package org.apache.nifi.web.security.jwt;

import io.jsonwebtoken.JwtException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Properties;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.nifi.admin.service.AdministrationException;
import org.apache.nifi.admin.service.KeyService;
import org.apache.nifi.authorization.user.NiFiUserDetails;
import org.apache.nifi.authorization.user.StandardNiFiUser;
import org.apache.nifi.authorization.util.IdentityMapping;
import org.apache.nifi.authorization.util.IdentityMappingUtil;
import org.apache.nifi.key.Key;
import org.apache.nifi.properties.StandardNiFiProperties;
import org.apache.nifi.web.security.token.LoginAuthenticationToken;
import org.codehaus.jettison.json.JSONObject;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:org/apache/nifi/web/security/jwt/JwtServiceTest.class */
public class JwtServiceTest {
    private static final Logger logger = LoggerFactory.getLogger(JwtServiceTest.class);

    @Rule
    public ExpectedException expectedException = ExpectedException.none();
    private static final String VALID_SIGNED_TOKEN = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhbG9wcmVzdG8iLCJpc3MiOiJNb2NrSWRlbnRpdHlQcm92aWRlciIsImF1ZCI6Ik1vY2tJZGVudGl0eVByb3ZpZGVyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWxvcHJlc3RvIiwia2lkIjoxLCJleHAiOjI0NDc4MDg3NjEsImlhdCI6MTQ0NzgwODcwMX0.r6aGZ6FNNYMOpcXW8BK2VYaQeX1uO0Aw1KJfjB3Q1DU";
    private static final String INVALID_SIGNED_TOKEN = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIiLCJpc3MiOiJNb2NrSWRlbnRpdHlQcm92aWRlciIsImF1ZCI6Ik1vY2tJZGVudGl0eVByb3ZpZGVyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWxvcHJlc3RvIiwia2lkIjoxLCJleHAiOjI0NDc4MDg3NjEsImlhdCI6MTQ0NzgwODcwMX0.x_1p2M6E0vwWHWMujIUnSL3GkFoDqqICllRxo2SMNaw";
    private static final String VALID_UNSIGNED_TOKEN = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhbG9wcmVzdG8iLCJpc3MiOiJNb2NrSWRlbnRpdHlQcm92aWRlciIsImF1ZCI6Ik1vY2tJZGVudGl0eVByb3ZpZGVyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWxvcHJlc3RvIiwia2lkIjoiYWxvcHJlc3RvIiwiZXhwIjoyNDQ3ODA4NzYxLCJpYXQiOjE0NDc4MDg3MDF9";
    private static final String INVALID_UNSIGNED_TOKEN = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIiLCJpc3MiOiJNb2NrSWRlbnRpdHlQcm92aWRlciIsImF1ZCI6Ik1vY2tJZGVudGl0eVByb3ZpZGVyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWxvcHJlc3RvIiwia2lkIjoiYWxvcHJlc3RvIiwiZXhwIjoyNDQ3ODA4NzYxLCJpYXQiOjE0NDc4MDg3MDF9";
    private static final String VALID_MALSIGNED_TOKEN = "eyJhbGciOiJub25lIn0.eyJzdWIiOiJhbG9wcmVzdG8iLCJpc3MiOiJNb2NrSWRlbnRpdHlQcm92aWRlciIsImF1ZCI6Ik1vY2tJZGVudGl0eVByb3ZpZGVyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWxvcHJlc3RvIiwia2lkIjoiYWxvcHJlc3RvIiwiZXhwIjoxNDQ3ODA4NzYxLCJpYXQiOjE0NDc4MDg3MDF9.mPO_wMNMl_zjMNevhNvUoXbSJ9Kx6jAe5OxDIAzKQbI";
    private static final String VALID_MALSIGNED_NO_SIG_TOKEN = "eyJhbGciOiJub25lIn0.eyJzdWIiOiJhbG9wcmVzdG8iLCJpc3MiOiJNb2NrSWRlbnRpdHlQcm92aWRlciIsImF1ZCI6Ik1vY2tJZGVudGl0eVByb3ZpZGVyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWxvcHJlc3RvIiwia2lkIjoiYWxvcHJlc3RvIiwiZXhwIjoyNDQ3ODA4NzYxLCJpYXQiOjE0NDc4MDg3MDF9.";
