package org.wso2.am.integration.tests.jwt;

import java.io.IOException;
import java.net.URL;
import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.ws.rs.core.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.staxutils.PropertiesExpandingStreamReader;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.json.JSONException;
import org.json.JSONObject;
import org.testng.Assert;
import org.testng.AssertJUnit;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Factory;
import org.testng.annotations.Test;
import org.wso2.am.integration.clients.store.api.v1.dto.APIKeyDTO;
import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO;
import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyDTO;
import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyGenerateRequestDTO;
import org.wso2.am.integration.test.utils.APIManagerIntegrationTestException;
import org.wso2.am.integration.test.utils.bean.APIRequest;
import org.wso2.am.integration.test.utils.generic.APIMTestCaseUtils;
import org.wso2.am.integration.test.utils.http.HTTPSClientUtils;
import org.wso2.am.integration.test.utils.token.TokenUtils;
import org.wso2.am.integration.tests.api.lifecycle.APIManagerLifecycleBaseTest;
import org.wso2.am.integration.tests.restapi.RESTAPITestConstants;
import org.wso2.andes.util.Strings;
import org.wso2.carbon.automation.engine.context.TestUserMode;
import org.wso2.carbon.automation.engine.context.beans.User;
import org.wso2.carbon.identity.application.common.model.xsd.Claim;
import org.wso2.carbon.identity.application.common.model.xsd.ClaimConfig;
import org.wso2.carbon.identity.application.common.model.xsd.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider;
import org.wso2.carbon.identity.application.mgt.stub.IdentityApplicationManagementServiceIdentityApplicationManagementException;
import org.wso2.carbon.identity.claim.metadata.mgt.stub.ClaimMetadataManagementServiceClaimMetadataException;
import org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceIdentityOAuthAdminException;
import org.wso2.carbon.um.ws.api.stub.ClaimValue;
import org.wso2.carbon.um.ws.api.stub.RemoteUserStoreManagerServiceUserStoreExceptionException;
import org.wso2.carbon.user.core.UserStoreException;

/* loaded from: input_file:org/wso2/am/integration/tests/jwt/JWTTestCase.class */
public class JWTTestCase extends APIManagerLifecycleBaseTest {
    private static final Log log = LogFactory.getLog(JWTTestCase.class);
    private String providerName;
    private String endpointURL;
    private String oauthApplicationId;
    private String jwtApplicationId;
    private String apiKeyApplicationId;
    private String authCodeApplicationId;
    private String apiId;
    private String api2Id;
    URL tokenEndpointURL;
    private String tokenURL;
    private String identityLoginURL;
    private final String JWT_ASSERTION_HEADER = "X-JWT-Assertion";
    private final String DEFAULT_PROFILE = "default";
    private String apiName = "JWTUserClaimAPI";
    private String apiContext = "jwtTest";
    private String apiVersion = "1.0.0";
    private String oauthApplicationName = "OauthAppForJWTTest";
    private String jwtApplicationName = "JWTAppForJWTTest";
    private String apiKeyApplicationName = "ApiKeyAppForJWTTest";
    private String authCodeApplicationName = "AuthCodeAppForJWTTest";
    private String api2Name = "ApiKeyOnlyAPI";
    private String api2Context = "apiKeyTest";
    String[] users = {"subscriberUser2", "subscriberUser2@wso2.com", "subscriberUser2@abc.com"};
    String enduserPassword = "password@123";
    private final String CALLBACK_URL = "https://localhost:9443/store/";

