package org.wso2.am.integration.tests.jwt;

import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.codec.binary.Base64;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO;
import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyDTO;
import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyGenerateRequestDTO;
import org.wso2.am.integration.test.utils.APIManagerIntegrationTestException;
import org.wso2.am.integration.test.utils.bean.APIRequest;
import org.wso2.am.integration.test.utils.http.HTTPSClientUtils;
import org.wso2.am.integration.tests.api.lifecycle.APIManagerLifecycleBaseTest;
import org.wso2.carbon.automation.test.utils.http.client.HttpRequestUtil;
import org.wso2.carbon.automation.test.utils.http.client.HttpResponse;

/* loaded from: input_file:org/wso2/am/integration/tests/jwt/JWTRevocationTestCase.class */
public class JWTRevocationTestCase extends APIManagerLifecycleBaseTest {
    private String consumerKey;
    private String consumerSecret;
    private String apiId;
    private String appId;
    private static final String APP_NAME = "JWTTokenRevocationTest-Application";
    private static final String API_NAME = "JWTTokenTestAPI";
    private static final String API_CONTEXT = "jwtTokenTestAPI";
    private static final String API_VERSION = "1.0.0";
    private static final String API_END_POINT_RESOURCE = "/customers/123";
    private static final String API_RESPONSE_DATA = "<id>123</id><name>John</name></Customer>";
    private Map<String, String> apiInvocationRequestHeaders;
    String apiInvocationUrl;
    String accessToken;

    @BeforeClass(alwaysRun = true)
    public void setEnvironment() throws Exception {
        super.init();
        this.appId = this.restAPIStore.createApplication(APP_NAME, "This is a test Application", "Unlimited", ApplicationDTO.TokenTypeEnum.JWT).getData();
        APIRequest aPIRequest = new APIRequest(API_NAME, API_CONTEXT, new URL(getGatewayURLHttp() + "jaxrs_basic/services/customers/customerservice"));
        aPIRequest.setVersion(API_VERSION);
        aPIRequest.setTiersCollection("Unlimited");
        aPIRequest.setTier("Unlimited");
        this.apiId = createPublishAndSubscribeToAPIUsingRest(aPIRequest, this.restAPIPublisher, this.restAPIStore, this.appId, "Unlimited");
        ArrayList arrayList = new ArrayList();
        arrayList.add("client_credentials");
        ApplicationKeyDTO generateKeys = this.restAPIStore.generateKeys(this.appId, "3600", (String) null, ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION, (ArrayList) null, arrayList);
        this.accessToken = generateKeys.getToken().getAccessToken();
        this.consumerKey = generateKeys.getConsumerKey();
        this.consumerSecret = generateKeys.getConsumerSecret();
        this.apiInvocationUrl = getAPIInvocationURLHttp("jwtTokenTestAPI/1.0.0/customers/123");
        this.apiInvocationRequestHeaders = new HashMap();
        this.apiInvocationRequestHeaders.put("accept", "text/xml");
        this.apiInvocationRequestHeaders.put("Authorization", "Bearer " + this.accessToken);
        waitForAPIDeploymentSync(this.user.getUserName(), API_NAME, API_VERSION, "\"isApiExists\":true");
    }

    @Test(groups = {"wso2.am"}, description = "testing jwt token revocation")
    public void testJWTTokenRevocation() throws Exception {
        HttpResponse doGet;
        boolean z;
        HttpResponse doGet2 = HttpRequestUtil.doGet(this.apiInvocationUrl, this.apiInvocationRequestHeaders);
        Assert.assertEquals(doGet2.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched when invoke api before Retire");
        Assert.assertTrue(doGet2.getData().contains(API_RESPONSE_DATA), "Response data mismatched when invoke  API  before Retire Response Data:" + doGet2.getData());
        HashMap hashMap = new HashMap();
        hashMap.put("Authorization", "Basic " + new String(Base64.encodeBase64((this.consumerKey + ":" + this.consumerSecret).getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
        try {
            HttpResponse doPost = HTTPSClientUtils.doPost(new URL(this.gatewayUrlsWrk.getWebAppURLNhttp() + "revoke"), "token=" + this.accessToken, hashMap);
            Assert.assertEquals(doPost.getResponseCode(), 200);
            Assert.assertEquals((String) doPost.getHeaders().get("RevokedAccessToken"), this.accessToken, "Access token is not revoked correctly");
        } catch (Exception e) {
            org.junit.Assert.fail("Should not throw any exceptions" + e);
        }
        int i = 1;
        do {
            Thread.sleep(1000L);
            doGet = HttpRequestUtil.doGet(this.apiInvocationUrl, this.apiInvocationRequestHeaders);
            int responseCode = doGet.getResponseCode();
            if (responseCode == HTTP_RESPONSE_CODE_UNAUTHORIZED) {
                z = false;
            } else {
                if (responseCode != HTTP_RESPONSE_CODE_OK) {
                    throw new APIManagerIntegrationTestException("Unexpected response received when invoking the API. Response received :" + doGet.getData() + ":" + doGet.getResponseMessage());
                }
                z = true;
            }
            i++;
            if (!z) {
                break;
            }
        } while (i < 20);
        Assert.assertFalse(z, "Access token revocation failed. API invocation response code is expected to be : " + HTTP_RESPONSE_CODE_UNAUTHORIZED + ", but got " + doGet.getResponseCode());
    }

    @AfterClass(alwaysRun = true)
    public void destroy() throws Exception {
        this.restAPIStore.deleteApplication(this.appId);
        this.restAPIPublisher.deleteAPI(this.apiId);
    }
}