    private static final String INVALID_MALSIGNED_TOKEN = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIiLCJpc3MiOiJNb2NrSWRlbnRpdHlQcm92aWRlciIsImF1ZCI6Ik1vY2tJZGVudGl0eVByb3ZpZGVyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWxvcHJlc3RvIiwia2lkIjoiYWxvcHJlc3RvIiwiZXhwIjoxNDQ3ODA4NzYxLCJpYXQiOjE0NDc4MDg3MDF9.WAwmUY4KHKV2oARNodkqDkbZsfRXGZfD2Ccy64GX9QF";
    private static final String EXPIRED_SIGNED_TOKEN = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIiLCJpc3MiOiJNb2NrSWRlbnRpdHlQcm92aWRlciIsImF1ZCI6Ik1vY2tJZGVudGl0eVByb3ZpZGVyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWxvcHJlc3RvIiwia2lkIjoxLCJleHAiOjE0NDc4MDg3NjEsImlhdCI6MTQ0NzgwODcwMX0.ZPDIhNKuL89vTGXcuztOYaGifwcrQy_gid4j8Sspmto";
    private static final String IMPOSTER_SIGNED_TOKEN = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJtZ2lsbWFuIiwiaXNzIjoiTW9ja0lkZW50aXR5UHJvdmlkZXIiLCJhdWQiOiJNb2NrSWRlbnRpdHlQcm92aWRlciIsInByZWZlcnJlZF91c2VybmFtZSI6ImFsb3ByZXN0byIsImtpZCI6MSwiZXhwIjoyNDQ3ODA4NzYxLCJpYXQiOjE0NDc4MDg3MDF9.aw5OAvLTnb_sHmSQOQzW-A7NImiZgXJ2ngbbNL2Ymkc";
    private static final String UNKNOWN_ISSUER_TOKEN = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhbG9wcmVzdG8iLCJpc3MiOiJVbmtub3duSWRlbnRpdHlQcm92aWRlciIsImF1ZCI6Ik1vY2tJZGVudGl0eVByb3ZpZGVyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWxvcHJlc3RvIiwia2lkIjoiYWxvcHJlc3RvIiwiZXhwIjoyNDQ3ODA4NzYxLCJpYXQiOjE0NDc4MDg3MDF9.SAd9tyNwSaijWet9wvAWSNmpxmPSK4XQuLx7h3ARqBo";
    private static final String NO_ISSUER_TOKEN = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhbG9wcmVzdG8iLCJhdWQiOiJNb2NrSWRlbnRpdHlQcm92aWRlciIsInByZWZlcnJlZF91c2VybmFtZSI6ImFsb3ByZXN0byIsImtpZCI6MSwiZXhwIjoyNDQ3ODA4NzYxLCJpYXQiOjE0NDc4MDg3MDF9.6kDjDanAg0NQDb3C8FmgbBAYDoIfMAEkF4WMVALsbJA";
    private static final String KERBEROS_PROVIDER_TOKEN = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJuaWZpYWRtaW5AbmlmaS5hcGFjaGUub3JnIiwiaXNzIjoiS2VyYmVyb3NQcm92aWRlciIsImF1ZCI6IktlcmJlcm9zUHJvdmlkZXIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJuaWZpYWRtaW5AbmlmaS5hcGFjaGUub3JnIiwia2lkIjo2LCJleHAiOjE2OTI0NTQ2NjcsImlhdCI6MTU5MjQxMTQ2N30.Mmnx6ssdjQ5_5VVRiyPWU60OegcNdhWezaKKNK48Mew";
    private static final String DEFAULT_HEADER = "{\"alg\":\"HS256\"}";
    private static final String DEFAULT_IDENTITY = "alopresto";
    private static final String REALMED_KERBEROS_IDENTITY = "nifiadmin@nifi.apache.org";
    private static final String KERBEROS_IDENTITY = "nifiadmin";
    private static final String TOKEN_DELIMITER = ".";
    private static final String HMAC_SECRET = "test_hmac_shared_secret";
    private static List<IdentityMapping> identityMappings;
    private KeyService mockKeyService;
    private KeyService testKeyService;
    private JwtService jwtService;
    private JwtService jwtServiceUsingTestKeyService;