    @BeforeClass(alwaysRun = true)
    public void setEnvironment() throws Exception {
        super.init(this.userMode);
        this.tokenEndpointURL = new URL(this.keyManagerHTTPSURL + "oauth2/token");
        this.providerName = this.user.getUserName();
        this.endpointURL = getSuperTenantAPIInvocationURLHttp("jwt_backend", "1.0");
        this.tokenURL = getKeyManagerURLHttps() + "oauth2/token";
        this.identityLoginURL = getKeyManagerURLHttps() + "oauth2/authorize";
        this.oauthApplicationId = this.restAPIStore.createApplication(this.oauthApplicationName, "Test Application", "50PerMin", ApplicationDTO.TokenTypeEnum.OAUTH).getData();
        this.jwtApplicationId = this.restAPIStore.createApplication(this.jwtApplicationName, "JWT Application", "50PerMin", ApplicationDTO.TokenTypeEnum.JWT).getData();
        this.apiKeyApplicationId = this.restAPIStore.createApplication(this.apiKeyApplicationName, "API Key Application", "50PerMin", ApplicationDTO.TokenTypeEnum.JWT).getData();
        this.authCodeApplicationId = this.restAPIStore.createApplication(this.authCodeApplicationName, "Auth Code Application", "50PerMin", ApplicationDTO.TokenTypeEnum.JWT).getData();
        APIRequest aPIRequest = new APIRequest(this.apiName, this.apiContext, new URL(this.endpointURL));
        aPIRequest.setVersion(this.apiVersion);
        aPIRequest.setVisibility("public");
        aPIRequest.setProvider(this.providerName);
        ArrayList arrayList = new ArrayList();
        arrayList.add("oauth2");
        arrayList.add("api_key");
        aPIRequest.setSecurityScheme(arrayList);
        this.apiId = createAndPublishAPIUsingRest(aPIRequest, this.restAPIPublisher, false);
        this.restAPIStore.subscribeToAPI(this.apiId, this.oauthApplicationId, "Gold");
        this.restAPIStore.subscribeToAPI(this.apiId, this.jwtApplicationId, "Gold");
        this.restAPIStore.subscribeToAPI(this.apiId, this.apiKeyApplicationId, "Gold");
        this.restAPIStore.subscribeToAPI(this.apiId, this.authCodeApplicationId, "Gold");
        APIRequest aPIRequest2 = new APIRequest(this.api2Name, this.api2Context, new URL(this.endpointURL));
        aPIRequest2.setVersion(this.apiVersion);
        aPIRequest2.setVisibility("public");
        aPIRequest2.setProvider(this.providerName);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add("api_key");
        aPIRequest2.setSecurityScheme(arrayList2);
        this.api2Id = createAndPublishAPIUsingRest(aPIRequest2, this.restAPIPublisher, false);
        this.restAPIStore.subscribeToAPI(this.api2Id, this.apiKeyApplicationId, "Gold");
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add("client_credentials");
        arrayList3.add("password");
        arrayList3.add("authorization_code");
        this.restAPIStore.generateKeys(this.oauthApplicationId, "36000", "https://localhost:9443/store/", ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION, (ArrayList) null, arrayList3);
        this.restAPIStore.generateKeys(this.jwtApplicationId, "36000", "https://localhost:9443/store/", ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION, (ArrayList) null, arrayList3);
        this.restAPIStore.generateAPIKeys(this.apiKeyApplicationId, ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION.toString(), 36000, (String) null, (String) null);
        this.restAPIStore.generateKeys(this.authCodeApplicationId, "36000", "https://localhost:9443/store/", ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION, (ArrayList) null, arrayList3);
        createUser();
        createClaimMapping();
        waitForAPIDeploymentSync(this.user.getUserName(), aPIRequest.getName(), aPIRequest.getVersion(), "\"isApiExists\":true");
        waitForAPIDeploymentSync(this.user.getUserName(), aPIRequest2.getName(), aPIRequest2.getVersion(), "\"isApiExists\":true");
    }

