package io.confluent.security.authentication.http;

import io.confluent.security.authentication.AuthenticationException;
import io.confluent.security.authentication.credential.BearerCredential;
import io.confluent.security.authentication.credential.HttpBearerCredential;
import io.confluent.security.authentication.oauthbearer.JwksTestFixture;
import io.confluent.security.authentication.oauthbearer.JwtPrincipal;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.MalformedClaimException;
import org.jose4j.jwt.NumericDate;
import org.jose4j.lang.JoseException;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/confluent/security/authentication/http/HttpAuthenticatorTest.class */
public class HttpAuthenticatorTest {
    @Test
    public void httpAuthenticatorJwtTest() throws JoseException {
        JwtPrincipal authenticate = new HttpAuthenticatorJwt(JwksTestFixture.authenticator()).authenticate(new HttpBearerCredential(newJwk("valid")));
        Assertions.assertNotNull(authenticate);
        Assertions.assertEquals("valid", authenticate.getName());
        Assertions.assertEquals("valid", authenticate.subject());
    }

    @Test
    public void httpAuthenticatorJwtTestExpired() throws JoseException, MalformedClaimException {
        HttpAuthenticatorJwt httpAuthenticatorJwt = new HttpAuthenticatorJwt(JwksTestFixture.authenticator());
        JwtClaims claims = getClaims("expired", -10);
        HttpBearerCredential httpBearerCredential = new HttpBearerCredential(newJwk(claims));
        Assertions.assertEquals("Failed to authenticate bearer credentials : InvalidJwtException - Headers: [{\"alg\":\"RS256\"}], Additional Details: [[JWT is expired - The JWT Expiration Time {exp} claim identified a time in the past., relatedClaims: {userResourceId=u-ab23c, exp=" + claims.getExpirationTime().getValue() + ", userId=1234567}, identityInfo: {}]]", ((Exception) Assertions.assertThrows(AuthenticationException.class, () -> {
            httpAuthenticatorJwt.authenticate(httpBearerCredential);
        })).getMessage());
    }

    public static BearerCredential newJwk(String str) throws JoseException {
        return newJwk(getClaims(str, 60));
    }

    private static BearerCredential newJwk(JwtClaims jwtClaims) throws JoseException {
        return JwksTestFixture.createEncodedJws(jwtClaims);
    }

    private static JwtClaims getClaims(String str, int i) {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setIssuer(JwksTestFixture.PEM_ISS);
        jwtClaims.setAudience(JwksTestFixture.VALID_AUD);
        jwtClaims.setSubject(str);
        jwtClaims.setExpirationTimeMinutesInTheFuture(i);
        jwtClaims.setNotBefore(NumericDate.now());
        jwtClaims.setIssuedAt(NumericDate.now());
        jwtClaims.setClaim("userId", "1234567");
        jwtClaims.setClaim("userResourceId", "u-ab23c");
        return jwtClaims;
    }
}
