package com.amazonaws.serverless.proxy.internal.jaxrs;

import com.amazonaws.serverless.proxy.internal.jaxrs.AwsProxySecurityContext;
import com.amazonaws.serverless.proxy.internal.testutils.AwsProxyRequestBuilder;
import com.amazonaws.serverless.proxy.model.AwsProxyRequest;
import com.amazonaws.services.lambda.runtime.Context;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:com/amazonaws/serverless/proxy/internal/jaxrs/AwsProxySecurityContextTest.class */
public class AwsProxySecurityContextTest {
    private static final AwsProxyRequest REQUEST_NO_AUTH = new AwsProxyRequestBuilder("/hello", "GET").build();
    private static final AwsProxyRequest ALB_REQUEST_NO_AUTH = new AwsProxyRequestBuilder("/hello", "GET").alb().build();
    private static final String COGNITO_IDENTITY_ID = "us-east-2:123123123123";
    private static final String CLAIM_KEY = "custom:claim";
    private static final String CLAIM_VALUE = "customClaimant";
    private static final AwsProxyRequest REQUEST_COGNITO_USER_POOL = new AwsProxyRequestBuilder("/hello", "GET").cognitoUserPool(COGNITO_IDENTITY_ID).claim(CLAIM_KEY, CLAIM_VALUE).build();
    private static final AwsProxyRequest ALB_REQUEST_COGNITO_USER_POOL = new AwsProxyRequestBuilder("/hello", "GET").alb().header("x-amzn-oidc-accesstoken", "xxxxx").header("x-amzn-oidc-identity", COGNITO_IDENTITY_ID).build();

    @Test
    void localVars_constructor_nullValues() {
        AwsProxySecurityContext awsProxySecurityContext = new AwsProxySecurityContext((Context) null, (AwsProxyRequest) null);
        Assertions.assertNull(awsProxySecurityContext.getEvent());
        Assertions.assertNull(awsProxySecurityContext.getLambdaContext());
    }

    @Test
    void localVars_constructor_ValidRequest() {
        AwsProxySecurityContext awsProxySecurityContext = new AwsProxySecurityContext((Context) null, REQUEST_NO_AUTH);
        Assertions.assertEquals(REQUEST_NO_AUTH, awsProxySecurityContext.getEvent());
        Assertions.assertNull(awsProxySecurityContext.getLambdaContext());
    }

    @Test
    void alb_noAuth_expectEmptyScheme() {
        AwsProxySecurityContext awsProxySecurityContext = new AwsProxySecurityContext((Context) null, ALB_REQUEST_NO_AUTH);
        Assertions.assertEquals(ALB_REQUEST_NO_AUTH, awsProxySecurityContext.getEvent());
        Assertions.assertNull(awsProxySecurityContext.getLambdaContext());
        Assertions.assertFalse(awsProxySecurityContext.isSecure());
        Assertions.assertNull(awsProxySecurityContext.getAuthenticationScheme());
    }

    @Test
    void authScheme_getAuthenticationScheme_userPool() {
        AwsProxySecurityContext awsProxySecurityContext = new AwsProxySecurityContext((Context) null, REQUEST_COGNITO_USER_POOL);
        Assertions.assertNotNull(awsProxySecurityContext.getAuthenticationScheme());
        Assertions.assertEquals("COGNITO_USER_POOL", awsProxySecurityContext.getAuthenticationScheme());
    }

    @Test
    void authScheme_getPrincipal_userPool() {
        AwsProxySecurityContext awsProxySecurityContext = new AwsProxySecurityContext((Context) null, REQUEST_COGNITO_USER_POOL);
        Assertions.assertEquals("COGNITO_USER_POOL", awsProxySecurityContext.getAuthenticationScheme());
        Assertions.assertEquals(COGNITO_IDENTITY_ID, awsProxySecurityContext.getUserPrincipal().getName());
    }

    @Test
    void alb_cognitoAuth_expectCustomSchemeAndCorrectPrincipal() {
        AwsProxySecurityContext awsProxySecurityContext = new AwsProxySecurityContext((Context) null, ALB_REQUEST_COGNITO_USER_POOL);
        Assertions.assertTrue(awsProxySecurityContext.isSecure());
        Assertions.assertEquals("CUSTOM_AUTHORIZER", awsProxySecurityContext.getAuthenticationScheme());
        Assertions.assertEquals(COGNITO_IDENTITY_ID, awsProxySecurityContext.getUserPrincipal().getName());
    }

    @Test
    void userPool_getClaims_retrieveCustomClaim() {
        AwsProxySecurityContext.CognitoUserPoolPrincipal userPrincipal = new AwsProxySecurityContext((Context) null, REQUEST_COGNITO_USER_POOL).getUserPrincipal();
        Assertions.assertNotNull(userPrincipal.getName());
        Assertions.assertEquals(COGNITO_IDENTITY_ID, userPrincipal.getName());
        Assertions.assertTrue(userPrincipal instanceof AwsProxySecurityContext.CognitoUserPoolPrincipal);
        Assertions.assertNotNull(userPrincipal.getClaims().getClaim(CLAIM_KEY));
        Assertions.assertEquals(CLAIM_VALUE, userPrincipal.getClaims().getClaim(CLAIM_KEY));
    }
}