    @Test(groups = {"wso2.am"}, description = "Backend JWT Token Generation for Oauth Based App")
    public void testEnableJWTAndClaimsForOauthApp() throws Exception {
        ApplicationKeyDTO applicationKeyDTO = (ApplicationKeyDTO) this.restAPIStore.getApplicationKeysByKeyType(this.oauthApplicationId, ApplicationKeyDTO.KeyTypeEnum.PRODUCTION.getValue()).getData();
        for (String str : this.users) {
            String generateUserToken = generateUserToken(applicationKeyDTO.getConsumerKey(), applicationKeyDTO.getConsumerSecret(), str, this.enduserPassword, this.user, new String[]{"default"});
            log.info("Access Token Generated in oauth ==" + generateUserToken);
            String jtiOfJwtToken = TokenUtils.getJtiOfJwtToken(generateUserToken);
            CloseableHttpClient build = HttpClientBuilder.create().build();
            HttpGet httpGet = new HttpGet(getAPIInvocationURLHttp(this.apiContext, this.apiVersion));
            httpGet.addHeader("Authorization", "Bearer " + jtiOfJwtToken);
            HttpResponse execute = build.execute(httpGet);
            Assert.assertEquals(execute.getStatusLine().getStatusCode(), Response.Status.OK.getStatusCode(), "Response code mismatched when api invocation");
            Header pickHeader = pickHeader(execute.getAllHeaders(), "X-JWT-Assertion");
            Assert.assertNotNull(pickHeader, "X-JWT-Assertion is not available in the backend request.");
            String decodedJWTHeader = APIMTestCaseUtils.getDecodedJWTHeader(pickHeader.getValue());
            Assert.assertNotNull(pickHeader, "X-JWT-Assertion is not available in the backend request.");
            String decodedJWT = APIMTestCaseUtils.getDecodedJWT(pickHeader.getValue());
            log.debug("Decoded JWTString = " + decodedJWT);
            BackendJWTUtil.verifySignature(pickHeader);
            log.debug("Decoded JWT header String = " + decodedJWTHeader);
            BackendJWTUtil.verifyJWTHeader(decodedJWTHeader);
            JSONObject jSONObject = new JSONObject(decodedJWT);
            log.info("JWT Received ==" + jSONObject.toString());
            Assert.assertTrue(Long.valueOf(System.currentTimeMillis() / 1000).longValue() <= Long.valueOf(jSONObject.getLong("exp")).longValue(), "Token expired");
            checkDefaultUserClaims(jSONObject, this.oauthApplicationName);
            verifyUserProfileInfoClaims(jSONObject, str);
            BackendJWTUtil.verifyWrongClaims(jSONObject);
        }
    }

    @Test(groups = {"wso2.am"}, description = "Backend JWT Token Generation for JWT Based App")
    public void testEnableJWTAndClaimsForJWTApp() throws Exception {
        ApplicationKeyDTO applicationKeyDTO = (ApplicationKeyDTO) this.restAPIStore.getApplicationKeysByKeyType(this.jwtApplicationId, ApplicationKeyDTO.KeyTypeEnum.PRODUCTION.getValue()).getData();
        updateServiceProviderWithRequiredClaims(applicationKeyDTO.getConsumerKey());
        for (String str : this.users) {
            String generateUserToken = generateUserToken(applicationKeyDTO.getConsumerKey(), applicationKeyDTO.getConsumerSecret(), str, this.enduserPassword, this.user, new String[]{"openid"});
            log.info("Access Token Generated in JWT ==" + generateUserToken);
            CloseableHttpClient build = HttpClientBuilder.create().build();
            HttpGet httpGet = new HttpGet(getAPIInvocationURLHttp(this.apiContext, this.apiVersion));
            httpGet.addHeader("Authorization", "Bearer " + generateUserToken);
            HttpResponse execute = build.execute(httpGet);
            Assert.assertEquals(execute.getStatusLine().getStatusCode(), Response.Status.OK.getStatusCode(), "Response code mismatched when api invocation");
            Header pickHeader = pickHeader(execute.getAllHeaders(), "X-JWT-Assertion");
            Assert.assertNotNull(pickHeader, "X-JWT-Assertion is not available in the backend request.");
            String decodedJWTHeader = APIMTestCaseUtils.getDecodedJWTHeader(pickHeader.getValue());
            Assert.assertNotNull(pickHeader, "X-JWT-Assertion is not available in the backend request.");
            String decodedJWT = APIMTestCaseUtils.getDecodedJWT(pickHeader.getValue());
            log.debug("Decoded JWTString = " + decodedJWT);
            BackendJWTUtil.verifySignature(pickHeader);
            log.debug("Decoded JWT header String = " + decodedJWTHeader);
            BackendJWTUtil.verifyJWTHeader(decodedJWTHeader);
            JSONObject jSONObject = new JSONObject(decodedJWT);
            checkDefaultUserClaims(jSONObject, this.jwtApplicationName);
            log.info("JWT Received ==" + jSONObject.toString());
            String string = jSONObject.getString("http://wso2.org/claims/givenname");
            AssertJUnit.assertTrue("JWT claim givenname  not received" + string, string.contains("first name".concat(str)));
            String string2 = jSONObject.getString("http://wso2.org/claims/lastname");
            AssertJUnit.assertTrue("JWT claim lastname  not received" + string2, string2.contains("last name".concat(str)));
            String string3 = jSONObject.getString("mobile");
            AssertJUnit.assertTrue("JWT claim mobile  not received" + string3, string3.contains("94123456987"));
            String string4 = jSONObject.getString("organization");
            AssertJUnit.assertTrue("JWT claim mobile  not received" + string4, string4.contains("ABC".concat(str)));
            BackendJWTUtil.verifyWrongClaims(jSONObject);
        }
    }

