package org.keycloak;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.IDToken;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/SkeletonKeyTokenTest.class */
public class SkeletonKeyTokenTest {
    @Test
    public void testToken() throws Exception {
        AccessToken accessToken = (AccessToken) JsonSerialization.readValue(JsonSerialization.writeValueAsString(createSimpleToken()), AccessToken.class);
        Assert.assertEquals("111", accessToken.getId());
        AccessToken.Access resourceAccess = accessToken.getResourceAccess("foo");
        Assert.assertNotNull(resourceAccess);
        Assert.assertTrue(resourceAccess.isUserInRole("admin"));
    }

    @Test
    public void testRSA() throws Exception {
        AccessToken createSimpleToken = createSimpleToken();
        createSimpleToken.id("111");
        createSimpleToken.addAccess("foo").addRole("admin");
        createSimpleToken.addAccess("bar").addRole("user");
        KeyPair generateKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
        JWSInput jWSInput = new JWSInput(new JWSBuilder().jsonContent(createSimpleToken).rsa256(generateKeyPair.getPrivate()));
        Assert.assertEquals("111", ((AccessToken) jWSInput.readJsonContent(AccessToken.class)).getId());
        Assert.assertTrue(RSAProvider.verify(jWSInput, generateKeyPair.getPublic()));
    }

    @Test
    public void testSerialization() throws Exception {
        AccessToken createSimpleToken = createSimpleToken();
        IDToken iDToken = new IDToken();
        iDToken.setEmail("joe@email.cz");
        KeyPair generateKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
        String rsa256 = new JWSBuilder().jsonContent(createSimpleToken).rsa256(generateKeyPair.getPrivate());
        String rsa2562 = new JWSBuilder().jsonContent(iDToken).rsa256(generateKeyPair.getPrivate());
        KeycloakPrincipal keycloakPrincipal = new KeycloakPrincipal("joe", new KeycloakSecurityContext(rsa256, createSimpleToken, rsa2562, iDToken));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
        objectOutputStream.writeObject(keycloakPrincipal);
        objectOutputStream.close();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        ObjectInputStream objectInputStream = new ObjectInputStream(new ByteArrayInputStream(byteArray));
        KeycloakSecurityContext keycloakSecurityContext = ((KeycloakPrincipal) objectInputStream.readObject()).getKeycloakSecurityContext();
        AccessToken token = keycloakSecurityContext.getToken();
        IDToken idToken = keycloakSecurityContext.getIdToken();
        System.out.println("Size of serialized principal: " + byteArray.length);
        Assert.assertEquals(rsa256, keycloakSecurityContext.getTokenString());
        Assert.assertEquals(rsa2562, keycloakSecurityContext.getIdTokenString());
        Assert.assertEquals("111", token.getId());
        Assert.assertEquals("111", token.getId());
        Assert.assertTrue(token.getResourceAccess("foo").isUserInRole("admin"));
        Assert.assertTrue(token.getResourceAccess("bar").isUserInRole("user"));
        Assert.assertEquals("joe@email.cz", idToken.getEmail());
        Assert.assertEquals("acme", keycloakSecurityContext.getRealm());
        objectInputStream.close();
    }

    @Test
    public void testTokenWithoutResourceAccess() throws Exception {
        AccessToken accessToken = new AccessToken();
        accessToken.id("111");
        accessToken.issuer("http://localhost:8080/auth/acme");
        String writeValueAsString = JsonSerialization.writeValueAsString(accessToken);
        Assert.assertFalse(writeValueAsString.contains("realm_access"));
        Assert.assertFalse(writeValueAsString.contains("resource_access"));
        AccessToken accessToken2 = (AccessToken) JsonSerialization.readValue(writeValueAsString, AccessToken.class);
        Assert.assertNull(accessToken2.getRealmAccess());
        Assert.assertTrue(accessToken2.getResourceAccess() != null && accessToken2.getResourceAccess().isEmpty());
        Assert.assertNull(accessToken2.getResourceAccess("foo"));
    }

    private AccessToken createSimpleToken() {
        AccessToken accessToken = new AccessToken();
        accessToken.id("111");
        accessToken.issuer("http://localhost:8080/auth/acme");
        accessToken.addAccess("foo").addRole("admin");
        accessToken.addAccess("bar").addRole("user");
        return accessToken;
    }

    @Test
    public void testZipException() throws Exception {
        new JWSInput("eyJhbGciOiJSUzI1NiJ9.eyJpZCI6ImUwYmRmMjQyLWJjZGItNGVjMy1hMGU4LTNjN2YyOTUzOTk5MC0xNDU1NzgyNTU2NjAyIiwiZXhwaXJhdGlvbiI6MTQ1NTc4MjU4NiwicmVzb3VyY2UiOiJwcm9kdWN0LXBvcnRhbCIsImFjdGlvbiI6IkxPR09VVCIsImFkYXB0ZXJTZXNzaW9uSWRzIjpbImx2c0oxNUpSX01XUE13aTIwbWRhTkJFRVZQZzQtMTkzVUZKem42M1EiXSwibm90QmVmb3JlIjowLCJrZXljbG9ha1Nlc3Npb25JZHMiOlsiOThkNWE3YTYtYjNmNi00ZTg3LWI5OTktOTg1N2YzMDRiZjY4Il19.H4vo7YXW8oQgYsIo9VPYeSsp1jXJR0TwJUwmiXjQJSyxFoKhHgIh3Y63ldVUeBRppxX9xhjOdYEckeppAn-1XnNxUmbExXWXirRIw8tiEtUPPCPztdkKsM0y6xWRd3Sjgg4fWB_1sMn6EWvCAvO7ahs6Rbb2Vo18nlHfxYRSTWw");
    }
}
