package org.apache.shindig.auth;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import java.io.File;
import java.io.IOException;
import java.util.Map;
import org.apache.shindig.common.crypto.BasicBlobCrypter;
import org.apache.shindig.common.crypto.BlobCrypter;
import org.apache.shindig.common.util.CharsetUtil;
import org.apache.shindig.common.util.FakeTimeSource;
import org.apache.shindig.config.BasicContainerConfig;
import org.apache.shindig.config.ContainerConfig;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.class */
public class BlobCrypterSecurityTokenCodecTest {
    private BlobCrypterSecurityTokenCodec codec;
    private final FakeTimeSource timeSource = new FakeTimeSource();
    private ContainerConfig config;

    /* loaded from: input_file:org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest$CodecWithLoadStubbedOut.class */
    private class CodecWithLoadStubbedOut extends BlobCrypterSecurityTokenCodec {
        public CodecWithLoadStubbedOut(ContainerConfig containerConfig) {
            super(containerConfig);
        }

        protected BlobCrypter loadCrypterFromFile(File file) throws IOException {
            if (file.getPath().contains("fail")) {
                throw new IOException("Load failed: " + file);
            }
            return BlobCrypterSecurityTokenCodecTest.this.getBlobCrypter(file.getPath());
        }
    }

    @Before
    public void setUp() throws Exception {
        this.config = new BasicContainerConfig();
        this.config.newTransaction().addContainer(makeContainer("default")).addContainer(makeContainer("container")).addContainer(makeContainer("example")).commit();
        this.codec = new CodecWithLoadStubbedOut(this.config);
    }

    protected Map<String, Object> makeContainer(String str) {
        return ImmutableMap.of("gadgets.container", ImmutableList.of(str), "gadgets.securityTokenKeyFile", getContainerKey(str), "gadgets.signedFetchDomain", str + ".com");
    }

    protected String getContainerKey(String str) {
        return "KEY FOR CONTAINER " + str;
    }

    protected BlobCrypter getBlobCrypter(String str) {
        BasicBlobCrypter basicBlobCrypter = new BasicBlobCrypter(CharsetUtil.getUtf8Bytes(str));
        basicBlobCrypter.timeSource = this.timeSource;
        return basicBlobCrypter;
    }

    @Test
    public void testCreateToken() throws Exception {
        BlobCrypterSecurityToken blobCrypterSecurityToken = new BlobCrypterSecurityToken(getBlobCrypter(getContainerKey("container")), "container", (String) null);
        blobCrypterSecurityToken.setAppUrl("http://www.example.com/gadget.xml");
        blobCrypterSecurityToken.setModuleId(12345L);
        blobCrypterSecurityToken.setOwnerId("owner");
        blobCrypterSecurityToken.setViewerId("viewer");
        blobCrypterSecurityToken.setTrustedJson("trusted");
        SecurityToken createToken = this.codec.createToken(ImmutableMap.of("token", blobCrypterSecurityToken.encrypt()));
        Assert.assertEquals("http://www.example.com/gadget.xml", createToken.getAppId());
        Assert.assertEquals("http://www.example.com/gadget.xml", createToken.getAppUrl());
        Assert.assertEquals("container.com", createToken.getDomain());
        Assert.assertEquals(12345L, createToken.getModuleId());
        Assert.assertEquals("owner", createToken.getOwnerId());
        Assert.assertEquals("viewer", createToken.getViewerId());
        Assert.assertEquals("trusted", createToken.getTrustedJson());
    }

    @Test
    public void testUnknownContainer() throws Exception {
        BlobCrypterSecurityToken blobCrypterSecurityToken = new BlobCrypterSecurityToken(getBlobCrypter(getContainerKey("container")), "container", (String) null);
        blobCrypterSecurityToken.setAppUrl("http://www.example.com/gadget.xml");
        blobCrypterSecurityToken.setModuleId(12345L);
        blobCrypterSecurityToken.setOwnerId("owner");
        blobCrypterSecurityToken.setViewerId("viewer");
        blobCrypterSecurityToken.setTrustedJson("trusted");
        try {
            this.codec.createToken(ImmutableMap.of("token", blobCrypterSecurityToken.encrypt().replace("container:", "other:")));
            Assert.fail("should have reported that container was unknown");
        } catch (SecurityTokenException e) {
            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Unknown container"));
        }
    }

