package com.ibm.ws.security.mp.jwt.fat;

import com.gargoylesoftware.htmlunit.WebClient;
import com.gargoylesoftware.htmlunit.util.NameValuePair;
import com.ibm.websphere.simplicity.log.Log;
import com.ibm.ws.security.fat.common.Constants;
import com.ibm.ws.security.fat.common.expectations.Expectations;
import com.ibm.ws.security.fat.common.expectations.ResponseFullExpectation;
import com.ibm.ws.security.fat.common.expectations.ResponseStatusExpectation;
import com.ibm.ws.security.fat.common.expectations.ServerMessageExpectation;
import com.ibm.ws.security.fat.common.jwt.JwtTokenForTest;
import com.ibm.ws.security.fat.common.jwt.expectations.JwtTokenHeaderExpectation;
import com.ibm.ws.security.fat.common.utils.SecurityFatHttpUtils;
import com.ibm.ws.security.fat.common.validation.TestValidationUtils;
import com.ibm.ws.security.jwt.fat.mpjwt.MpJwtFatConstants;
import componenttest.annotation.AllowedFFDC;
import componenttest.annotation.ExpectedFFDC;
import componenttest.annotation.MinimumJavaLevel;
import componenttest.annotation.Server;
import componenttest.custom.junit.runner.FATRunner;
import componenttest.custom.junit.runner.Mode;
import componenttest.topology.impl.LibertyServer;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;

@MinimumJavaLevel(javaLevel = 8)
@Mode(Mode.TestMode.FULL)
@RunWith(FATRunner.class)
/* loaded from: input_file:com/ibm/ws/security/mp/jwt/fat/MPJwtConfigUsingBuilderTests.class */
public class MPJwtConfigUsingBuilderTests extends CommonMpJwtFat {
    protected static Class<?> thisClass = MPJwtBasicTests.class;

    @Server("com.ibm.ws.security.mp.jwt.fat")
    public static LibertyServer resourceServer;

    @Server("com.ibm.ws.security.mp.jwt.fat.builder")
    public static LibertyServer jwtBuilderServer;
    private final TestValidationUtils validationUtils = new TestValidationUtils();

    @BeforeClass
    public static void setUp() throws Exception {
        setUpAndStartBuilderServer(jwtBuilderServer, "server_using_buildApp.xml", false);
        setUpAndStartRSServerForTests(resourceServer, "rs_server_orig_withAudience.xml", false);
    }

    public void restoreTestServers() {
        Log.info(thisClass, "restoreTestServersWithCheck", "* Skipping server restore **");
        logTestCaseInServerLogs("** Skipping server restore **");
    }

    protected static void setUpAndStartRSServerForTests(LibertyServer libertyServer, String str, boolean z) throws Exception {
        bootstrapUtils.writeBootstrapProperty(libertyServer, MpJwtFatConstants.BOOTSTRAP_PROP_FAT_SERVER_HOSTNAME, SecurityFatHttpUtils.getServerHostName());
        bootstrapUtils.writeBootstrapProperty(libertyServer, MpJwtFatConstants.BOOTSTRAP_PROP_FAT_SERVER_HOSTIP, SecurityFatHttpUtils.getServerHostIp());
        if (z) {
            bootstrapUtils.writeBootstrapProperty(libertyServer, "mpJwt_keyName", "");
            bootstrapUtils.writeBootstrapProperty(libertyServer, "mpJwt_jwksUri", "\"" + SecurityFatHttpUtils.getServerSecureUrlBase(jwtBuilderServer) + "jwt/ibm/api/defaultJWT/jwk\"");
        } else {
            bootstrapUtils.writeBootstrapProperty(libertyServer, "mpJwt_keyName", "rsacert");
            bootstrapUtils.writeBootstrapProperty(libertyServer, "mpJwt_jwksUri", "");
        }
        deployRSServerApiTestApps(libertyServer);
        serverTracker.addServer(libertyServer);
        libertyServer.startServerUsingExpandedConfiguration(str);
        SecurityFatHttpUtils.saveServerPorts(libertyServer, MpJwtFatConstants.BVT_SERVER_1_PORT_NAME_ROOT);
        libertyServer.addIgnoredErrors(Arrays.asList(MpJwtMessageConstants.CWWKW1001W_CDI_RESOURCE_SCOPE_MISMATCH));
    }

