package org.wso2.am.integration.tests.jwt.idp;

import java.io.File;
import java.net.URL;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.UUID;
import javax.ws.rs.core.Response;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.json.JSONException;
import org.json.JSONObject;
import org.testng.Assert;
import org.testng.AssertJUnit;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Factory;
import org.testng.annotations.Test;
import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO;
import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyDTO;
import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyGenerateRequestDTO;
import org.wso2.am.integration.test.utils.bean.APIRequest;
import org.wso2.am.integration.test.utils.generic.APIMTestCaseUtils;
import org.wso2.am.integration.tests.api.lifecycle.APIManagerLifecycleBaseTest;
import org.wso2.am.integration.tests.restapi.RESTAPITestConstants;
import org.wso2.carbon.automation.engine.context.TestUserMode;

/* loaded from: input_file:org/wso2/am/integration/tests/jwt/idp/ExternalIDPJWTTestCase.class */
public class ExternalIDPJWTTestCase extends APIManagerLifecycleBaseTest {
    private static final Log log = LogFactory.getLog(ExternalIDPJWTTestCase.class);
    private String providerName;
    private String endpointURL;
    private String jwtApplicationId;
    private String apiId;
    URL tokenEndpointURL;
    private String apiName = "ExternalJWTTest";
    private String apiContext = "externaljwtTest";
    private String apiVersion = "1.0.0";
    private String jwtApplicationName = "JWTAppFOrJWTTest";
    private final String JWT_ASSERTION_HEADER = "X-JWT-Assertion";

    @BeforeClass(alwaysRun = true)
    public void setEnvironment() throws Exception {
        super.init(this.userMode);
        this.tokenEndpointURL = new URL(this.gatewayUrlsWrk.getWebAppURLNhttp() + RESTAPITestConstants.TOKEN_ENDPOINT_SUFFIX);
        this.providerName = this.user.getUserName();
        this.endpointURL = getSuperTenantAPIInvocationURLHttp("jwt_backend", "1.0");
        this.jwtApplicationId = this.restAPIStore.createApplication(this.jwtApplicationName, "JWT Application", "10PerMin", ApplicationDTO.TokenTypeEnum.JWT).getData();
        APIRequest aPIRequest = new APIRequest(this.apiName, this.apiContext, new URL(this.endpointURL));
        aPIRequest.setVersion(this.apiVersion);
        aPIRequest.setVisibility("public");
        aPIRequest.setProvider(this.providerName);
        this.apiId = createAndPublishAPIUsingRest(aPIRequest, this.restAPIPublisher, false);
        this.restAPIStore.subscribeToAPI(this.apiId, this.jwtApplicationId, "Gold");
        ArrayList arrayList = new ArrayList();
        arrayList.add("client_credentials");
        arrayList.add("password");
        this.restAPIStore.generateKeys(this.jwtApplicationId, "36000", "", ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION, (ArrayList) null, arrayList);
    }

    @Test(groups = {"wso2.am"}, description = "invoking From ExternalIDP Generated JWT")
    public void testInvokeExternalIDPGeneratedJWT() throws Exception {
        ApplicationKeyDTO applicationKeyDTO = (ApplicationKeyDTO) this.restAPIStore.getApplicationKeysByKeyType(this.jwtApplicationId, ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION.getValue()).getData();
        File file = Paths.get(getAMResourceLocation(), "configFiles", "idpjwt", "keystore.jks").toFile();
        HashMap hashMap = new HashMap();
        hashMap.put("azp", applicationKeyDTO.getConsumerKey());
        hashMap.put("http://idp.org/claims/givenname", "first");
        hashMap.put("http://idp.org/claims/firstname", "last");
        hashMap.put("http://idp.org/claims/email", "first@gmail.com");
        hashMap.put("http://idp.org/claims/mobileno", "424479772294778");
        String generatedJWT = JWTGeneratorUtil.generatedJWT(file, "idptest", "wso2carbon", "wso2carbon", "userexternal", hashMap);
        CloseableHttpClient build = HttpClientBuilder.create().build();
        HttpGet httpGet = new HttpGet(getAPIInvocationURLHttp(this.apiContext, this.apiVersion));
        log.info("External IDP JWT Generated: " + generatedJWT);
        httpGet.addHeader("Authorization", "Bearer " + generatedJWT);
        HttpResponse execute = build.execute(httpGet);
        Assert.assertEquals(execute.getStatusLine().getStatusCode(), Response.Status.OK.getStatusCode(), "Response code mismatched when api invocation");
        Header pickHeader = pickHeader(execute.getAllHeaders(), "X-JWT-Assertion");
        Assert.assertNotNull(pickHeader, "X-JWT-Assertion is not available in the backend request.");
        String decodedJWTHeader = APIMTestCaseUtils.getDecodedJWTHeader(pickHeader.getValue());
        Assert.assertNotNull(pickHeader, "X-JWT-Assertion is not available in the backend request.");
        String decodedJWT = APIMTestCaseUtils.getDecodedJWT(pickHeader.getValue());
        log.debug("Decoded JWTString = " + decodedJWT);
        if (this.userMode == TestUserMode.SUPER_TENANT_ADMIN || this.userMode == TestUserMode.SUPER_TENANT_USER || this.userMode == TestUserMode.SUPER_TENANT_EMAIL_USER) {
            AssertJUnit.assertTrue("JWT signature verification failed", APIMTestCaseUtils.isJwtSignatureValid(APIMTestCaseUtils.getJWTAssertion(pickHeader.getValue()), APIMTestCaseUtils.getDecodedJWTSignature(pickHeader.getValue()), APIMTestCaseUtils.getDecodedJWTHeader(pickHeader.getValue())));
        }
        log.debug("Decoded JWT header String = " + decodedJWTHeader);
        JSONObject jSONObject = new JSONObject(decodedJWTHeader);
        Assert.assertEquals(jSONObject.getString("typ"), "JWT");
        Assert.assertEquals(jSONObject.getString("alg"), "RS256");
        JSONObject jSONObject2 = new JSONObject(decodedJWT);
        log.info("JWT Received ==" + jSONObject2.toString());
        Object obj = jSONObject2.get("http://wso2.org/claims/givenname");
        Assert.assertNotNull(obj);
        Assert.assertEquals(obj, "first");
        Object obj2 = jSONObject2.get("http://wso2.org/claims/firstname");
        Assert.assertNotNull(obj2);
        Assert.assertEquals(obj2, "last");
        Object obj3 = jSONObject2.get("http://wso2.org/claims/email");
        Assert.assertNotNull(obj3);
        Assert.assertEquals(obj3, "first@gmail.com");
        try {
            Assert.assertNull(jSONObject2.get("http://idp.org/claims/mobileno"));
        } catch (JSONException e) {
            Assert.assertTrue(true, "Claim not in jwt");
        }
    }

