package io.vertx.ext.auth.test.oauth2;

import io.vertx.core.http.HttpMethod;
import io.vertx.core.http.HttpServer;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.JWTOptions;
import io.vertx.ext.auth.PubSecKeyOptions;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.authorization.PermissionBasedAuthorization;
import io.vertx.ext.auth.impl.http.SimpleHttpClient;
import io.vertx.ext.auth.oauth2.OAuth2Auth;
import io.vertx.ext.auth.oauth2.OAuth2FlowType;
import io.vertx.ext.auth.oauth2.OAuth2Options;
import io.vertx.ext.auth.oauth2.authorization.ScopeAuthorization;
import io.vertx.test.core.VertxTestBase;
import java.io.UnsupportedEncodingException;
import java.util.concurrent.CountDownLatch;
import org.junit.Test;

/* loaded from: input_file:io/vertx/ext/auth/test/oauth2/Oauth2TokenScopeTest.class */
public class Oauth2TokenScopeTest extends VertxTestBase {
    private static final String JWT = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6InNjb3BlQSBzY29wZUIgc2NvcGVDIiwiZXhwIjo5OTk5OTk5OTk5LCJuYmYiOjAsImlhdCI6MTQ2NDkwNjY3MSwic3ViIjoiZjE4ODhmNGQtNTE3Mi00MzU5LWJlMGMtYWYzMzg1MDVkODZjIn0.7aJYjGVe4YfdnYTlQH_FYhRCjvctcE7DtWwzxXrbLmM";
    private OAuth2Auth oauth2;
    private HttpServer server;
    private JsonObject config;
    private OAuth2Options oauthConfig;
    private JsonObject fixtureIntrospect;

    public void setUp() throws Exception {
        super.setUp();
        this.fixtureIntrospect = new JsonObject("{  \"active\": true,  \"scope\": \"scopeA scopeB\",  \"client_id\": \"client-id\",  \"username\": \"username\",  \"token_type\": \"bearer\",  \"exp\": 99999999999,  \"iat\": 7200,  \"nbf\": 7200}");
        this.oauthConfig = new OAuth2Options().setFlow(OAuth2FlowType.AUTH_CODE).setClientID("client-id").setClientSecret("client-secret").setSite("http://localhost:8080");
        this.oauth2 = OAuth2Auth.create(this.vertx, this.oauthConfig);
        CountDownLatch countDownLatch = new CountDownLatch(1);
        this.server = this.vertx.createHttpServer().requestHandler(httpServerRequest -> {
            if (httpServerRequest.method() == HttpMethod.POST && "/oauth/introspect".equals(httpServerRequest.path())) {
                httpServerRequest.setExpectMultipart(true).bodyHandler(buffer -> {
                    try {
                        JsonObject queryToJson = SimpleHttpClient.queryToJson(buffer);
                        assertEquals(this.config.getString("token"), queryToJson.getString("token"));
                        if (this.config.containsKey("token_type_hint")) {
                            assertEquals(this.config.getString("token_type_hint"), queryToJson.getString("token_type_hint"));
                        }
                    } catch (UnsupportedEncodingException e) {
                        fail(e);
                    }
                    httpServerRequest.response().putHeader("Content-Type", "application/json").end(this.fixtureIntrospect.encode());
                });
            } else {
                httpServerRequest.response().setStatusCode(400).end();
            }
        }).listen(8080, asyncResult -> {
            if (asyncResult.failed()) {
                throw new RuntimeException(asyncResult.cause());
            }
            countDownLatch.countDown();
        });
        countDownLatch.await();
    }

    public void tearDown() throws Exception {
        this.server.close();
        super.tearDown();
    }

    @Test
    public void tokenIsValid() {
        this.config = new JsonObject().put("token_type", "Bearer").put("access_token", JWT).put("token", JWT);
        this.oauthConfig.addPubSecKey(new PubSecKeyOptions().setAlgorithm("HS256").setBuffer("vertx").setSymmetric(true)).setJWTOptions(new JWTOptions().addScope("scopeA").addScope("scopeB"));
        this.oauth2 = OAuth2Auth.create(this.vertx, this.oauthConfig);
        this.oauth2.authenticate(this.config, asyncResult -> {
            if (asyncResult.failed()) {
                fail(asyncResult.cause());
            } else {
                assertFalse(((User) asyncResult.result()).expired());
                testComplete();
            }
        });
        await();
    }