    protected List<List<String>> getTestAppArray() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(Arrays.asList(buildAppUrl(resourceServer, MpJwtFatConstants.MICROPROFILE_SERVLET, MpJwtFatConstants.MPJWT_APP_SEC_CONTEXT_REQUEST_SCOPE), MpJwtFatConstants.MPJWT_APP_CLASS_SEC_CONTEXT_REQUEST_SCOPE));
        arrayList.add(Arrays.asList(buildAppUrl(resourceServer, MpJwtFatConstants.MICROPROFILE_SERVLET, MpJwtFatConstants.MPJWT_APP_TOKEN_INJECT_REQUEST_SCOPE), MpJwtFatConstants.MPJWT_APP_CLASS_TOKEN_INJECT_REQUEST_SCOPE));
        arrayList.add(Arrays.asList(buildAppUrl(resourceServer, MpJwtFatConstants.MICROPROFILE_SERVLET, MpJwtFatConstants.MPJWT_APP_CLAIM_INJECT_REQUEST_SCOPE), MpJwtFatConstants.MPJWT_APP_CLASS_CLAIM_INJECT_REQUEST_SCOPE));
        return arrayList;
    }

    public void genericConfigTest(String str) throws Exception {
        genericConfigTest(str, null);
    }

    public void genericConfigTest(String str, Expectations expectations) throws Exception {
        JwtTokenForTest jwtTokenForTest = new JwtTokenForTest(str);
        WebClient createWebClient = this.actions.createWebClient();
        boolean z = expectations == null;
        for (List<String> list : getTestAppArray()) {
            if (z) {
                expectations = goodTestExpectations(jwtTokenForTest, list.get(0), list.get(1));
            }
            this.validationUtils.validateResult(this.actions.invokeUrlWithBearerToken(this._testName, createWebClient, list.get(0), str), expectations);
        }
    }

    @Test
    public void MPJwtConfigUsingBuilderTests_Issuer_Valid() throws Exception {
        super.restoreTestServers();
        genericConfigTest(this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer));
    }

    @Test
    @Mode(Mode.TestMode.LITE)
    @AllowedFFDC({"com.ibm.websphere.security.jwt.InvalidClaimException", "com.ibm.websphere.security.jwt.InvalidTokenException"})
    public void MPJwtConfigUsingBuilderTests_Issuer_Invalid() throws Exception {
        super.restoreTestServers();
        genericConfigTest(this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "noUniqueIssuer"), setBadIssuerExpectations(resourceServer));
    }

    public void MPJwtConfigUsingBuilderTests_Issuer_NotSpecifiedInRS() throws Exception {
        resourceServer.addIgnoredErrors(Arrays.asList("CWWKG0058E.*issuer"));
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_noIssuer.xml", new String[]{"CWWKG0058E.*issuer"});
    }

    @Test
    @Mode(Mode.TestMode.LITE)
    public void MPJwtConfigUsingBuilderTests_authFilter() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_authFilter_true.xml", new String[0]);
        genericConfigTest(this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer));
    }

    @Test
    public void MPJwtConfigUsingBuilderTests_authFilter_false() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_authFilter_false.xml", new String[0]);
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer);
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(200));
        expectations.addExpectation(new ResponseFullExpectation("contains", "Form Login Page", "Did NOT land on the base security form login page"));
        genericConfigTest(jwtTokenUsingBuilder, expectations);
    }

    @Test
    public void MPJwtConfigUsingBuilderTests_Audience_Valid() throws Exception {
        super.restoreTestServers();
        genericConfigTest(this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer));
    }

