package org.eclipse.microprofile.jwt.tck.container.jaxrs;

import com.ibm.websphere.simplicity.ShrinkHelper;
import componenttest.annotation.AllowedFFDC;
import componenttest.annotation.Server;
import componenttest.custom.junit.runner.FATRunner;
import componenttest.topology.impl.LibertyServer;
import componenttest.topology.utils.FATServletClient;
import java.util.Base64;
import java.util.HashMap;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.core.Response;
import org.eclipse.microprofile.jwt.Claims;
import org.eclipse.microprofile.jwt.tck.util.TokenUtils;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(FATRunner.class)
/* loaded from: input_file:org/eclipse/microprofile/jwt/tck/container/jaxrs/RolesAllowedTest.class */
public class RolesAllowedTest extends FATServletClient {
    private static String token;
    private static Long iatClaim;
    private static Long authTimeClaim;
    private static Long expClaim;

    @Server("mpjwt_roles")
    public static LibertyServer server1;
    private static String baseURL;

    /* loaded from: input_file:org/eclipse/microprofile/jwt/tck/container/jaxrs/RolesAllowedTest$Assert2.class */
    static class Assert2 {
        Assert2() {
        }

        static void assertTrue(boolean z, String str) {
            Assert.assertTrue(str, z);
        }

        static void assertEquals(long j, long j2) {
            Assert.assertEquals(j2, j);
        }

        static void assertEquals(Object obj, Object obj2) {
            Assert.assertEquals(obj2, obj);
        }
    }

    /* loaded from: input_file:org/eclipse/microprofile/jwt/tck/container/jaxrs/RolesAllowedTest$Reporter.class */
    static class Reporter {
        Reporter() {
        }

        static void log(String str) {
            System.out.println("*** " + str);
        }
    }

    @BeforeClass
    public static void setUp() throws Exception {
        WebArchive addAsManifestResource = ShrinkWrap.create(WebArchive.class, "RolesAllowedTest.war").addAsResource(RolesAllowedTest.class.getResource("/publicKey.pem"), "/publicKey.pem").addClass(RolesEndpoint.class).addClass(TCKApplication.class).addAsWebInfResource("beans.xml", "beans.xml").addAsWebInfResource("web.xml", "web.xml").addAsManifestResource("permissions.xml");
        System.out.printf("WebArchive: %s\n", addAsManifestResource.toString(true));
        ShrinkHelper.exportToServer(server1, "apps", addAsManifestResource, new ShrinkHelper.DeployOptions[0]);
        baseURL = "http://localhost:" + server1.getHttpDefaultPort() + "/RolesAllowedTest";
        server1.startServer();
    }

    @AfterClass
    public static void tearDown() throws Exception {
        server1.stopServer(new String[]{"CWWKS552[2-4]E"});
    }

    @BeforeClass
    public static void generateToken() throws Exception {
        HashMap hashMap = new HashMap();
        token = TokenUtils.generateTokenString("/Token1.json", null, hashMap);
        iatClaim = (Long) hashMap.get(Claims.iat.name());
        authTimeClaim = (Long) hashMap.get(Claims.auth_time.name());
        expClaim = (Long) hashMap.get(Claims.exp.name());
    }

    @Test
    public void callEchoNoAuth() throws Exception {
        Reporter.log("callEchoNoAuth, expect HTTP_UNAUTHORIZED");
        Assert2.assertEquals(ClientBuilder.newClient().target(baseURL + "/endp/echo").queryParam("input", new Object[]{"hello"}).request(new String[]{"text/plain"}).get().getStatus(), 401L);
    }