    @Test(groups = {"wso2.am"}, description = "Test invoking API that is secured only with 'API key' when back end JWT generation is enabled")
    public void testAPIKeyOnlySecuredAPIInvocation() throws Exception {
        APIKeyDTO generateAPIKeys = this.restAPIStore.generateAPIKeys(this.apiKeyApplicationId, ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION.toString(), 36000, (String) null, (String) null);
        Assert.assertNotNull(generateAPIKeys, "API Key generation failed");
        log.info("Access Token Generated in JWT ==" + generateAPIKeys.getApikey());
        CloseableHttpClient build = HttpClientBuilder.create().build();
        HttpGet httpGet = new HttpGet(getAPIInvocationURLHttp(this.api2Context, this.apiVersion));
        httpGet.addHeader("apikey", generateAPIKeys.getApikey());
        HttpResponse execute = build.execute(httpGet);
        Assert.assertEquals(execute.getStatusLine().getStatusCode(), Response.Status.OK.getStatusCode(), "Response code mismatched when api invocation");
        Assert.assertNotNull(pickHeader(execute.getAllHeaders(), "X-JWT-Assertion"), "X-JWT-Assertion is not available in the backend request.");
    }

    @Test(groups = {"wso2.am"}, description = "Backend JWT Token Generation for API Key Based App")
    public void testEnableJWTAndClaimsForAPIKeyApp() throws Exception {
        APIKeyDTO generateAPIKeys = this.restAPIStore.generateAPIKeys(this.apiKeyApplicationId, ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION.toString(), 36000, (String) null, (String) null);
        Assert.assertNotNull(generateAPIKeys, "API Key generation failed");
        log.info("Access Token Generated in JWT ==" + generateAPIKeys.getApikey());
        CloseableHttpClient build = HttpClientBuilder.create().build();
        HttpGet httpGet = new HttpGet(getAPIInvocationURLHttp(this.apiContext, this.apiVersion));
        httpGet.addHeader("apikey", generateAPIKeys.getApikey());
        HttpResponse execute = build.execute(httpGet);
        Assert.assertEquals(execute.getStatusLine().getStatusCode(), Response.Status.OK.getStatusCode(), "Response code mismatched when api invocation");
        Header pickHeader = pickHeader(execute.getAllHeaders(), "X-JWT-Assertion");
        Assert.assertNotNull(pickHeader, "X-JWT-Assertion is not available in the backend request.");
        String decodedJWTHeader = APIMTestCaseUtils.getDecodedJWTHeader(pickHeader.getValue());
        String decodedJWT = APIMTestCaseUtils.getDecodedJWT(pickHeader.getValue());
        log.debug("Decoded JWTString = " + decodedJWT);
        BackendJWTUtil.verifySignature(pickHeader);
        log.debug("Decoded JWT header String = " + decodedJWTHeader);
        BackendJWTUtil.verifyJWTHeader(decodedJWTHeader);
        JSONObject jSONObject = new JSONObject(decodedJWT);
        checkDefaultUserClaims(jSONObject, this.apiKeyApplicationName);
        log.info("JWT Received ==" + jSONObject.toString());
        String string = jSONObject.getString("http://wso2.org/claims/apiname");
        AssertJUnit.assertTrue("JWT claim API name not received " + string, string.contains(this.apiName));
        String string2 = jSONObject.getString("http://wso2.org/claims/version");
        AssertJUnit.assertTrue("JWT claim API version not received " + string2, string2.contains(this.apiVersion));
        String string3 = jSONObject.getString("http://wso2.org/claims/apicontext");
        AssertJUnit.assertTrue("JWT claim API context not received " + string3, string3.contains(this.apiContext));
        BackendJWTUtil.verifyWrongClaims(jSONObject);
    }

