package com.gentics.contentnode.tests.rest.proxy;

import com.gentics.api.lib.exception.NodeException;
import com.gentics.contentnode.factory.TransactionManager;
import com.gentics.contentnode.factory.Trx;
import com.gentics.contentnode.object.UserGroup;
import com.gentics.contentnode.rest.client.exceptions.RestException;
import com.gentics.contentnode.rest.configuration.KeyProvider;
import com.gentics.contentnode.testutils.Creator;
import com.gentics.contentnode.testutils.DBTestContext;
import com.gentics.contentnode.testutils.RESTAppContext;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import java.util.Arrays;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.assertj.core.api.Assertions;
import org.glassfish.jersey.server.ResourceConfig;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.rules.RuleChain;

/* loaded from: input_file:com/gentics/contentnode/tests/rest/proxy/CustomProxyJWTTest.class */
public class CustomProxyJWTTest {
    public static final String RESOURCE_KEY = "myresource";
    public static final String RESOURCE_JWT_KEY = "myresource_jwt";
    public static final String RESOURCE_JWT_PREFIX_KEY = "myresource_jwt_prefix";
    public static final Pattern authHeaderPattern = Pattern.compile("Bearer (?<token>.+)");
    private static RESTAppContext customAppContext = new RESTAppContext(new ResourceConfig(new Class[]{CustomToolResource.class})).baseUriPattern("http://localhost:%d/").startPort(9080);
    private static DBTestContext testContext = new DBTestContext().config(CustomProxyParametersTest.class.getResource("custom_proxy.yml").getFile()).config(mapPreferences -> {
        mapPreferences.set("global.config.custom_proxy.myresource.baseUrl", customAppContext.getBaseUri() + "tool/");
        mapPreferences.set("global.config.custom_proxy.myresource_jwt.baseUrl", customAppContext.getBaseUri() + "tool/");
        mapPreferences.set("global.config.custom_proxy.myresource_jwt_prefix.baseUrl", customAppContext.getBaseUri() + "tool/");
    });
    private static RESTAppContext restContext = new RESTAppContext();

    @ClassRule
    public static RuleChain chain = RuleChain.outerRule(customAppContext).around(testContext).around(restContext);
    private static final String LOGIN_WITH = "testwith";
    private static final String PASSWORD = "test";

    @BeforeClass
    public static void setUpOnce() throws NodeException {
        KeyProvider.init(testContext.getGcnBasePath().getAbsolutePath());
        UserGroup userGroup = (UserGroup) Trx.supply(() -> {
            List objects = TransactionManager.getCurrentTransaction().getObjects(UserGroup.class, Arrays.asList(2));
            Assertions.assertThat(objects).as("User Groups", new Object[0]).hasSize(1);
            return (UserGroup) objects.get(0);
        });
        Trx.supply(() -> {
            return Creator.createUser(LOGIN_WITH, "test", "First Tester", "Last Tester", "tester@nowhere", Arrays.asList(userGroup));
        });
    }

