package org.springframework.cloud.commons.security.tokenrelay;

import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.TestComponent;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.boot.test.mock.mockito.SpyBean;
import org.springframework.boot.test.web.client.TestRestTemplate;
import org.springframework.cloud.commons.security.AccessTokenContextRelay;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.test.web.client.MockRestServiceServer;
import org.springframework.test.web.client.match.MockRestRequestMatchers;
import org.springframework.test.web.client.response.MockRestResponseCreators;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, properties = {"security.oauth2.resource.jwt.keyValue=secret", "spring.cloud.mvc.token-relay.enabled=true", "spring.autoconfigure.exclude="})
/* loaded from: input_file:org/springframework/cloud/commons/security/tokenrelay/ResourceServerTokenRelayTests.class */
public class ResourceServerTokenRelayTests {
    protected static final String TOKEN_VALID_UNTIL_2085 = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjM2NDA2ODU4ODIsInVzZXJfbmFtZSI6InJlYWRlciIsImF1dGhvcml0aWVzIjpbIlJPTEVfUkVBREVSIl0sImp0aSI6ImRkOTAzZGM2LTI0NDctNDViMi04MDZjLTIzZjU3ODVhNGQ4MCIsImNsaWVudF9pZCI6IndlYi1hcHAiLCJzY29wZSI6WyJyZWFkIl19.6hoNtxmN1_o5Ki0D0ae4amSOTRmit3pmaqv-z1-Qk4Y";
    protected static final String AUTH_HEADER_TO_BE_RELAYED = "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjM2NDA2ODU4ODIsInVzZXJfbmFtZSI6InJlYWRlciIsImF1dGhvcml0aWVzIjpbIlJPTEVfUkVBREVSIl0sImp0aSI6ImRkOTAzZGM2LTI0NDctNDViMi04MDZjLTIzZjU3ODVhNGQ4MCIsImNsaWVudF9pZCI6IndlYi1hcHAiLCJzY29wZSI6WyJyZWFkIl19.6hoNtxmN1_o5Ki0D0ae4amSOTRmit3pmaqv-z1-Qk4Y";
    protected static final String TEST_RESPONSE = "[\"test response\"]";

    @Autowired
    private TestRestTemplate testRestTemplate;

    @Autowired
    private MockRestServiceServer mockServerToReceiveRelay;

    @SpyBean
    AccessTokenContextRelay accessTokenContextRelay;

    @SpringBootApplication
    @EnableOAuth2Client
    @EnableResourceServer
    @TestConfiguration
    @ComponentScan(basePackageClasses = {TokenRelayTestController.class})
    /* loaded from: input_file:org/springframework/cloud/commons/security/tokenrelay/ResourceServerTokenRelayTests$ClientConfiguration.class */
    protected static class ClientConfiguration {
        protected ClientConfiguration() {
        }

        @Bean
        public OAuth2RestTemplate oauth2RestTemplate(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, OAuth2ClientContext oAuth2ClientContext) {
            return new OAuth2RestTemplate(oAuth2ProtectedResourceDetails, oAuth2ClientContext);
        }

        @Bean
        public MockRestServiceServer mockRestServiceServer(OAuth2RestTemplate oAuth2RestTemplate) {
            return MockRestServiceServer.createServer(oAuth2RestTemplate);
        }
    }

    @RestController
    @TestComponent
    /* loaded from: input_file:org/springframework/cloud/commons/security/tokenrelay/ResourceServerTokenRelayTests$TokenRelayTestController.class */
    protected static class TokenRelayTestController {

        @Autowired
        OAuth2RestTemplate oAuth2RestTemplate;

        protected TokenRelayTestController() {
        }

        @GetMapping({"/token-relay"})
        public String callAnotherService() {
            return (String) this.oAuth2RestTemplate.getForEntity("https://example.com/test", String.class, new Object[0]).getBody();
        }
    }

    @Test
    public void tokenRelayJWT() throws Exception {
        this.mockServerToReceiveRelay.expect(MockRestRequestMatchers.requestTo("https://example.com/test")).andExpect(MockRestRequestMatchers.header("authorization", new String[]{AUTH_HEADER_TO_BE_RELAYED})).andRespond(MockRestResponseCreators.withSuccess(TEST_RESPONSE, MediaType.APPLICATION_JSON));
        ResponseEntity exchange = this.testRestTemplate.exchange("/token-relay", HttpMethod.GET, createAuthorizationHeader(), String.class, new Object[0]);
        Assertions.assertThat(exchange.getStatusCodeValue()).isEqualTo(HttpStatus.OK.value());
        Assertions.assertThat((String) exchange.getBody()).isEqualTo(TEST_RESPONSE);
        this.mockServerToReceiveRelay.verify();
        ((AccessTokenContextRelay) Mockito.verify(this.accessTokenContextRelay)).copyToken();
    }

    private HttpEntity<String> createAuthorizationHeader() {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add("Authorization", AUTH_HEADER_TO_BE_RELAYED);
        return new HttpEntity<>("parameters", httpHeaders);
    }
}
