.accessTokenService.save(create);
        Assert.assertEquals(1L, this.accessTokenService.loadAll(ContainerizedGraylogBackend.ROOT_PASSWORD_PLAINTEXT).size());
        AccessToken load = this.accessTokenService.load("foobar");
        Assert.assertNotNull(load);
        Assert.assertEquals(create.getUserName(), load.getUserName());
        Assert.assertEquals(create.getName(), load.getName());
        Assert.assertEquals(create.getToken(), load.getToken());
    }

    @Test(expected = DuplicateKeyException.class)
    @MongoDBFixtures({"accessTokensSingleToken.json"})
    public void testExceptionForMultipleTokens() throws ValidationException {
        AccessToken load = this.accessTokenService.load("foobar");
        AccessToken create = this.accessTokenService.create(Sharing.ENTITY_USER, "foobar");
        create.setToken(load.getToken());
        this.accessTokenService.save(create);
    }
}
