package io.gravitee.am.gateway.handler.common.oauth2.impl;

import io.gravitee.am.common.exception.jwt.JWTException;
import io.gravitee.am.common.exception.oauth2.InvalidTokenException;
import io.gravitee.am.common.jwt.JWT;
import io.gravitee.am.gateway.handler.common.client.ClientSyncService;
import io.gravitee.am.gateway.handler.common.jwt.JWTService;
import io.gravitee.am.gateway.handler.common.oauth2.IntrospectionTokenService;
import io.gravitee.am.model.oidc.Client;
import io.gravitee.am.repository.oauth2.api.AccessTokenRepository;
import io.gravitee.am.repository.oauth2.model.AccessToken;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.core.Single;
import io.reactivex.rxjava3.observers.TestObserver;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Date;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:io/gravitee/am/gateway/handler/common/oauth2/impl/IntrospectionAccessTokenServiceTest.class */
public class IntrospectionAccessTokenServiceTest {

    @Mock
    private JWTService jwtService;

    @Mock
    private ClientSyncService clientService;

    @Mock
    private AccessTokenRepository accessTokenRepository;
    private IntrospectionTokenService introspectionTokenService;

    @Before
    public void setUp() throws Exception {
        this.introspectionTokenService = new IntrospectionAccessTokenService(this.jwtService, this.clientService, this.accessTokenRepository);
    }

    @Test
    public void shouldIntrospect_validToken_offline_verification() {
        JWT jwt = new JWT();
        jwt.setJti("jti");
        jwt.setDomain("domain");
        jwt.setAud("client");
        Client client = new Client();
        client.setClientId("client-id");
        Mockito.when(this.jwtService.decode("token", JWTService.TokenType.ACCESS_TOKEN)).thenReturn(Single.just(jwt));
        Mockito.when(this.clientService.findByDomainAndClientId(jwt.getDomain(), jwt.getAud())).thenReturn(Maybe.just(client));
        Mockito.when(this.jwtService.decodeAndVerify("token", client, JWTService.TokenType.ACCESS_TOKEN)).thenReturn(Single.just(jwt));
        TestObserver test = this.introspectionTokenService.introspect("token", true).test();
        test.assertComplete();
        test.assertNoErrors();
        ((AccessTokenRepository) Mockito.verify(this.accessTokenRepository, Mockito.never())).findByToken(jwt.getJti());
    }

    @Test
    public void shouldIntrospect_validToken_online_verification() {
        JWT jwt = new JWT();
        jwt.setJti("jti");
        jwt.setDomain("domain");
        jwt.setAud("client");
        jwt.setIat(Instant.now().minus(1L, (TemporalUnit) ChronoUnit.DAYS).getEpochSecond());
        Client client = new Client();
        client.setClientId("client-id");
        AccessToken accessToken = new AccessToken();
        accessToken.setExpireAt(new Date(Instant.now().plus(1L, (TemporalUnit) ChronoUnit.DAYS).toEpochMilli()));
        Mockito.when(this.jwtService.decode("token", JWTService.TokenType.ACCESS_TOKEN)).thenReturn(Single.just(jwt));
        Mockito.when(this.clientService.findByDomainAndClientId(jwt.getDomain(), jwt.getAud())).thenReturn(Maybe.just(client));
        Mockito.when(this.jwtService.decodeAndVerify("token", client, JWTService.TokenType.ACCESS_TOKEN)).thenReturn(Single.just(jwt));
        Mockito.when(this.accessTokenRepository.findByToken(jwt.getJti())).thenReturn(Maybe.just(accessToken));
        TestObserver test = this.introspectionTokenService.introspect("token", false).test();
        test.assertComplete();
        test.assertNoErrors();
        ((AccessTokenRepository) Mockito.verify(this.accessTokenRepository, Mockito.times(1))).findByToken(jwt.getJti());
    }

