package io.trino.server.security.oauth2;

import com.nimbusds.jose.KeyLengthException;
import io.airlift.units.Duration;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.trino.server.security.oauth2.OAuth2Client;
import io.trino.server.security.oauth2.TokenPairSerializer;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.time.Clock;
import java.time.Instant;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Calendar;
import java.util.Date;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import org.assertj.core.api.Assertions;
import org.testng.annotations.Test;

/* loaded from: input_file:io/trino/server/security/oauth2/TestJweTokenSerializer.class */
public class TestJweTokenSerializer {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/trino/server/security/oauth2/TestJweTokenSerializer$Oauth2ClientStub.class */
    public static class Oauth2ClientStub implements OAuth2Client {
        private final Map<String, Object> claims = Jwts.claims().setSubject("user");

        Oauth2ClientStub() {
        }

        public void load() {
        }

        public OAuth2Client.Request createAuthorizationRequest(String str, URI uri) {
            throw new UnsupportedOperationException("operation is not yet supported");
        }

        public OAuth2Client.Response getOAuth2Response(String str, URI uri, Optional<String> optional) {
            throw new UnsupportedOperationException("operation is not yet supported");
        }

        public Optional<Map<String, Object>> getClaims(String str) {
            return Optional.of(this.claims);
        }

        public OAuth2Client.Response refreshTokens(String str) {
            throw new UnsupportedOperationException("operation is not yet supported");
        }
    }

    /* loaded from: input_file:io/trino/server/security/oauth2/TestJweTokenSerializer$TestingClock.class */
    private static class TestingClock extends Clock {
        private Instant currentTime = ZonedDateTime.of(2022, 5, 6, 10, 15, 0, 0, ZoneId.systemDefault()).toInstant();

        private TestingClock() {
        }

        @Override // java.time.Clock
        public ZoneId getZone() {
            return ZoneId.systemDefault();
        }

        @Override // java.time.Clock, java.time.InstantSource
        public Clock withZone(ZoneId zoneId) {
            return this;
        }

        @Override // java.time.Clock, java.time.InstantSource
        public Instant instant() {
            return this.currentTime;
        }

        public void advanceBy(Duration duration) {
            this.currentTime = this.currentTime.plus(duration.toMillis(), (TemporalUnit) ChronoUnit.MILLIS);
        }
    }

    @Test
    public void testSerialization() throws Exception {
        JweTokenSerializer jweTokenSerializer = tokenSerializer(Clock.systemUTC(), Duration.succinctDuration(5.0d, TimeUnit.SECONDS));
        Date time = new Calendar.Builder().setDate(2022, 6, 22).build().getTime();
        TokenPairSerializer.TokenPair deserialize = jweTokenSerializer.deserialize(jweTokenSerializer.serialize(TokenPairSerializer.TokenPair.accessAndRefreshTokens("access_token", time, "refresh_token")));
        Assertions.assertThat(deserialize.getAccessToken()).isEqualTo("access_token");
        Assertions.assertThat(deserialize.getExpiration()).isEqualTo(time);
        Assertions.assertThat(deserialize.getRefreshToken()).isEqualTo(Optional.of("refresh_token"));
    }

    @Test
    public void testTokenDeserializationAfterTimeoutButBeforeExpirationExtension() throws Exception {
        TestingClock testingClock = new TestingClock();
        JweTokenSerializer jweTokenSerializer = tokenSerializer(testingClock, Duration.succinctDuration(12.0d, TimeUnit.MINUTES));
        Date time = new Calendar.Builder().setDate(2022, 6, 22).build().getTime();
        String serialize = jweTokenSerializer.serialize(TokenPairSerializer.TokenPair.accessAndRefreshTokens("access_token", time, "refresh_token"));
        testingClock.advanceBy(Duration.succinctDuration(10.0d, TimeUnit.MINUTES));
        TokenPairSerializer.TokenPair deserialize = jweTokenSerializer.deserialize(serialize);
        Assertions.assertThat(deserialize.getAccessToken()).isEqualTo("access_token");
        Assertions.assertThat(deserialize.getExpiration()).isEqualTo(time);
        Assertions.assertThat(deserialize.getRefreshToken()).isEqualTo(Optional.of("refresh_token"));
    }

    @Test
    public void testTokenDeserializationAfterTimeoutAndExpirationExtension() throws Exception {
        TestingClock testingClock = new TestingClock();
        JweTokenSerializer jweTokenSerializer = tokenSerializer(testingClock, Duration.succinctDuration(12.0d, TimeUnit.MINUTES));
        String serialize = jweTokenSerializer.serialize(TokenPairSerializer.TokenPair.accessAndRefreshTokens("access_token", new Calendar.Builder().setDate(2022, 6, 22).build().getTime(), "refresh_token"));
        testingClock.advanceBy(Duration.succinctDuration(20.0d, TimeUnit.MINUTES));
        Assertions.assertThatThrownBy(() -> {
            jweTokenSerializer.deserialize(serialize);
        }).isExactlyInstanceOf(ExpiredJwtException.class);
    }

    @Test
    public void testTokenDeserializationWhenNonJWETokenIsPassed() throws Exception {
        TokenPairSerializer.TokenPair deserialize = tokenSerializer(new TestingClock(), Duration.succinctDuration(12.0d, TimeUnit.MINUTES)).deserialize("non_jwe_token");
        Assertions.assertThat(deserialize.getAccessToken()).isEqualTo("non_jwe_token");
        Assertions.assertThat(deserialize.getRefreshToken()).isEmpty();
    }

    private JweTokenSerializer tokenSerializer(Clock clock, Duration duration) throws GeneralSecurityException, KeyLengthException {
        return new JweTokenSerializer(new RefreshTokensConfig(), new Oauth2ClientStub(), "trino_coordinator_test_version", "trino_coordinator", "sub", clock, duration);
    }
}
