package net.trajano.auth.test;

import com.google.common.base.Charsets;
import com.google.common.collect.ImmutableMap;
import java.net.URI;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Signature;
import java.security.interfaces.RSAPublicKey;
import java.util.Map;
import javax.json.Json;
import javax.json.JsonObject;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.Invocation;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.MediaType;
import net.trajano.auth.GoogleAuthModule;
import net.trajano.auth.OpenIDConnectAuthModule;
import net.trajano.auth.internal.Base64;
import net.trajano.auth.internal.OAuthToken;
import net.trajano.auth.internal.OpenIDProviderConfiguration;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Matchers;
import org.mockito.Mockito;

/* loaded from: input_file:net/trajano/auth/test/AuthSequenceTest.class */
public class AuthSequenceTest {
    private final OpenIDProviderConfiguration googleOpenIdConfiguration = new OpenIDProviderConfiguration(Json.createReader(Thread.currentThread().getContextClassLoader().getResourceAsStream("META-INF/google-config.json")).readObject());
    private final Map<String, String> options = ImmutableMap.builder().put("issuer_uri", "https://accounts.google.com").put("redirection_endpoint", "/app/oauth2").put("client_id", "clientID").put("client_secret", "clientSecret").build();

    @Test
    public void testFailUnauthenticatedPost() throws Exception {
        OpenIDConnectAuthModule openIDConnectAuthModule = new OpenIDConnectAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        openIDConnectAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) null, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("POST");
        Mockito.when(httpServletRequest.getRequestURL()).thenReturn(new StringBuffer("https://i.trajano.net:8443/util/ejb2"));
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/ejb2");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn(httpServletResponse);
        Assert.assertEquals(AuthStatus.SEND_FAILURE, openIDConnectAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendError(Matchers.eq(403), Matchers.anyString());
    }

    @Test
    public void testHandleCallBack() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024);
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        JsonObject build = Json.createObjectBuilder().add("keys", Json.createArrayBuilder().add(Json.createObjectBuilder().add("kty", "RSA").add("alg", "RS256").add("use", "sig").add("kid", "1234").add("e", Base64.encodeWithoutPadding(((RSAPublicKey) genKeyPair.getPublic()).getPublicExponent().toByteArray())).add("n", Base64.encodeWithoutPadding(((RSAPublicKey) genKeyPair.getPublic()).getModulus().toByteArray())))).build();
        OpenIDConnectAuthModule openIDConnectAuthModule = new OpenIDConnectAuthModule();
        Client client = (Client) Mockito.mock(Client.class);
        openIDConnectAuthModule.setRestClient(client);
        WebTarget webTarget = (WebTarget) Mockito.mock(WebTarget.class);
        Mockito.when(client.target(URI.create("https://accounts.google.com/.well-known/openid-configuration"))).thenReturn(webTarget);
        Invocation.Builder builder = (Invocation.Builder) Mockito.mock(Invocation.Builder.class);
        Mockito.when(webTarget.request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE})).thenReturn(builder);
        Mockito.when(builder.get(OpenIDProviderConfiguration.class)).thenReturn(this.googleOpenIdConfiguration);
        WebTarget webTarget2 = (WebTarget) Mockito.mock(WebTarget.class);
        Mockito.when(client.target(this.googleOpenIdConfiguration.getTokenEndpoint())).thenReturn(webTarget2);
        Invocation.Builder builder2 = (Invocation.Builder) Mockito.mock(Invocation.Builder.class);
        Mockito.when(webTarget2.request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE})).thenReturn(builder2);
        Mockito.when(builder2.header((String) Matchers.eq("Authorization"), Matchers.anyString())).thenReturn(builder2);
        OAuthToken oAuthToken = new OAuthToken();
        byte[] bytes = "{\"kid\":\"1234\",\"alg\":\"RS256\"}".getBytes(Charsets.UTF_8);
        byte[] bytes2 = ("{\"aud\":\"clientID\",\"azp\":\"clientID\",\"exp\":" + ((System.currentTimeMillis() / 1000) + 86400) + ",\"iss\":\"accounts.google.com\",\"sub\":\"12312-2312\"}").getBytes(Charsets.UTF_8);
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(genKeyPair.getPrivate());
        signature.update((Base64.encodeWithoutPadding(bytes) + "." + Base64.encodeWithoutPadding(bytes2)).getBytes(Charsets.UTF_8));
        oAuthToken.setIdToken(Base64.encodeWithoutPadding(bytes) + "." + Base64.encodeWithoutPadding(bytes2) + "." + Base64.encodeWithoutPadding(signature.sign()));
        Mockito.when(builder2.post((Entity) Matchers.any(Entity.class), (Class) Matchers.eq(OAuthToken.class))).thenReturn(oAuthToken);
        WebTarget webTarget3 = (WebTarget) Mockito.mock(WebTarget.class);
        Mockito.when(client.target(this.googleOpenIdConfiguration.getJwksUri())).thenReturn(webTarget3);
        Invocation.Builder builder3 = (Invocation.Builder) Mockito.mock(Invocation.Builder.class);
        Mockito.when(webTarget3.request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE})).thenReturn(builder3);
        Mockito.when(builder3.get(JsonObject.class)).thenReturn(build);
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        CallbackHandler callbackHandler = (CallbackHandler) Mockito.mock(CallbackHandler.class);
        openIDConnectAuthModule.initialize(messagePolicy, (MessagePolicy) null, callbackHandler, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(httpServletRequest.getRemoteAddr()).thenReturn("8.8.8.8");
        Mockito.when(httpServletRequest.getRequestURL()).thenReturn(new StringBuffer("https://i.trajano.net:8443/app/oauth2?code=SplxlOBeZQQYbYS6WxSbIA&state=L3V0aWwvZWpiMg"));
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/app/oauth2");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/myapp");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getParameter("code")).thenReturn("SplxlOBeZQQYbYS6WxSbIA");
        Mockito.when(httpServletRequest.getParameter("state")).thenReturn("L3V0aWwvZWpiMg");
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(httpServletResponse.encodeRedirectURL(Matchers.anyString())).thenReturn("/util/ejb2");
        Mockito.when(messageInfo.getResponseMessage()).thenReturn(httpServletResponse);
        Assert.assertEquals(AuthStatus.SEND_SUCCESS, openIDConnectAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendRedirect("/util/ejb2");
        ((CallbackHandler) Mockito.verify(callbackHandler)).handle((Callback[]) Matchers.any(Callback[].class));
    }

