package it.geosolutions.geostore.rest.security.oauth2.openid_connect;

import com.github.tomakehurst.wiremock.WireMockServer;
import com.github.tomakehurst.wiremock.client.WireMock;
import com.github.tomakehurst.wiremock.common.ConsoleNotifier;
import com.github.tomakehurst.wiremock.core.WireMockConfiguration;
import it.geosolutions.geostore.core.model.User;
import it.geosolutions.geostore.core.model.UserGroup;
import it.geosolutions.geostore.core.model.enums.Role;
import it.geosolutions.geostore.services.rest.security.oauth2.GeoStoreOAuthRestTemplate;
import it.geosolutions.geostore.services.rest.security.oauth2.OAuth2Configuration;
import it.geosolutions.geostore.services.rest.security.oauth2.openid_connect.OpenIdConnectConfiguration;
import it.geosolutions.geostore.services.rest.security.oauth2.openid_connect.OpenIdConnectFilter;
import it.geosolutions.geostore.services.rest.security.oauth2.openid_connect.OpenIdConnectSecurityConfiguration;
import java.io.IOException;
import javax.servlet.ServletException;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
import org.springframework.security.oauth2.client.token.DefaultAccessTokenRequest;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:it/geosolutions/geostore/rest/security/oauth2/openid_connect/OpenIdConnectIntegrationTest.class */
public class OpenIdConnectIntegrationTest {
    private static final String CLIENT_ID = "kbyuFDidLLm280LIwVFiazOqjO3ty8KH";
    private static final String CLIENT_SECRET = "60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa";
    private static final String CODE = "R-2CqM7H1agwc7Cx";
    private static WireMockServer openIdConnectService;
    private String authService;
    private OpenIdConnectFilter filter;
    private OpenIdConnectConfiguration configuration;

    @BeforeClass
    public static void beforeClass() {
        openIdConnectService = new WireMockServer(WireMockConfiguration.wireMockConfig().dynamicPort().notifier(new ConsoleNotifier(true)));
        openIdConnectService.start();
        openIdConnectService.stubFor(WireMock.get(WireMock.urlEqualTo("/certs")).willReturn(WireMock.aResponse().withStatus(200).withHeader("Content-Type", "application/json").withBodyFile("jkws.json")));
        openIdConnectService.stubFor(WireMock.post(WireMock.urlPathEqualTo("/token")).withRequestBody(WireMock.containing("grant_type=authorization_code")).withRequestBody(WireMock.containing("client_id=kbyuFDidLLm280LIwVFiazOqjO3ty8KH")).withRequestBody(WireMock.containing("code=R-2CqM7H1agwc7Cx")).willReturn(WireMock.aResponse().withStatus(200).withHeader("Content-Type", "application/json").withBodyFile("token_response.json")));
        openIdConnectService.stubFor(WireMock.any(WireMock.urlPathEqualTo("/userinfo")).willReturn(WireMock.aResponse().withStatus(200).withHeader("Content-Type", "application/json").withBodyFile("userinfo.json")));
    }

    @Before
    public void before() {
        this.authService = "http://localhost:" + openIdConnectService.port();
        final OpenIdConnectConfiguration openIdConnectConfiguration = new OpenIdConnectConfiguration();
        openIdConnectConfiguration.setClientId(CLIENT_ID);
        openIdConnectConfiguration.setClientSecret(CLIENT_SECRET);
        openIdConnectConfiguration.setRevokeEndpoint(this.authService + "/revoke");
        openIdConnectConfiguration.setAccessTokenUri(this.authService + "/token");
        openIdConnectConfiguration.setAuthorizationUri(this.authService + "/authorize");
        openIdConnectConfiguration.setCheckTokenEndpointUrl(this.authService + "/userinfo");
        openIdConnectConfiguration.setEnabled(true);
        openIdConnectConfiguration.setAutoCreateUser(true);
        openIdConnectConfiguration.setIdTokenUri(this.authService + "/certs");
        openIdConnectConfiguration.setBeanName("oidcOAuth2Config");
        openIdConnectConfiguration.setEnableRedirectEntryPoint(true);
        openIdConnectConfiguration.setRedirectUri("../../../geostore/rest/users/user/details");
        openIdConnectConfiguration.setScopes("openId,email");
        openIdConnectConfiguration.setSendClientSecret(true);
        this.configuration = openIdConnectConfiguration;
        OpenIdConnectSecurityConfiguration openIdConnectSecurityConfiguration = new OpenIdConnectSecurityConfiguration() { // from class: it.geosolutions.geostore.rest.security.oauth2.openid_connect.OpenIdConnectIntegrationTest.1
            protected GeoStoreOAuthRestTemplate restTemplate() {
                return new GeoStoreOAuthRestTemplate(resourceDetails(), new DefaultOAuth2ClientContext(new DefaultAccessTokenRequest()), configuration());
            }

