package org.wso2.am.integration.tests.jwt.urlsafe;

import java.net.URL;
import java.rmi.RemoteException;
import java.util.ArrayList;
import javax.ws.rs.core.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.staxutils.PropertiesExpandingStreamReader;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.json.JSONException;
import org.json.JSONObject;
import org.testng.Assert;
import org.testng.AssertJUnit;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Factory;
import org.testng.annotations.Test;
import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO;
import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyDTO;
import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyGenerateRequestDTO;
import org.wso2.am.integration.test.utils.APIManagerIntegrationTestException;
import org.wso2.am.integration.test.utils.bean.APIRequest;
import org.wso2.am.integration.test.utils.generic.APIMTestCaseUtils;
import org.wso2.am.integration.test.utils.token.TokenUtils;
import org.wso2.am.integration.tests.api.lifecycle.APIManagerLifecycleBaseTest;
import org.wso2.am.integration.tests.restapi.RESTAPITestConstants;
import org.wso2.carbon.automation.engine.context.TestUserMode;
import org.wso2.carbon.um.ws.api.stub.ClaimValue;
import org.wso2.carbon.um.ws.api.stub.RemoteUserStoreManagerServiceUserStoreExceptionException;
import org.wso2.carbon.user.core.UserStoreException;

/* loaded from: input_file:org/wso2/am/integration/tests/jwt/urlsafe/URLSafeJWTTestCase.class */
public class URLSafeJWTTestCase extends APIManagerLifecycleBaseTest {
    private static final Log log = LogFactory.getLog(URLSafeJWTTestCase.class);
    private String providerName;
    private String endpointURL;
    private String oauthApplicationId;
    private String jwtApplicationId;
    private String apiId;
    URL tokenEndpointURL;
    private final String JWT_ASSERTION_HEADER = "X-JWT-Assertion";
    private final String DEFAULT_PROFILE = "default";
    private String apiName = "URLSafeJWTUserClaimAPI";
    private String apiContext = "urlsafejwtTest";
    private String apiVersion = "1.0.0";
    private String oauthApplicationName = "OauthAppForURLSafeJWTTest";
    private String jwtApplicationName = "JWTAppFOrURLSafeJWTTest";
    String enduserName = "subscriberUser3";
    String enduserPassword = "password@123";

    @BeforeClass(alwaysRun = true)
    public void setEnvironment() throws Exception {
        super.init(this.userMode);
        this.tokenEndpointURL = new URL(this.keyManagerHTTPSURL + "oauth2/token");
        this.providerName = this.user.getUserName();
        this.endpointURL = getSuperTenantAPIInvocationURLHttp("jwt_backend", "1.0");
        this.oauthApplicationId = this.restAPIStore.createApplication(this.oauthApplicationName, "Test Application", "50PerMin", ApplicationDTO.TokenTypeEnum.OAUTH).getData();
        this.jwtApplicationId = this.restAPIStore.createApplication(this.jwtApplicationName, "JWT Application", "50PerMin", ApplicationDTO.TokenTypeEnum.JWT).getData();
        APIRequest aPIRequest = new APIRequest(this.apiName, this.apiContext, new URL(this.endpointURL));
        aPIRequest.setVersion(this.apiVersion);
        aPIRequest.setVisibility("public");
        aPIRequest.setProvider(this.providerName);
        this.apiId = createAndPublishAPIUsingRest(aPIRequest, this.restAPIPublisher, false);
        this.restAPIStore.subscribeToAPI(this.apiId, this.oauthApplicationId, "Gold");
        this.restAPIStore.subscribeToAPI(this.apiId, this.jwtApplicationId, "Gold");
        ArrayList arrayList = new ArrayList();
        arrayList.add("client_credentials");
        arrayList.add("password");
        this.restAPIStore.generateKeys(this.oauthApplicationId, "36000", "", ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION, (ArrayList) null, arrayList);
        this.restAPIStore.generateKeys(this.jwtApplicationId, "36000", "", ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION, (ArrayList) null, arrayList);
        createUser();
        waitForAPIDeploymentSync(this.user.getUserName(), aPIRequest.getName(), aPIRequest.getVersion(), "\"isApiExists\":true");
    }

