package org.apache.james.jwt.introspection;

import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Optional;
import net.javacrumbs.jsonunit.assertj.JsonAssertions;
import org.apache.james.jwt.DefaultCheckTokenClient;
import org.assertj.core.api.Assertions;
import org.assertj.core.api.SoftAssertions;
import org.assertj.core.api.ThrowingConsumer;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockserver.integration.ClientAndServer;
import org.mockserver.model.HttpRequest;
import org.mockserver.model.HttpResponse;
import org.mockserver.verify.VerificationTimes;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/apache/james/jwt/introspection/DefaultCheckTokenClientTest.class */
public class DefaultCheckTokenClientTest {
    private static final String INTROSPECTION_TOKEN_URI_PATH = "/token/introspect";
    private ClientAndServer mockServer;

    @BeforeEach
    public void setUp() {
        this.mockServer = ClientAndServer.startClientAndServer(new Integer[]{0});
    }

    @AfterEach
    void tearDown() {
        this.mockServer.stop();
    }

    private IntrospectionEndpoint getIntrospectionTokenEndpoint() {
        try {
            return new IntrospectionEndpoint(new URL(String.format("http://127.0.0.1:%s%s", this.mockServer.getLocalPort(), INTROSPECTION_TOKEN_URI_PATH)), Optional.empty());
        } catch (MalformedURLException e) {
            throw new RuntimeException(e);
        }
    }

    private DefaultCheckTokenClient testee() {
        return new DefaultCheckTokenClient();
    }

    private void updateMockerServerSpecifications(String str, int i) {
        this.mockServer.when(HttpRequest.request().withPath(INTROSPECTION_TOKEN_URI_PATH)).respond(HttpResponse.response().withStatusCode(Integer.valueOf(i)).withHeader("Content-Type", new String[]{"application/json"}).withBody(str, StandardCharsets.UTF_8));
    }

    @Test
    void introspectShouldSuccessWhenValidRequest() {
        String str = "{    \"exp\": 1652868271,    \"nbf\": 0,    \"iat\": 1652867971,    \"jti\": \"41ee3cc3-b908-4870-bff2-34b895b9fadf\",    \"aud\": \"account\",    \"typ\": \"Bearer\",    \"acr\": \"1\",    \"scope\": \"email\",    \"active\": true}";
        updateMockerServerSpecifications("{    \"exp\": 1652868271,    \"nbf\": 0,    \"iat\": 1652867971,    \"jti\": \"41ee3cc3-b908-4870-bff2-34b895b9fadf\",    \"aud\": \"account\",    \"typ\": \"Bearer\",    \"acr\": \"1\",    \"scope\": \"email\",    \"active\": true}", 200);
        TokenIntrospectionResponse tokenIntrospectionResponse = (TokenIntrospectionResponse) Mono.from(testee().introspect(getIntrospectionTokenEndpoint(), "abc")).block();
        Assertions.assertThat(tokenIntrospectionResponse).isNotNull();
        SoftAssertions.assertSoftly(softAssertions -> {
            softAssertions.assertThat(tokenIntrospectionResponse.active()).isTrue();
            softAssertions.assertThat(tokenIntrospectionResponse.scope()).isEqualTo(Optional.of("email"));
            JsonAssertions.assertThatJson(tokenIntrospectionResponse.json().toString()).isEqualTo(str);
            softAssertions.assertThat(tokenIntrospectionResponse.exp()).isEqualTo(Optional.of(1652868271));
            softAssertions.assertThat(tokenIntrospectionResponse.nbf()).isEqualTo(Optional.of(0));
            softAssertions.assertThat(tokenIntrospectionResponse.iat()).isEqualTo(Optional.of(1652867971));
            softAssertions.assertThat(tokenIntrospectionResponse.jti()).isEqualTo(Optional.of("41ee3cc3-b908-4870-bff2-34b895b9fadf"));
            softAssertions.assertThat(tokenIntrospectionResponse.aud()).isEqualTo(Optional.of("account"));
            softAssertions.assertThat(tokenIntrospectionResponse.iss()).isEmpty();
            softAssertions.assertThat(tokenIntrospectionResponse.sub()).isEmpty();
        });
    }

    @Test
    void introspectShouldPostValidRequest() {
        updateMockerServerSpecifications("{    \"exp\": 1652868271,    \"nbf\": 0,    \"iat\": 1652867971,    \"jti\": \"41ee3cc3-b908-4870-bff2-34b895b9fadf\",    \"aud\": \"account\",    \"typ\": \"Bearer\",    \"acr\": \"1\",    \"scope\": \"email\",    \"active\": true}", 200);
        Mono.from(testee().introspect(getIntrospectionTokenEndpoint(), "abc")).block();
        this.mockServer.verify(HttpRequest.request().withPath(INTROSPECTION_TOKEN_URI_PATH).withMethod("POST").withHeader("Accept", new String[]{"application/json"}).withHeader("Content-Type", new String[]{"application/x-www-form-urlencoded"}).withBody("token=abc"), VerificationTimes.atLeast(1));
    }

    @Test
    void introspectShouldFailWhenNotAuthorized() {
        updateMockerServerSpecifications("{    \"error\": \"invalid_request\",    \"error_description\": \"Authentication failed.\"}", 401);
        Assertions.assertThatThrownBy(() -> {
            Mono.from(testee().introspect(getIntrospectionTokenEndpoint(), "abc")).block();
        }).isInstanceOf(TokenIntrospectionException.class).hasMessageContaining("Authentication failed").hasMessageContaining("401");
    }

    @Test
    void introspectShouldFailWhenCanNotDeserializeResponse() {
        updateMockerServerSpecifications("invalid", 200);
        Assertions.assertThatThrownBy(() -> {
            Mono.from(testee().introspect(getIntrospectionTokenEndpoint(), "abc")).block();
        }).isInstanceOf(TokenIntrospectionException.class).hasMessageContaining("Error when introspecting token");
    }

    @Test
    void introspectShouldFailWhenResponseMissingActiveProperty() {
        updateMockerServerSpecifications("{    \"exp\": 1652868271,    \"nbf\": 0,    \"iat\": 1652867971,    \"jti\": \"41ee3cc3-b908-4870-bff2-34b895b9fadf\",    \"aud\": \"account\",    \"typ\": \"Bearer\",    \"acr\": \"1\",    \"scope\": \"email\"}", 200);
        Assertions.assertThatThrownBy(() -> {
            Mono.from(testee().introspect(getIntrospectionTokenEndpoint(), "abc")).block();
        }).isInstanceOf(TokenIntrospectionException.class).hasMessageContaining("Error when introspecting token");
    }

    @Test
    void introspectShouldReturnUpdatedResponse() {
        updateMockerServerSpecifications("{    \"active\": true}", 200);
        DefaultCheckTokenClient testee = testee();
        Assertions.assertThat((TokenIntrospectionResponse) Mono.from(testee.introspect(getIntrospectionTokenEndpoint(), "token1bc")).block()).isNotNull().satisfies(new ThrowingConsumer[]{tokenIntrospectionResponse -> {
            Assertions.assertThat(tokenIntrospectionResponse.active()).isTrue();
        }});
        this.mockServer.reset();
        updateMockerServerSpecifications("{    \"active\": false}", 200);
        Assertions.assertThat((TokenIntrospectionResponse) Mono.from(testee.introspect(getIntrospectionTokenEndpoint(), "token1bc")).block()).isNotNull().satisfies(new ThrowingConsumer[]{tokenIntrospectionResponse2 -> {
            Assertions.assertThat(tokenIntrospectionResponse2.active()).isFalse();
        }});
    }
}
