package com.google.auth.oauth2;

import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.LowLevelHttpRequest;
import com.google.api.client.http.LowLevelHttpResponse;
import com.google.api.client.testing.http.MockHttpTransport;
import com.google.api.client.testing.http.MockLowLevelHttpRequest;
import com.google.api.client.testing.http.MockLowLevelHttpResponse;
import com.google.api.client.util.Clock;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.TokenVerifier;
import com.google.common.io.CharStreams;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;

@RunWith(JUnit4.class)
/* loaded from: input_file:com/google/auth/oauth2/TokenVerifierTest.class */
public class TokenVerifierTest {
    private static final String LEGACY_FEDERATED_SIGNON_CERT_URL = "https://www.googleapis.com/oauth2/v1/certs";
    private static final String SERVICE_ACCOUNT_CERT_URL = "https://www.googleapis.com/robot/v1/metadata/x509/integration-tests%40chingor-test.iam.gserviceaccount.com";
    private static final String ES256_TOKEN = "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Im1wZjBEQSJ9.eyJhdWQiOiIvcHJvamVjdHMvNjUyNTYyNzc2Nzk4L2FwcHMvY2xvdWQtc2FtcGxlcy10ZXN0cy1waHAtaWFwIiwiZW1haWwiOiJjaGluZ29yQGdvb2dsZS5jb20iLCJleHAiOjE1ODQwNDc2MTcsImdvb2dsZSI6eyJhY2Nlc3NfbGV2ZWxzIjpbImFjY2Vzc1BvbGljaWVzLzUxODU1MTI4MDkyNC9hY2Nlc3NMZXZlbHMvcmVjZW50U2VjdXJlQ29ubmVjdERhdGEiLCJhY2Nlc3NQb2xpY2llcy81MTg1NTEyODA5MjQvYWNjZXNzTGV2ZWxzL3Rlc3ROb09wIiwiYWNjZXNzUG9saWNpZXMvNTE4NTUxMjgwOTI0L2FjY2Vzc0xldmVscy9ldmFwb3JhdGlvblFhRGF0YUZ1bGx5VHJ1c3RlZCJdfSwiaGQiOiJnb29nbGUuY29tIiwiaWF0IjoxNTg0MDQ3MDE3LCJpc3MiOiJodHRwczovL2Nsb3VkLmdvb2dsZS5jb20vaWFwIiwic3ViIjoiYWNjb3VudHMuZ29vZ2xlLmNvbToxMTIxODE3MTI3NzEyMDE5NzI4OTEifQ.yKNtdFY5EKkRboYNexBdfugzLhC3VuGyFcuFYA8kgpxMqfyxa41zkML68hYKrWu2kOBTUW95UnbGpsIi_u1fiA";
    private static final String FEDERATED_SIGNON_RS256_TOKEN = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImY5ZDk3YjRjYWU5MGJjZDc2YWViMjAwMjZmNmI3NzBjYWMyMjE3ODMiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJodHRwczovL2V4YW1wbGUuY29tL3BhdGgiLCJhenAiOiJpbnRlZ3JhdGlvbi10ZXN0c0BjaGluZ29yLXRlc3QuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJlbWFpbCI6ImludGVncmF0aW9uLXRlc3RzQGNoaW5nb3ItdGVzdC5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJleHAiOjE1ODc2Mjk4ODgsImlhdCI6MTU4NzYyNjI4OCwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTA0MDI5MjkyODUzMDk5OTc4MjkzIn0.Pj4KsJh7riU7ZIbPMcHcHWhasWEcbVjGP4yx_5E0iOpeDalTdri97E-o0dSSkuVX2FeBIgGUg_TNNgJ3YY97T737jT5DUYwdv6M51dDlLmmNqlu_P6toGCSRC8-Beu5gGmqS2Y82TmpHH9Vhoh5PsK7_rVHk8U6VrrVVKKTWm_IzTFhqX1oYKPdvfyaNLsXPbCt_NFE0C3DNmFkgVhRJu7LtzQQN-ghaqd3Ga3i6KH222OEI_PU4BUTvEiNOqRGoMlT_YOsyFN3XwqQ6jQGWhhkArL1z3CG2BVQjHTKpgVsRyy_H6WTZiju2Q-XWobgH-UPSZbyymV8-cFT9XKEtZQ";
    private static final String SERVICE_ACCOUNT_RS256_TOKEN = "eyJhbGciOiJSUzI1NiIsImtpZCI6IjJlZjc3YjM4YTFiMDM3MDQ4NzA0MzkxNmFjYmYyN2Q3NGVkZDA4YjEiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJodHRwczovL2V4YW1wbGUuY29tL2F1ZGllbmNlIiwiZXhwIjoxNTg3NjMwNTQzLCJpYXQiOjE1ODc2MjY5NDMsImlzcyI6InNvbWUgaXNzdWVyIiwic3ViIjoic29tZSBzdWJqZWN0In0.gGOQW0qQgs4jGUmCsgRV83RqsJLaEy89-ZOG6p1u0Y26FyY06b6Odgd7xXLsSTiiSnch62dl0Lfi9D0x2ByxvsGOCbovmBl2ZZ0zHr1wpc4N0XS9lMUq5RJQbonDibxXG4nC2zroDfvD0h7i-L8KMXeJb9pYwW7LkmrM_YwYfJnWnZ4bpcsDjojmPeUBlACg7tjjOgBFbyQZvUtaERJwSRlaWibvNjof7eCVfZChE0PwBpZc_cGqSqKXv544L4ttqdCnmONjqrTATXwC4gYxruevkjHfYI5ojcQmXoWDJJ0-_jzfyPE4MFFdCFgzLgnfIOwe5ve0MtquKuv2O0pgvg";
    private static final List<String> ALL_TOKENS = Arrays.asList(ES256_TOKEN, FEDERATED_SIGNON_RS256_TOKEN, SERVICE_ACCOUNT_RS256_TOKEN);
    private static final Clock FIXED_CLOCK = new Clock() { // from class: com.google.auth.oauth2.TokenVerifierTest.1
        public long currentTimeMillis() {
            return 1582704000000L;
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.google.auth.oauth2.TokenVerifierTest$4, reason: invalid class name */
    /* loaded from: input_file:com/google/auth/oauth2/TokenVerifierTest$4.class */
    public static class AnonymousClass4 implements HttpTransportFactory {
        final /* synthetic */ String val$certificatesUrl;
        final /* synthetic */ String val$certificatesContent;

