package org.wso2.am.integration.tests.jwt;

import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashMap;
import javax.ws.rs.core.Response;
import javax.xml.xpath.XPathExpressionException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.staxutils.PropertiesExpandingStreamReader;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.json.JSONException;
import org.json.JSONObject;
import org.testng.Assert;
import org.testng.AssertJUnit;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Factory;
import org.testng.annotations.Test;
import org.wso2.am.admin.clients.user.RemoteUserStoreManagerServiceClient;
import org.wso2.am.integration.test.utils.APIManagerIntegrationTestException;
import org.wso2.am.integration.test.utils.base.APIMIntegrationBaseTest;
import org.wso2.am.integration.test.utils.bean.APILifeCycleState;
import org.wso2.am.integration.test.utils.bean.APILifeCycleStateRequest;
import org.wso2.am.integration.test.utils.bean.APIRequest;
import org.wso2.am.integration.test.utils.bean.APPKeyRequestGenerator;
import org.wso2.am.integration.test.utils.bean.SubscriptionRequest;
import org.wso2.am.integration.test.utils.clients.APIPublisherRestClient;
import org.wso2.am.integration.test.utils.clients.APIStoreRestClient;
import org.wso2.am.integration.test.utils.generic.APIMTestCaseUtils;
import org.wso2.am.integration.tests.restapi.RESTAPITestConstants;
import org.wso2.carbon.automation.engine.annotations.ExecutionEnvironment;
import org.wso2.carbon.automation.engine.annotations.SetEnvironment;
import org.wso2.carbon.automation.engine.context.TestUserMode;
import org.wso2.carbon.automation.test.utils.http.client.HttpRequestUtil;
import org.wso2.carbon.integration.common.admin.client.UserManagementClient;
import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager;

@SetEnvironment(executionEnvironments = {ExecutionEnvironment.STANDALONE})
/* loaded from: input_file:org/wso2/am/integration/tests/jwt/URLSafeJWTTestCase.class */
public class URLSafeJWTTestCase extends APIMIntegrationBaseTest {
    private ServerConfigurationManager serverConfigurationManager;
    private UserManagementClient userManagementClient1;
    private static final Log log = LogFactory.getLog(URLSafeJWTTestCase.class);
    private String publisherURLHttp;
    private String storeURLHttp;
    private String providerName;
    private String backendURL;
    String subscriberUserWithTenantDomain;
    private final String INTERNAL_ROLE_SUBSCRIBER = "Internal/subscriber";
    private final String ROLE_SUBSCRIBER = "subscriber";
    private final String JWT_ASSERTION_HEADER = "X-JWT-Assertion";
    private String apiName = "URLSafeJWTTokenTestAPI";
    private String apiContext = "urlSafeTokenTest";
    private String tags = "token, jwt";
    private String description = "This is test API created by API manager integration test";
    private String apiVersion = "1.0.0";
    private String applicationName = "URLSafeJWTTest-application";
    String subscriberUser = "subscriberUser1";
    String password = "password@123";

    @BeforeClass(alwaysRun = true)
    public void setEnvironment() throws Exception {
        super.init(this.userMode);
        this.subscriberUserWithTenantDomain = this.subscriberUser + PropertiesExpandingStreamReader.DELIMITER + this.user.getUserDomain();
        this.publisherURLHttp = getPublisherURLHttp();
        this.storeURLHttp = getStoreURLHttp();
        if (TestUserMode.SUPER_TENANT_ADMIN == this.userMode) {
            this.serverConfigurationManager = new ServerConfigurationManager(this.gatewayContextWrk);
            this.serverConfigurationManager.applyConfigurationWithoutRestart(new File(getAMResourceLocation() + File.separator + "configFiles" + File.separator + "tokenTest" + File.separator + "urlSafeTokenTest" + File.separator + "api-manager.xml"));
            this.serverConfigurationManager.applyConfiguration(new File(getAMResourceLocation() + File.separator + "configFiles" + File.separator + "tokenTest" + File.separator + "urlSafeTokenTest" + File.separator + "log4j.properties"));
            this.subscriberUserWithTenantDomain = this.subscriberUser;
            loadSynapseConfigurationFromClasspath("artifacts" + File.separator + "AM" + File.separator + "synapseconfigs" + File.separator + "rest" + File.separator + "jwt_backend.xml", this.gatewayContextMgt, createSession(this.gatewayContextMgt));
        }
        this.backendURL = getSuperTenantAPIInvocationURLHttp("jwt_backend", "1.0");
        this.providerName = this.user.getUserName();
    }

