package com.ibm.ws.security.jwtsso.fat;

import com.gargoylesoftware.htmlunit.Page;
import com.gargoylesoftware.htmlunit.WebClient;
import com.ibm.websphere.simplicity.log.Log;
import com.ibm.ws.security.fat.common.CommonSecurityFat;
import com.ibm.ws.security.fat.common.expectations.Expectations;
import com.ibm.ws.security.fat.common.validation.TestValidationUtils;
import com.ibm.ws.security.jwtsso.fat.utils.CommonExpectations;
import com.ibm.ws.security.jwtsso.fat.utils.JwtFatActions;
import com.ibm.ws.security.jwtsso.fat.utils.JwtFatConstants;
import componenttest.annotation.Server;
import componenttest.custom.junit.runner.FATRunner;
import componenttest.custom.junit.runner.Mode;
import componenttest.topology.impl.LibertyServer;
import java.io.StringReader;
import java.io.UnsupportedEncodingException;
import java.util.Base64;
import javax.json.Json;
import javax.json.JsonObject;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;

@Mode(Mode.TestMode.FULL)
@RunWith(FATRunner.class)
/* loaded from: input_file:com/ibm/ws/security/jwtsso/fat/BuilderTests.class */
public class BuilderTests extends CommonSecurityFat {
    protected static Class<?> thisClass = BuilderTests.class;

    @Server("com.ibm.ws.security.jwtsso.fat")
    public static LibertyServer server;
    private final JwtFatActions actions = new JwtFatActions();
    private final TestValidationUtils validationUtils = new TestValidationUtils();
    String protectedUrl = "https://" + server.getHostname() + ":" + server.getHttpDefaultSecurePort() + JwtFatConstants.SIMPLE_SERVLET_PATH;
    String defaultUser = "testuser";
    String defaultPassword = "testuserpwd";

    @BeforeClass
    public static void setUp() throws Exception {
        server.addInstalledAppForValidation("formlogin");
        serverTracker.addServer(server);
        server.startServerUsingExpandedConfiguration("server_withFeature.xml");
    }

    @Test
    public void test_jwkEnabled() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_builder_jwkEnabled.xml", new String[0]);
        WebClient createWebClient = this.actions.createWebClient();
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("invokeProtectedResource"));
        Page invokeUrl = this.actions.invokeUrl(this._testName, createWebClient, this.protectedUrl);
        this.validationUtils.validateResult(invokeUrl, "invokeProtectedResource", expectations);
        expectations.addExpectations(CommonExpectations.successfullyReachedProtectedResourceWithJwtCookie("submitLoginCredentials", this.protectedUrl, this.defaultUser, "https://[^/]+/jwt/builder_jwkEnabled"));
        expectations.addExpectations(CommonExpectations.responseTextMissingCookie("submitLoginCredentials", JwtFatConstants.LTPA_COOKIE_NAME));
        expectations.addExpectations(CommonExpectations.jwtCookieExists("submitLoginCredentials", createWebClient, JwtFatConstants.JWT_COOKIE_NAME, true, true));
        this.validationUtils.validateResult(this.actions.doFormLogin(invokeUrl, this.defaultUser, this.defaultPassword), "submitLoginCredentials", expectations);
        verifyJwtHeaderContainsKey(createWebClient.getCookieManager().getCookie(JwtFatConstants.JWT_COOKIE_NAME).getValue(), "kid");
    }

    @Test
    public void test_noBuilderRef_mpJwtJwksUriConfigured() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_noBuilder_jwksUriConfigured.xml", new String[0]);
        WebClient createWebClient = this.actions.createWebClient();
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("invokeProtectedResource"));
        Page invokeUrl = this.actions.invokeUrl(this._testName, createWebClient, this.protectedUrl);
        this.validationUtils.validateResult(invokeUrl, "invokeProtectedResource", expectations);
        expectations.addExpectations(CommonExpectations.successfullyReachedProtectedResourceWithJwtCookie("submitLoginCredentials", this.protectedUrl, this.defaultUser));
        expectations.addExpectations(CommonExpectations.responseTextMissingCookie("submitLoginCredentials", JwtFatConstants.LTPA_COOKIE_NAME));
        this.validationUtils.validateResult(this.actions.doFormLogin(invokeUrl, this.defaultUser, this.defaultPassword), "submitLoginCredentials", expectations);
    }

    private void verifyJwtHeaderContainsKey(String str, String str2) throws UnsupportedEncodingException {
        Log.info(thisClass, "verifyJwtHeaderContainsKey", "Verifying that JWT header contains key \"" + str2 + "\". JWT: " + str);
        JsonObject convertStringToJsonObject = convertStringToJsonObject(extractAndDecodeJwtHeader(str));
        Assert.assertTrue("JWT cookie header should have included a \"" + str2 + "\" entry but did not. Header was: " + convertStringToJsonObject, convertStringToJsonObject.containsKey(str2));
    }

    private void verifyJwtHeaderDoesNotContainKey(String str, String str2) throws UnsupportedEncodingException {
        Log.info(thisClass, "verifyJwtHeaderDoesNotContainKey", "Verifying that JWT header does not contain key \"" + str2 + "\". JWT: " + str);
        JsonObject convertStringToJsonObject = convertStringToJsonObject(extractAndDecodeJwtHeader(str));
        Assert.assertFalse("JWT cookie header should NOT have included a \"" + str2 + "\" entry but did. Header was: " + convertStringToJsonObject, convertStringToJsonObject.containsKey(str2));
    }

    private String extractAndDecodeJwtHeader(String str) throws UnsupportedEncodingException {
        return new String(Base64.getDecoder().decode(str.substring(0, str.indexOf("."))), "UTF-8");
    }

    private JsonObject convertStringToJsonObject(String str) {
        return Json.createReader(new StringReader(str)).readObject();
    }
}
