package org.apache.kafka.common.security.oauthbearer.internals.unsecured;

import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import org.apache.kafka.common.utils.Time;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/apache/kafka/common/security/oauthbearer/internals/unsecured/OAuthBearerValidationUtilsTest.class */
public class OAuthBearerValidationUtilsTest {
    private static final String QUOTE = "\"";
    private static final String HEADER_COMPACT_SERIALIZATION = Base64.getUrlEncoder().withoutPadding().encodeToString("{\"alg\":\"none\"}".getBytes(StandardCharsets.UTF_8)) + ".";
    private static final Time TIME = Time.SYSTEM;

    @Test
    public void validateClaimForExistenceAndType() throws OAuthBearerIllegalTokenException {
        Boolean[] boolArr = {null, Boolean.TRUE, Boolean.FALSE};
        int length = boolArr.length;
        for (int i = 0; i < length; i++) {
            Boolean bool = boolArr[i];
            boolean z = bool == null;
            for (boolean z2 : new boolean[]{true, false}) {
                Boolean valueOf = Boolean.valueOf(z2);
                StringBuilder sb = new StringBuilder("{");
                appendJsonText(sb, "exp", 100);
                appendCommaJsonText(sb, "sub", "principalName");
                if (z) {
                    appendCommaJsonText(sb, "foo", (Number) 1);
                } else if (bool.booleanValue()) {
                    appendCommaJsonText(sb, "foo", "foo");
                }
                sb.append("}");
                OAuthBearerValidationResult validateClaimForExistenceAndType = OAuthBearerValidationUtils.validateClaimForExistenceAndType(new OAuthBearerUnsecuredJws(HEADER_COMPACT_SERIALIZATION + Base64.getUrlEncoder().withoutPadding().encodeToString(sb.toString().getBytes(StandardCharsets.UTF_8)) + ".", "sub", "scope"), valueOf.booleanValue(), "foo", new Class[]{String.class});
                if (z || (valueOf.booleanValue() && !bool.booleanValue())) {
                    Assertions.assertTrue(isFailureWithMessageAndNoFailureScope(validateClaimForExistenceAndType));
                } else {
                    Assertions.assertTrue(isSuccess(validateClaimForExistenceAndType));
                }
            }
        }
    }

    @Test
    public void validateIssuedAt() {
        long milliseconds = TIME.milliseconds();
        double d = milliseconds / 1000.0d;
        for (boolean z : new boolean[]{true, false}) {
            StringBuilder sb = new StringBuilder("{");
            appendJsonText(sb, "exp", Double.valueOf(d));
            appendCommaJsonText(sb, "sub", "principalName");
            if (z) {
                appendCommaJsonText(sb, "iat", Double.valueOf(d));
            }
            sb.append("}");
            OAuthBearerUnsecuredJws oAuthBearerUnsecuredJws = new OAuthBearerUnsecuredJws(HEADER_COMPACT_SERIALIZATION + Base64.getUrlEncoder().withoutPadding().encodeToString(sb.toString().getBytes(StandardCharsets.UTF_8)) + ".", "sub", "scope");
            for (boolean z2 : new boolean[]{true, false}) {
                for (int i : new int[]{0, 5, 10, 20}) {
                    for (long j : new long[]{-10, 0, 10}) {
                        long j2 = milliseconds + j;
                        OAuthBearerValidationResult validateIssuedAt = OAuthBearerValidationUtils.validateIssuedAt(oAuthBearerUnsecuredJws, z2, j2, i);
                        if (z2 && !z) {
                            Assertions.assertTrue(isFailureWithMessageAndNoFailureScope(validateIssuedAt), "useErrorValue || required && !exists");
                        } else if (!z2 && !z) {
                            Assertions.assertTrue(isSuccess(validateIssuedAt), "!required && !exists");
                        } else if (d * 1000.0d > j2 + i) {
                            Assertions.assertTrue(isFailureWithMessageAndNoFailureScope(validateIssuedAt), assertionFailureMessage(d, i, j2));
                        } else {
                            Assertions.assertTrue(isSuccess(validateIssuedAt), assertionFailureMessage(d, i, j2));
                        }
                    }
                }
            }
        }
    }

    @Test
    public void validateExpirationTime() {
        long milliseconds = TIME.milliseconds();
        double d = milliseconds / 1000.0d;
        StringBuilder sb = new StringBuilder("{");
        appendJsonText(sb, "exp", Double.valueOf(d));
        appendCommaJsonText(sb, "sub", "principalName");
        sb.append("}");
        OAuthBearerUnsecuredJws oAuthBearerUnsecuredJws = new OAuthBearerUnsecuredJws(HEADER_COMPACT_SERIALIZATION + Base64.getUrlEncoder().withoutPadding().encodeToString(sb.toString().getBytes(StandardCharsets.UTF_8)) + ".", "sub", "scope");
        for (int i : new int[]{0, 5, 10, 20}) {
            for (long j : new long[]{-10, 0, 10}) {
                long j2 = milliseconds + j;
                OAuthBearerValidationResult validateExpirationTime = OAuthBearerValidationUtils.validateExpirationTime(oAuthBearerUnsecuredJws, j2, i);
                if (j2 - i >= d * 1000.0d) {
                    Assertions.assertTrue(isFailureWithMessageAndNoFailureScope(validateExpirationTime), assertionFailureMessage(d, i, j2));
                } else {
                    Assertions.assertTrue(isSuccess(validateExpirationTime), assertionFailureMessage(d, i, j2));
                }
            }
        }
    }