    @Test
    public void testNoForward() throws RestException, NodeException {
        RESTAppContext.LoggedInClient client = restContext.client(LOGIN_WITH, "test");
        try {
            Assertions.assertThat((String) client.get().base().path("proxy").path("myresource").path("headers").queryParam("return", new Object[]{"Authorization"}).request().get(String.class)).as("Auth header", new Object[0]).isEqualTo("null");
            if (client != null) {
                client.close();
            }
        } catch (Throwable th) {
            if (client != null) {
                try {
                    client.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testForward() throws RestException, NodeException {
        RESTAppContext.LoggedInClient client = restContext.client(LOGIN_WITH, "test");
        try {
            Matcher matcher = authHeaderPattern.matcher((String) client.get().base().path("proxy").path(RESOURCE_JWT_KEY).path("headers").queryParam("return", new Object[]{"Authorization"}).request().get(String.class));
            Assertions.assertThat(matcher.matches()).as("Header Value matches pattern", new Object[0]).isTrue();
            String group = matcher.group("token");
            JwtParser build = KeyProvider.signedWith(Jwts.parserBuilder()).build();
            Assertions.assertThat(build.isSigned(group)).as("Token signed", new Object[0]).isTrue();
            Jws parseClaimsJws = build.parseClaimsJws(group);
            Assertions.assertThat(((Claims) parseClaimsJws.getBody()).getIssuer()).as("Issuer", new Object[0]).isEqualTo("Gentics CMS");
            Assertions.assertThat(((Claims) parseClaimsJws.getBody()).getSubject()).as("subject", new Object[0]).isEqualTo(LOGIN_WITH);
            Assertions.assertThat((String) ((Claims) parseClaimsJws.getBody()).get("preferred_username", String.class)).as("Username", new Object[0]).isEqualTo(LOGIN_WITH);
            Assertions.assertThat((String) ((Claims) parseClaimsJws.getBody()).get("given_name", String.class)).as("First Name", new Object[0]).isEqualTo("First Tester");
            Assertions.assertThat((String) ((Claims) parseClaimsJws.getBody()).get("family_name", String.class)).as("Last Name", new Object[0]).isEqualTo("Last Tester");
            Assertions.assertThat((String) ((Claims) parseClaimsJws.getBody()).get("email", String.class)).as("Email", new Object[0]).isEqualTo("tester@nowhere");
            Assertions.assertThat((List) ((Claims) parseClaimsJws.getBody()).get("gcms_groups", List.class)).as("Groups", new Object[0]).containsOnly(new Object[]{"Node Super Admin"});
            if (client != null) {
                client.close();
            }
        } catch (Throwable th) {
            if (client != null) {
                try {
                    client.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testForwardPrefix() throws RestException, NodeException {
        RESTAppContext.LoggedInClient client = restContext.client(LOGIN_WITH, "test");
        try {
            Matcher matcher = authHeaderPattern.matcher((String) client.get().base().path("proxy").path(RESOURCE_JWT_PREFIX_KEY).path("headers").queryParam("return", new Object[]{"Authorization"}).request().get(String.class));
            Assertions.assertThat(matcher.matches()).as("Header Value matches pattern", new Object[0]).isTrue();
            String group = matcher.group("token");
            JwtParser build = KeyProvider.signedWith(Jwts.parserBuilder()).build();
            Assertions.assertThat(build.isSigned(group)).as("Token signed", new Object[0]).isTrue();
            Jws parseClaimsJws = build.parseClaimsJws(group);
            Assertions.assertThat(((Claims) parseClaimsJws.getBody()).getIssuer()).as("Issuer", new Object[0]).isEqualTo("Gentics CMS");
            Assertions.assertThat(((Claims) parseClaimsJws.getBody()).getSubject()).as("subject", new Object[0]).isEqualTo("prefix_testwith");
            Assertions.assertThat((String) ((Claims) parseClaimsJws.getBody()).get("preferred_username", String.class)).as("Username", new Object[0]).isEqualTo("prefix_testwith");
            Assertions.assertThat((String) ((Claims) parseClaimsJws.getBody()).get("given_name", String.class)).as("First Name", new Object[0]).isEqualTo("First Tester");
            Assertions.assertThat((String) ((Claims) parseClaimsJws.getBody()).get("family_name", String.class)).as("Last Name", new Object[0]).isEqualTo("Last Tester");
            Assertions.assertThat((String) ((Claims) parseClaimsJws.getBody()).get("email", String.class)).as("Email", new Object[0]).isEqualTo("tester@nowhere");
            Assertions.assertThat((List) ((Claims) parseClaimsJws.getBody()).get("gcms_groups", List.class)).as("Groups", new Object[0]).containsOnly(new Object[]{"prefix_Node Super Admin"});
            if (client != null) {
                client.close();
            }
        } catch (Throwable th) {
            if (client != null) {
                try {
                    client.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
