package com.floragunn.dlic.auth.http.jwt.keybyoidc;

import com.floragunn.dlic.auth.http.jwt.keybyoidc.TestJwk;
import com.floragunn.dlic.auth.http.jwt.keybyoidc.TestJwts;
import com.floragunn.searchguard.user.AuthCredentials;
import com.floragunn.searchguard.util.FakeRestRequest;
import com.google.common.collect.ImmutableMap;
import java.nio.file.Path;
import java.util.HashMap;
import org.junit.Assert;
import org.junit.Test;
import org.opensearch.common.settings.Settings;
import org.opensearch.common.util.concurrent.ThreadContext;

@Deprecated
/* loaded from: input_file:com/floragunn/dlic/auth/http/jwt/keybyoidc/SingleKeyHTTPJwtKeyByOpenIdConnectAuthenticatorTest.class */
public class SingleKeyHTTPJwtKeyByOpenIdConnectAuthenticatorTest {
    @Test
    public void basicTest() throws Exception {
        MockIpdServer start = MockIpdServer.start(TestJwk.Jwks.RSA_1);
        try {
            AuthCredentials extractCredentials = new HTTPJwtKeyByOpenIdConnectAuthenticator(Settings.builder().put("openid_connect_url", start.getDiscoverUri().toString()).build(), (Path) null).extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.MC_COY_SIGNED_RSA_1), new HashMap()), (ThreadContext) null);
            Assert.assertNotNull(extractCredentials);
            Assert.assertEquals(TestJwts.MCCOY_SUBJECT, extractCredentials.getUsername());
            Assert.assertEquals(TestJwts.TEST_AUDIENCE, extractCredentials.getAttributes().get("attr.jwt.aud"));
            Assert.assertEquals(0L, extractCredentials.getBackendRoles().size());
            Assert.assertEquals(3L, extractCredentials.getAttributes().size());
        } finally {
            try {
                start.close();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    @Test
    public void wrongSigTest() throws Exception {
        MockIpdServer mockIpdServer = new MockIpdServer(TestJwk.Jwks.RSA_1);
        try {
            Assert.assertNull(new HTTPJwtKeyByOpenIdConnectAuthenticator(Settings.builder().put("openid_connect_url", mockIpdServer.getDiscoverUri().toString()).build(), (Path) null).extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.NoKid.MC_COY_SIGNED_RSA_X), new HashMap()), (ThreadContext) null));
        } finally {
            try {
                mockIpdServer.close();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    @Test
    public void noAlgTest() throws Exception {
        MockIpdServer mockIpdServer = new MockIpdServer(TestJwk.Jwks.RSA_1_NO_ALG);
        try {
            AuthCredentials extractCredentials = new HTTPJwtKeyByOpenIdConnectAuthenticator(Settings.builder().put("openid_connect_url", mockIpdServer.getDiscoverUri().toString()).build(), (Path) null).extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.MC_COY_SIGNED_RSA_1), new HashMap()), (ThreadContext) null);
            Assert.assertNotNull(extractCredentials);
            Assert.assertEquals(TestJwts.MCCOY_SUBJECT, extractCredentials.getUsername());
            Assert.assertEquals(TestJwts.TEST_AUDIENCE, extractCredentials.getAttributes().get("attr.jwt.aud"));
            Assert.assertEquals(0L, extractCredentials.getBackendRoles().size());
            Assert.assertEquals(3L, extractCredentials.getAttributes().size());
        } finally {
            try {
                mockIpdServer.close();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    @Test
    public void mismatchedAlgTest() throws Exception {
        MockIpdServer mockIpdServer = new MockIpdServer(TestJwk.Jwks.RSA_1_WRONG_ALG);
        try {
            Assert.assertNull(new HTTPJwtKeyByOpenIdConnectAuthenticator(Settings.builder().put("openid_connect_url", mockIpdServer.getDiscoverUri().toString()).build(), (Path) null).extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.NoKid.MC_COY_SIGNED_RSA_1), new HashMap()), (ThreadContext) null));
        } finally {
            try {
                mockIpdServer.close();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    @Test
    public void keyExchangeTest() throws Exception {
        MockIpdServer mockIpdServer = new MockIpdServer(TestJwk.Jwks.RSA_1);
        HTTPJwtKeyByOpenIdConnectAuthenticator hTTPJwtKeyByOpenIdConnectAuthenticator = new HTTPJwtKeyByOpenIdConnectAuthenticator(Settings.builder().put("openid_connect_url", mockIpdServer.getDiscoverUri().toString()).build(), (Path) null);
        try {
            AuthCredentials extractCredentials = hTTPJwtKeyByOpenIdConnectAuthenticator.extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.NoKid.MC_COY_SIGNED_RSA_1), new HashMap()), (ThreadContext) null);
            Assert.assertNotNull(extractCredentials);
            Assert.assertEquals(TestJwts.MCCOY_SUBJECT, extractCredentials.getUsername());
            Assert.assertEquals(TestJwts.TEST_AUDIENCE, extractCredentials.getAttributes().get("attr.jwt.aud"));
            Assert.assertEquals(0L, extractCredentials.getBackendRoles().size());
            Assert.assertEquals(3L, extractCredentials.getAttributes().size());
            Assert.assertNull(hTTPJwtKeyByOpenIdConnectAuthenticator.extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.NoKid.MC_COY_SIGNED_RSA_2), new HashMap()), (ThreadContext) null));
            Assert.assertNull(hTTPJwtKeyByOpenIdConnectAuthenticator.extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.NoKid.MC_COY_SIGNED_RSA_X), new HashMap()), (ThreadContext) null));
            AuthCredentials extractCredentials2 = hTTPJwtKeyByOpenIdConnectAuthenticator.extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.NoKid.MC_COY_SIGNED_RSA_1), new HashMap()), (ThreadContext) null);
            Assert.assertNotNull(extractCredentials2);
            Assert.assertEquals(TestJwts.MCCOY_SUBJECT, extractCredentials2.getUsername());
            Assert.assertEquals(TestJwts.TEST_AUDIENCE, extractCredentials2.getAttributes().get("attr.jwt.aud"));
            Assert.assertEquals(0L, extractCredentials2.getBackendRoles().size());
            Assert.assertEquals(3L, extractCredentials2.getAttributes().size());
            try {
                mockIpdServer.close();
            } catch (Exception e) {
                e.printStackTrace();
            }
            mockIpdServer = new MockIpdServer(TestJwk.Jwks.RSA_2);
            try {
                AuthCredentials extractCredentials3 = new HTTPJwtKeyByOpenIdConnectAuthenticator(Settings.builder().put("openid_connect_url", mockIpdServer.getDiscoverUri().toString()).build(), (Path) null).extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.NoKid.MC_COY_SIGNED_RSA_2), new HashMap()), (ThreadContext) null);
                Assert.assertNotNull(extractCredentials3);
                Assert.assertEquals(TestJwts.MCCOY_SUBJECT, extractCredentials3.getUsername());
                Assert.assertEquals(TestJwts.TEST_AUDIENCE, extractCredentials3.getAttributes().get("attr.jwt.aud"));
                Assert.assertEquals(0L, extractCredentials3.getBackendRoles().size());
                Assert.assertEquals(3L, extractCredentials3.getAttributes().size());
            } finally {
                try {
                    mockIpdServer.close();
                } catch (Exception e2) {
                    e2.printStackTrace();
                }
            }
        } finally {
        }
    }
}