    @Test(groups = {"wso2.am"}, description = "Enabling JWT Token generation, admin user claims", enabled = true)
    public void testEnableJWTAndClaims() throws Exception {
        RemoteUserStoreManagerServiceClient remoteUserStoreManagerServiceClient = new RemoteUserStoreManagerServiceClient(this.keyManagerContext.getContextUrls().getBackEndUrl(), this.user.getUserName(), this.user.getPassword());
        remoteUserStoreManagerServiceClient.setUserClaimValue(this.user.getUserNameWithoutDomain(), "http://wso2.org/claims/givenname", "first name", "default");
        remoteUserStoreManagerServiceClient.setUserClaimValue(this.user.getUserNameWithoutDomain(), "http://wso2.org/claims/lastname", "last name", "default");
        super.init(this.userMode);
        addAPI(this.apiName, this.apiVersion, this.apiContext, this.description, this.backendURL, this.tags, this.providerName);
        APIStoreRestClient aPIStoreRestClient = new APIStoreRestClient(this.storeURLHttp);
        aPIStoreRestClient.login(this.user.getUserName(), this.user.getPassword());
        aPIStoreRestClient.addApplication(this.applicationName, "50PerMin", "", "this-is-test");
        SubscriptionRequest subscriptionRequest = new SubscriptionRequest(this.apiName, this.user.getUserName());
        subscriptionRequest.setApplicationName(this.applicationName);
        aPIStoreRestClient.subscribe(subscriptionRequest);
        String obj = new JSONObject(aPIStoreRestClient.generateApplicationKey(new APPKeyRequestGenerator(this.applicationName)).getData()).getJSONObject(RESTAPITestConstants.DATA_SECTION).getJSONObject("key").get("accessToken").toString();
        CloseableHttpClient build = HttpClientBuilder.create().build();
        HttpGet httpGet = new HttpGet(getAPIInvocationURLHttp(this.apiContext, this.apiVersion));
        httpGet.addHeader("Authorization", "Bearer " + obj);
        HttpResponse execute = build.execute(httpGet);
        Assert.assertEquals(execute.getStatusLine().getStatusCode(), Response.Status.OK.getStatusCode(), "Response code mismatched when api invocation");
        Header pickHeader = pickHeader(execute.getAllHeaders(), "X-JWT-Assertion");
        Assert.assertNotNull(pickHeader, "X-JWT-Assertion is not available in the backend request.");
        String decodedURLSafeJWTHeader = APIMTestCaseUtils.getDecodedURLSafeJWTHeader(pickHeader.getValue());
        if (decodedURLSafeJWTHeader != null) {
            log.debug("Decoded JWT header String = " + decodedURLSafeJWTHeader);
            JSONObject jSONObject = new JSONObject(decodedURLSafeJWTHeader);
            Assert.assertEquals(jSONObject.getString("typ"), "JWT");
            Assert.assertEquals(jSONObject.getString("alg"), "RS256");
        }
        String decodedURLSafeJWT = APIMTestCaseUtils.getDecodedURLSafeJWT(pickHeader.getValue());
        log.debug("Decoded JWTString = " + decodedURLSafeJWT);
        JSONObject jSONObject2 = new JSONObject(decodedURLSafeJWT);
        checkDefaultUserClaims(jSONObject2);
        String string = jSONObject2.getString("http://wso2.org/claims/givenname");
        AssertJUnit.assertTrue("JWT claim givenname  not received" + string, string.contains("first name"));
        String string2 = jSONObject2.getString("http://wso2.org/claims/lastname");
        AssertJUnit.assertTrue("JWT claim lastname  not received" + string2, string2.contains("last name"));
        boolean z = false;
        try {
            jSONObject2.getString("http://wso2.org/claims/wrongclaim");
        } catch (JSONException e) {
            z = true;
        }
        AssertJUnit.assertTrue("JWT claim invalid  claim received", z);
    }

