package io.gravitee.am.gateway.handler.common.jwt;

import com.fasterxml.jackson.databind.ObjectMapper;
import io.gravitee.am.common.jwt.JWT;
import io.gravitee.am.gateway.certificate.CertificateProvider;
import io.gravitee.am.gateway.handler.common.certificate.CertificateManager;
import io.gravitee.am.gateway.handler.common.jwt.JWTService;
import io.gravitee.am.gateway.handler.common.jwt.impl.JWTServiceImpl;
import io.gravitee.am.jwt.JWTBuilder;
import io.gravitee.am.model.oidc.Client;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.observers.TestObserver;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentMatchers;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.Spy;
import org.mockito.junit.MockitoJUnitRunner;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:io/gravitee/am/gateway/handler/common/jwt/JWTServiceTest.class */
public class JWTServiceTest {

    @Mock
    private CertificateManager certificateManager;

    @InjectMocks
    private JWTService jwtService = new JWTServiceImpl();

    @Spy
    private ObjectMapper objectMapper = new ObjectMapper();

    @Before
    public void setUp() {
        JWTBuilder jWTBuilder = (JWTBuilder) Mockito.mock(JWTBuilder.class);
        JWTBuilder jWTBuilder2 = (JWTBuilder) Mockito.mock(JWTBuilder.class);
        JWTBuilder jWTBuilder3 = (JWTBuilder) Mockito.mock(JWTBuilder.class);
        JWTBuilder jWTBuilder4 = (JWTBuilder) Mockito.mock(JWTBuilder.class);
        Mockito.when(jWTBuilder.sign((JWT) ArgumentMatchers.any())).thenReturn("token_rs_256");
        Mockito.when(jWTBuilder2.sign((JWT) ArgumentMatchers.any())).thenReturn("token_rs_512");
        Mockito.when(jWTBuilder3.sign((JWT) ArgumentMatchers.any())).thenReturn("token_default");
        Mockito.when(jWTBuilder4.sign((JWT) ArgumentMatchers.any())).thenReturn("not_signed_jwt");
        CertificateProvider certificateProvider = (CertificateProvider) Mockito.mock(CertificateProvider.class);
        CertificateProvider certificateProvider2 = (CertificateProvider) Mockito.mock(CertificateProvider.class);
        CertificateProvider certificateProvider3 = (CertificateProvider) Mockito.mock(CertificateProvider.class);
        CertificateProvider certificateProvider4 = (CertificateProvider) Mockito.mock(CertificateProvider.class);
        Mockito.when(certificateProvider.getJwtBuilder()).thenReturn(jWTBuilder);
        Mockito.when(certificateProvider2.getJwtBuilder()).thenReturn(jWTBuilder2);
        Mockito.when(certificateProvider3.getJwtBuilder()).thenReturn(jWTBuilder3);
        Mockito.when(certificateProvider4.getJwtBuilder()).thenReturn(jWTBuilder4);
        Mockito.when(this.certificateManager.findByAlgorithm("unknown")).thenReturn(Maybe.empty());
        Mockito.when(this.certificateManager.findByAlgorithm("RS512")).thenReturn(Maybe.just(certificateProvider2));
        Mockito.when(this.certificateManager.get((String) null)).thenReturn(Maybe.empty());
        Mockito.when(this.certificateManager.get("notExistingId")).thenReturn(Maybe.empty());
        Mockito.when(this.certificateManager.get("existingId")).thenReturn(Maybe.just(certificateProvider));
        Mockito.when(this.certificateManager.defaultCertificateProvider()).thenReturn(certificateProvider3);
        Mockito.when(this.certificateManager.noneAlgorithmCertificateProvider()).thenReturn(certificateProvider4);
    }

    @Test
    public void encode_noClientCertificate() {
        testEncode(null, "token_default");
    }

    @Test
    public void encode_noClientCertificateFound() {
        testEncode("notExistingId", "token_default");
    }

    @Test
    public void encode_clientCertificateFound() {
        testEncode("existingId", "token_rs_256");
    }

    private void testEncode(String str, String str2) {
        Client client = new Client();
        client.setCertificate(str);
        TestObserver test = this.jwtService.encode(new JWT(), client).test();
        test.assertComplete();
        test.assertValue(obj -> {
            return obj.equals(str2);
        });
    }

    @Test
    public void encodeUserinfo_withoutSignature() {
        testEncodeUserinfo(null, null, "not_signed_jwt");
    }

    @Test
    public void encodeUserinfo_noMatchingAlgorithm_noClientCertificate() {
        testEncodeUserinfo("unknown", null, "token_default");
    }

    @Test
    public void encodeUserinfo_noMatchingAlgorithm_noClientCertificateFound() {
        testEncodeUserinfo("unknown", "notExistingId", "token_default");
    }

    @Test
    public void encodeUserinfo_noMatchingAlgorithm_clientCertificateFound() {
        testEncodeUserinfo("unknown", "existingId", "token_rs_256");
    }

    @Test
    public void encodeUserinfo_matchingAlgorithm() {
        testEncodeUserinfo("RS512", null, "token_rs_512");
    }

    private void testEncodeUserinfo(String str, String str2, String str3) {
        Client client = new Client();
        client.setUserinfoSignedResponseAlg(str);
        client.setCertificate(str2);
        TestObserver test = this.jwtService.encodeUserinfo(new JWT(), client).test();
        test.assertComplete();
        test.assertValue(obj -> {
            return obj.equals(str3);
        });
    }

    @Test
    public void jwt_should_be_decoded_with_base_64_url() {
        this.jwtService.decode("eyJraWQiOiJkZWZhdWx0IiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJnaXMiOiJkZWZhdWx0LWlkcC0xYzZmMjY3Zi1kOGJhLTQwYTAtYWYyNi03ZmQ4YmE3MGEwYjE6NzhjYmU2YzUtNThlNC00MDUyLThiZTYtYzU1OGU0MzA1MmRiIiwic3ViIjoiMzE2NjdkOWMtMjYxYi0zODQ0LTk3NDAtYzFiMWZkODY4ZTVkIiwiYXVkIjoidGVzdCIsImRpc3BsYXlOYW1lIjoiQm_Dq2dlbiBNYWxlciIsImRvbWFpbiI6IjFjNmYyNjdmLWQ4YmEtNDBhMC1hZjI2LTdmZDhiYTcwYTBiMSIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA5Mi90ZXN0L29pZGMiLCJleHAiOjE3NDMwODQ0NjUsImlhdCI6MTc0MzA3NzI2NSwianRpIjoiZDg5MU5LSkdiTGhTb3ZhT0tSM1ZYQndUNzZQRmMtUmRYcmFpa3Fpa2xiWSJ9.fZzgodapXlCQPaqB2kQ-C_1aQAwZJdQL1g5j8gAfH2TTQABhUwWBpaRzag9-rytONnE97d631g5qlZfgF2bkBx8kaTpiqKJlHxG2-4LREWDs5iVao4AtGb1JoUR4G50p_vRqqviRO9Vby0E6l8XHE3faxpF-k5_BPcNKwpzJdmkkvAYInAXLAy2Av9vHCALm7FYwhmUtvy2TaRSMwu0umL6RtnGyueVsGKL5HxpvYRe02RMa6vAEsmbJMtZ602O1ThQmcbARUvPf564YslUXADxat5SOp7AqLHfYqUPNaeZjvlGVZDFndmkFTHyVbuf-syNmu69TNMRWw6jd7EREkQ", JWTService.TokenType.ACCESS_TOKEN).test().assertValue(jwt -> {
            return jwt.get("displayName").equals("Boëgen Maler");
        });
    }
}