    @Test(groups = {"wso2.am"}, description = "invoking From ExternalIDP Generated JWT Consumer key is invalid")
    public void testInvokeExternalIDPGeneratedJWTNegative1() throws Exception {
        File file = Paths.get(getAMResourceLocation(), "configFiles", "idpjwt", "keystore.jks").toFile();
        HashMap hashMap = new HashMap();
        hashMap.put("azp", UUID.randomUUID().toString());
        String generatedJWT = JWTGeneratorUtil.generatedJWT(file, "idptest", "wso2carbon", "wso2carbon", "userexternal", hashMap);
        CloseableHttpClient build = HttpClientBuilder.create().build();
        HttpGet httpGet = new HttpGet(getAPIInvocationURLHttp(this.apiContext, this.apiVersion));
        httpGet.addHeader("Authorization", "Bearer " + generatedJWT);
        HttpResponse execute = build.execute(httpGet);
        Assert.assertEquals(execute.getStatusLine().getStatusCode(), Response.Status.FORBIDDEN.getStatusCode(), "Response code mismatched when api invocation");
        String iOUtils = IOUtils.toString(execute.getEntity().getContent());
        Assert.assertTrue(iOUtils.contains("900908"));
        Assert.assertTrue(iOUtils.contains("User is NOT authorized to access the Resource. API Subscription validation failed."));
    }

    @Test(groups = {"wso2.am"}, description = "invoking From ExternalIDP Generated JWT Certificate is unknown")
    public void testInvokeExternalIDPGeneratedJWTNegative2() throws Exception {
        File file = Paths.get(getAMResourceLocation(), "configFiles", "idpjwt", "keystore2.jks").toFile();
        HashMap hashMap = new HashMap();
        hashMap.put("azp", UUID.randomUUID().toString());
        String generatedJWT = JWTGeneratorUtil.generatedJWT(file, "idptest", "wso2carbon", "wso2carbon", "userexternal", hashMap);
        CloseableHttpClient build = HttpClientBuilder.create().build();
        HttpGet httpGet = new HttpGet(getAPIInvocationURLHttp(this.apiContext, this.apiVersion));
        httpGet.addHeader("Authorization", "Bearer " + generatedJWT);
        HttpResponse execute = build.execute(httpGet);
        Assert.assertEquals(execute.getStatusLine().getStatusCode(), Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), "Response code mismatched when api invocation");
        String iOUtils = IOUtils.toString(execute.getEntity().getContent());
        Assert.assertTrue(iOUtils.contains("900900"));
        Assert.assertTrue(iOUtils.contains("Unclassified Authentication Failure"));
    }

    @AfterClass(alwaysRun = true)
    public void destroy() throws Exception {
        super.cleanUp();
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public static Object[][] userModeDataProvider() {
        return new Object[]{new Object[]{TestUserMode.SUPER_TENANT_ADMIN}, new Object[]{TestUserMode.TENANT_ADMIN}};
    }

    @Factory(dataProvider = "userModeDataProvider")
    public ExternalIDPJWTTestCase(TestUserMode testUserMode) {
        this.userMode = testUserMode;
    }
}
