package org.sonar.server.authentication;

import com.google.common.collect.ImmutableMap;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.impl.DefaultClaims;
import java.util.Base64;
import java.util.Date;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.assertj.core.api.Assertions;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.sonar.api.config.MapSettings;
import org.sonar.api.config.Settings;
import org.sonar.api.utils.DateUtils;
import org.sonar.api.utils.System2;
import org.sonar.core.util.UuidFactory;
import org.sonar.core.util.UuidFactoryImpl;
import org.sonar.server.authentication.JwtSerializer;
import org.sonar.server.exceptions.UnauthorizedException;

/* loaded from: input_file:org/sonar/server/authentication/JwtSerializerTest.class */
public class JwtSerializerTest {
    static final String A_SECRET_KEY = "HrPSavOYLNNrwTY+SOqpChr7OwvbR/zbDLdVXRN0+Eg=";
    static final String USER_LOGIN = "john";

    @Rule
    public ExpectedException expectedException = ExpectedException.none();
    private Settings settings = new MapSettings();
    private System2 system2 = System2.INSTANCE;
    private UuidFactory uuidFactory = UuidFactoryImpl.INSTANCE;
    private JwtSerializer underTest = new JwtSerializer(this.settings, this.system2, this.uuidFactory);

    @Test
    public void generate_token() throws Exception {
        setSecretKey(A_SECRET_KEY);
        this.underTest.start();
        Assertions.assertThat(this.underTest.encode(new JwtSerializer.JwtSession(USER_LOGIN, 10))).isNotEmpty();
    }

    @Test
    public void generate_token_with_expiration_date() throws Exception {
        setSecretKey(A_SECRET_KEY);
        this.underTest.start();
        Date date = new Date();
        String encode = this.underTest.encode(new JwtSerializer.JwtSession(USER_LOGIN, 10));
        Assertions.assertThat(encode).isNotEmpty();
        Assertions.assertThat(((Claims) this.underTest.decode(encode).get()).getExpiration()).isAfterOrEqualsTo(new Date(date.getTime() + 9000));
    }

    @Test
    public void generate_token_with_property() throws Exception {
        setSecretKey(A_SECRET_KEY);
        this.underTest.start();
        String encode = this.underTest.encode(new JwtSerializer.JwtSession(USER_LOGIN, 10, ImmutableMap.of("custom", "property")));
        Assertions.assertThat(encode).isNotEmpty();
        Assertions.assertThat(((Claims) this.underTest.decode(encode).get()).get("custom")).isEqualTo("property");
    }

    @Test
    public void decode_token() throws Exception {
        setSecretKey(A_SECRET_KEY);
        this.underTest.start();
        Date date = new Date();
        Claims claims = (Claims) this.underTest.decode(this.underTest.encode(new JwtSerializer.JwtSession(USER_LOGIN, 1200))).get();
        Assertions.assertThat(claims.getId()).isNotEmpty();
        Assertions.assertThat(claims.getSubject()).isEqualTo(USER_LOGIN);
        Assertions.assertThat(claims.getExpiration()).isNotNull();
        Assertions.assertThat(claims.getIssuedAt()).isNotNull();
        Assertions.assertThat(claims.getExpiration()).isAfterOrEqualsTo(new Date(date.getTime() + 1140000));
    }

    @Test
    public void return_no_token_when_expiration_date_is_reached() throws Exception {
        setSecretKey(A_SECRET_KEY);
        this.underTest.start();
        Assertions.assertThat(this.underTest.decode(Jwts.builder().setId("123").setIssuedAt(new Date(this.system2.now())).setExpiration(new Date(this.system2.now())).signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)).compact())).isEmpty();
    }

    @Test
    public void return_no_token_when_secret_key_has_changed() throws Exception {
        setSecretKey(A_SECRET_KEY);
        this.underTest.start();
        Assertions.assertThat(this.underTest.decode(Jwts.builder().setId("123").setSubject(USER_LOGIN).setIssuedAt(new Date(this.system2.now())).setExpiration(new Date(this.system2.now() + 1200000)).signWith(SignatureAlgorithm.HS256, decodeSecretKey("LyWgHktP0FuHB2K+kMs3KWMCJyFHVZDdDSqpIxAMVaQ=")).compact())).isEmpty();
    }

    @Test
    public void fail_to_decode_token_when_no_id() throws Exception {
        setSecretKey(A_SECRET_KEY);
        this.underTest.start();
        String compact = Jwts.builder().setSubject(USER_LOGIN).setIssuer("sonarqube").setIssuedAt(new Date(this.system2.now())).setExpiration(new Date(this.system2.now() + 1200000)).signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)).compact();
        this.expectedException.expect(UnauthorizedException.class);
        this.expectedException.expectMessage("Token id hasn't been found");
        this.underTest.decode(compact);
    }