    @Test
    @AllowedFFDC({"com.ibm.websphere.security.jwt.InvalidTokenException", "org.jose4j.jwt.consumer.InvalidJwtException"})
    public void callEchoBASIC() throws Exception {
        Reporter.log("callEchoBASIC, expect HTTP_UNAUTHORIZED");
        String str = new String(Base64.getEncoder().encode("jdoe@example.com:password".getBytes()));
        System.out.printf("basic: %s\n", str);
        Response response = ClientBuilder.newClient().target(baseURL + "/endp/echo").queryParam("input", new Object[]{"hello"}).request(new String[]{"text/plain"}).header("Authorization", "BASIC " + str).get();
        Assert2.assertEquals(response.getStatus(), 401L);
        System.out.println((String) response.readEntity(String.class));
    }

    @Test
    public void callEcho() throws Exception {
        Reporter.log("callEcho, expect HTTP_OK");
        Response response = ClientBuilder.newClient().target(baseURL + "/endp/echo").queryParam("input", new Object[]{"hello"}).request(new String[]{"text/plain"}).header("Authorization", "Bearer " + token).get();
        Assert.assertEquals(200L, response.getStatus());
        Assert.assertEquals((String) response.readEntity(String.class), "hello, user=jdoe@example.com");
    }

    @Test
    public void callEcho2() throws Exception {
        Reporter.log("callEcho2, expect HTTP_FORBIDDEN");
        Assert2.assertEquals(r0.getStatus(), 403L);
    }

    @Test
    public void checkIsUserInRole() throws Exception {
        Reporter.log("checkIsUserInRole, expect HTTP_OK");
        Assert2.assertEquals(r0.getStatus(), 200L);
    }

    @Test
    public void checkIsUserInRoleToken2() throws Exception {
        Reporter.log("checkIsUserInRoleToken2, expect HTTP_FORBIDDEN");
        Assert2.assertEquals(r0.getStatus(), 403L);
    }

    @Test
    public void echoNeedsToken2Role() throws Exception {
        Reporter.log("echoNeedsToken2Role, expect HTTP_FORBIDDEN");
        Assert2.assertEquals(r0.getStatus(), 200L);
    }

    @Test
    public void echoWithToken2() throws Exception {
        Reporter.log("echoWithToken2, expect HTTP_FORBIDDEN");
        Assert2.assertEquals(r0.getStatus(), 403L);
    }

    @Test
    public void getPrincipalClass() throws Exception {
        Reporter.log("getPrincipalClass, expect HTTP_OK");
        Response response = ClientBuilder.newClient().target(baseURL + "/endp/getPrincipalClass").request(new String[]{"text/plain"}).header("Authorization", "Bearer " + token).get();
        Assert2.assertEquals(response.getStatus(), 200L);
        Assert2.assertEquals((String) response.readEntity(String.class), "isJsonWebToken:true");
    }

    @Test
    public void testNeedsGroup1Mapping() {
        Reporter.log("testNeedsGroup1Mapping, expect HTTP_OK");
        Response response = ClientBuilder.newClient().target(baseURL + "/endp/needsGroup1Mapping").request(new String[]{"text/plain"}).header("Authorization", "Bearer " + token).get();
        Assert2.assertEquals(response.getStatus(), 200L);
        System.out.println((String) response.readEntity(String.class));
    }

    @Test
    public void getInjectedPrincipal() throws Exception {
        Reporter.log("getInjectedPrincipal, expect HTTP_OK");
        Response response = ClientBuilder.newClient().target(baseURL + "/endp/getInjectedPrincipal").request(new String[]{"text/plain"}).header("Authorization", "Bearer " + token).get();
        Assert.assertEquals(200L, response.getStatus());
        Assert2.assertEquals((String) response.readEntity(String.class), "isJsonWebToken:true");
    }

    @Test
    public void callHeartbeat() throws Exception {
        Reporter.log("callHeartbeat, expect HTTP_OK");
        Response response = ClientBuilder.newClient().target(baseURL + "/endp/heartbeat").queryParam("input", new Object[]{"hello"}).request(new String[]{"text/plain"}).get();
        Assert2.assertEquals(response.getStatus(), 200L);
        Assert2.assertTrue(((String) response.readEntity(String.class)).startsWith("Heartbeat:"), "Saw Heartbeat: ...");
    }
}