    @Test
    @AllowedFFDC({"com.ibm.websphere.security.jwt.InvalidClaimException", "com.ibm.websphere.security.jwt.InvalidTokenException"})
    public void MPJwtConfigUsingBuilderTests_Audience_NotSpecifiedInRS() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_orig.xml", new String[0]);
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer);
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(401));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS6031E_CAN_NOT_PROCESS_TOKEN, "Messagelog did not contain an error indicating a problem authenticating the request with the provided token."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS6023E_AUDIENCE_NOT_TRUSTED, "Messagelog did not contain an exception indicating that the audience is NOT valid."));
        genericConfigTest(jwtTokenUsingBuilder, expectations);
    }

    @Test
    @AllowedFFDC({"com.ibm.websphere.security.jwt.InvalidClaimException", "com.ibm.websphere.security.jwt.InvalidTokenException"})
    public void MPJwtConfigUsingBuilderTests_Audience_NotSpecifiedInJwt() throws Exception {
        super.restoreTestServers();
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, MpJwtFatConstants.JWT_BUILDER_DEFAULT_ID);
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(401));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS6031E_CAN_NOT_PROCESS_TOKEN, "Messagelog did not contain an error indicating a problem authenticating the request with the provided token."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS6023E_AUDIENCE_NOT_TRUSTED, "Messagelog did not contain an exception indicating that the audience is NOT valid."));
        genericConfigTest(jwtTokenUsingBuilder, expectations);
    }

    @Test
    @AllowedFFDC({"com.ibm.websphere.security.jwt.InvalidClaimException", "com.ibm.websphere.security.jwt.InvalidTokenException"})
    public void MPJwtConfigUsingBuilderTests_Audience_Mismatch() throws Exception {
        super.restoreTestServers();
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "audience_mismatch");
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(401));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS6031E_CAN_NOT_PROCESS_TOKEN, "Messagelog did not contain an error indicating a problem authenticating the request with the provided token."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS6023E_AUDIENCE_NOT_TRUSTED, "Messagelog did not contain an exception indicating that the audience is NOT valid."));
        genericConfigTest(jwtTokenUsingBuilder, expectations);
    }

    @Test
    public void MPJwtConfigUsingBuilderTests_Audience_SuperSet() throws Exception {
        super.restoreTestServers();
        genericConfigTest(this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "audience_superset"));
    }

    @Test
    public void MPJwtConfigUsingBuilderTests_Audience_Subset() throws Exception {
        super.restoreTestServers();
        genericConfigTest(this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "audience_subset"));
    }

    @Test
    public void MPJwtConfigUsingBuilderTests_buildUsingJWK_mpJWTusingJWK() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_jwk.xml", new String[0]);
        genericConfigTest(this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "JWKEnabled"));
    }

    @Test
    @ExpectedFFDC({"org.jose4j.jwt.consumer.InvalidJwtSignatureException"})
    @AllowedFFDC({"com.ibm.websphere.security.jwt.InvalidTokenException"})
    public void MPJwtConfigUsingBuilderTests_buildUsingJWK_mpJWTusingX509() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_noJwk.xml", new String[0]);
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "JWKEnabled");
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(401));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS5523E_ERROR_CREATING_JWT_USING_TOKEN_IN_REQ, "Message log did not contain an error indicating a problem authenticating the request using the provided token."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, "Invalid JWS Signature", "Message log did not contain an exception indicating that the signature was NOT valid."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS6041E_JWT_SIGNATURE_INVALID, "Message log did not contain an exception indicating that the signature was NOT valid."));
        genericConfigTest(jwtTokenUsingBuilder, expectations);
    }

