package com.floragunn.dlic.auth.http.jwt.keybyoidc;

import com.floragunn.dlic.auth.http.jwt.keybyoidc.TestJwk;
import com.floragunn.searchguard.user.AuthCredentials;
import com.floragunn.searchguard.util.FakeRestRequest;
import com.google.common.collect.ImmutableMap;
import java.nio.file.Path;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.hamcrest.CoreMatchers;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/dlic/auth/http/jwt/keybyoidc/HTTPJwtKeyByOpenIdConnectAuthenticatorTest.class */
public class HTTPJwtKeyByOpenIdConnectAuthenticatorTest {
    protected static MockIpdServer mockIdpServer;

    @BeforeClass
    public static void setUp() throws Exception {
        mockIdpServer = MockIpdServer.start(TestJwk.Jwks.ALL);
    }

    @AfterClass
    public static void tearDown() {
        if (mockIdpServer != null) {
            try {
                mockIdpServer.close();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    @Test
    public void basicTest() {
        AuthCredentials extractCredentials = new HTTPJwtKeyByOpenIdConnectAuthenticator(Settings.builder().put("openid_connect_url", mockIdpServer.getDiscoverUri()).build(), (Path) null).extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.MC_COY_SIGNED_OCT_1), new HashMap()), (ThreadContext) null);
        Assert.assertNotNull(extractCredentials);
        Assert.assertEquals("Leonard McCoy", extractCredentials.getUsername());
        Assert.assertEquals("TestAudience", extractCredentials.getAttributes().get("attr.jwt.aud"));
        Assert.assertEquals(0L, extractCredentials.getBackendRoles().size());
        Assert.assertEquals(3L, extractCredentials.getAttributes().size());
    }

    @Test
    public void bearerTest() {
        AuthCredentials extractCredentials = new HTTPJwtKeyByOpenIdConnectAuthenticator(Settings.builder().put("openid_connect_url", mockIdpServer.getDiscoverUri()).build(), (Path) null).extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", "Bearer " + TestJwts.MC_COY_SIGNED_OCT_1), new HashMap()), (ThreadContext) null);
        Assert.assertNotNull(extractCredentials);
        Assert.assertEquals("Leonard McCoy", extractCredentials.getUsername());
        Assert.assertEquals("TestAudience", extractCredentials.getAttributes().get("attr.jwt.aud"));
        Assert.assertEquals(0L, extractCredentials.getBackendRoles().size());
        Assert.assertEquals(3L, extractCredentials.getAttributes().size());
    }

    @Test
    public void testRoles() throws Exception {
        AuthCredentials extractCredentials = new HTTPJwtKeyByOpenIdConnectAuthenticator(Settings.builder().put("openid_connect_url", mockIdpServer.getDiscoverUri()).put("roles_key", "roles").build(), (Path) null).extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.MC_COY_SIGNED_OCT_1), new HashMap()), (ThreadContext) null);
        Assert.assertNotNull(extractCredentials);
        Assert.assertEquals("Leonard McCoy", extractCredentials.getUsername());
        Assert.assertEquals(TestJwts.TEST_ROLES, extractCredentials.getBackendRoles());
    }

    @Test
    public void testRolesJsonPath() throws Exception {
        AuthCredentials extractCredentials = new HTTPJwtKeyByOpenIdConnectAuthenticator(Settings.builder().put("openid_connect_url", mockIdpServer.getDiscoverUri()).put("roles_path", "$.roles").put("subject_path", "$.sub").build(), (Path) null).extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.MC_COY_SIGNED_OCT_1), new HashMap()), (ThreadContext) null);
        Assert.assertNotNull(extractCredentials);
        Assert.assertEquals("Leonard McCoy", extractCredentials.getUsername());
        Assert.assertEquals(TestJwts.TEST_ROLES, extractCredentials.getBackendRoles());
    }

    @Test
    public void testRolesCollectionJsonPath() throws Exception {
        AuthCredentials extractCredentials = new HTTPJwtKeyByOpenIdConnectAuthenticator(Settings.builder().put("openid_connect_url", mockIdpServer.getDiscoverUri()).put("roles_path", "$.roles").put("subject_path", "$.sub").build(), (Path) null).extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.createSigned(TestJwts.create("Leonard McCoy", "TestAudience", "roles", Arrays.asList("role 1", "role 2", "role 3, role 4")), TestJwk.OCT_1)), new HashMap()), (ThreadContext) null);
        Assert.assertNotNull(extractCredentials);
        Assert.assertEquals("Leonard McCoy", extractCredentials.getUsername());
        Assert.assertThat(extractCredentials.getBackendRoles(), CoreMatchers.hasItems(new String[]{"role 1", "role 2", "role 3", "role 4"}));
    }