    @Test(groups = {"wso2.am"}, description = "Backend JWT Token Generation with Client Credentials Grant Type")
    public void testBackendJWTWithClientCredentialsGrant() throws Exception {
        ApplicationKeyDTO applicationKeyDTO = (ApplicationKeyDTO) this.restAPIStore.getApplicationKeysByKeyType(this.jwtApplicationId, ApplicationKeyDTO.KeyTypeEnum.PRODUCTION.getValue()).getData();
        String generateTokenWithClientCredentialsGrant = generateTokenWithClientCredentialsGrant(applicationKeyDTO.getConsumerKey(), applicationKeyDTO.getConsumerSecret(), new String[]{"default"});
        log.info("Access Token Generated in JWT ==" + generateTokenWithClientCredentialsGrant);
        CloseableHttpClient build = HttpClientBuilder.create().build();
        HttpGet httpGet = new HttpGet(getAPIInvocationURLHttp(this.apiContext, this.apiVersion));
        httpGet.addHeader("Authorization", "Bearer " + generateTokenWithClientCredentialsGrant);
        HttpResponse execute = build.execute(httpGet);
        Assert.assertEquals(execute.getStatusLine().getStatusCode(), Response.Status.OK.getStatusCode(), "Response code mismatched when api invocation");
        Header[] allHeaders = execute.getAllHeaders();
        Header pickHeader = pickHeader(allHeaders, "X-JWT-Assertion");
        Assert.assertNotNull(pickHeader, "X-JWT-Assertion is not available in the backend request.");
        String decodedJWTHeader = APIMTestCaseUtils.getDecodedJWTHeader(pickHeader.getValue());
        Assert.assertNotNull(pickHeader, "X-JWT-Assertion is not available in the backend request.");
        String decodedJWT = APIMTestCaseUtils.getDecodedJWT(pickHeader.getValue());
        log.debug("Decoded JWTString = " + decodedJWT);
        BackendJWTUtil.verifySignature(pickHeader);
        log.debug("Decoded JWT header String = " + decodedJWTHeader);
        BackendJWTUtil.verifyJWTHeader(decodedJWTHeader);
        checkDefaultUserClaims(new JSONObject(decodedJWT), this.jwtApplicationName);
        Header pickHeader2 = pickHeader(allHeaders, "in_activityid");
        Header pickHeader3 = pickHeader(allHeaders, "activityid");
        Assert.assertTrue(pickHeader2.getValue().equals(pickHeader3.getValue()), "activityid in request path ( " + pickHeader2 + ") does not match with the response path ( " + pickHeader3 + " ).");
    }

    @Test(groups = {"wso2.am"}, description = "Backend JWT Token Generation with Auth Code Grant Type")
    public void testBackendJWTWithAuthCodeGrant() throws Exception {
        ApplicationKeyDTO applicationKeyDTO = (ApplicationKeyDTO) this.restAPIStore.getApplicationKeysByKeyType(this.authCodeApplicationId, ApplicationKeyDTO.KeyTypeEnum.PRODUCTION.getValue()).getData();
        for (String str : this.users) {
            String generateTokenWithAuthCodeGrant = generateTokenWithAuthCodeGrant(applicationKeyDTO.getConsumerKey(), applicationKeyDTO.getConsumerSecret(), str, this.enduserPassword, this.user, new String[]{"default"});
            log.info("Access Token Generated in JWT ==" + generateTokenWithAuthCodeGrant);
            String jtiOfJwtToken = TokenUtils.getJtiOfJwtToken(generateTokenWithAuthCodeGrant);
            CloseableHttpClient build = HttpClientBuilder.create().build();
            HttpGet httpGet = new HttpGet(getAPIInvocationURLHttp(this.apiContext, this.apiVersion));
            httpGet.addHeader("Authorization", "Bearer " + jtiOfJwtToken);
            HttpResponse execute = build.execute(httpGet);
            Assert.assertEquals(execute.getStatusLine().getStatusCode(), Response.Status.OK.getStatusCode(), "Response code mismatched when api invocation");
            Header pickHeader = pickHeader(execute.getAllHeaders(), "X-JWT-Assertion");
            Assert.assertNotNull(pickHeader, "X-JWT-Assertion is not available in the backend request.");
            String decodedJWTHeader = APIMTestCaseUtils.getDecodedJWTHeader(pickHeader.getValue());
            Assert.assertNotNull(pickHeader, "X-JWT-Assertion is not available in the backend request.");
            String decodedJWT = APIMTestCaseUtils.getDecodedJWT(pickHeader.getValue());
            log.debug("Decoded JWTString = " + decodedJWT);
            BackendJWTUtil.verifySignature(pickHeader);
            log.debug("Decoded JWT header String = " + decodedJWTHeader);
            BackendJWTUtil.verifyJWTHeader(decodedJWTHeader);
            JSONObject jSONObject = new JSONObject(decodedJWT);
            checkDefaultUserClaims(jSONObject, this.authCodeApplicationName);
            log.info("JWT Received ==" + jSONObject.toString());
            verifyUserProfileInfoClaims(jSONObject, str);
            BackendJWTUtil.verifyWrongClaims(jSONObject);
        }
    }