    @Test
    @AllowedFFDC({"com.ibm.websphere.security.jwt.InvalidTokenException", "com.ibm.websphere.security.jwt.InvalidClaimException"})
    public void MPJwtConfigUsingBuilderTests_buildUsingX509_mpJWTusingJWK() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_jwk.xml", new String[0]);
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "JWKNotEnabled");
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(401));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS5523E_ERROR_CREATING_JWT_USING_TOKEN_IN_REQ, "Message log did not contain an error indicating a problem authenticating the request using the provided token."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS5524E_ERROR_CREATING_JWT_USING_TOKEN_IN_REQ, "Message log did not contain an error indicating a problem creating a JWT."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS6029E_SIGNING_KEY_CANNOT_BE_FOUND, "Message log did not contain an error indicating that the signing key could not be found."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS6031E_CAN_NOT_PROCESS_TOKEN, "Message log did not contain an error indicating that the token could not be processed."));
        genericConfigTest(jwtTokenUsingBuilder, expectations);
    }

    @Test
    public void MPJwtConfigUsingBuilderTests_buildUsingX509_mpJWTusingX509() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_noJwk.xml", new String[0]);
        genericConfigTest(this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "JWKNotEnabled"));
    }

    @Test
    @AllowedFFDC({"com.ibm.websphere.security.jwt.InvalidClaimException", "com.ibm.websphere.security.jwt.InvalidTokenException", "org.jose4j.jwt.consumer.InvalidJwtSignatureException"})
    public void MPJwtConfigUsingBuilderTests_JwksUri_JWTHasJWK_mpJwtMisMatchJWK() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_jwk.xml", new String[0]);
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "JWKEnabled2");
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(401));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS5523E_ERROR_CREATING_JWT_USING_TOKEN_IN_REQ, "Message log did not contain an error indicating a problem authenticating the request using the provided token."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS5524E_ERROR_CREATING_JWT_USING_TOKEN_IN_REQ, "Message log did not contain an error indicating a problem creating a JWT."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS6029E_SIGNING_KEY_CANNOT_BE_FOUND, "Message log did not contain an error indicating that the signing key could not be found."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS6031E_CAN_NOT_PROCESS_TOKEN, "Message log did not contain an error indicating that the token could not be processed."));
        genericConfigTest(jwtTokenUsingBuilder, expectations);
    }

    @Test
    @ExpectedFFDC({"java.security.cert.CertificateException", "com.ibm.websphere.security.jwt.KeyException"})
    @AllowedFFDC({"com.ibm.websphere.security.jwt.InvalidTokenException"})
    public void MPJwtConfigUsingBuilderTests_KeyName_invalidKeyName() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_invalidKeyName.xml", new String[0]);
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "JWKNotEnabled");
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(401));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS5523E_ERROR_CREATING_JWT_USING_TOKEN_IN_REQ, "Message log did not contain an error indicating a problem authenticating the request using the provided token."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS6031E_CAN_NOT_PROCESS_TOKEN, "Message log did not contain an error indicating that the consumer can not process the string."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, "CWWKS6007E.*someKeyName", "Message log did not indicate that the signing key is NOT available."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, "CWWKS6033E.*someKeyName.*rsa_trust", "Message log did not indicate that the signing key is NOT available."));
        genericConfigTest(jwtTokenUsingBuilder, expectations);
    }

    @Test
    @Mode(Mode.TestMode.LITE)
    public void MPJwtConfigUsingBuilderTests_hs256() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_audience_hs256.xml", new String[0]);
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "hs256");
        Expectations expectations = new Expectations();
        expectations.addExpectation(new JwtTokenHeaderExpectation("alg", Constants.StringCheckType.CONTAINS, "HS256"));
        this.validationUtils.validateResult(jwtTokenUsingBuilder, expectations);
        genericConfigTest(jwtTokenUsingBuilder);
    }