    @Test
    public void shouldIntrospect_validToken_offline_verification_timer() {
        JWT jwt = new JWT();
        jwt.setJti("jti");
        jwt.setDomain("domain");
        jwt.setAud("client");
        jwt.setIat(Instant.now().getEpochSecond());
        Client client = new Client();
        client.setClientId("client-id");
        Mockito.when(this.jwtService.decode("token", JWTService.TokenType.ACCESS_TOKEN)).thenReturn(Single.just(jwt));
        Mockito.when(this.clientService.findByDomainAndClientId(jwt.getDomain(), jwt.getAud())).thenReturn(Maybe.just(client));
        Mockito.when(this.jwtService.decodeAndVerify("token", client, JWTService.TokenType.ACCESS_TOKEN)).thenReturn(Single.just(jwt));
        TestObserver test = this.introspectionTokenService.introspect("token", false).test();
        test.assertComplete();
        test.assertNoErrors();
        ((AccessTokenRepository) Mockito.verify(this.accessTokenRepository, Mockito.never())).findByToken(jwt.getJti());
    }

    @Test
    public void shouldIntrospect_invalidValidToken_jwt_exception() {
        JWT jwt = new JWT();
        jwt.setJti("jti");
        jwt.setDomain("domain");
        jwt.setAud("client");
        jwt.setIat(Instant.now().getEpochSecond());
        Client client = new Client();
        client.setClientId("client-id");
        Mockito.when(this.jwtService.decode("token", JWTService.TokenType.ACCESS_TOKEN)).thenReturn(Single.just(jwt));
        Mockito.when(this.clientService.findByDomainAndClientId(jwt.getDomain(), jwt.getAud())).thenReturn(Maybe.just(client));
        Mockito.when(this.jwtService.decodeAndVerify("token", client, JWTService.TokenType.ACCESS_TOKEN)).thenReturn(Single.error(new JWTException("invalid token")));
        this.introspectionTokenService.introspect("token", false).test().assertError(InvalidTokenException.class);
        ((AccessTokenRepository) Mockito.verify(this.accessTokenRepository, Mockito.never())).findByToken(jwt.getJti());
    }

    @Test
    public void shouldIntrospect_invalidValidToken_token_revoked() {
        JWT jwt = new JWT();
        jwt.setJti("jti");
        jwt.setDomain("domain");
        jwt.setAud("client");
        jwt.setIat(Instant.now().minus(1L, (TemporalUnit) ChronoUnit.DAYS).getEpochSecond());
        Client client = new Client();
        client.setClientId("client-id");
        Mockito.when(this.jwtService.decode("token", JWTService.TokenType.ACCESS_TOKEN)).thenReturn(Single.just(jwt));
        Mockito.when(this.clientService.findByDomainAndClientId(jwt.getDomain(), jwt.getAud())).thenReturn(Maybe.just(client));
        Mockito.when(this.jwtService.decodeAndVerify("token", client, JWTService.TokenType.ACCESS_TOKEN)).thenReturn(Single.just(jwt));
        Mockito.when(this.accessTokenRepository.findByToken(jwt.getJti())).thenReturn(Maybe.empty());
        this.introspectionTokenService.introspect("token", false).test().assertError(InvalidTokenException.class);
        ((AccessTokenRepository) Mockito.verify(this.accessTokenRepository, Mockito.times(1))).findByToken(jwt.getJti());
    }

    @Test
    public void shouldIntrospect_invalidValidToken_token_expired() {
        JWT jwt = new JWT();
        jwt.setJti("jti");
        jwt.setDomain("domain");
        jwt.setAud("client");
        jwt.setIat(Instant.now().minus(1L, (TemporalUnit) ChronoUnit.DAYS).getEpochSecond());
        Client client = new Client();
        client.setClientId("client-id");
        AccessToken accessToken = new AccessToken();
        accessToken.setExpireAt(new Date(Instant.now().minus(1L, (TemporalUnit) ChronoUnit.DAYS).toEpochMilli()));
        Mockito.when(this.jwtService.decode("token", JWTService.TokenType.ACCESS_TOKEN)).thenReturn(Single.just(jwt));
        Mockito.when(this.clientService.findByDomainAndClientId(jwt.getDomain(), jwt.getAud())).thenReturn(Maybe.just(client));
        Mockito.when(this.jwtService.decodeAndVerify("token", client, JWTService.TokenType.ACCESS_TOKEN)).thenReturn(Single.just(jwt));
        Mockito.when(this.accessTokenRepository.findByToken(jwt.getJti())).thenReturn(Maybe.just(accessToken));
        this.introspectionTokenService.introspect("token", false).test().assertError(InvalidTokenException.class);
        ((AccessTokenRepository) Mockito.verify(this.accessTokenRepository, Mockito.times(1))).findByToken(jwt.getJti());
    }
}