    @AfterClass(alwaysRun = true)
    public void destroy() throws Exception {
        for (String str : this.users) {
            this.userManagementClient.deleteUser(str);
        }
        removeClaimMapping();
        this.restAPIStore.deleteApplication(this.oauthApplicationId);
        this.restAPIStore.deleteApplication(this.jwtApplicationId);
        this.restAPIStore.deleteApplication(this.apiKeyApplicationId);
        this.restAPIStore.deleteApplication(this.authCodeApplicationId);
        undeployAndDeleteAPIRevisionsUsingRest(this.apiId, this.restAPIPublisher);
        undeployAndDeleteAPIRevisionsUsingRest(this.api2Id, this.restAPIPublisher);
        this.restAPIPublisher.deleteAPI(this.apiId);
        this.restAPIPublisher.deleteAPI(this.api2Id);
        super.cleanUp();
    }

    private void checkDefaultUserClaims(JSONObject jSONObject, String str) throws JSONException {
        AssertJUnit.assertTrue("JWT assertion is invalid", jSONObject.getString("iss").contains("wso2.org/products/am"));
        String string = jSONObject.getString("http://wso2.org/claims/subscriber");
        AssertJUnit.assertTrue("JWT claim subscriber invalid. Received " + string, string.contains(this.user.getUserName()));
        String string2 = jSONObject.getString("http://wso2.org/claims/applicationname");
        AssertJUnit.assertTrue("JWT claim applicationname invalid. Received " + string2, string2.contains(str));
        String string3 = jSONObject.getString("http://wso2.org/claims/applicationtier");
        AssertJUnit.assertTrue("JWT claim applicationtier invalid. Received " + string3, string3.contains("50PerMin"));
        String string4 = jSONObject.getString("http://wso2.org/claims/keytype");
        AssertJUnit.assertTrue("JWT claim keytype invalid. Received " + string4, string4.contains("PRODUCTION"));
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public static Object[][] userModeDataProvider() {
        return new Object[]{new Object[]{TestUserMode.SUPER_TENANT_ADMIN}, new Object[]{TestUserMode.TENANT_ADMIN}};
    }

    @Factory(dataProvider = "userModeDataProvider")
    public JWTTestCase(TestUserMode testUserMode) {
        this.userMode = testUserMode;
    }

    private void createUser() throws RemoteException, RemoteUserStoreManagerServiceUserStoreExceptionException, UserStoreException {
        for (String str : this.users) {
            this.remoteUserStoreManagerServiceClient.addUser(str, this.enduserPassword, new String[0], new ClaimValue[0], "default", false);
            this.remoteUserStoreManagerServiceClient.setUserClaimValue(str, "http://wso2.org/claims/givenname", "first name".concat(str), "default");
            this.remoteUserStoreManagerServiceClient.setUserClaimValue(str, "http://wso2.org/claims/lastname", "last name".concat(str), "default");
            this.remoteUserStoreManagerServiceClient.setUserClaimValue(str, "http://wso2.org/claims/organization", "ABC".concat(str), "default");
            this.remoteUserStoreManagerServiceClient.setUserClaimValue(str, "http://wso2.org/claims/mobile", "94123456987", "default");
        }
    }