    @Mode(Mode.TestMode.LITE)
    @AllowedFFDC({"com.ibm.websphere.security.jwt.InvalidTokenException"})
    @Test
    @ExpectedFFDC({"org.jose4j.jwt.consumer.InvalidJwtSignatureException"})
    public void MPJwtConfigUsingBuilderTests_hs256_mismatchSharedKey() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_audience_hs256.xml", new String[0]);
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "hs256_keyMisMatch");
        Expectations expectations = new Expectations();
        expectations.addExpectation(new JwtTokenHeaderExpectation("alg", Constants.StringCheckType.CONTAINS, "HS256"));
        this.validationUtils.validateResult(jwtTokenUsingBuilder, expectations);
        Expectations expectations2 = new Expectations();
        expectations2.addExpectation(new ResponseStatusExpectation(401));
        expectations2.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS5523E_ERROR_CREATING_JWT_USING_TOKEN_IN_REQ, "Message log did not contain an error indicating a problem authenticating the request using the provided token."));
        expectations2.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS5524E_ERROR_CREATING_JWT_USING_TOKEN_IN_REQ, "Message log did not contain an error indicating a problem creating a JWT."));
        expectations2.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS6031E_CAN_NOT_PROCESS_TOKEN, "Message log did not contain an error indicating that the consumer can not process the string."));
        expectations2.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS6041E_JWT_SIGNATURE_INVALID, "Message log did not contain an exception indicating that the signature was NOT valid."));
        genericConfigTest(jwtTokenUsingBuilder, expectations2);
    }

    @Test
    public void MPJwtConfigUsingBuilderTests_SSLRef_Valid_usingX509() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_validSSLRef.xml", new String[0]);
        genericConfigTest(this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "JWKNotEnabled"));
    }

    @Test
    @AllowedFFDC({"com.ibm.websphere.security.jwt.InvalidTokenException", "org.jose4j.jwt.consumer.InvalidJwtSignatureException"})
    @ExpectedFFDC({"com.ibm.websphere.security.jwt.KeyException", "java.security.cert.CertificateException"})
    public void MPJwtConfigUsingBuilderTests_SSLRef_invalid_usingX509() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_inValidSSLRef.xml", new String[0]);
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "JWKNotEnabled");
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(401));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS5523E_ERROR_CREATING_JWT_USING_TOKEN_IN_REQ, "Message log did not contain an error indicating a problem authenticating the request the provided token."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, "CWWKS6031E.*mpJwt_1", "Message log did not indicate that the consumer can not process the token"));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, "CWWKS6033E.*rsacert.*configServerDefault", "Message log did not indicate that the signing key is NOT available."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, "CWWKS6007E.*rsacert", "Message log did not indicate that the signing key is NOT available."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, "rsacert.*is not present in the KeyStore as a certificate", "Message log did not a nessage statubg that the alias was NOT found in the keystore."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, "CWWKS6033E.*rsacert", "Message log did not indicate that the signing key is NOT available."));
        genericConfigTest(jwtTokenUsingBuilder, expectations);
    }

    @Test
    public void MPJwtConfigUsingBuilderTests_TokenReuse_True() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_tokenReuse_true.xml", new String[0]);
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "JTIEnabled");
        genericConfigTest(jwtTokenUsingBuilder);
        genericConfigTest(jwtTokenUsingBuilder);
    }

    @Test
    @AllowedFFDC({"com.ibm.websphere.security.jwt.InvalidTokenException"})
    public void MPJwtConfigUsingBuilderTests_TokenReuse_False() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_tokenReuse_false.xml", new String[0]);
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "JTIEnabled");
        JwtTokenForTest jwtTokenForTest = new JwtTokenForTest(jwtTokenUsingBuilder);
        String buildAppUrl = buildAppUrl(resourceServer, MpJwtFatConstants.MICROPROFILE_SERVLET, MpJwtFatConstants.MPJWT_APP_SEC_CONTEXT_REQUEST_SCOPE);
        WebClient createWebClient = this.actions.createWebClient();
        Expectations goodTestExpectations = goodTestExpectations(jwtTokenForTest, buildAppUrl, MpJwtFatConstants.MPJWT_APP_CLASS_SEC_CONTEXT_REQUEST_SCOPE);
        this.validationUtils.validateResult(this.actions.invokeUrlWithBearerToken(this._testName, createWebClient, buildAppUrl, jwtTokenUsingBuilder), goodTestExpectations);
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(401));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS5523E_ERROR_CREATING_JWT_USING_TOKEN_IN_REQ, "Message log did not contain an error indicating a problem authenticating the request the provided token."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, "CWWKS6031E.*mpJwt_1", "Message log did not indicate that the consumer can not process the token."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS6045E_JTI_REUSED, "Message log did not indicate that the token has been illegally reused."));
        this.validationUtils.validateResult(this.actions.invokeUrlWithBearerToken(this._testName, createWebClient, buildAppUrl, jwtTokenUsingBuilder), expectations);
        genericConfigTest(jwtTokenUsingBuilder, expectations);
    }