    public static String generateHS256Token(String str, String str2, boolean z, boolean z2) {
        return generateHS256Token(str, str2, HMAC_SECRET, z, z2);
    }

    private static String generateHS256Token(String str, String str2, String str3, boolean z, boolean z2) {
        try {
            logger.info("Generating token for " + str + " + " + str2);
            String str4 = Base64.encodeBase64URLSafeString(str.getBytes(StandardCharsets.UTF_8)) + TOKEN_DELIMITER + Base64.encodeBase64URLSafeString(str2.getBytes(StandardCharsets.UTF_8));
            return str4 + TOKEN_DELIMITER + generateHMAC(str3, str4);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            logger.error("Could not generate the token", e);
            Assert.fail("Could not generate the token");
            return null;
        }
    }

    private static String generateHMAC(String str, String str2) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(str.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));
        return Base64.encodeBase64URLSafeString(mac.doFinal(str2.getBytes(StandardCharsets.UTF_8)));
    }

    @Before
    public void setUp() throws Exception {
        final Key key = new Key();
        key.setId(1);
        key.setIdentity(DEFAULT_IDENTITY);
        key.setKey(HMAC_SECRET);
        Answer<Key> answer = new Answer<Key>() { // from class: org.apache.nifi.web.security.jwt.JwtServiceTest.1
            Key answerKey;

            {
                this.answerKey = key;
            }

            /* renamed from: answer, reason: merged with bridge method [inline-methods] */
            public Key m5answer(InvocationOnMock invocationOnMock) throws Throwable {
                if (invocationOnMock.getMethod().equals(KeyService.class.getMethod("deleteKey", Integer.class))) {
                    this.answerKey = null;
                }
                return this.answerKey;
            }
        };
        StandardNiFiUser standardNiFiUser = (StandardNiFiUser) Mockito.mock(StandardNiFiUser.class);
        Mockito.when(standardNiFiUser.getIdentity()).thenReturn(DEFAULT_IDENTITY);
        NiFiUserDetails niFiUserDetails = (NiFiUserDetails) Mockito.mock(NiFiUserDetails.class);
        Mockito.when(niFiUserDetails.getNiFiUser()).thenReturn(standardNiFiUser);
        Authentication authentication = (Authentication) Mockito.mock(Authentication.class);
        SecurityContext securityContext = (SecurityContext) Mockito.mock(SecurityContext.class);
        Mockito.when(securityContext.getAuthentication()).thenReturn(authentication);
        SecurityContextHolder.setContext(securityContext);
        Mockito.when(SecurityContextHolder.getContext().getAuthentication().getPrincipal()).thenReturn(niFiUserDetails);
        this.mockKeyService = (KeyService) Mockito.mock(KeyService.class);
        Mockito.when(this.mockKeyService.getKey(ArgumentMatchers.anyInt())).thenAnswer(answer);
        Mockito.when(this.mockKeyService.getOrCreateKey(ArgumentMatchers.anyString())).thenReturn(key);
        ((KeyService) Mockito.doAnswer(answer).when(this.mockKeyService)).deleteKey(Integer.valueOf(ArgumentMatchers.anyInt()));
        this.jwtService = new JwtService(this.mockKeyService);
        this.jwtServiceUsingTestKeyService = new JwtService(new TestKeyService());
        Properties properties = new Properties();
        properties.setProperty("nifi.security.identity.mapping.pattern.kerb", "^(.*?)@(.*?)$");
        properties.setProperty("nifi.security.identity.mapping.value.kerb", "$1");
        identityMappings = IdentityMappingUtil.getIdentityMappings(new StandardNiFiProperties(properties));
    }

    @After
    public void tearDown() throws Exception {
        this.jwtService = null;
    }

    @Test
    public void testShouldGetAuthenticationForValidToken() throws Exception {
        String authenticationFromToken = this.jwtService.getAuthenticationFromToken(VALID_SIGNED_TOKEN);
        logger.info("Extracted identity: " + authenticationFromToken);
        Assert.assertEquals("Identity", DEFAULT_IDENTITY, authenticationFromToken);
    }

