package org.openmetadata.service.security;

import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import io.dropwizard.testing.ResourceHelpers;
import java.security.interfaces.RSAPrivateKey;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInstance;
import org.openmetadata.schema.api.security.jwt.JWTTokenConfiguration;
import org.openmetadata.schema.auth.JWTAuthMechanism;
import org.openmetadata.schema.auth.JWTTokenExpiry;
import org.openmetadata.schema.entity.teams.User;
import org.openmetadata.service.security.jwt.JWTTokenGenerator;
import org.openmetadata.service.util.TestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@TestInstance(TestInstance.Lifecycle.PER_CLASS)
/* loaded from: input_file:org/openmetadata/service/security/JWTTokenGeneratorTest.class */
class JWTTokenGeneratorTest {
    private static final Logger LOG = LoggerFactory.getLogger(JWTTokenGeneratorTest.class);
    protected static final String rsaPrivateKeyPath = ResourceHelpers.resourceFilePath("private_key.der");
    protected static final String rsaPublicKeyPath = ResourceHelpers.resourceFilePath("public_key.der");
    protected JWTTokenConfiguration jwtTokenConfiguration;
    protected JWTTokenGenerator jwtTokenGenerator;

    JWTTokenGeneratorTest() {
    }

    @BeforeAll
    public void setup() {
        this.jwtTokenConfiguration = new JWTTokenConfiguration();
        this.jwtTokenConfiguration.setJwtissuer("open-metadata.org");
        this.jwtTokenConfiguration.setRsaprivateKeyFilePath(rsaPrivateKeyPath);
        this.jwtTokenConfiguration.setRsapublicKeyFilePath(rsaPublicKeyPath);
        this.jwtTokenGenerator = JWTTokenGenerator.getInstance();
        this.jwtTokenGenerator.init(this.jwtTokenConfiguration);
    }

    @Test
    void testGenerateJWTToken() {
        User withDisplayName = new User().withEmail("ingestion-bot@open-metadata.org").withName(TestUtils.INGESTION_BOT).withDisplayName(TestUtils.INGESTION_BOT);
        DecodedJWT decodedJWT = decodedJWT(this.jwtTokenGenerator.generateJWTToken(withDisplayName, JWTTokenExpiry.Seven).getJWTToken());
        Assertions.assertEquals(TestUtils.INGESTION_BOT, ((Claim) decodedJWT.getClaims().get("sub")).asString());
        Assertions.assertTrue((decodedJWT.getExpiresAt().getTime() - decodedJWT.getIssuedAt().getTime()) / 86400000 >= 6);
        DecodedJWT decodedJWT2 = decodedJWT(this.jwtTokenGenerator.generateJWTToken(withDisplayName, JWTTokenExpiry.Ninety).getJWTToken());
        Assertions.assertTrue((decodedJWT2.getExpiresAt().getTime() - decodedJWT2.getIssuedAt().getTime()) / 86400000 >= 89);
        JWTAuthMechanism generateJWTToken = this.jwtTokenGenerator.generateJWTToken(withDisplayName, JWTTokenExpiry.Unlimited);
        Assertions.assertNull(decodedJWT(generateJWTToken.getJWTToken()).getExpiresAt());
        Assertions.assertNull(generateJWTToken.getJWTTokenExpiresAt());
    }

    private DecodedJWT decodedJWT(String str) {
        return JWT.require(Algorithm.RSA256(this.jwtTokenGenerator.getPublicKey(), (RSAPrivateKey) null)).withIssuer(this.jwtTokenConfiguration.getJwtissuer()).build().verify(str);
    }
}