    @Test
    public void MPJwtConfigUsingBuilderTests_userNameAttribute_Exists_standardClaim() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_userNameAttribute_good.xml", new String[0]);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("sub", "testuser"));
        genericConfigTest(this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "subject_claim_included", arrayList));
    }

    @Test
    @AllowedFFDC({"com.ibm.ws.security.mp.jwt.error.MpJwtProcessingException"})
    public void MPJwtConfigUsingBuilderTests_userNameAttribute_DoesNotExist() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_userNameAttribute_different.xml", new String[0]);
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, MpJwtFatConstants.JWT_BUILDER_DEFAULT_ID);
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(401));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, "CWWKS5519E.*other", "Message log did not contain an error indicating that the token does not contain the claim specified by userNameAttribute."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, "CWWKS5508E.*mpJwt_1", "Message log did not indicate that a subject for the user could not be created."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS5506E_USERNAME_NOT_FOUND, "Message log did not indicate that the user name couldn't be found."));
        genericConfigTest(jwtTokenUsingBuilder, expectations);
    }

    @Test
    public void MPJwtConfigUsingBuilderTests_userNameAttribute_Exists_uniqueClaim() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_userNameAttribute_different.xml", new String[0]);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("other", "someuser"));
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, MpJwtFatConstants.JWT_BUILDER_DEFAULT_ID, arrayList);
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(200));
        expectations.addExpectation(new ResponseFullExpectation("contains", "com.ibm.wsspi.security.cred.securityName=someuser", "Response did NOT contain \"com.ibm.wsspi.security.cred.securityName=someuser\" to indicate that the user in the credential was \"someuser\" "));
        genericConfigTest(jwtTokenUsingBuilder, expectations);
    }

    @Test
    public void MPJwtConfigUsingBuilderTests_userNameAttribute_Exists_WithUPNClaim() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_userNameAttribute_different.xml", new String[0]);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("other", "someuser"));
        arrayList.add(new NameValuePair("upn", "testuser"));
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, MpJwtFatConstants.JWT_BUILDER_DEFAULT_ID, arrayList);
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(200));
        expectations.addExpectation(new ResponseFullExpectation("contains", "com.ibm.wsspi.security.cred.securityName=someuser", "Response did NOT contain \"com.ibm.wsspi.security.cred.securityName=someuser\" to indicate that the user in the credential was \"someuser\" "));
        genericConfigTest(jwtTokenUsingBuilder, expectations);
    }

    @Test
    @AllowedFFDC({"com.ibm.ws.security.mp.jwt.error.MpJwtProcessingException"})
    public void MPJwtConfigUsingBuilderTests_userNameAttribute_DoesNotExist_WithUPNClaimAlso() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_userNameAttribute_different.xml", new String[0]);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("upn", "testuser"));
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, MpJwtFatConstants.JWT_BUILDER_DEFAULT_ID, arrayList);
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(401));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, "CWWKS5519E.*other", "Message log did not contain an error indicating that the token does not contain the claim specified by userNameAttribute."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, "CWWKS5508E.*mpJwt_1", "Message log did not indicate that a subject for the user could not be created."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS5506E_USERNAME_NOT_FOUND, "Message log did not indicate that the user name couldn't be found."));
        genericConfigTest(jwtTokenUsingBuilder, expectations);
    }

