package org.eclipse.microprofile.jwt.tck.container.jaxrs;

import java.io.IOException;
import java.net.URL;
import java.util.Base64;
import java.util.HashMap;
import java.util.Set;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.core.Response;
import org.eclipse.microprofile.jwt.Claims;
import org.eclipse.microprofile.jwt.tck.TCKConstants;
import org.eclipse.microprofile.jwt.tck.util.TokenUtils;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.RunAsClient;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.arquillian.testng.Arquillian;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.testng.Assert;
import org.testng.Reporter;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/* loaded from: input_file:org/eclipse/microprofile/jwt/tck/container/jaxrs/RolesAllowedTest.class */
public class RolesAllowedTest extends Arquillian {
    private static String token;
    private static Long iatClaim;
    private static Long authTimeClaim;
    private static Long expClaim;

    @ArquillianResource
    private URL baseURL;

    @Deployment(testable = true)
    public static WebArchive createDeployment() throws IOException {
        WebArchive addAsWebInfResource = ShrinkWrap.create(WebArchive.class, "RolesAllowedTest.war").addAsResource(RolesAllowedTest.class.getResource("/publicKey.pem"), "/publicKey.pem").addClass(RolesEndpoint.class).addClass(TCKApplication.class).addAsWebInfResource("beans.xml", "beans.xml");
        System.out.printf("WebArchive: %s\n", addAsWebInfResource.toString(true));
        return addAsWebInfResource;
    }

    @BeforeClass(alwaysRun = true)
    public static void generateToken() throws Exception {
        HashMap hashMap = new HashMap();
        token = TokenUtils.generateTokenString("/Token1.json", (Set) null, hashMap);
        iatClaim = (Long) hashMap.get(Claims.iat.name());
        authTimeClaim = (Long) hashMap.get(Claims.auth_time.name());
        expClaim = (Long) hashMap.get(Claims.exp.name());
    }

    @RunAsClient
    @Test(groups = {TCKConstants.TEST_GROUP_JAXRS}, description = "Validate a request with no token fails with HTTP_UNAUTHORIZED")
    public void callEchoNoAuth() throws Exception {
        Reporter.log("callEchoNoAuth, expect HTTP_UNAUTHORIZED");
        Assert.assertEquals(ClientBuilder.newClient().target(this.baseURL.toExternalForm() + "/endp/echo").queryParam("input", new Object[]{"hello"}).request(new String[]{"text/plain"}).get().getStatus(), 401);
    }

    @RunAsClient
    @Test(groups = {TCKConstants.TEST_GROUP_JAXRS}, description = "Attempting access with BASIC auth header should fail with HTTP_UNAUTHORIZED")
    public void callEchoBASIC() throws Exception {
        Reporter.log("callEchoBASIC, expect HTTP_UNAUTHORIZED");
        String str = new String(Base64.getEncoder().encode("jdoe@example.com:password".getBytes()));
        System.out.printf("basic: %s\n", str);
        Response response = ClientBuilder.newClient().target(this.baseURL.toExternalForm() + "/endp/echo").queryParam("input", new Object[]{"hello"}).request(new String[]{"text/plain"}).header("Authorization", "BASIC " + str).get();
        Assert.assertEquals(response.getStatus(), 401);
        System.out.println((String) response.readEntity(String.class));
    }

    @RunAsClient
    @Test(groups = {TCKConstants.TEST_GROUP_JAXRS}, description = "Validate a request with MP-JWT succeeds with HTTP_OK, and replies with hello, user={token upn claim}")
    public void callEcho() throws Exception {
        Reporter.log("callEcho, expect HTTP_OK");
        Response response = ClientBuilder.newClient().target(this.baseURL.toExternalForm() + "/endp/echo").queryParam("input", new Object[]{"hello"}).request(new String[]{"text/plain"}).header("Authorization", "Bearer " + token).get();
        Assert.assertEquals(response.getStatus(), 200);
        Assert.assertEquals((String) response.readEntity(String.class), "hello, user=jdoe@example.com");
    }

    @RunAsClient
    @Test(groups = {TCKConstants.TEST_GROUP_JAXRS}, description = "Validate a request with MP-JWT but no associated role fails with HTTP_FORBIDDEN")
    public void callEcho2() throws Exception {
        Reporter.log("callEcho2, expect HTTP_FORBIDDEN");
        Response response = ClientBuilder.newClient().target(this.baseURL.toExternalForm() + "/endp/echo2").queryParam("input", new Object[]{"hello"}).request(new String[]{"text/plain"}).header("Authorization", "Bearer " + token).get();
        Assert.assertEquals(response.getStatus(), 403);
    }

    @RunAsClient
    @Test(groups = {TCKConstants.TEST_GROUP_JAXRS}, description = "Validate a request with MP-JWT is able to access checkIsUserInRole with HTTP_OK")
    public void checkIsUserInRole() throws Exception {
        Reporter.log("checkIsUserInRole, expect HTTP_OK");
        Response response = ClientBuilder.newClient().target(this.baseURL.toExternalForm() + "/endp/checkIsUserInRole").request(new String[]{"text/plain"}).header("Authorization", "Bearer " + token).get();
        Assert.assertEquals(response.getStatus(), 200);
    }

