package org.eclipse.microprofile.jwt.tck.container.jaxrs;

import jakarta.ws.rs.client.ClientBuilder;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.net.URL;
import java.util.HashSet;
import org.eclipse.microprofile.jwt.tck.TCKConstants;
import org.eclipse.microprofile.jwt.tck.util.MpJwtTestVersion;
import org.eclipse.microprofile.jwt.tck.util.TokenUtils;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.RunAsClient;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.arquillian.testng.Arquillian;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:org/eclipse/microprofile/jwt/tck/container/jaxrs/InvalidTokenTest.class */
public class InvalidTokenTest extends Arquillian {

    @ArquillianResource
    private URL baseURL;

    @Deployment(testable = true)
    public static WebArchive createDeployment() throws IOException {
        WebArchive addAsManifestResource = ShrinkWrap.create(WebArchive.class, "InvalidTokenTest.war").addAsManifestResource(new StringAsset(MpJwtTestVersion.MPJWT_V_1_0.name()), "MPJWTTESTVERSION").addAsResource(InvalidTokenTest.class.getResource("/publicKey.pem"), "/publicKey.pem").addClass(RolesEndpoint.class).addClass(TCKApplication.class).addAsWebInfResource("beans.xml", "beans.xml").addAsManifestResource(InvalidTokenTest.class.getResource("/META-INF/microprofile-config-publickey-location.properties"), "microprofile-config.properties");
        System.out.printf("WebArchive: %s\n", addAsManifestResource.toString(true));
        return addAsManifestResource;
    }

    @RunAsClient
    @Test(groups = {TCKConstants.TEST_GROUP_JAXRS}, description = "Validate a request with expired token fails with HTTP_UNAUTHORIZED")
    public void callEchoExpiredToken() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.EXP);
        String generateTokenString = TokenUtils.generateTokenString("/Token1.json", hashSet);
        System.out.printf("jwt: %s\n", generateTokenString);
        Response response = ClientBuilder.newClient().target(this.baseURL.toExternalForm() + "endp/echo").queryParam("input", new Object[]{"hello"}).request(new String[]{"text/plain"}).header("Authorization", "Bearer " + generateTokenString).get();
        Assert.assertEquals(response.getStatus(), 401);
        System.out.printf("Reply: %s\n", (String) response.readEntity(String.class));
    }

    @RunAsClient
    @Test(groups = {TCKConstants.TEST_GROUP_JAXRS}, description = "Validate a request with an non-matching issuer fails with HTTP_UNAUTHORIZED")
    public void callEchoBadIssuer() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.ISSUER);
        String generateTokenString = TokenUtils.generateTokenString("/Token1.json", hashSet);
        System.out.printf("jwt: %s\n", generateTokenString);
        Response response = ClientBuilder.newClient().target(this.baseURL.toExternalForm() + "endp/echo").queryParam("input", new Object[]{"hello"}).request(new String[]{"text/plain"}).header("Authorization", "Bearer " + generateTokenString).get();
        Assert.assertEquals(response.getStatus(), 401);
        System.out.printf("Reply: %s\n", (String) response.readEntity(String.class));
    }

    @RunAsClient
    @Test(groups = {TCKConstants.TEST_GROUP_JAXRS}, description = "Validate a request with an incorrect signer fails with HTTP_UNAUTHORIZED")
    public void callEchoBadSigner() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.SIGNER);
        String generateTokenString = TokenUtils.generateTokenString("/Token1.json", hashSet);
        System.out.printf("jwt: %s\n", generateTokenString);
        Response response = ClientBuilder.newClient().target(this.baseURL.toExternalForm() + "endp/echo").queryParam("input", new Object[]{"hello"}).request(new String[]{"text/plain"}).header("Authorization", "Bearer " + generateTokenString).get();
        Assert.assertEquals(response.getStatus(), 401);
        System.out.printf("Reply: %s\n", (String) response.readEntity(String.class));
    }

    @RunAsClient
    @Test(groups = {TCKConstants.TEST_GROUP_JAXRS}, description = "Validate a request with an incorrect signature algorithm fails with HTTP_UNAUTHORIZED")
    public void callEchoBadSignerAlg() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.ALG);
        String generateTokenString = TokenUtils.generateTokenString("/Token1.json", hashSet);
        System.out.printf("jwt: %s\n", generateTokenString);
        Response response = ClientBuilder.newClient().target(this.baseURL.toExternalForm() + "endp/echo").queryParam("input", new Object[]{"hello"}).request(new String[]{"text/plain"}).header("Authorization", "Bearer " + generateTokenString).get();
        Assert.assertEquals(response.getStatus(), 401);
        System.out.printf("Reply: %s\n", (String) response.readEntity(String.class));
    }
}