    @Test
    public void testShouldGetAuthenticationForValidKerberosToken() throws Exception {
        String authenticationFromToken = this.jwtService.getAuthenticationFromToken(KERBEROS_PROVIDER_TOKEN);
        logger.info("Extracted identity: " + authenticationFromToken);
        Assert.assertEquals("Identity", REALMED_KERBEROS_IDENTITY, authenticationFromToken);
    }

    @Test(expected = JwtException.class)
    public void testShouldNotGetAuthenticationForInvalidToken() throws Exception {
        logger.info("Extracted identity: " + this.jwtService.getAuthenticationFromToken(INVALID_SIGNED_TOKEN));
    }

    @Test(expected = JwtException.class)
    public void testShouldNotGetAuthenticationForEmptyToken() throws Exception {
        logger.info("Extracted identity: " + this.jwtService.getAuthenticationFromToken(""));
    }

    @Test(expected = JwtException.class)
    public void testShouldNotGetAuthenticationForUnsignedToken() throws Exception {
        logger.info("Extracted identity: " + this.jwtService.getAuthenticationFromToken(VALID_UNSIGNED_TOKEN));
    }

    @Test(expected = JwtException.class)
    public void testShouldNotGetAuthenticationForMalsignedToken() throws Exception {
        logger.info("Extracted identity: " + this.jwtService.getAuthenticationFromToken(VALID_MALSIGNED_TOKEN));
    }

    @Test(expected = JwtException.class)
    public void testShouldNotGetAuthenticationForTokenWithWrongAlgorithm() throws Exception {
        logger.info("Extracted identity: " + this.jwtService.getAuthenticationFromToken(VALID_MALSIGNED_TOKEN));
    }

    @Test(expected = JwtException.class)
    public void testShouldNotGetAuthenticationForTokenWithWrongAlgorithmAndNoSignature() throws Exception {
        logger.info("Extracted identity: " + this.jwtService.getAuthenticationFromToken(VALID_MALSIGNED_NO_SIG_TOKEN));
    }

    @Test(expected = JwtException.class)
    @Ignore("Not yet implemented")
    public void testShouldNotGetAuthenticationForTokenFromUnknownIdentityProvider() throws Exception {
        logger.info("Extracted identity: " + this.jwtService.getAuthenticationFromToken(UNKNOWN_ISSUER_TOKEN));
    }

    @Test(expected = JwtException.class)
    public void testShouldNotGetAuthenticationForTokenFromEmptyIdentityProvider() throws Exception {
        logger.info("Extracted identity: " + this.jwtService.getAuthenticationFromToken(NO_ISSUER_TOKEN));
    }

    @Test(expected = JwtException.class)
    public void testShouldNotGetAuthenticationForExpiredToken() throws Exception {
        logger.info("Extracted identity: " + this.jwtService.getAuthenticationFromToken(EXPIRED_SIGNED_TOKEN));
    }

    @Test(expected = JwtException.class)
    public void testShouldNotGetAuthenticationForImposterToken() throws Exception {
        logger.info("Extracted identity: " + this.jwtService.getAuthenticationFromToken(IMPOSTER_SIGNED_TOKEN));
    }

    @Test
    public void testShouldGenerateSignedToken() throws Exception {
        LoginAuthenticationToken loginAuthenticationToken = new LoginAuthenticationToken(DEFAULT_IDENTITY, 60000L, "MockIdentityProvider");
        logger.info("Generating token for " + loginAuthenticationToken);
        long expiration = (long) (loginAuthenticationToken.getExpiration() / 1000.0d);
        String generateSignedToken = this.jwtService.generateSignedToken(loginAuthenticationToken);
        logger.info("Generated JWT: " + generateSignedToken);
        String str = new String(Base64.decodeBase64(generateSignedToken.split("\\.")[1].getBytes()));
        long longValue = Long.valueOf(str.substring(str.lastIndexOf(":") + 1, str.length() - 1)).longValue();
        logger.trace("Actual token was issued at " + longValue);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("sub", DEFAULT_IDENTITY);
        linkedHashMap.put("iss", "MockIdentityProvider");
        linkedHashMap.put("aud", "MockIdentityProvider");
        linkedHashMap.put("preferred_username", DEFAULT_IDENTITY);
        linkedHashMap.put("kid", 1);
        linkedHashMap.put("exp", Long.valueOf(expiration));
        linkedHashMap.put("iat", Long.valueOf(longValue));
        logger.trace("JSON Object to String: " + new JSONObject(linkedHashMap).toString());
        String generateHS256Token = generateHS256Token(DEFAULT_HEADER, new JSONObject(linkedHashMap).toString(), true, true);
        logger.info("Expected JWT: " + generateHS256Token);
        Assert.assertEquals("JWT token", generateHS256Token, generateSignedToken);
    }