    @Test
    @ExpectedFFDC({"com.ibm.ws.security.registry.EntryNotFoundException"})
    @AllowedFFDC({"com.ibm.ws.security.mp.jwt.error.MpJwtProcessingException"})
    public void MPJwtConfigUsingBuilderTests_userNameAttribute_UserNotInRegistry_WithMapToUserRegistryTrue() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_userNameAttribute_mapToUserRegistryTrue.xml", new String[0]);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("other", "someuser"));
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, MpJwtFatConstants.JWT_BUILDER_DEFAULT_ID, arrayList);
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(200));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS1106A_AUTHENTICATION_FAILED, "Message log did not contain an error indicating a problem authenticating the request the provided token."));
        expectations.addExpectation(new ResponseFullExpectation("contains", "Form Login Page", "Did NOT land on the base security form login page"));
        genericConfigTest(jwtTokenUsingBuilder, expectations);
    }

    @Test
    public void MPJwtConfigUsingBuilderTests_clockSkew_useTokenWithinClockSkew() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_clockSkew_normal.xml", new String[0]);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("upn", "testuser"));
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        arrayList.add(new NameValuePair("iat", String.valueOf(currentTimeMillis)));
        arrayList.add(new NameValuePair("exp", String.valueOf(currentTimeMillis + 5)));
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "subject_claim_included", arrayList);
        Thread.sleep(15000L);
        genericConfigTest(jwtTokenUsingBuilder);
    }

    @Test
    @AllowedFFDC({"com.ibm.websphere.security.jwt.InvalidClaimException", "com.ibm.websphere.security.jwt.InvalidTokenException"})
    public void MPJwtConfigUsingBuilderTests_clockSkew_useTokenOutsideClockSkew() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_clockSkew_short.xml", new String[0]);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("upn", "testuser"));
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        arrayList.add(new NameValuePair("iat", String.valueOf(currentTimeMillis)));
        arrayList.add(new NameValuePair("exp", String.valueOf(currentTimeMillis + 5)));
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, "subject_claim_included", arrayList);
        Thread.sleep(20000L);
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(401));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS5523E_ERROR_CREATING_JWT_USING_TOKEN_IN_REQ, "Message log did not contain an error indicating a problem authenticating the request the provided token."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, "CWWKS6031E.*consumer.*mpJwt_1", "Message log did not contain an exception indicating that the JWT could not be processed."));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS6025E_TOKEN_EXPIRED, "Message log did not contain message saying the token has expired."));
        genericConfigTest(jwtTokenUsingBuilder, expectations);
    }

    @Test
    public void MPJwtConfigUsingBuilderTests_mapToUserRegistryFalse() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_mapToUserRegistry_false.xml", new String[0]);
        genericConfigTest(this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, MpJwtFatConstants.JWT_BUILDER_DEFAULT_ID));
    }

    @Test
    public void MPJwtConfigUsingBuilderTests_mapToUserRegistryTrue_userInRegistry() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_mapToUserRegistry_true.xml", new String[0]);
        genericConfigTest(this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, MpJwtFatConstants.JWT_BUILDER_DEFAULT_ID));
    }

    @Test
    @ExpectedFFDC({"com.ibm.ws.security.registry.EntryNotFoundException"})
    public void MPJwtConfigUsingBuilderTests_mapToUserRegistryTrue_userNotInRegistry() throws Exception {
        resourceServer.reconfigureServerUsingExpandedConfiguration(this._testName, "rs_server_mapToUserRegistry_true.xml", new String[0]);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("upn", "userNotThere"));
        String jwtTokenUsingBuilder = this.actions.getJwtTokenUsingBuilder(this._testName, jwtBuilderServer, MpJwtFatConstants.JWT_BUILDER_DEFAULT_ID, arrayList);
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(200));
        expectations.addExpectation(new ServerMessageExpectation(resourceServer, MpJwtMessageConstants.CWWKS1106A_AUTHENTICATION_FAILED, "Message log did not contain an error indicating a problem authenticating the request the provided token."));
        expectations.addExpectation(new ResponseFullExpectation("contains", "Form Login Page", "Did NOT land on the base security form login page"));
        genericConfigTest(jwtTokenUsingBuilder, expectations);
    }
}