    @Test
    public void testIsCallback1() throws Exception {
        OpenIDConnectAuthModule openIDConnectAuthModule = new OpenIDConnectAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        openIDConnectAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) null, this.options);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(httpServletRequest.getRequestURL()).thenReturn(new StringBuffer("https://i.trajano.net:8443/util/ejb2"));
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/ejb2");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Assert.assertFalse(openIDConnectAuthModule.isCallback(httpServletRequest));
    }

    @Test
    public void testIsCallback2() throws Exception {
        OpenIDConnectAuthModule openIDConnectAuthModule = new OpenIDConnectAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        openIDConnectAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) null, this.options);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(httpServletRequest.getRequestURL()).thenReturn(new StringBuffer("https://i.trajano.net:8443/app/oauth2?code=1234&state=5678"));
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/app/oauth2");
        Mockito.when(httpServletRequest.getParameter("code")).thenReturn("1234");
        Mockito.when(httpServletRequest.getParameter("state")).thenReturn("5678");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Assert.assertTrue(openIDConnectAuthModule.isCallback(httpServletRequest));
    }

    @Test
    public void testNoAuthNeededWithoutSSL() throws Exception {
        OpenIDConnectAuthModule openIDConnectAuthModule = new OpenIDConnectAuthModule();
        CallbackHandler callbackHandler = (CallbackHandler) Mockito.mock(CallbackHandler.class);
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(false);
        openIDConnectAuthModule.initialize(messagePolicy, (MessagePolicy) null, callbackHandler, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(false);
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        Assert.assertEquals(AuthStatus.SUCCESS, openIDConnectAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
        Mockito.verifyZeroInteractions(new Object[]{callbackHandler});
    }

    @Test
    public void testNoAuthNeededWithSSL() throws Exception {
        OpenIDConnectAuthModule openIDConnectAuthModule = new OpenIDConnectAuthModule();
        Client client = (Client) Mockito.mock(Client.class);
        openIDConnectAuthModule.setRestClient(client);
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(false);
        CallbackHandler callbackHandler = (CallbackHandler) Mockito.mock(CallbackHandler.class);
        openIDConnectAuthModule.initialize(messagePolicy, (MessagePolicy) null, callbackHandler, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/ejb2");
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        Assert.assertEquals(AuthStatus.SUCCESS, openIDConnectAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
        Mockito.verifyZeroInteractions(new Object[]{callbackHandler, client});
    }

    @Test
    public void testRedirectToEndpoint() throws Exception {
        OpenIDConnectAuthModule openIDConnectAuthModule = new OpenIDConnectAuthModule();
        Client client = (Client) Mockito.mock(Client.class);
        openIDConnectAuthModule.setRestClient(client);
        WebTarget webTarget = (WebTarget) Mockito.mock(WebTarget.class);
        Mockito.when(client.target(URI.create("https://accounts.google.com/.well-known/openid-configuration"))).thenReturn(webTarget);
        Invocation.Builder builder = (Invocation.Builder) Mockito.mock(Invocation.Builder.class);
        Mockito.when(webTarget.request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE})).thenReturn(builder);
        Mockito.when(builder.get(OpenIDProviderConfiguration.class)).thenReturn(this.googleOpenIdConfiguration);
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        openIDConnectAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) null, ImmutableMap.builder().put("issuer_uri", "https://accounts.google.com").put("redirection_endpoint", "/app/oauth2").put("client_id", "clientID").put("client_secret", "clientSecret").build());
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(httpServletRequest.getRequestURL()).thenReturn(new StringBuffer("https://i.trajano.net:8443/util/ejb2"));
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/ejb2");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn(httpServletResponse);
        Assert.assertEquals(AuthStatus.SEND_CONTINUE, openIDConnectAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendRedirect("https://accounts.google.com/o/oauth2/auth?client_id=clientID&response_type=code&scope=openid&redirect_uri=https://i.trajano.net:8443/app/oauth2&state=L2VqYjI");
    }

    @Test
    public void testSSLRequired() throws Exception {
        OpenIDConnectAuthModule openIDConnectAuthModule = new OpenIDConnectAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        openIDConnectAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) null, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(false);
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn(httpServletResponse);
        Assert.assertEquals(AuthStatus.SEND_FAILURE, openIDConnectAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendError(403, "SSL Required");
    }

    @Test
    public void testUseGoogle() throws Exception {
        GoogleAuthModule googleAuthModule = new GoogleAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        googleAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) null, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(false);
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn(httpServletResponse);
        Assert.assertEquals(AuthStatus.SEND_FAILURE, googleAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendError(403, "SSL Required");
    }
}