            public OAuth2Configuration configuration() {
                return openIdConnectConfiguration;
            }
        };
        this.filter = new OpenIdConnectFilter(openIdConnectSecurityConfiguration.oidcTokenServices(), openIdConnectSecurityConfiguration.oauth2RestTemplate(), openIdConnectConfiguration, openIdConnectSecurityConfiguration.oidcCache(), openIdConnectSecurityConfiguration.openIdConnectBearerTokenValidator());
    }

    @After
    public void afterTest() {
        SecurityContextHolder.clearContext();
        RequestContextHolder.resetRequestAttributes();
    }

    @Test
    public void testRedirect() throws IOException, ServletException {
        MockHttpServletRequest createRequest = createRequest("oidc/login");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.filter.doFilter(createRequest, mockHttpServletResponse, new MockFilterChain());
        Assert.assertEquals(302L, mockHttpServletResponse.getStatus());
        Assert.assertEquals(mockHttpServletResponse.getRedirectedUrl(), this.configuration.buildLoginUri());
    }

    @Test
    public void testAuthentication() throws IOException, ServletException {
        MockHttpServletRequest createRequest = createRequest("oidc/login");
        createRequest.setParameter("authorization_code", CODE);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        this.filter.restTemplate.getOAuth2ClientContext().getAccessTokenRequest().setAuthorizationCode(CODE);
        this.filter.doFilter(createRequest, mockHttpServletResponse, mockFilterChain);
        Assert.assertEquals(200L, mockHttpServletResponse.getStatus());
        User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        Assert.assertEquals("ritter@erdukunde.de", user.getName());
        Assert.assertEquals(Role.USER, user.getRole());
    }

    @Test
    public void testGroupsAndRolesFromToken() throws IOException, ServletException {
        this.configuration.setGroupsClaim("hd");
        MockHttpServletRequest createRequest = createRequest("oidc/login");
        createRequest.setParameter("authorization_code", CODE);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        this.filter.restTemplate.getOAuth2ClientContext().getAccessTokenRequest().setAuthorizationCode(CODE);
        this.filter.doFilter(createRequest, mockHttpServletResponse, mockFilterChain);
        Assert.assertEquals(200L, mockHttpServletResponse.getStatus());
        User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        Assert.assertEquals("ritter@erdukunde.de", user.getName());
        Assert.assertEquals(Role.USER, user.getRole());
        Assert.assertEquals("geosolutionsgroup.com", ((UserGroup) user.getGroups().stream().findAny().get()).getGroupName());
    }

    private MockHttpServletRequest createRequest(String str) {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setScheme("http");
        mockHttpServletRequest.setServerName("localhost");
        mockHttpServletRequest.setServerPort(8080);
        mockHttpServletRequest.setContextPath("/geostore");
        mockHttpServletRequest.setRequestURI("/geostore/" + str);
        mockHttpServletRequest.setRemoteAddr("127.0.0.1");
        mockHttpServletRequest.setServletPath("/geostore");
        mockHttpServletRequest.setPathInfo(str);
        mockHttpServletRequest.addHeader("Host", "localhost:8080");
        RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(mockHttpServletRequest));
        return mockHttpServletRequest;
    }
}