    @Test(groups = {"wso2.am"}, description = "JWT Token generation when JWT caching is enabled", enabled = true, dependsOnMethods = {"testEnableJWTAndClaims"})
    public void testAPIAccessWhenJWTCachingEnabledTestCase() throws APIManagerIntegrationTestException, XPathExpressionException, IOException, JSONException, InterruptedException {
        addAPI("JWTTokenCacheTestAPI", "1.0.0", "JWTTokenCacheTestAPI", "JWTTokenCacheTestAPI description", this.backendURL, "token,jwt,cache", this.providerName);
        APIStoreRestClient aPIStoreRestClient = new APIStoreRestClient(this.storeURLHttp);
        aPIStoreRestClient.login(this.storeContext.getContextTenant().getContextUser().getUserName(), this.storeContext.getContextTenant().getContextUser().getPassword());
        aPIStoreRestClient.addApplication("JWTTokenCacheTestApp", "50PerMin", "", "this-is-test");
        SubscriptionRequest subscriptionRequest = new SubscriptionRequest("JWTTokenCacheTestAPI", this.storeContext.getContextTenant().getContextUser().getUserName());
        subscriptionRequest.setApplicationName("JWTTokenCacheTestApp");
        aPIStoreRestClient.subscribe(subscriptionRequest);
        String obj = new JSONObject(aPIStoreRestClient.generateApplicationKey(new APPKeyRequestGenerator("JWTTokenCacheTestApp")).getData()).getJSONObject(RESTAPITestConstants.DATA_SECTION).getJSONObject("key").get("accessToken").toString();
        String aPIInvocationURLHttp = getAPIInvocationURLHttp("JWTTokenCacheTestAPI", "1.0.0");
        HashMap hashMap = new HashMap();
        hashMap.put("Authorization", "Bearer " + obj);
        AssertJUnit.assertEquals("GET request failed for " + aPIInvocationURLHttp, 200, HttpRequestUtil.doGet(aPIInvocationURLHttp, hashMap).getResponseCode());
        log.info("Waiting 20 sec(s) till claims local cache is invalidated");
        Thread.sleep(20 * 1000);
        AssertJUnit.assertEquals("GET request failed for " + aPIInvocationURLHttp + ". Most probably due to a failed invalidated cache access to retrieve JWT claims.", 200, HttpRequestUtil.doGet(aPIInvocationURLHttp, hashMap).getResponseCode());
    }

    private void checkDefaultUserClaims(JSONObject jSONObject) throws JSONException {
        AssertJUnit.assertTrue("JWT assertion is invalid", jSONObject.getString("iss").contains("wso2.org/products/am"));
        String string = jSONObject.getString("http://wso2.org/claims/subscriber");
        AssertJUnit.assertTrue("JWT claim subscriber invalid. Received " + string, string.contains(this.user.getUserName()));
        String string2 = jSONObject.getString("http://wso2.org/claims/applicationname");
        AssertJUnit.assertTrue("JWT claim applicationname invalid. Received " + string2, string2.contains(this.applicationName));
        String string3 = jSONObject.getString("http://wso2.org/claims/applicationtier");
        AssertJUnit.assertTrue("JWT claim applicationtier invalid. Received " + string3, string3.contains("50PerMin"));
        String string4 = jSONObject.getString("http://wso2.org/claims/apicontext");
        AssertJUnit.assertTrue("JWT claim apicontext invalid. Received " + string4, string4.contains("/" + this.apiContext + "/" + jSONObject.getString("http://wso2.org/claims/version")));
        String string5 = jSONObject.getString("http://wso2.org/claims/version");
        AssertJUnit.assertTrue("JWT claim version invalid. Received " + string5, string5.contains(this.apiVersion));
        String string6 = jSONObject.getString("http://wso2.org/claims/tier");
        AssertJUnit.assertTrue("JWT claim tier invalid. Received " + string6, string6.contains("Gold"));
        String string7 = jSONObject.getString("http://wso2.org/claims/keytype");
        AssertJUnit.assertTrue("JWT claim keytype invalid. Received " + string7, string7.contains("PRODUCTION"));
        String string8 = jSONObject.getString("http://wso2.org/claims/usertype");
        AssertJUnit.assertTrue("JWT claim usertype invalid. Received " + string8, string8.contains("APPLICATION"));
        String jSONArray = jSONObject.getJSONArray("http://wso2.org/claims/role").toString();
        AssertJUnit.assertTrue("JWT claim role invalid. Received " + jSONArray, jSONArray.contains("admin") && jSONArray.contains("Internal/everyone"));
    }

