package org.eclipse.microprofile.jwt.tck.parsing;

import java.lang.annotation.Annotation;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.HashSet;
import java.util.ServiceLoader;
import java.util.Set;
import javax.enterprise.inject.spi.CDI;
import org.eclipse.microprofile.jwt.Claims;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.eclipse.microprofile.jwt.tck.TCKConstants;
import org.eclipse.microprofile.jwt.tck.util.ITokenParser;
import org.eclipse.microprofile.jwt.tck.util.TokenUtils;
import org.jboss.arquillian.testng.Arquillian;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/* loaded from: input_file:org/eclipse/microprofile/jwt/tck/parsing/TokenValidationTest.class */
public class TokenValidationTest extends Arquillian {
    private static ITokenParser tokenParser;
    private static PublicKey publicKey;

    @BeforeClass(alwaysRun = true)
    public static void loadTokenParser() throws Exception {
        System.out.printf("TokenValidationTest.initClass\n", new Object[0]);
        publicKey = TokenUtils.readPublicKey("/publicKey.pem");
        if (publicKey == null) {
            throw new IllegalStateException("Failed to load /publicKey.pem resource");
        }
        ServiceLoader load = ServiceLoader.load(ITokenParser.class);
        if (load.iterator().hasNext()) {
            tokenParser = (ITokenParser) load.iterator().next();
            if (tokenParser == null) {
                throw new IllegalStateException(String.format("Service provider for %s  produced a null parser", ITokenParser.class.getName()));
            }
        } else {
            tokenParser = (ITokenParser) CDI.current().select(ITokenParser.class, new Annotation[0]).get();
            if (tokenParser == null) {
                throw new IllegalStateException(String.format("An %s service provider or producer is required", ITokenParser.class.getName()));
            }
        }
        System.out.printf("Using ITokenParser: %s\n", tokenParser);
    }

    @Test(groups = {TCKConstants.TEST_GROUP_JWT}, description = "validate the JsonWebToken returned by ITokenParser")
    public void testJWTCallerPrincipal() throws Exception {
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        HashMap hashMap = new HashMap();
        String generateTokenString = TokenUtils.generateTokenString("/testJWTCallerPrincipal.json", (Set) null, hashMap);
        System.out.printf("jwt: %s\n", generateTokenString);
        long longValue = ((Long) hashMap.get(Claims.iat.name())).longValue();
        long longValue2 = ((Long) hashMap.get(Claims.exp.name())).longValue();
        JsonWebToken parse = tokenParser.parse(generateTokenString, TCKConstants.TEST_ISSUER, publicKey);
        System.out.printf("Parsed caller principal: %s\n", parse);
        Assert.assertEquals(generateTokenString, parse.getRawToken(), "bearer_token");
        Assert.assertEquals(TCKConstants.TEST_ISSUER, parse.getIssuer(), "iss");
        Assert.assertEquals("24400320", parse.getSubject(), "sub");
        Assert.assertEquals("s6BhdRkqt3", parse.getAudience().toArray()[0], "aud");
        Assert.assertEquals("jdoe@example.com", parse.getName(), "name");
        Assert.assertEquals("a-123", parse.getTokenID(), "jti");
        Assert.assertEquals(longValue2, parse.getExpirationTime());
        Assert.assertEquals(longValue, parse.getIssuedAtTime());
        Set groups = parse.getGroups();
        HashSet hashSet = new HashSet();
        for (String str : new String[]{"group1", "group2", "role-in-realm", "user", "manager"}) {
            if (!groups.contains(str)) {
                hashSet.add(str);
            }
        }
        if (hashSet.size() > 0) {
            Assert.fail("There are missing groups: " + hashSet);
        }
        Object claim = parse.getClaim("auth_time");
        Assert.assertTrue(claim instanceof Number, "auth_time is a Number");
        Assert.assertTrue(currentTimeMillis <= ((long) ((Number) claim).intValue()), "auth_time as int is >= nowInSeconds");
        Assert.assertEquals("jdoe", (String) parse.getClaim("preferred_username"), "preferred_username is jdoe");
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, description = "Internal test to validate the behavior of TokenUtils.generateTokenString")
    public void testUtilsToken() throws Exception {
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        JsonWebToken parse = tokenParser.parse(TokenUtils.generateTokenString("/jwt-content1.json"), TCKConstants.TEST_ISSUER, publicKey);
        System.out.println(parse);
        long issuedAtTime = parse.getIssuedAtTime();
        Assert.assertTrue(currentTimeMillis - issuedAtTime < 1, String.format("now(%d) < 1s from iss(%d)", Long.valueOf(currentTimeMillis), Long.valueOf(issuedAtTime)));
        long expirationTime = parse.getExpirationTime();
        Assert.assertTrue(expirationTime - currentTimeMillis > 299, String.format("now(%d) > 299s from exp(%d)", Long.valueOf(currentTimeMillis), Long.valueOf(expirationTime)));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_JWT}, description = "Validate that a token that is past exp claim should fail the parse verification")
    public void testExpiredValidation() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.EXP);
        try {
            Assert.fail("Was able to parse the token: " + tokenParser.parse(TokenUtils.generateTokenString("/jwt-content1.json", hashSet), TCKConstants.TEST_ISSUER, publicKey));
        } catch (Exception e) {
            System.out.printf("Failed as expected with cause: %s\n", e.getCause().getMessage());
        }
    }

    @Test(groups = {TCKConstants.TEST_GROUP_JWT}, description = "Validate the token fails to validate when using an invalid issuer")
    public void testBadIssuer() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.ISSUER);
        try {
            Assert.fail("Was able to parse the token: " + tokenParser.parse(TokenUtils.generateTokenString("/jwt-content1.json", hashSet), TCKConstants.TEST_ISSUER, TokenUtils.readPublicKey("/publicKey.pem")));
        } catch (Exception e) {
            System.out.printf("Failed as expected with cause: %s\n", e.getCause().getMessage());
        }
    }

    @Test(groups = {TCKConstants.TEST_GROUP_JWT}, description = "Validate the token fails to validate when using an invalid signer")
    public void testBadSigner() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.SIGNER);
        try {
            Assert.fail("Was able to parse the token: " + tokenParser.parse(TokenUtils.generateTokenString("/jwt-content1.json", hashSet), TCKConstants.TEST_ISSUER, publicKey));
        } catch (Exception e) {
            System.out.printf("Failed as expected with cause: %s\n", e.getCause().getMessage());
        }
    }
}