    private void createClaimMapping() throws RemoteException, ClaimMetadataManagementServiceClaimMetadataException, OAuthAdminServiceIdentityOAuthAdminException {
        this.remoteClaimMetaDataMgtAdminClient.addExternalClaim("http://wso2.org/oidc/claim", "mobile", "http://wso2.org/claims/mobile");
        this.remoteClaimMetaDataMgtAdminClient.addExternalClaim("http://wso2.org/oidc/claim", "organization", "http://wso2.org/claims/organization");
        this.oAuthAdminServiceClient.updateScope("openid", new String[]{"given_name", "family_name", "mobile", "organization"}, new String[0]);
    }

    private void updateServiceProviderWithRequiredClaims(String str) throws OAuthAdminServiceIdentityOAuthAdminException, RemoteException, IdentityApplicationManagementServiceIdentityApplicationManagementException {
        ServiceProvider application = this.applicationManagementClient.getApplication(this.oAuthAdminServiceClient.getOAuthApplicationData(str).getApplicationName());
        ClaimConfig claimConfig = new ClaimConfig();
        for (String str2 : new String[]{"http://wso2.org/claims/givenname", "http://wso2.org/claims/lastname", "http://wso2.org/claims/organization", "http://wso2.org/claims/mobile"}) {
            ClaimMapping claimMapping = new ClaimMapping();
            Claim claim = new Claim();
            claim.setClaimUri(str2);
            claimMapping.setLocalClaim(claim);
            claimMapping.setRemoteClaim(claim);
            claimMapping.setRequested(true);
            claimMapping.setMandatory(true);
            claimConfig.addClaimMappings(claimMapping);
        }
        application.setClaimConfig(claimConfig);
        this.applicationManagementClient.updateApplication(application);
    }

    private void removeClaimMapping() throws RemoteException, ClaimMetadataManagementServiceClaimMetadataException, OAuthAdminServiceIdentityOAuthAdminException {
        this.oAuthAdminServiceClient.updateScope("openid", new String[0], new String[]{"given_name", "family_name", "mobile", "organization"});
        this.remoteClaimMetaDataMgtAdminClient.removeExternalClaim("http://wso2.org/oidc/claim", "http://wso2.org/oidc/claim/mobile");
        this.remoteClaimMetaDataMgtAdminClient.removeExternalClaim("http://wso2.org/oidc/claim", "http://wso2.org/oidc/claim/organization");
    }

    private String generateUserToken(String str, String str2, String str3, String str4, User user, String[] strArr) throws APIManagerIntegrationTestException, JSONException {
        return new JSONObject(this.restAPIStore.generateUserAccessKey(str, str2, "grant_type=password&username=" + str3.concat(PropertiesExpandingStreamReader.DELIMITER).concat(user.getUserDomain()) + "&password=" + str4 + "&scope=" + Strings.join(" ", strArr), this.tokenEndpointURL).getData()).getString(RESTAPITestConstants.ACCESS_TOKEN_TEXT);
    }

    private String generateTokenWithClientCredentialsGrant(String str, String str2, String[] strArr) throws APIManagerIntegrationTestException, JSONException {
        return new JSONObject(this.restAPIStore.generateUserAccessKey(str, str2, "grant_type=client_credentials&scope=" + Strings.join(" ", strArr), this.tokenEndpointURL).getData()).getString(RESTAPITestConstants.ACCESS_TOKEN_TEXT);
    }