    @Test(groups = {"wso2.am"}, description = "Backend JWT Token Generation for Oauth Based App")
    public void testEnableJWTAndClaimsForOauthApp() throws Exception {
        ApplicationKeyDTO applicationKeyDTO = (ApplicationKeyDTO) this.restAPIStore.getApplicationKeysByKeyType(this.oauthApplicationId, ApplicationKeyDTO.KeyTypeEnum.PRODUCTION.getValue()).getData();
        String generateUserToken = generateUserToken(applicationKeyDTO.getConsumerKey(), applicationKeyDTO.getConsumerSecret(), this.enduserName, this.enduserPassword);
        log.info("Access Token Generated in oauth ==" + generateUserToken);
        String jtiOfJwtToken = TokenUtils.getJtiOfJwtToken(generateUserToken);
        CloseableHttpClient build = HttpClientBuilder.create().build();
        HttpGet httpGet = new HttpGet(getAPIInvocationURLHttp(this.apiContext, this.apiVersion));
        httpGet.addHeader("Authorization", "Bearer " + jtiOfJwtToken);
        HttpResponse execute = build.execute(httpGet);
        Assert.assertEquals(execute.getStatusLine().getStatusCode(), Response.Status.OK.getStatusCode(), "Response code mismatched when api invocation");
        Header pickHeader = pickHeader(execute.getAllHeaders(), "X-JWT-Assertion");
        Assert.assertNotNull(pickHeader, "X-JWT-Assertion is not available in the backend request.");
        String decodedURLSafeJWTHeader = APIMTestCaseUtils.getDecodedURLSafeJWTHeader(pickHeader.getValue());
        Assert.assertNotNull(pickHeader, "X-JWT-Assertion is not available in the backend request.");
        String decodedURLSafeJWT = APIMTestCaseUtils.getDecodedURLSafeJWT(pickHeader.getValue());
        log.debug("Decoded JWTString = " + decodedURLSafeJWT);
        AssertJUnit.assertTrue("JWT signature verification failed", APIMTestCaseUtils.isJwtSignatureValid(APIMTestCaseUtils.getJWTAssertion(pickHeader.getValue()), APIMTestCaseUtils.getDecodedURLSafeJWTSignature(pickHeader.getValue()), APIMTestCaseUtils.getDecodedURLSafeJWTHeader(pickHeader.getValue())));
        log.debug("Decoded JWT header String = " + decodedURLSafeJWTHeader);
        JSONObject jSONObject = new JSONObject(decodedURLSafeJWTHeader);
        Assert.assertEquals(jSONObject.getString("typ"), "JWT");
        Assert.assertEquals(jSONObject.getString("alg"), "RS256");
        Assert.assertTrue(jSONObject.has("kid"));
        JSONObject jSONObject2 = new JSONObject(decodedURLSafeJWT);
        log.info("JWT Received ==" + jSONObject2.toString());
        checkDefaultUserClaims(jSONObject2, this.oauthApplicationName);
        String string = jSONObject2.getString("http://wso2.org/claims/givenname");
        AssertJUnit.assertTrue("JWT claim givenname  not received" + string, string.contains("first name"));
        String string2 = jSONObject2.getString("http://wso2.org/claims/lastname");
        AssertJUnit.assertTrue("JWT claim lastname  not received" + string2, string2.contains("last name"));
        boolean z = false;
        try {
            jSONObject2.getString("http://wso2.org/claims/wrongclaim");
        } catch (JSONException e) {
            z = true;
        }
        AssertJUnit.assertTrue("JWT claim received is invalid", z);
    }

