package co.cask.cdap.security.auth;

import co.cask.cdap.api.common.Bytes;
import co.cask.cdap.common.io.Codec;
import co.cask.cdap.common.utils.ImmutablePair;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Random;
import org.junit.Assert;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/cask/cdap/security/auth/TestTokenManager.class */
public abstract class TestTokenManager {
    protected static final Logger LOG = LoggerFactory.getLogger(TestTokenManager.class);
    protected static final long TOKEN_DURATION = 3600000;

    protected abstract ImmutablePair<TokenManager, Codec<AccessToken>> getTokenManagerAndCodec() throws Exception;

    @Test
    public void testTokenValidation() throws Exception {
        ImmutablePair<TokenManager, Codec<AccessToken>> tokenManagerAndCodec = getTokenManagerAndCodec();
        TokenManager tokenManager = (TokenManager) tokenManagerAndCodec.getFirst();
        tokenManager.startAndWait();
        Codec codec = (Codec) tokenManagerAndCodec.getSecond();
        long currentTimeMillis = System.currentTimeMillis();
        ArrayList newArrayList = Lists.newArrayList(new String[]{"users", "admins"});
        AccessToken signIdentifier = tokenManager.signIdentifier(new AccessTokenIdentifier("testuser", newArrayList, currentTimeMillis, currentTimeMillis + TOKEN_DURATION));
        LOG.info("Signed token is: " + Bytes.toStringBinary(codec.encode(signIdentifier)));
        tokenManager.validateSecret(signIdentifier);
        AccessToken signIdentifier2 = tokenManager.signIdentifier(new AccessTokenIdentifier("testuser", newArrayList, currentTimeMillis - 1000, currentTimeMillis - 1));
        try {
            tokenManager.validateSecret(signIdentifier2);
            Assert.fail("Token should have been expired but passed validation: " + Bytes.toStringBinary(codec.encode(signIdentifier2)));
        } catch (InvalidTokenException e) {
        }
        Random random = new Random();
        byte[] digestBytes = signIdentifier.getDigestBytes();
        random.nextBytes(digestBytes);
        AccessToken accessToken = new AccessToken(signIdentifier.getIdentifier(), signIdentifier.getKeyId(), digestBytes);
        try {
            tokenManager.validateSecret(accessToken);
            Assert.fail("Token should have been rejected for invalid digest but passed: " + Bytes.toStringBinary(codec.encode(accessToken)));
        } catch (InvalidTokenException e2) {
        }
        try {
            tokenManager.validateSecret(new AccessToken(signIdentifier.getIdentifier(), signIdentifier.getKeyId() + 1, signIdentifier.getDigestBytes()));
            Assert.fail("Token should have been rejected for invalid key ID but passed: " + Bytes.toStringBinary(codec.encode(accessToken)));
        } catch (InvalidTokenException e3) {
        }
        tokenManager.stopAndWait();
    }

    @Test
    public void testTokenSerialization() throws Exception {
        ImmutablePair<TokenManager, Codec<AccessToken>> tokenManagerAndCodec = getTokenManagerAndCodec();
        TokenManager tokenManager = (TokenManager) tokenManagerAndCodec.getFirst();
        tokenManager.startAndWait();
        Codec codec = (Codec) tokenManagerAndCodec.getSecond();
        long currentTimeMillis = System.currentTimeMillis();
        AccessToken signIdentifier = tokenManager.signIdentifier(new AccessTokenIdentifier("testuser", Lists.newArrayList(new String[]{"users", "admins"}), currentTimeMillis, currentTimeMillis + TOKEN_DURATION));
        AccessToken accessToken = (AccessToken) codec.decode(codec.encode(signIdentifier));
        Assert.assertEquals(signIdentifier, accessToken);
        LOG.info("Deserialized token is: " + Bytes.toStringBinary(codec.encode(accessToken)));
        tokenManager.validateSecret(accessToken);
        tokenManager.stopAndWait();
    }
}