        AnonymousClass4(String str, String str2) {
            this.val$certificatesUrl = str;
            this.val$certificatesContent = str2;
        }

        public HttpTransport create() {
            return new MockHttpTransport() { // from class: com.google.auth.oauth2.TokenVerifierTest.4.1
                public LowLevelHttpRequest buildRequest(String str, String str2) throws IOException {
                    Assert.assertEquals(AnonymousClass4.this.val$certificatesUrl, str2);
                    return new MockLowLevelHttpRequest() { // from class: com.google.auth.oauth2.TokenVerifierTest.4.1.1
                        public LowLevelHttpResponse execute() throws IOException {
                            MockLowLevelHttpResponse mockLowLevelHttpResponse = new MockLowLevelHttpResponse();
                            mockLowLevelHttpResponse.setStatusCode(200);
                            mockLowLevelHttpResponse.setContentType("application/json");
                            mockLowLevelHttpResponse.setContent(AnonymousClass4.this.val$certificatesContent);
                            return mockLowLevelHttpResponse;
                        }
                    };
                }
            };
        }
    }

    @Test
    public void verifyExpiredToken() {
        Iterator<String> it = ALL_TOKENS.iterator();
        while (it.hasNext()) {
            try {
                TokenVerifier.newBuilder().build().verify(it.next());
                Assert.fail("Should have thrown a VerificationException");
            } catch (TokenVerifier.VerificationException e) {
                Assert.assertTrue(e.getMessage().contains("expired"));
            }
        }
    }

    @Test
    public void verifyExpectedAudience() {
        TokenVerifier build = TokenVerifier.newBuilder().setAudience("expected audience").build();
        Iterator<String> it = ALL_TOKENS.iterator();
        while (it.hasNext()) {
            try {
                build.verify(it.next());
                Assert.fail("Should have thrown a VerificationException");
            } catch (TokenVerifier.VerificationException e) {
                Assert.assertTrue(e.getMessage().contains("audience does not match"));
            }
        }
    }

    @Test
    public void verifyExpectedIssuer() {
        TokenVerifier build = TokenVerifier.newBuilder().setIssuer("expected issuer").build();
        Iterator<String> it = ALL_TOKENS.iterator();
        while (it.hasNext()) {
            try {
                build.verify(it.next());
                Assert.fail("Should have thrown a VerificationException");
            } catch (TokenVerifier.VerificationException e) {
                Assert.assertTrue(e.getMessage().contains("issuer does not match"));
            }
        }
    }