    @RunAsClient
    @Test(groups = {TCKConstants.TEST_GROUP_JAXRS}, description = "Validate a request with MP-JWT Token2 fails to access checkIsUserInRole with HTTP_FORBIDDEN")
    public void checkIsUserInRoleToken2() throws Exception {
        Reporter.log("checkIsUserInRoleToken2, expect HTTP_FORBIDDEN");
        Response response = ClientBuilder.newClient().target(this.baseURL.toExternalForm() + "/endp/checkIsUserInRole").request(new String[]{"text/plain"}).header("Authorization", "Bearer " + TokenUtils.generateTokenString("/Token2.json")).get();
        Assert.assertEquals(response.getStatus(), 403);
    }

    @RunAsClient
    @Test(groups = {TCKConstants.TEST_GROUP_JAXRS}, description = "Validate a request with MP-JWT Token2 is able to access echoNeedsToken2Role with HTTP_OK")
    public void echoNeedsToken2Role() throws Exception {
        Reporter.log("echoNeedsToken2Role, expect HTTP_FORBIDDEN");
        Response response = ClientBuilder.newClient().target(this.baseURL.toExternalForm() + "/endp/echoNeedsToken2Role").queryParam("input", new Object[]{"hello"}).request(new String[]{"text/plain"}).header("Authorization", "Bearer " + TokenUtils.generateTokenString("/Token2.json")).get();
        Assert.assertEquals(response.getStatus(), 200);
    }

    @RunAsClient
    @Test(groups = {TCKConstants.TEST_GROUP_JAXRS}, description = "Validate a request with MP-JWT Token2 calling echo fails with HTTP_FORBIDDEN")
    public void echoWithToken2() throws Exception {
        Reporter.log("echoWithToken2, expect HTTP_FORBIDDEN");
        Response response = ClientBuilder.newClient().target(this.baseURL.toExternalForm() + "/endp/echo").queryParam("input", new Object[]{"hello"}).request(new String[]{"text/plain"}).header("Authorization", "Bearer " + TokenUtils.generateTokenString("/Token2.json")).get();
        Assert.assertEquals(response.getStatus(), 403);
    }

    @RunAsClient
    @Test(groups = {TCKConstants.TEST_GROUP_JAXRS}, description = "Validate a request with MP-JWT SecurityContext.getUserPrincipal() is a JsonWebToken")
    public void getPrincipalClass() throws Exception {
        Reporter.log("getPrincipalClass, expect HTTP_OK");
        Response response = ClientBuilder.newClient().target(this.baseURL.toExternalForm() + "/endp/getPrincipalClass").request(new String[]{"text/plain"}).header("Authorization", "Bearer " + token).get();
        Assert.assertEquals(response.getStatus(), 200);
        Assert.assertEquals((String) response.readEntity(String.class), "isJsonWebToken:true");
    }

    @RunAsClient
    @Test(groups = {TCKConstants.TEST_GROUP_EE_SECURITY}, description = "Validate a request without an MP-JWT to endpoint requiring role mapping has HTTP_OK")
    public void testNeedsGroup1Mapping() {
        Reporter.log("testNeedsGroup1Mapping, expect HTTP_OK");
        Response response = ClientBuilder.newClient().target(this.baseURL.toExternalForm() + "/endp/needsGroup1Mapping").request(new String[]{"text/plain"}).header("Authorization", "Bearer " + token).get();
        Assert.assertEquals(response.getStatus(), 200);
        System.out.println((String) response.readEntity(String.class));
    }

    @RunAsClient
    @Test(groups = {TCKConstants.TEST_GROUP_CDI}, description = "Validate that accessing secured method has HTTP_OK and injected JsonWebToken principal")
    public void getInjectedPrincipal() throws Exception {
        Reporter.log("getInjectedPrincipal, expect HTTP_OK");
        Response response = ClientBuilder.newClient().target(this.baseURL.toExternalForm() + "/endp/getInjectedPrincipal").request(new String[]{"text/plain"}).header("Authorization", "Bearer " + token).get();
        Assert.assertEquals(response.getStatus(), 200);
        Assert.assertEquals((String) response.readEntity(String.class), "isJsonWebToken:true");
    }

    @RunAsClient
    @Test(groups = {TCKConstants.TEST_GROUP_JAXRS}, description = "Validate a request without an MP-JWT to unsecured endpoint has HTTP_OK with expected response")
    public void callHeartbeat() throws Exception {
        Reporter.log("callHeartbeat, expect HTTP_OK");
        Response response = ClientBuilder.newClient().target(this.baseURL.toExternalForm() + "/endp/heartbeat").queryParam("input", new Object[]{"hello"}).request(new String[]{"text/plain"}).get();
        Assert.assertEquals(response.getStatus(), 200);
        Assert.assertTrue(((String) response.readEntity(String.class)).startsWith("Heartbeat:"), "Saw Heartbeat: ...");
    }
}
