package org.wildfly.elytron.web.undertow.common;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import io.undertow.util.Headers;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.util.Date;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.wildfly.security.auth.permission.LoginPermission;
import org.wildfly.security.auth.realm.token.TokenSecurityRealm;
import org.wildfly.security.auth.realm.token.validator.JwtValidator;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.http.HttpConstants;
import org.wildfly.security.permission.PermissionVerifier;

/* loaded from: input_file:org/wildfly/elytron/web/undertow/common/BearerTokenAuthenticationBase.class */
public abstract class BearerTokenAuthenticationBase extends AbstractHttpServerMechanismTest {

    @Rule
    public UndertowServer server = createUndertowServer();
    private KeyPair keyPair;

    protected BearerTokenAuthenticationBase() throws Exception {
    }

    @Test
    public void testNoBearerToken() throws Exception {
        HttpResponse execute = HttpClientBuilder.create().build().execute((HttpUriRequest) new HttpGet(this.server.createUri()));
        Assert.assertEquals(401L, execute.getStatusLine().getStatusCode());
        Assert.assertEquals("Bearer realm=\"Elytron Realm\"", execute.getFirstHeader("WWW-Authenticate").getValue());
    }

    @Test
    public void testSuccessfulAuthentication() throws Exception {
        CloseableHttpClient build = HttpClientBuilder.create().build();
        HttpGet httpGet = new HttpGet(this.server.createUri());
        setBearerToken(httpGet, createToken("alice", new Date(new Date().getTime() + 10000)));
        HttpResponse execute = build.execute((HttpUriRequest) httpGet);
        Assert.assertEquals(200L, execute.getStatusLine().getStatusCode());
        assertSuccessfulResponse(execute, "alice");
    }

    @Test
    public void testTokenWithInvalidExpirationTime() throws Exception {
        CloseableHttpClient build = HttpClientBuilder.create().build();
        setBearerToken(new HttpGet(this.server.createUri()), createToken("alice", new Date(new Date().getTime() - 10000)));
        Assert.assertEquals(401L, build.execute((HttpUriRequest) r0).getStatusLine().getStatusCode());
    }

    @Test
    public void testTokenWithInvalidSignature() throws Exception {
        CloseableHttpClient build = HttpClientBuilder.create().build();
        setBearerToken(new HttpGet(this.server.createUri()), createToken("alice", new Date(new Date().getTime() + 10000), generateKeyPair().getPrivate()));
        Assert.assertEquals(401L, build.execute((HttpUriRequest) r0).getStatusLine().getStatusCode());
    }

    @Override // org.wildfly.elytron.web.undertow.common.AbstractHttpServerMechanismTest
    protected String getMechanismName() {
        return HttpConstants.BEARER_TOKEN;
    }

    @Override // org.wildfly.elytron.web.undertow.common.AbstractHttpServerMechanismTest
    protected SecurityDomain doCreateSecurityDomain() throws Exception {
        SecurityDomain.Builder defaultRealmName = SecurityDomain.builder().setDefaultRealmName("TestRealm");
        defaultRealmName.addRealm("TestRealm", TokenSecurityRealm.builder().principalClaimName("username").validator(JwtValidator.builder().publicKey(getKeyPair().getPublic()).build()).build()).build();
        defaultRealmName.setPermissionMapper((permissionMappable, roles) -> {
            return PermissionVerifier.from(new LoginPermission());
        });
        return defaultRealmName.build();
    }

    private void setBearerToken(HttpGet httpGet, String str) throws JOSEException {
        httpGet.addHeader(Headers.AUTHORIZATION.toString(), "Bearer " + str);
    }

    private String createToken(String str, Date date) throws JOSEException, NoSuchAlgorithmException {
        return createToken(str, date, getKeyPair().getPrivate());
    }

    private String createToken(String str, Date date, PrivateKey privateKey) throws JOSEException, NoSuchAlgorithmException {
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        builder.subject("123445667");
        builder.claim("username", str);
        builder.audience("resource-server");
        builder.issuer("elytron.org");
        builder.expirationTime(date);
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), builder.build());
        signedJWT.sign(new RSASSASigner(privateKey));
        return signedJWT.serialize();
    }

    private KeyPair getKeyPair() throws NoSuchAlgorithmException {
        if (this.keyPair == null) {
            this.keyPair = generateKeyPair();
        }
        return this.keyPair;
    }

    private KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        return KeyPairGenerator.getInstance("RSA").generateKeyPair();
    }

    protected abstract UndertowServer createUndertowServer() throws Exception;
}