    @Test(groups = {"wso2.am"}, description = "Enabling JWT Token generation, specific user claims", enabled = true, dependsOnMethods = {"testAPIAccessWhenJWTCachingEnabledTestCase"})
    public void testSpecificUserJWTClaims() throws Exception {
        this.userManagementClient1 = new UserManagementClient(this.keyManagerContext.getContextUrls().getBackEndUrl(), this.user.getUserName(), this.user.getPassword());
        if (!this.userManagementClient1.roleNameExists("Internal/subscriber")) {
            this.userManagementClient1.addInternalRole("subscriber", new String[0], new String[]{"/permission/admin/login", "/permission/admin/manage/api/subscribe"});
        }
        if (this.userManagementClient1 != null && !this.userManagementClient1.userNameExists("Internal/subscriber", this.subscriberUser)) {
            this.userManagementClient1.addUser(this.subscriberUser, this.password, new String[]{"Internal/subscriber"}, (String) null);
        }
        RemoteUserStoreManagerServiceClient remoteUserStoreManagerServiceClient = new RemoteUserStoreManagerServiceClient(this.keyManagerContext.getContextUrls().getBackEndUrl(), this.user.getUserName(), this.user.getPassword());
        remoteUserStoreManagerServiceClient.setUserClaimValue(this.subscriberUser, "http://wso2.org/claims/givenname", "subscriber given name", "default");
        remoteUserStoreManagerServiceClient.setUserClaimValue(this.subscriberUser, "http://wso2.org/claims/lastname", "subscriber last name", "default");
        super.init(this.userMode);
        waitForAPIDeploymentSync(this.providerName, this.apiName, this.apiVersion, "\"isApiExists\":true");
        APIStoreRestClient aPIStoreRestClient = new APIStoreRestClient(this.storeURLHttp);
        aPIStoreRestClient.login(this.subscriberUserWithTenantDomain, this.password);
        aPIStoreRestClient.addApplication(this.applicationName, "50PerMin", "", "this-is-test");
        SubscriptionRequest subscriptionRequest = new SubscriptionRequest(this.apiName, this.providerName);
        subscriptionRequest.setApplicationName(this.applicationName);
        aPIStoreRestClient.subscribe(subscriptionRequest);
        String obj = new JSONObject(aPIStoreRestClient.generateApplicationKey(new APPKeyRequestGenerator(this.applicationName)).getData()).getJSONObject(RESTAPITestConstants.DATA_SECTION).getJSONObject("key").get("accessToken").toString();
        CloseableHttpClient build = HttpClientBuilder.create().build();
        HttpGet httpGet = new HttpGet(getAPIInvocationURLHttp(this.apiContext, this.apiVersion));
        httpGet.addHeader("Authorization", "Bearer " + obj);
        HttpResponse execute = build.execute(httpGet);
        Assert.assertEquals(execute.getStatusLine().getStatusCode(), Response.Status.OK.getStatusCode(), "Response code mismatched when api invocation");
        Header pickHeader = pickHeader(execute.getAllHeaders(), "X-JWT-Assertion");
        Assert.assertNotNull(pickHeader, "X-JWT-Assertion is not available in the backend request.");
        String decodedURLSafeJWT = APIMTestCaseUtils.getDecodedURLSafeJWT(pickHeader.getValue());
        log.debug("Decoded JWTString = " + decodedURLSafeJWT);
        JSONObject jSONObject = new JSONObject(decodedURLSafeJWT);
        AssertJUnit.assertTrue("JWT assertion is invalid", jSONObject.getString("iss").contains("wso2.org/products/am"));
        String string = jSONObject.getString("http://wso2.org/claims/subscriber");
        AssertJUnit.assertTrue("JWT claim subscriber invalid. Received " + string, string.contains(this.subscriberUser));
        String string2 = jSONObject.getString("http://wso2.org/claims/applicationname");
        AssertJUnit.assertTrue("JWT claim applicationname invalid. Received " + string2, string2.contains(this.applicationName));
        aPIStoreRestClient.removeAPISubscriptionByApplicationName(this.apiName, this.apiVersion, this.providerName, this.applicationName);
        aPIStoreRestClient.removeApplication(this.applicationName);
    }

    @AfterClass(alwaysRun = true)
    public void destroy() throws Exception {
        super.cleanUp();
        if (this.userManagementClient1 != null) {
            this.userManagementClient1.deleteRole("Internal/subscriber");
            this.userManagementClient1.deleteUser(this.subscriberUser);
        }
        if (TestUserMode.SUPER_TENANT_ADMIN == this.userMode) {
            this.serverConfigurationManager.restoreToLastConfiguration();
        }
    }

    private void addAPI(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws APIManagerIntegrationTestException, MalformedURLException, XPathExpressionException {
        APIPublisherRestClient aPIPublisherRestClient = new APIPublisherRestClient(this.publisherURLHttp);
        aPIPublisherRestClient.login(this.user.getUserName(), this.user.getPassword());
        APIRequest aPIRequest = new APIRequest(str, str3, new URL(str5));
        aPIRequest.setTags(str6);
        aPIRequest.setDescription(str4);
        aPIRequest.setVersion(str2);
        aPIRequest.setVisibility("public");
        aPIRequest.setProvider(str7);
        aPIPublisherRestClient.addAPI(aPIRequest);
        aPIPublisherRestClient.changeAPILifeCycleStatus(new APILifeCycleStateRequest(str, str7, APILifeCycleState.PUBLISHED));
        waitForAPIDeploymentSync(str7, str, str2, "\"isApiExists\":true");
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public static Object[][] userModeDataProvider() {
        return new Object[]{new Object[]{TestUserMode.SUPER_TENANT_ADMIN}, new Object[]{TestUserMode.TENANT_ADMIN}};
    }

    @Factory(dataProvider = "userModeDataProvider")
    public URLSafeJWTTestCase(TestUserMode testUserMode) {
        this.userMode = testUserMode;
    }
}
