package com.ibm.ws.security.jwtsso.fat;

import com.gargoylesoftware.htmlunit.WebClient;
import com.gargoylesoftware.htmlunit.util.Cookie;
import com.ibm.websphere.simplicity.log.Log;
import com.ibm.ws.security.fat.common.expectations.Expectations;
import com.ibm.ws.security.fat.common.expectations.ServerMessageExpectation;
import com.ibm.ws.security.fat.common.validation.TestValidationUtils;
import com.ibm.ws.security.jwtsso.fat.utils.CommonExpectations;
import com.ibm.ws.security.jwtsso.fat.utils.JwtFatActions;
import com.ibm.ws.security.jwtsso.fat.utils.JwtFatConstants;
import com.ibm.ws.security.jwtsso.fat.utils.MessageConstants;
import componenttest.annotation.ExpectedFFDC;
import componenttest.annotation.Server;
import componenttest.custom.junit.runner.FATRunner;
import componenttest.custom.junit.runner.Mode;
import componenttest.topology.impl.LibertyServer;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;

@Mode(Mode.TestMode.FULL)
@RunWith(FATRunner.class)
/* loaded from: input_file:com/ibm/ws/security/jwtsso/fat/CookieExpirationTests.class */
public class CookieExpirationTests extends CommonJwtFat {
    protected static Class<?> thisClass = CookieExpirationTests.class;

    @Server("com.ibm.ws.security.jwtsso.fat")
    public static LibertyServer server;
    private JwtFatActions actions = new JwtFatActions();
    private TestValidationUtils validationUtils = new TestValidationUtils();
    String protectedUrl = "http://" + server.getHostname() + ":" + server.getHttpDefaultPort() + JwtFatConstants.SIMPLE_SERVLET_PATH;
    String defaultUser = "testuser";
    String defaultPassword = "testuserpwd";

    @BeforeClass
    public static void setUp() throws Exception {
        setUpAndStartServer(server, "configs/server_withFeature.xml");
    }

    @Test
    public void test_shortJwtCookieLifetime_reuseCookieWithinClockSkew() throws Exception {
        server.reconfigureServer("configs/server_shortJwtLifetime.xml", new String[0]);
        WebClient webClient = new WebClient();
        Cookie logInAndObtainJwtCookie = this.actions.logInAndObtainJwtCookie(this.testName.getMethodName(), webClient, this.protectedUrl, this.defaultUser, this.defaultPassword, "https://[^/]+/jwt/builder_shortLifetime");
        Log.info(thisClass, this.testName.getMethodName(), "Sleeping beyond JWT SSO cookie's lifetime...");
        Thread.sleep(5000L);
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedProtectedResourceWithJwtCookie("invokeProtectedResource", this.protectedUrl, this.defaultUser, "https://[^/]+/jwt/builder_shortLifetime"));
        expectations.addExpectations(CommonExpectations.jwtCookieExists("invokeProtectedResource", webClient, JwtFatConstants.JWT_COOKIE_NAME));
        expectations.addExpectations(CommonExpectations.cookieDoesNotExist("invokeProtectedResource", webClient, JwtFatConstants.LTPA_COOKIE_NAME));
        expectations.addExpectations(CommonExpectations.responseTextMissingCookie("invokeProtectedResource", JwtFatConstants.LTPA_COOKIE_NAME));
        this.validationUtils.validateResult(this.actions.invokeUrlWithCookie(this.testName.getMethodName(), this.protectedUrl, logInAndObtainJwtCookie), "invokeProtectedResource", expectations);
    }

    @Test
    @ExpectedFFDC({"com.ibm.websphere.security.jwt.InvalidClaimException", "com.ibm.websphere.security.jwt.InvalidTokenException", "com.ibm.ws.security.authentication.AuthenticationException"})
    public void test_shortJwtCookieLifetime_reuseCookieOutsideClockSkew() throws Exception {
        server.reconfigureServer("configs/server_shortJwtLifetime_shortClockSkew.xml", new String[0]);
        Cookie logInAndObtainJwtCookie = this.actions.logInAndObtainJwtCookie(this.testName.getMethodName(), new WebClient(), this.protectedUrl, this.defaultUser, this.defaultPassword, "https://[^/]+/jwt/builder_shortLifetime");
        Log.info(thisClass, this.testName.getMethodName(), "Sleeping beyond JWT SSO cookie's lifetime and JWT consumer's clock skew...");
        Thread.sleep(8000L);
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("invokeProtectedResource"));
        expectations.addExpectation(new ServerMessageExpectation("invokeProtectedResource", server, MessageConstants.CWWKS6025E_JWT_TOKEN_EXPIRED));
        expectations.addExpectation(new ServerMessageExpectation("invokeProtectedResource", server, MessageConstants.CWWKS6031E_JWT_ERROR_PROCESSING_JWT));
        expectations.addExpectation(new ServerMessageExpectation("invokeProtectedResource", server, MessageConstants.CWWKS5524E_ERROR_CREATING_JWT));
        expectations.addExpectation(new ServerMessageExpectation("invokeProtectedResource", server, MessageConstants.CWWKS5523E_ERROR_CREATING_JWT_USING_TOKEN_IN_REQ));
        this.validationUtils.validateResult(this.actions.invokeUrlWithCookie(this.testName.getMethodName(), this.protectedUrl, logInAndObtainJwtCookie), "invokeProtectedResource", expectations);
    }
}