    @Test(expected = IllegalArgumentException.class)
    public void testShouldNotGenerateTokenWithNullAuthenticationToken() throws Exception {
        logger.info("Generating token for " + ((Object) null));
        this.jwtService.generateSignedToken((LoginAuthenticationToken) null);
    }

    @Test(expected = JwtException.class)
    public void testShouldNotGenerateTokenWithEmptyIdentity() throws Exception {
        LoginAuthenticationToken loginAuthenticationToken = new LoginAuthenticationToken("", 60000L, "MockIdentityProvider");
        logger.info("Generating token for " + loginAuthenticationToken);
        this.jwtService.generateSignedToken(loginAuthenticationToken);
    }

    @Test(expected = JwtException.class)
    public void testShouldNotGenerateTokenWithNullIdentity() throws Exception {
        LoginAuthenticationToken loginAuthenticationToken = new LoginAuthenticationToken((String) null, 60000L, "MockIdentityProvider");
        logger.info("Generating token for " + loginAuthenticationToken);
        this.jwtService.generateSignedToken(loginAuthenticationToken);
    }

    @Test(expected = JwtException.class)
    public void testShouldNotGenerateTokenWithMissingKey() throws Exception {
        LoginAuthenticationToken loginAuthenticationToken = new LoginAuthenticationToken(DEFAULT_IDENTITY, 60000L, "MockIdentityProvider");
        logger.info("Generating token for " + loginAuthenticationToken);
        KeyService keyService = (KeyService) Mockito.mock(KeyService.class);
        Mockito.when(keyService.getOrCreateKey(ArgumentMatchers.anyString())).thenThrow(new Throwable[]{new AdministrationException("Could not find a key for that user")});
        this.jwtService = new JwtService(keyService);
        this.jwtService.generateSignedToken(loginAuthenticationToken);
    }

    @Test
    public void testShouldLogOutUser() throws Exception {
        this.expectedException.expect(JwtException.class);
        this.expectedException.expectMessage("Unable to validate the access token.");
        LoginAuthenticationToken loginAuthenticationToken = new LoginAuthenticationToken(DEFAULT_IDENTITY, 60000L, "MockIdentityProvider");
        logger.info("Generating token for " + loginAuthenticationToken);
        String generateSignedToken = this.jwtService.generateSignedToken(loginAuthenticationToken);
        logger.info("Generated JWT: " + generateSignedToken);
        logger.info("Validating token...");
        String authenticationFromToken = this.jwtService.getAuthenticationFromToken(generateSignedToken);
        Assert.assertEquals(DEFAULT_IDENTITY, authenticationFromToken);
        logger.info("Token was valid");
        logger.info("Logging out user: " + authenticationFromToken);
        this.jwtService.logOut(generateSignedToken);
        logger.info("Logged out user: " + authenticationFromToken);
        logger.info("Checking that token is now invalid...");
        this.jwtService.getAuthenticationFromToken(generateSignedToken);
    }

