package com.atlassian.pats.service;

import com.atlassian.cache.Cache;
import com.atlassian.cache.CacheLoader;
import com.atlassian.cache.CacheManager;
import com.atlassian.cache.CacheSettings;
import com.atlassian.cache.CacheSettingsBuilder;
import com.atlassian.cache.memory.MemoryCacheManager;
import com.atlassian.pats.api.TokenAuthenticationService;
import com.atlassian.pats.api.TokenValidator;
import com.atlassian.pats.db.TokenDTO;
import com.atlassian.pats.helper.TestHelper;
import com.atlassian.pats.spring.AbstractSpringTest;
import com.atlassian.sal.api.message.I18nResolver;
import com.atlassian.sal.api.permission.AuthorisationException;
import com.atlassian.security.password.DefaultPasswordEncoder;
import com.atlassian.security.password.PasswordEncoder;
import java.io.Serializable;
import java.util.concurrent.TimeUnit;
import org.assertj.core.api.Assertions;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:com/atlassian/pats/service/DefaultTokenAuthenticationServiceTest.class */
public class DefaultTokenAuthenticationServiceTest extends AbstractSpringTest {
    private final I18nResolver i18nResolver = (I18nResolver) Mockito.mock(I18nResolver.class);
    private final PasswordEncoder passwordEncoder = DefaultPasswordEncoder.getDefaultInstance();
    private final CacheSettings cacheSettings = new CacheSettingsBuilder().local().expireAfterAccess(60, TimeUnit.MINUTES).build();
    private final CacheManager cacheManager = new MemoryCacheManager();
    private final TokenValidator.ChecksumGenerator checksumGenerator = new TokenValidator.DefaultChecksumGenerator();
    private Cache<Long, TokenAuthenticationService.AuthenticationResult> authenticationCache;
    private CachingTokenValidator tokenValidator;
    private TokenDTO createdToken;
    private DefaultTokenAuthenticationService target;

    @Before
    public void beforeTest() {
        this.authenticationCache = this.cacheManager.getCache("authResultCache", (CacheLoader) null, this.cacheSettings);
        this.tokenValidator = new CachingTokenValidator(this.authenticationCache, new DefaultTokenValidator(this.passwordEncoder), this.checksumGenerator);
        this.target = new DefaultTokenAuthenticationService(this.tokenValidator, this.tokenRepository, this.utcClock, this.i18nResolver);
    }

    @After
    public void afterTest() {
        this.authenticationCache.removeAll();
    }

    @Test
    public void shouldThrowExceptionWhenBlankTokenProvided() {
        Mockito.when(this.i18nResolver.getText("personal.access.tokens.filter.authentication.token.cannot.be.empty")).thenReturn("Token cannot be empty");
        Assertions.assertThatThrownBy(() -> {
            this.target.authenticate("");
        }).isInstanceOf(IllegalArgumentException.class).hasMessage("Token cannot be empty");
        Assertions.assertThat(this.authenticationCache.getKeys()).isEmpty();
    }

    @Test
    public void shouldReturnPopulatedTokenWhenAuthenticationSuccessful() {
        this.createdToken = this.tokenService.create(TestHelper.USERKEY, TestHelper.TOKEN_NAME, 90);
        Assertions.assertThat(this.target.authenticate(this.createdToken.getRawToken())).isNotNull();
        Assertions.assertThat(this.authenticationCache.getKeys()).containsExactly(new Long[]{Long.valueOf(this.checksumGenerator.getKey(this.createdToken.getRawToken(), this.createdToken.getHashedToken()).longValue())});
    }

    @Test
    public void shouldThrowExceptionWhenAuthenticatingInvalidToken() {
        Assertions.assertThatThrownBy(() -> {
            this.target.authenticate("someInvalidToken");
        }).isInstanceOf(IllegalArgumentException.class).hasMessage("Token format is invalid");
        Assertions.assertThat(this.authenticationCache.getKeys()).isEmpty();
    }