    @Test
    public void tokenIsValid_withIntrospection() {
        this.config = new JsonObject().put("token_type", "Bearer").put("access_token", "opaqueToken").put("token", "opaqueToken");
        this.oauthConfig.setIntrospectionPath("/oauth/introspect").setJWTOptions(new JWTOptions().addScope("scopeA").addScope("scopeB"));
        this.oauth2 = OAuth2Auth.create(this.vertx, this.oauthConfig);
        this.oauth2.authenticate(this.config, asyncResult -> {
            if (asyncResult.failed()) {
                fail(asyncResult.cause());
                return;
            }
            User user = (User) asyncResult.result();
            assertFalse(user.expired());
            ScopeAuthorization.create(" ").getAuthorizations(user, asyncResult -> {
                assertTrue(asyncResult.succeeded());
                assertTrue(PermissionBasedAuthorization.create("scopeA").match(user));
                assertTrue(PermissionBasedAuthorization.create("scopeB").match(user));
                testComplete();
            });
        });
        await();
    }

    @Test
    public void tokenIsNotValid() {
        this.config = new JsonObject().put("token_type", "Bearer").put("access_token", JWT).put("token", JWT);
        this.oauthConfig.addPubSecKey(new PubSecKeyOptions().setAlgorithm("HS256").setBuffer("vertx").setSymmetric(true)).setJWTOptions(new JWTOptions().addScope("scopeX").addScope("scopeB"));
        this.oauth2 = OAuth2Auth.create(this.vertx, this.oauthConfig);
        this.oauth2.authenticate(this.config, asyncResult -> {
            assertTrue(asyncResult.succeeded());
            ScopeAuthorization.create(" ").getAuthorizations((User) asyncResult.result(), asyncResult -> {
                assertTrue(asyncResult.succeeded());
                assertFalse(PermissionBasedAuthorization.create("scopeX").match((User) asyncResult.result()));
                assertFalse(PermissionBasedAuthorization.create("scopeB").match((User) asyncResult.result()));
                testComplete();
            });
        });
        await();
    }

    @Test
    public void tokenIsNotValid_withIntrospection() {
        this.config = new JsonObject().put("token_type", "Bearer").put("access_token", "opaqueToken").put("token", "opaqueToken");
        this.oauthConfig.setIntrospectionPath("/oauth/introspect").setJWTOptions(new JWTOptions().addScope("scopeX").addScope("scopeB"));
        this.oauth2 = OAuth2Auth.create(this.vertx, this.oauthConfig);
        this.oauth2.authenticate(this.config, asyncResult -> {
            assertTrue(asyncResult.succeeded());
            ScopeAuthorization.create(" ").getAuthorizations((User) asyncResult.result(), asyncResult -> {
                assertTrue(asyncResult.succeeded());
                assertTrue(PermissionBasedAuthorization.create("scopeA").match((User) asyncResult.result()));
                assertTrue(PermissionBasedAuthorization.create("scopeB").match((User) asyncResult.result()));
                assertFalse(PermissionBasedAuthorization.create("scopeX").match((User) asyncResult.result()));
                testComplete();
            });
        });
        await();
    }

    @Test
    public void shouldNotFailWhenNoIntrospectionScope() {
        this.fixtureIntrospect = new JsonObject("{  \"active\": true,  \"client_id\": \"client-id\",  \"username\": \"username\",  \"token_type\": \"bearer\",  \"exp\": 99999999999,  \"iat\": 7200,  \"nbf\": 7200}");
        this.config = new JsonObject().put("token_type", "Bearer").put("access_token", "opaqueToken").put("token", "opaqueToken");
        this.oauthConfig.setIntrospectionPath("/oauth/introspect").setJWTOptions(new JWTOptions().addScope("scopeX").addScope("scopeB"));
        this.oauth2 = OAuth2Auth.create(this.vertx, this.oauthConfig);
        this.oauth2.authenticate(this.config, asyncResult -> {
            if (asyncResult.failed()) {
                fail("Test should have not failed");
                return;
            }
            User user = (User) asyncResult.result();
            assertEquals("username", user.principal().getValue("username"));
            assertNull(user.principal().getValue("scope"));
            testComplete();
        });
        await();
    }

    @Test
    public void shouldNotFailWhenNoScopeRequired() {
        this.config = new JsonObject().put("token_type", "Bearer").put("access_token", JWT).put("token", JWT);
        this.oauthConfig.setJWTOptions(new JWTOptions()).addPubSecKey(new PubSecKeyOptions().setAlgorithm("HS256").setBuffer("vertx").setSymmetric(true));
        this.oauth2 = OAuth2Auth.create(this.vertx, this.oauthConfig);
        this.oauth2.authenticate(this.config, asyncResult -> {
            if (asyncResult.failed()) {
                fail("Test should have not failed");
            } else {
                testComplete();
            }
        });
        await();
    }
}