    @Test
    public void testWrongContainer() throws Exception {
        BlobCrypterSecurityToken blobCrypterSecurityToken = new BlobCrypterSecurityToken(getBlobCrypter(getContainerKey("container")), "container", (String) null);
        blobCrypterSecurityToken.setAppUrl("http://www.example.com/gadget.xml");
        blobCrypterSecurityToken.setModuleId(12345L);
        blobCrypterSecurityToken.setOwnerId("owner");
        blobCrypterSecurityToken.setViewerId("viewer");
        blobCrypterSecurityToken.setTrustedJson("trusted");
        try {
            this.codec.createToken(ImmutableMap.of("token", blobCrypterSecurityToken.encrypt().replace("container:", "example:")));
            Assert.fail("should have tried to decrypt with wrong key");
        } catch (SecurityTokenException e) {
            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Invalid token signature"));
        }
    }

    @Test
    public void testExpired() throws Exception {
        BlobCrypterSecurityToken blobCrypterSecurityToken = new BlobCrypterSecurityToken(getBlobCrypter(getContainerKey("container")), "container", (String) null);
        blobCrypterSecurityToken.setAppUrl("http://www.example.com/gadget.xml");
        blobCrypterSecurityToken.setModuleId(12345L);
        blobCrypterSecurityToken.setOwnerId("owner");
        blobCrypterSecurityToken.setViewerId("viewer");
        blobCrypterSecurityToken.setTrustedJson("trusted");
        String encrypt = blobCrypterSecurityToken.encrypt();
        this.timeSource.incrementSeconds(3781);
        try {
            this.codec.createToken(ImmutableMap.of("token", encrypt));
            Assert.fail("should have expired");
        } catch (SecurityTokenException e) {
            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Blob expired"));
        }
    }

    @Test
    public void testMalformed() throws Exception {
        try {
            this.codec.createToken(ImmutableMap.of("token", "foo"));
            Assert.fail("should have tried to decrypt with wrong key");
        } catch (SecurityTokenException e) {
            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Invalid security token foo"));
        }
    }

    @Test
    public void testAnonymous() throws Exception {
        Assert.assertTrue(this.codec.createToken(ImmutableMap.of("token", "   ")).isAnonymous());
        Assert.assertTrue(this.codec.createToken(ImmutableMap.of()).isAnonymous());
    }

    @Test
    public void testLoadFailure() throws Exception {
        this.config.newTransaction().addContainer(makeContainer("failure")).commit();
        try {
            new CodecWithLoadStubbedOut(this.config);
            Assert.fail("Should have failed to load crypter");
        } catch (RuntimeException e) {
            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Load failed"));
        }
    }

    @Test
    public void testChangingContainers() throws Exception {
        BlobCrypterSecurityToken blobCrypterSecurityToken = new BlobCrypterSecurityToken(getBlobCrypter(getContainerKey("newcontainer")), "newcontainer", (String) null);
        blobCrypterSecurityToken.setAppUrl("http://www.example.com/gadget.xml");
        blobCrypterSecurityToken.setModuleId(12345L);
        blobCrypterSecurityToken.setOwnerId("owner");
        blobCrypterSecurityToken.setViewerId("viewer");
        blobCrypterSecurityToken.setTrustedJson("trusted");
        String encrypt = blobCrypterSecurityToken.encrypt();
        try {
            this.codec.createToken(ImmutableMap.of("token", encrypt));
            Assert.fail("Should have thrown a SecurityTokenException");
        } catch (SecurityTokenException e) {
        }
        this.config.newTransaction().addContainer(makeContainer("newcontainer")).commit();
        this.codec.createToken(ImmutableMap.of("token", encrypt));
        this.config.newTransaction().removeContainer("newcontainer").commit();
        try {
            this.codec.createToken(ImmutableMap.of("token", encrypt));
            Assert.fail("Should have thrown a SecurityTokenException");
        } catch (SecurityTokenException e2) {
        }
    }

    @Test
    public void testGetTokenExpiration() throws Exception {
        junit.framework.Assert.assertNull(this.codec.getTokenExpiration((SecurityToken) null));
    }
}
