package io.gravitee.am.gateway.handler.common.vertx.web.auth.handler.impl;

import io.gravitee.am.common.jwt.JWT;
import io.gravitee.am.gateway.handler.common.jwt.SubjectManager;
import io.gravitee.am.gateway.handler.common.vertx.RxWebTestBase;
import io.gravitee.am.gateway.handler.common.vertx.web.auth.handler.OAuth2AuthResponse;
import io.gravitee.am.gateway.handler.common.vertx.web.auth.provider.OAuth2AuthProvider;
import io.gravitee.am.gateway.handler.common.vertx.web.handler.ErrorHandler;
import io.gravitee.am.model.oidc.Client;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.http.HttpMethod;
import io.vertx.rxjava3.core.http.HttpClientRequest;
import java.util.Map;
import java.util.function.Consumer;
import org.assertj.core.api.AssertionsForClassTypes;
import org.assertj.core.api.AssertionsForInterfaceTypes;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:io/gravitee/am/gateway/handler/common/vertx/web/auth/handler/impl/OAuth2AuthHandlerImplTest.class */
public class OAuth2AuthHandlerImplTest extends RxWebTestBase {
    private static final String TEST_SUB = "test-sub";
    private OAuth2AuthHandlerImpl handler;
    private OAuth2AuthProvider provider;

    @Override // io.gravitee.am.gateway.handler.common.vertx.RxWebTestBase, io.gravitee.am.gateway.handler.common.vertx.RxVertxTestBase
    public void setUp() throws Exception {
        super.setUp();
        this.provider = (OAuth2AuthProvider) Mockito.mock(new OAuth2AuthProvider[0]);
        this.handler = new OAuth2AuthHandlerImpl(this.provider, (SubjectManager) Mockito.mock(new SubjectManager[0]));
        this.router.route("/test").handler(this.handler).handler(checkContextAssertions()).handler(routingContext -> {
            routingContext.response().setStatusCode(200).setStatusMessage("OK").end();
        }).failureHandler(new ErrorHandler());
    }

    @Test
    public void noToken_unauthorized() throws Exception {
        testRequest(HttpMethod.GET, "/test", 401, "Unauthorized");
    }

    @Test
    public void malformedAuthorization_badRequest() throws Exception {
        testRequest(HttpMethod.GET, "/test", withAuthorization("this-wont-work"), 400, "Bad Request", null);
    }

    @Test
    public void notBearer_unauthorized() throws Exception {
        testRequest(HttpMethod.GET, "/test", withAuthorization("NotBearer eyrajwtsomething=="), 401, "Unauthorized", null);
    }

    @Test
    public void validToken_basic() throws Exception {
        this.handler.extractRawToken(true);
        givenTokenDecodesTo(Map.of("sub", TEST_SUB));
        testRequest(HttpMethod.GET, "/test", withAuthorization("Bearer eyrajwtsomething=="), 200, "OK", null);
    }

    @Test
    public void validToken_shouldExtractDataToContext() throws Exception {
        this.handler.extractToken(true);
        this.handler.extractClient(true);
        Map<String, ?> of = Map.of("sub", TEST_SUB);
        givenTokenDecodesTo(of);
        assertAfterRequest(routingContext -> {
            AssertionsForInterfaceTypes.assertThat((Map) routingContext.get("token")).containsExactlyInAnyOrderEntriesOf(of);
        }, routingContext2 -> {
            AssertionsForClassTypes.assertThat(routingContext2.get("client")).isNotNull();
        });
        testRequest(HttpMethod.GET, "/test", withAuthorization("Bearer pretend-its-a-token"), 200, "OK", null);
    }

    @Test
    public void forceEndUserToken_notEndUserToken_unauthorized() throws Exception {
        this.handler.forceEndUserToken(true);
        givenTokenDecodesTo(Map.of("sub", "test", "aud", "test"));
        testRequest(HttpMethod.GET, "/test", withAuthorization("Bearer pretend-its-a-token"), 401, "Unauthorized", null);
    }

    @Test
    public void forceClientToken_notClientToken_unauthorized() throws Exception {
        this.handler.forceClientToken(true);
        givenTokenDecodesTo(Map.of("sub", "sub", "aud", "aud"));
        testRequest(HttpMethod.GET, "/test", withAuthorization("Bearer pretend-its-a-token"), 401, "Unauthorized", null);
    }

    private void givenTokenDecodesTo(Map<String, ?> map) {
        ((OAuth2AuthProvider) Mockito.doAnswer(invocationOnMock -> {
            ((Handler) invocationOnMock.getArguments()[2]).handle(Future.succeededFuture(new OAuth2AuthResponse(new JWT(map), new Client())));
            return null;
        }).when(this.provider)).decodeToken((String) ArgumentMatchers.any(), ArgumentMatchers.anyBoolean(), (Handler) ArgumentMatchers.any());
    }

    private Consumer<HttpClientRequest> withAuthorization(String str) {
        return httpClientRequest -> {
            httpClientRequest.putHeader(HttpHeaders.AUTHORIZATION, str);
        };
    }
}