    @Test
    public void testShouldLogOutUserUsingAuthHeader() throws Exception {
        this.expectedException.expect(JwtException.class);
        this.expectedException.expectMessage("Unable to validate the access token.");
        LoginAuthenticationToken loginAuthenticationToken = new LoginAuthenticationToken(DEFAULT_IDENTITY, 60000L, "MockIdentityProvider");
        logger.info("Generating token for " + loginAuthenticationToken);
        String generateSignedToken = this.jwtService.generateSignedToken(loginAuthenticationToken);
        logger.info("Generated JWT: " + generateSignedToken);
        logger.info("Validating token...");
        String authenticationFromToken = this.jwtService.getAuthenticationFromToken(generateSignedToken);
        Assert.assertEquals(DEFAULT_IDENTITY, authenticationFromToken);
        logger.info("Token was valid");
        logger.info("Logging out user: " + authenticationFromToken);
        this.jwtService.logOutUsingAuthHeader("Bearer " + generateSignedToken);
        logger.info("Logged out user: " + authenticationFromToken);
        logger.info("Checking that token is now invalid...");
        this.jwtService.getAuthenticationFromToken(generateSignedToken);
    }

    @Test
    public void testLogoutWhenAuthTokenIsEmptyShouldThrowError() throws Exception {
        this.expectedException.expect(JwtException.class);
        this.expectedException.expectMessage("Unable to validate the access token.");
        this.jwtService.logOut((String) null);
    }

    @Test
    public void testShouldLogOutKerberosUser() throws Exception {
        this.expectedException.expect(JwtException.class);
        this.expectedException.expectMessage("Unable to validate the access token.");
        LoginAuthenticationToken loginAuthenticationToken = new LoginAuthenticationToken(KERBEROS_IDENTITY, 60000L, "MockIdentityProvider");
        logger.info("Generating token for " + loginAuthenticationToken);
        String generateSignedToken = this.jwtServiceUsingTestKeyService.generateSignedToken(loginAuthenticationToken);
        logger.info("Generated JWT: " + generateSignedToken);
        logger.info("Validating token...");
        String authenticationFromToken = this.jwtServiceUsingTestKeyService.getAuthenticationFromToken(generateSignedToken);
        logger.info("Token was valid, unmapped user identity was: " + authenticationFromToken);
        Assert.assertEquals(KERBEROS_IDENTITY, authenticationFromToken);
        logger.info("Using identity mappings " + Arrays.toString(identityMappings.toArray()) + " to map identity: " + authenticationFromToken);
        String mapIdentity = IdentityMappingUtil.mapIdentity(authenticationFromToken, identityMappings);
        logger.info("Logging out user with mapped identity: " + mapIdentity);
        this.jwtServiceUsingTestKeyService.logOut(mapIdentity);
        logger.info("Logged out user with mapped identity: " + mapIdentity);
        logger.info("Checking that token for " + mapIdentity + " is now invalid...");
        this.jwtServiceUsingTestKeyService.getAuthenticationFromToken(generateSignedToken);
    }

    @Test
    public void testShouldLogOutRealmedKerberosUser() throws Exception {
        this.expectedException.expect(JwtException.class);
        this.expectedException.expectMessage("Unable to validate the access token.");
        LoginAuthenticationToken loginAuthenticationToken = new LoginAuthenticationToken(IdentityMappingUtil.mapIdentity(REALMED_KERBEROS_IDENTITY, identityMappings), 60000L, "MockIdentityProvider");
        logger.info("Generating token for " + loginAuthenticationToken);
        String generateSignedToken = this.jwtServiceUsingTestKeyService.generateSignedToken(loginAuthenticationToken);
        logger.info("Generated JWT: " + generateSignedToken);
        logger.info("Validating token...");
        String authenticationFromToken = this.jwtServiceUsingTestKeyService.getAuthenticationFromToken(generateSignedToken);
        logger.info("Token was valid, unmapped user identity was: " + authenticationFromToken);
        Assert.assertEquals(KERBEROS_IDENTITY, authenticationFromToken);
        logger.info("Using identity mappings " + Arrays.toString(identityMappings.toArray()) + " to map identity: " + authenticationFromToken);
        logger.info("Logging out user with mapped identity: " + authenticationFromToken);
        this.jwtServiceUsingTestKeyService.logOut(authenticationFromToken);
        logger.info("Logged out user with mapped identity: " + authenticationFromToken);
        logger.info("Checking that token for " + authenticationFromToken + " is now invalid...");
        this.jwtServiceUsingTestKeyService.getAuthenticationFromToken(generateSignedToken);
    }
}