    private String generateTokenWithAuthCodeGrant(String str, String str2, String str3, String str4, User user, String[] strArr) throws JSONException, IOException {
        String concat = str3.concat(PropertiesExpandingStreamReader.DELIMITER).concat(user.getUserDomain());
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        hashMap.put("Content-Type", "application/x-www-form-urlencoded");
        org.wso2.carbon.automation.test.utils.http.client.HttpResponse doGet = HTTPSClientUtils.doGet(this.identityLoginURL + "?response_type=code&client_id=" + str + "&scope=" + Strings.join(" ", strArr) + "&redirect_uri=https://localhost:9443/store/", hashMap);
        Assert.assertEquals(doGet.getResponseCode(), 302, "Response code is not as expected");
        String str5 = (String) doGet.getHeaders().get("Location");
        Assert.assertNotNull(str5, "Couldn't found Location Header");
        String str6 = (String) doGet.getHeaders().get("Set-Cookie");
        Assert.assertNotNull(str6, "Couldn't find the sessionNonceCookie Header");
        String uRLParameter = getURLParameter(str5, "sessionDataKey");
        Assert.assertNotNull(uRLParameter, "Couldn't found sessionDataKey from the Location Header");
        hashMap.clear();
        hashMap.put("Content-Type", "application/x-www-form-urlencoded");
        hashMap.put("Cookie", str6);
        arrayList.add(new BasicNameValuePair("username", concat));
        arrayList.add(new BasicNameValuePair("password", str4));
        arrayList.add(new BasicNameValuePair("tocommonauth", "true"));
        arrayList.add(new BasicNameValuePair("sessionDataKey", uRLParameter));
        org.wso2.carbon.automation.test.utils.http.client.HttpResponse doPost = HTTPSClientUtils.doPost(this.identityLoginURL, hashMap, arrayList);
        Assert.assertEquals(doPost.getResponseCode(), 302, "Response code is not as expected");
        String str7 = (String) doPost.getHeaders().get("Location");
        Assert.assertNotNull(str7, "Couldn't found Location Header");
        String uRLParameter2 = getURLParameter(str7, "sessionDataKeyConsent");
        Assert.assertNotNull(uRLParameter, "Couldn't found sessionDataKeyConsent from the Location Header");
        hashMap.clear();
        arrayList.clear();
        hashMap.put("Content-Type", "application/x-www-form-urlencoded");
        hashMap.put("Cookie", str6);
        arrayList.add(new BasicNameValuePair("consent", "approve"));
        arrayList.add(new BasicNameValuePair("hasApprovedAlways", "false"));
        arrayList.add(new BasicNameValuePair("sessionDataKeyConsent", uRLParameter2));
        org.wso2.carbon.automation.test.utils.http.client.HttpResponse doPost2 = HTTPSClientUtils.doPost(this.identityLoginURL, hashMap, arrayList);
        Assert.assertEquals(doPost2.getResponseCode(), 302, "Response code is not as expected");
        String str8 = (String) doPost2.getHeaders().get("Location");
        Assert.assertNotNull(str8, "Couldn't found Location Header");
        String uRLParameter3 = getURLParameter(str8, "code");
        Assert.assertNotNull(uRLParameter3, "Couldn't found auth code from the Location Header");
        hashMap.clear();
        arrayList.clear();
        arrayList.add(new BasicNameValuePair("grant_type", "authorization_code"));
        arrayList.add(new BasicNameValuePair("code", uRLParameter3));
        arrayList.add(new BasicNameValuePair("redirect_uri", "https://localhost:9443/store/"));
        arrayList.add(new BasicNameValuePair("client_secret", str2));
        arrayList.add(new BasicNameValuePair("client_id", str));
        org.wso2.carbon.automation.test.utils.http.client.HttpResponse doPost3 = HTTPSClientUtils.doPost(this.tokenURL, hashMap, arrayList);
        Assert.assertEquals(doPost3.getResponseCode(), 200, "Response code is not as expected");
        String string = new JSONObject(doPost3.getData()).getString(RESTAPITestConstants.ACCESS_TOKEN_TEXT);
        Assert.assertNotNull(string, "Couldn't found accessToken");
        return string;
    }

    private String getURLParameter(String str, String str2) {
        try {
            Matcher matcher = Pattern.compile(str2 + "=([^&]+)").matcher(str);
            if (matcher.find()) {
                return matcher.group(1);
            }
            return null;
        } catch (PatternSyntaxException e) {
            return null;
        }
    }

    private void verifyUserProfileInfoClaims(JSONObject jSONObject, String str) throws JSONException {
        String string = jSONObject.getString("http://wso2.org/claims/givenname");
        AssertJUnit.assertTrue("JWT claim givenname  not received" + string, string.contains("first name".concat(str)));
        String string2 = jSONObject.getString("http://wso2.org/claims/lastname");
        AssertJUnit.assertTrue("JWT claim lastname  not received" + string2, string2.contains("last name".concat(str)));
        String string3 = jSONObject.getString("http://wso2.org/claims/mobile");
        AssertJUnit.assertTrue("JWT claim mobile  not received" + string3, string3.contains("94123456987"));
        String string4 = jSONObject.getString("http://wso2.org/claims/organization");
        AssertJUnit.assertTrue("JWT claim mobile  not received" + string4, string4.contains("ABC".concat(str)));
    }
}