    @Test
    public void shouldThrowExceptionWhenUnableToFindToken() {
        this.createdToken = this.tokenService.create(TestHelper.USERKEY, TestHelper.TOKEN_NAME, 90);
        String format = String.format("Authentication failed for tokenId: '%s'", this.createdToken.getTokenId());
        Mockito.when(this.i18nResolver.getText("personal.access.tokens.filter.authentication.failed.for.token", new Serializable[]{this.createdToken.getTokenId()})).thenReturn(format);
        this.tokenRepository.deleteAll();
        Assertions.assertThatThrownBy(() -> {
            this.target.authenticate(this.createdToken.getRawToken());
        }).isInstanceOf(AuthorisationException.class).hasMessage(format);
        Assertions.assertThat(this.authenticationCache.getKeys()).isEmpty();
    }

    @Test
    public void shouldThrowExceptionWhenTokenIsExpired() {
        this.createdToken = this.tokenService.create(TestHelper.USERKEY, TestHelper.TOKEN_NAME, -1);
        String format = String.format("Authentication failed for tokenId: '%s'", this.createdToken.getTokenId());
        Mockito.when(this.i18nResolver.getText("personal.access.tokens.filter.authentication.failed.for.token", new Serializable[]{this.createdToken.getTokenId()})).thenReturn(format);
        Assertions.assertThatThrownBy(() -> {
            this.target.authenticate(this.createdToken.getRawToken());
        }).isInstanceOf(AuthorisationException.class).hasMessage(format);
        Assertions.assertThat(this.authenticationCache.getKeys()).isEmpty();
    }

    @Test
    public void shouldReturnCachedSuccessfulAuthenticatedResults() {
        this.createdToken = this.tokenService.create(TestHelper.USERKEY, TestHelper.TOKEN_NAME, 90);
        Assertions.assertThat(this.authenticationCache.getKeys()).isEmpty();
        TokenDTO authenticate = this.target.authenticate(this.createdToken.getRawToken());
        Assertions.assertThat(authenticate).isNotNull();
        Long key = this.checksumGenerator.getKey(this.createdToken.getRawToken(), this.createdToken.getHashedToken());
        Assertions.assertThat(this.authenticationCache.getKeys()).containsExactly(new Long[]{key});
        Assertions.assertThat(this.authenticationCache.get(key)).isEqualTo(new TokenAuthenticationService.AuthenticationResult(this.createdToken.getHashedToken(), true));
        TokenDTO authenticate2 = this.target.authenticate(this.createdToken.getRawToken());
        Assertions.assertThat(this.authenticationCache.getKeys()).containsExactly(new Long[]{key});
        Assertions.assertThat(authenticate).isEqualTo(authenticate2);
    }

    @Test
    public void shouldReturnCachedFailedAuthenticatedResults() {
        this.createdToken = this.tokenService.create(TestHelper.USERKEY, TestHelper.TOKEN_NAME, 90);
        String format = String.format("Authentication failed for user: '%s' and tokenId: '%s'", this.createdToken.getUserKey(), this.createdToken.getTokenId());
        Mockito.when(this.i18nResolver.getText("personal.access.tokens.filter.authentication.failed.for.user", new Serializable[]{this.createdToken.getUserKey(), this.createdToken.getTokenId()})).thenReturn(format);
        this.tokenRepository.deleteAll();
        TokenDTO tokenDTO = (TokenDTO) this.tokenRepository.save(TestHelper.createTokenWithTokenIdAndExpiringAt(this.createdToken.getTokenId(), TokenDTO.NON_EXPIRING_DATE));
        Assertions.assertThat(tokenDTO.getTokenId()).isEqualTo(this.createdToken.getTokenId());
        Assertions.assertThat(tokenDTO.getHashedToken()).isNotEqualTo(this.createdToken.getHashedToken());
        Assertions.assertThatThrownBy(() -> {
            this.target.authenticate(this.createdToken.getRawToken());
        }).isInstanceOf(AuthorisationException.class).hasMessage(format);
        Long key = this.checksumGenerator.getKey(this.createdToken.getRawToken(), tokenDTO.getHashedToken());
        Assertions.assertThat(this.authenticationCache.getKeys()).containsExactly(new Long[]{key});
        Assertions.assertThat(this.authenticationCache.get(key)).isEqualTo(new TokenAuthenticationService.AuthenticationResult(tokenDTO.getHashedToken(), false));
    }
}