    @Test
    public void testInvalidSubjectJsonPath() throws Exception {
        Assert.assertNull(new HTTPJwtKeyByOpenIdConnectAuthenticator(Settings.builder().put("openid_connect_url", mockIdpServer.getDiscoverUri()).put("roles_path", "$.roles").put("subject_path", "$.subasd").build(), (Path) null).extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.MC_COY_SIGNED_OCT_1), new HashMap()), (ThreadContext) null));
    }

    @Test
    public void testInvalidRolesJsonPath() throws Exception {
        AuthCredentials extractCredentials = new HTTPJwtKeyByOpenIdConnectAuthenticator(Settings.builder().put("openid_connect_url", mockIdpServer.getDiscoverUri()).put("roles_path", "$.asdroles").put("subject_path", "$.sub").build(), (Path) null).extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.MC_COY_SIGNED_OCT_1), new HashMap()), (ThreadContext) null);
        Assert.assertNotNull(extractCredentials);
        Assert.assertEquals("Leonard McCoy", extractCredentials.getUsername());
        Assert.assertEquals(Collections.emptySet(), extractCredentials.getBackendRoles());
    }

    @Test
    public void testExp() throws Exception {
        Assert.assertNull(new HTTPJwtKeyByOpenIdConnectAuthenticator(Settings.builder().put("openid_connect_url", mockIdpServer.getDiscoverUri()).build(), (Path) null).extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.MC_COY_EXPIRED_SIGNED_OCT_1), new HashMap()), (ThreadContext) null));
    }

    @Test
    public void testRS256() throws Exception {
        AuthCredentials extractCredentials = new HTTPJwtKeyByOpenIdConnectAuthenticator(Settings.builder().put("openid_connect_url", mockIdpServer.getDiscoverUri()).build(), (Path) null).extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.MC_COY_SIGNED_RSA_1), new HashMap()), (ThreadContext) null);
        Assert.assertNotNull(extractCredentials);
        Assert.assertEquals("Leonard McCoy", extractCredentials.getUsername());
        Assert.assertEquals("TestAudience", extractCredentials.getAttributes().get("attr.jwt.aud"));
        Assert.assertEquals(0L, extractCredentials.getBackendRoles().size());
        Assert.assertEquals(3L, extractCredentials.getAttributes().size());
    }

    @Test
    public void testBadSignature() throws Exception {
        Assert.assertNull(new HTTPJwtKeyByOpenIdConnectAuthenticator(Settings.builder().put("openid_connect_url", mockIdpServer.getDiscoverUri()).build(), (Path) null).extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", TestJwts.MC_COY_SIGNED_RSA_X), new HashMap()), (ThreadContext) null));
    }

    @Test
    public void testPeculiarJsonEscaping() {
        AuthCredentials extractCredentials = new HTTPJwtKeyByOpenIdConnectAuthenticator(Settings.builder().put("openid_connect_url", mockIdpServer.getDiscoverUri()).build(), (Path) null).extractCredentials(new FakeRestRequest(ImmutableMap.of("Authorization", "eyJraWQiOiJraWRcLzEiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJMZW9uYXJkIE1jQ295IiwiYXVkIjoiVGVzdEF1ZGllbmNlIiwicm9sZXMiOiJyb2xlMSxyb2xlMiJ9.C0ntlhZtalpOYzgrzq_I4c6NxeQEmUk9Id5fVI6SXLIyscBrpS8nQ3bZrtX3qDiCYZDbp5n1OJMp3nhC7Ro2qdWjFe3FRSewKyZSowzVdQSlPetEsyLh3KdEs2ZPx3vry_y8SeCcJw_tiUOysceTMKzseL3DzF2PmoRRARLbQVI6zQvanRC8-WREraA2gTXpv_R-haOy7sf00VQhjGPMTCjqxXTfO6gzCz5-02tpGOOooQ8BcPy_At0nKjmuZgw_jODTL4TYs_T48M9tHxuY02qF3zv6iLonFz1mrb7Ff-65OUo4QVfqiOMxCOAe1JFP9o1tbtgaoiaWVznezjRK6A"), new HashMap()), (ThreadContext) null);
        Assert.assertNotNull(extractCredentials);
        Assert.assertEquals("Leonard McCoy", extractCredentials.getUsername());
        Assert.assertEquals("TestAudience", extractCredentials.getAttributes().get("attr.jwt.aud"));
        Assert.assertEquals(0L, extractCredentials.getBackendRoles().size());
        Assert.assertEquals(3L, extractCredentials.getAttributes().size());
    }
}