    @Test
    public void verifyEs256Token404CertificateUrl() {
        try {
            TokenVerifier.newBuilder().setClock(FIXED_CLOCK).setHttpTransportFactory(new HttpTransportFactory() { // from class: com.google.auth.oauth2.TokenVerifierTest.2
                public HttpTransport create() {
                    return new MockHttpTransport() { // from class: com.google.auth.oauth2.TokenVerifierTest.2.1
                        public LowLevelHttpRequest buildRequest(String str, String str2) throws IOException {
                            return new MockLowLevelHttpRequest() { // from class: com.google.auth.oauth2.TokenVerifierTest.2.1.1
                                public LowLevelHttpResponse execute() throws IOException {
                                    MockLowLevelHttpResponse mockLowLevelHttpResponse = new MockLowLevelHttpResponse();
                                    mockLowLevelHttpResponse.setStatusCode(404);
                                    mockLowLevelHttpResponse.setContentType("application/json");
                                    mockLowLevelHttpResponse.setContent("");
                                    return mockLowLevelHttpResponse;
                                }
                            };
                        }
                    };
                }
            }).build().verify(ES256_TOKEN);
        } catch (TokenVerifier.VerificationException e) {
            Assert.assertTrue(e.getMessage().contains("Could not find PublicKey"));
        }
    }

    @Test
    public void verifyEs256TokenPublicKeyMismatch() {
        try {
            TokenVerifier.newBuilder().setClock(FIXED_CLOCK).setHttpTransportFactory(new HttpTransportFactory() { // from class: com.google.auth.oauth2.TokenVerifierTest.3
                public HttpTransport create() {
                    return new MockHttpTransport() { // from class: com.google.auth.oauth2.TokenVerifierTest.3.1
                        public LowLevelHttpRequest buildRequest(String str, String str2) throws IOException {
                            return new MockLowLevelHttpRequest() { // from class: com.google.auth.oauth2.TokenVerifierTest.3.1.1
                                public LowLevelHttpResponse execute() throws IOException {
                                    MockLowLevelHttpResponse mockLowLevelHttpResponse = new MockLowLevelHttpResponse();
                                    mockLowLevelHttpResponse.setStatusCode(200);
                                    mockLowLevelHttpResponse.setContentType("application/json");
                                    mockLowLevelHttpResponse.setContent("");
                                    return mockLowLevelHttpResponse;
                                }
                            };
                        }
                    };
                }
            }).build().verify(ES256_TOKEN);
            Assert.fail("Should have failed verification");
        } catch (TokenVerifier.VerificationException e) {
            Assert.assertTrue(e.getMessage().contains("Error fetching PublicKey"));
        }
    }

    @Test
    public void verifyEs256Token() throws TokenVerifier.VerificationException, IOException {
        Assert.assertNotNull(TokenVerifier.newBuilder().setClock(FIXED_CLOCK).setHttpTransportFactory(mockTransport("https://www.gstatic.com/iap/verify/public_key-jwk", readResourceAsString("iap_keys.json"))).build().verify(ES256_TOKEN));
    }

    @Test
    public void verifyRs256Token() throws TokenVerifier.VerificationException, IOException {
        Assert.assertNotNull(TokenVerifier.newBuilder().setClock(FIXED_CLOCK).setHttpTransportFactory(mockTransport("https://www.googleapis.com/oauth2/v3/certs", readResourceAsString("federated_keys.json"))).build().verify(FEDERATED_SIGNON_RS256_TOKEN));
    }

    @Test
    public void verifyRs256TokenWithLegacyCertificateUrlFormat() throws TokenVerifier.VerificationException, IOException {
        Assert.assertNotNull(TokenVerifier.newBuilder().setCertificatesLocation(LEGACY_FEDERATED_SIGNON_CERT_URL).setClock(FIXED_CLOCK).setHttpTransportFactory(mockTransport(LEGACY_FEDERATED_SIGNON_CERT_URL, readResourceAsString("legacy_federated_keys.json"))).build().verify(FEDERATED_SIGNON_RS256_TOKEN));
    }

    @Test
    public void verifyServiceAccountRs256Token() throws TokenVerifier.VerificationException, IOException {
        Assert.assertNotNull(TokenVerifier.newBuilder().setClock(FIXED_CLOCK).setCertificatesLocation(SERVICE_ACCOUNT_CERT_URL).build().verify(SERVICE_ACCOUNT_RS256_TOKEN));
    }

    static String readResourceAsString(String str) throws IOException {
        InputStreamReader inputStreamReader = new InputStreamReader(TokenVerifierTest.class.getClassLoader().getResourceAsStream(str));
        Throwable th = null;
        try {
            try {
                String charStreams = CharStreams.toString(inputStreamReader);
                if (inputStreamReader != null) {
                    if (0 != 0) {
                        try {
                            inputStreamReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        inputStreamReader.close();
                    }
                }
                return charStreams;
            } finally {
            }
        } catch (Throwable th3) {
            if (inputStreamReader != null) {
                if (th != null) {
                    try {
                        inputStreamReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    inputStreamReader.close();
                }
            }
            throw th3;
        }
    }

    static HttpTransportFactory mockTransport(String str, String str2) {
        return new AnonymousClass4(str, str2);
    }
}