    @Test(groups = {"wso2.am"}, description = "Backend JWT Token Generation for JWT Based App")
    public void testEnableJWTAndClaimsForJWTApp() throws Exception {
        ApplicationKeyDTO applicationKeyDTO = (ApplicationKeyDTO) this.restAPIStore.getApplicationKeysByKeyType(this.jwtApplicationId, ApplicationKeyDTO.KeyTypeEnum.PRODUCTION.getValue()).getData();
        String generateUserToken = generateUserToken(applicationKeyDTO.getConsumerKey(), applicationKeyDTO.getConsumerSecret(), this.enduserName, this.enduserPassword);
        log.info("Acess Token Generated in JWT ==" + generateUserToken);
        CloseableHttpClient build = HttpClientBuilder.create().build();
        HttpGet httpGet = new HttpGet(getAPIInvocationURLHttp(this.apiContext, this.apiVersion));
        httpGet.addHeader("Authorization", "Bearer " + generateUserToken);
        HttpResponse execute = build.execute(httpGet);
        Assert.assertEquals(execute.getStatusLine().getStatusCode(), Response.Status.OK.getStatusCode(), "Response code mismatched when api invocation");
        Header pickHeader = pickHeader(execute.getAllHeaders(), "X-JWT-Assertion");
        Assert.assertNotNull(pickHeader, "X-JWT-Assertion is not available in the backend request.");
        String decodedURLSafeJWTHeader = APIMTestCaseUtils.getDecodedURLSafeJWTHeader(pickHeader.getValue());
        Assert.assertNotNull(pickHeader, "X-JWT-Assertion is not available in the backend request.");
        String decodedURLSafeJWT = APIMTestCaseUtils.getDecodedURLSafeJWT(pickHeader.getValue());
        log.debug("Decoded JWTString = " + decodedURLSafeJWT);
        AssertJUnit.assertTrue("JWT signature verification failed", APIMTestCaseUtils.isJwtSignatureValid(APIMTestCaseUtils.getJWTAssertion(pickHeader.getValue()), APIMTestCaseUtils.getDecodedURLSafeJWTSignature(pickHeader.getValue()), APIMTestCaseUtils.getDecodedURLSafeJWTHeader(pickHeader.getValue())));
        log.debug("Decoded JWT header String = " + decodedURLSafeJWTHeader);
        JSONObject jSONObject = new JSONObject(decodedURLSafeJWTHeader);
        Assert.assertEquals(jSONObject.getString("typ"), "JWT");
        Assert.assertEquals(jSONObject.getString("alg"), "RS256");
        Assert.assertTrue(jSONObject.has("kid"));
        JSONObject jSONObject2 = new JSONObject(decodedURLSafeJWT);
        checkDefaultUserClaims(jSONObject2, this.jwtApplicationName);
        log.info("JWT Received ==" + jSONObject2.toString());
    }

    @AfterClass(alwaysRun = true)
    public void destroy() throws Exception {
        this.userManagementClient.deleteUser(this.enduserName);
        this.restAPIStore.deleteApplication(this.oauthApplicationId);
        this.restAPIStore.deleteApplication(this.jwtApplicationId);
        undeployAndDeleteAPIRevisionsUsingRest(this.apiId, this.restAPIPublisher);
        this.restAPIPublisher.deleteAPI(this.apiId);
        super.cleanUp();
    }

    private void checkDefaultUserClaims(JSONObject jSONObject, String str) throws JSONException {
        AssertJUnit.assertTrue("JWT assertion is invalid", jSONObject.getString("iss").contains("wso2.org/products/am"));
        String string = jSONObject.getString("http://wso2.org/claims/subscriber");
        AssertJUnit.assertTrue("JWT claim subscriber invalid. Received " + string, string.contains(this.user.getUserName()));
        String string2 = jSONObject.getString("http://wso2.org/claims/applicationname");
        AssertJUnit.assertTrue("JWT claim applicationname invalid. Received " + string2, string2.contains(str));
        String string3 = jSONObject.getString("http://wso2.org/claims/applicationtier");
        AssertJUnit.assertTrue("JWT claim applicationtier invalid. Received " + string3, string3.contains("50PerMin"));
        String string4 = jSONObject.getString("http://wso2.org/claims/keytype");
        AssertJUnit.assertTrue("JWT claim keytype invalid. Received " + string4, string4.contains("PRODUCTION"));
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public static Object[][] userModeDataProvider() {
        return new Object[]{new Object[]{TestUserMode.SUPER_TENANT_ADMIN}, new Object[]{TestUserMode.TENANT_ADMIN}};
    }

    @Factory(dataProvider = "userModeDataProvider")
    public URLSafeJWTTestCase(TestUserMode testUserMode) {
        this.userMode = testUserMode;
    }

    private void createUser() throws RemoteException, RemoteUserStoreManagerServiceUserStoreExceptionException, UserStoreException {
        this.remoteUserStoreManagerServiceClient.addUser(this.enduserName, this.enduserPassword, new String[0], new ClaimValue[0], "default", false);
        this.remoteUserStoreManagerServiceClient.setUserClaimValue(this.enduserName, "http://wso2.org/claims/givenname", "first name", "default");
        this.remoteUserStoreManagerServiceClient.setUserClaimValue(this.enduserName, "http://wso2.org/claims/lastname", "last name", "default");
    }

    private String generateUserToken(String str, String str2, String str3, String str4) throws APIManagerIntegrationTestException, JSONException {
        String str5 = str3;
        if (this.userMode != TestUserMode.SUPER_TENANT_ADMIN) {
            str5 = str5.concat(PropertiesExpandingStreamReader.DELIMITER).concat(this.user.getUserDomain());
        }
        return new JSONObject(this.restAPIStore.generateUserAccessKey(str, str2, "grant_type=password&username=" + str5 + "&password=" + str4, this.tokenEndpointURL).getData()).getString(RESTAPITestConstants.ACCESS_TOKEN_TEXT);
    }
}
