package no.nav.brukerdialog.security.jwks;

import com.github.tomakehurst.wiremock.client.WireMock;
import com.github.tomakehurst.wiremock.junit.WireMockRule;
import java.util.UUID;
import org.assertj.core.api.Assertions;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jwk.RsaJwkGenerator;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;

/* loaded from: input_file:no/nav/brukerdialog/security/jwks/JsonWebKeyCacheTest.class */
public class JsonWebKeyCacheTest {
    private static final String KID = "kid";
    private static final String ALGORITHM = "RS256";
    private JwtHeader jwtHeader = new JwtHeader(KID, ALGORITHM);

    @Rule
    public WireMockRule wireMockRule = new WireMockRule(0);

    @Before
    public void setup() {
        JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(new JsonWebKey[0]);
        RsaJsonWebKey generateJwk = RsaJwkGenerator.generateJwk(2048);
        generateJwk.setKeyId(KID);
        generateJwk.setUse("sig");
        generateJwk.setAlgorithm(ALGORITHM);
        jsonWebKeySet.addJsonWebKey(generateJwk);
        WireMock.givenThat(WireMock.get(WireMock.urlEqualTo("/")).willReturn(WireMock.aResponse().withStatus(200).withBody(jsonWebKeySet.toJson())));
    }

    @Test
    public void getVerificationKey__refresh__return_matching_key() {
        JsonWebKeyCache buildCache = buildCache();
        Assertions.assertThat(buildCache.getVerificationKey(this.jwtHeader, CacheMissAction.REFRESH)).isNotNull();
        Assertions.assertThat(buildCache.getVerificationKey(this.jwtHeader, CacheMissAction.NO_REFRESH)).isNotNull();
        Assertions.assertThat(buildCache.getVerificationKey(this.jwtHeader, CacheMissAction.NO_REFRESH)).isNotNull();
        Assertions.assertThat(buildCache.getVerificationKey(this.jwtHeader, CacheMissAction.REFRESH)).isNotNull();
        Assertions.assertThat(buildCache.getVerificationKey(this.jwtHeader, CacheMissAction.REFRESH)).isNotNull();
        WireMock.verify(1, WireMock.getRequestedFor(WireMock.urlEqualTo("/")));
    }

    @Test
    public void getVerificationKey__no_refresh__no_matching_key_available() {
        Assertions.assertThat(buildCache().getVerificationKey(this.jwtHeader, CacheMissAction.NO_REFRESH)).isEmpty();
        WireMock.verify(0, WireMock.getRequestedFor(WireMock.urlEqualTo("/")));
    }

    @Test
    public void getVerificationKey__key_mismatch__refresh_cache_if_requested() {
        JsonWebKeyCache buildCache = buildCache();
        Assertions.assertThat(buildCache.getVerificationKey(new JwtHeader(UUID.randomUUID().toString(), ALGORITHM), CacheMissAction.NO_REFRESH)).isEmpty();
        Assertions.assertThat(buildCache.getVerificationKey(new JwtHeader(UUID.randomUUID().toString(), ALGORITHM), CacheMissAction.NO_REFRESH)).isEmpty();
        Assertions.assertThat(buildCache.getVerificationKey(new JwtHeader(UUID.randomUUID().toString(), ALGORITHM), CacheMissAction.REFRESH)).isEmpty();
        Assertions.assertThat(buildCache.getVerificationKey(new JwtHeader(UUID.randomUUID().toString(), ALGORITHM), CacheMissAction.REFRESH)).isEmpty();
        Assertions.assertThat(buildCache.getVerificationKey(new JwtHeader(UUID.randomUUID().toString(), ALGORITHM), CacheMissAction.REFRESH)).isEmpty();
        WireMock.verify(3, WireMock.getRequestedFor(WireMock.urlEqualTo("/")));
    }

    @Test
    public void getVerificationKey__jwks_not_available__no_key_available() {
        Assertions.assertThat(new JsonWebKeyCache("http://localhost:12345", false).getVerificationKey(this.jwtHeader, CacheMissAction.REFRESH)).isEmpty();
    }

    @Test(timeout = 20000)
    public void getVerificationKey__jwks_endpoint_slow__timeout_and_no_key_available() {
        WireMock.givenThat(WireMock.get(WireMock.urlEqualTo("/")).willReturn(WireMock.aResponse().withStatus(200).withFixedDelay(40000)));
        Assertions.assertThat(buildCache().getVerificationKey(this.jwtHeader, CacheMissAction.REFRESH)).isEmpty();
    }

    private JsonWebKeyCache buildCache() {
        return new JsonWebKeyCache("http://localhost:" + this.wireMockRule.port(), false);
    }
}