    @Test
    public void fail_to_decode_token_when_no_subject() throws Exception {
        setSecretKey(A_SECRET_KEY);
        this.underTest.start();
        String compact = Jwts.builder().setId("123").setIssuer("sonarqube").setIssuedAt(new Date(this.system2.now())).setExpiration(new Date(this.system2.now() + 1200000)).signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)).compact();
        this.expectedException.expect(UnauthorizedException.class);
        this.expectedException.expectMessage("Token subject hasn't been found");
        this.underTest.decode(compact);
    }

    @Test
    public void fail_to_decode_token_when_no_expiration_date() throws Exception {
        setSecretKey(A_SECRET_KEY);
        this.underTest.start();
        String compact = Jwts.builder().setId("123").setIssuer("sonarqube").setSubject(USER_LOGIN).setIssuedAt(new Date(this.system2.now())).signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)).compact();
        this.expectedException.expect(UnauthorizedException.class);
        this.expectedException.expectMessage("Token expiration date hasn't been found");
        this.underTest.decode(compact);
    }

    @Test
    public void fail_to_decode_token_when_no_creation_date() throws Exception {
        setSecretKey(A_SECRET_KEY);
        this.underTest.start();
        String compact = Jwts.builder().setId("123").setSubject(USER_LOGIN).setExpiration(new Date(this.system2.now() + 1200000)).signWith(SignatureAlgorithm.HS256, decodeSecretKey(A_SECRET_KEY)).compact();
        this.expectedException.expect(UnauthorizedException.class);
        this.expectedException.expectMessage("Token creation date hasn't been found");
        this.underTest.decode(compact);
    }

    @Test
    public void generate_new_secret_key_if_not_set_by_settings() throws Exception {
        Assertions.assertThat(this.underTest.getSecretKey()).isNull();
        this.underTest.start();
        Assertions.assertThat(this.underTest.getSecretKey()).isNotNull();
        Assertions.assertThat(this.underTest.getSecretKey().getAlgorithm()).isEqualTo(SignatureAlgorithm.HS256.getJcaName());
    }

    @Test
    public void load_secret_key_from_settings() throws Exception {
        setSecretKey(A_SECRET_KEY);
        this.underTest.start();
        Assertions.assertThat(this.settings.getString("sonar.auth.jwtBase64Hs256Secret")).isEqualTo(A_SECRET_KEY);
    }

    @Test
    public void refresh_token() throws Exception {
        setSecretKey(A_SECRET_KEY);
        this.underTest.start();
        Date date = new Date();
        Date parseDate = DateUtils.parseDate("2016-01-01");
        Date date2 = new Date(date.getTime() + 600000);
        Claims expiration = new DefaultClaims().setId("id").setSubject("subject").setIssuer("sonarqube").setIssuedAt(parseDate).setExpiration(date2);
        expiration.put("key", "value");
        Claims claims = (Claims) this.underTest.decode(this.underTest.refresh(expiration, 1200)).get();
        Assertions.assertThat(claims.getId()).isEqualTo("id");
        Assertions.assertThat(claims.getSubject()).isEqualTo("subject");
        Assertions.assertThat(claims.getIssuer()).isEqualTo("sonarqube");
        Assertions.assertThat(claims.getIssuedAt()).isEqualTo(parseDate);
        Assertions.assertThat(claims.get("key")).isEqualTo("value");
        Assertions.assertThat(claims.getExpiration()).isNotEqualTo(date2).isAfterOrEqualsTo(new Date(date.getTime() + 19000));
    }

    @Test
    public void refresh_token_generate_a_new_hash() throws Exception {
        setSecretKey(A_SECRET_KEY);
        this.underTest.start();
        String encode = this.underTest.encode(new JwtSerializer.JwtSession(USER_LOGIN, 30));
        Assertions.assertThat(this.underTest.refresh((Claims) this.underTest.decode(encode).get(), 45)).isNotEqualTo(encode);
    }

    @Test
    public void encode_fail_when_not_started() throws Exception {
        this.expectedException.expect(NullPointerException.class);
        this.expectedException.expectMessage("org.sonar.server.authentication.JwtSerializer not started");
        this.underTest.encode(new JwtSerializer.JwtSession(USER_LOGIN, 10));
    }

    @Test
    public void decode_fail_when_not_started() throws Exception {
        this.expectedException.expect(NullPointerException.class);
        this.expectedException.expectMessage("org.sonar.server.authentication.JwtSerializer not started");
        this.underTest.decode("token");
    }

    @Test
    public void refresh_fail_when_not_started() throws Exception {
        this.expectedException.expect(NullPointerException.class);
        this.expectedException.expectMessage("org.sonar.server.authentication.JwtSerializer not started");
        this.underTest.refresh(new DefaultClaims(), 10);
    }

    private SecretKey decodeSecretKey(String str) {
        byte[] decode = Base64.getDecoder().decode(str);
        return new SecretKeySpec(decode, 0, decode.length, SignatureAlgorithm.HS256.getJcaName());
    }

    private void setSecretKey(String str) {
        this.settings.setProperty("sonar.auth.jwtBase64Hs256Secret", str);
    }
}