    @Test
    public void validateExpirationTimeAndIssuedAtConsistency() throws OAuthBearerIllegalTokenException {
        double milliseconds = TIME.milliseconds() / 1000.0d;
        for (boolean z : new boolean[]{true, false}) {
            if (z) {
                for (int i = -1; i <= 1; i++) {
                    StringBuilder sb = new StringBuilder("{");
                    appendJsonText(sb, "iat", Double.valueOf(milliseconds));
                    appendCommaJsonText(sb, "exp", Double.valueOf(milliseconds + i));
                    appendCommaJsonText(sb, "sub", "principalName");
                    sb.append("}");
                    OAuthBearerValidationResult validateTimeConsistency = OAuthBearerValidationUtils.validateTimeConsistency(new OAuthBearerUnsecuredJws(HEADER_COMPACT_SERIALIZATION + Base64.getUrlEncoder().withoutPadding().encodeToString(sb.toString().getBytes(StandardCharsets.UTF_8)) + ".", "sub", "scope"));
                    if (i <= 0) {
                        Assertions.assertTrue(isFailureWithMessageAndNoFailureScope(validateTimeConsistency));
                    } else {
                        Assertions.assertTrue(isSuccess(validateTimeConsistency));
                    }
                }
            } else {
                StringBuilder sb2 = new StringBuilder("{");
                appendJsonText(sb2, "exp", Double.valueOf(milliseconds));
                appendCommaJsonText(sb2, "sub", "principalName");
                sb2.append("}");
                Assertions.assertTrue(isSuccess(OAuthBearerValidationUtils.validateTimeConsistency(new OAuthBearerUnsecuredJws(HEADER_COMPACT_SERIALIZATION + Base64.getUrlEncoder().withoutPadding().encodeToString(sb2.toString().getBytes(StandardCharsets.UTF_8)) + ".", "sub", "scope"))));
            }
        }
    }

    @Test
    public void validateScope() {
        double milliseconds = TIME.milliseconds() / 1000.0d;
        List emptyList = Collections.emptyList();
        List singletonList = Collections.singletonList("scope1");
        List asList = Arrays.asList("scope1", "scope2");
        boolean[] zArr = {true, false};
        int length = zArr.length;
        for (int i = 0; i < length; i++) {
            boolean z = zArr[i];
            for (List list : !z ? Collections.singletonList((List) null) : Arrays.asList(emptyList, singletonList, asList)) {
                boolean[] zArr2 = {true, false};
                int length2 = zArr2.length;
                for (int i2 = 0; i2 < length2; i2++) {
                    boolean z2 = zArr2[i2];
                    for (List list2 : !z2 ? Collections.singletonList((List) null) : Arrays.asList(emptyList, singletonList, asList)) {
                        StringBuilder sb = new StringBuilder("{");
                        appendJsonText(sb, "exp", Double.valueOf(milliseconds));
                        appendCommaJsonText(sb, "sub", "principalName");
                        if (list != null) {
                            sb.append(',').append(scopeJson(list));
                        }
                        sb.append("}");
                        OAuthBearerValidationResult validateScope = OAuthBearerValidationUtils.validateScope(new OAuthBearerUnsecuredJws(HEADER_COMPACT_SERIALIZATION + Base64.getUrlEncoder().withoutPadding().encodeToString(sb.toString().getBytes(StandardCharsets.UTF_8)) + ".", "sub", "scope"), list2);
                        if (!z2 || list2.isEmpty()) {
                            Assertions.assertTrue(isSuccess(validateScope));
                        } else if (!z || list.size() < list2.size()) {
                            Assertions.assertTrue(isFailureWithMessageAndFailureScope(validateScope));
                        } else {
                            Assertions.assertTrue(isSuccess(validateScope));
                        }
                    }
                }
            }
        }
    }

    private static String assertionFailureMessage(double d, int i, long j) {
        return String.format("time=%f seconds, whenCheck = %d ms, allowableClockSkew=%d ms", Double.valueOf(d), Long.valueOf(j), Integer.valueOf(i));
    }

    private static boolean isSuccess(OAuthBearerValidationResult oAuthBearerValidationResult) {
        return oAuthBearerValidationResult.success();
    }

    private static boolean isFailureWithMessageAndNoFailureScope(OAuthBearerValidationResult oAuthBearerValidationResult) {
        return !oAuthBearerValidationResult.success() && !oAuthBearerValidationResult.failureDescription().isEmpty() && oAuthBearerValidationResult.failureScope() == null && oAuthBearerValidationResult.failureOpenIdConfig() == null;
    }

    private static boolean isFailureWithMessageAndFailureScope(OAuthBearerValidationResult oAuthBearerValidationResult) {
        return (oAuthBearerValidationResult.success() || oAuthBearerValidationResult.failureDescription().isEmpty() || oAuthBearerValidationResult.failureScope().isEmpty() || oAuthBearerValidationResult.failureOpenIdConfig() != null) ? false : true;
    }

    private static void appendCommaJsonText(StringBuilder sb, String str, Number number) {
        sb.append(',').append(QUOTE).append(escape(str)).append(QUOTE).append(":").append(number);
    }

    private static void appendCommaJsonText(StringBuilder sb, String str, String str2) {
        sb.append(',').append(QUOTE).append(escape(str)).append(QUOTE).append(":").append(QUOTE).append(escape(str2)).append(QUOTE);
    }

    private static void appendJsonText(StringBuilder sb, String str, Number number) {
        sb.append(QUOTE).append(escape(str)).append(QUOTE).append(":").append(number);
    }

    private static String escape(String str) {
        return str.replace(QUOTE, "\\\"").replace("\\", "\\\\");
    }

    private static String scopeJson(List<String> list) {
        StringBuilder sb = new StringBuilder("\"scope\":[");
        int length = sb.length();
        for (String str : list) {
            if (sb.length() > length) {
                sb.append(',');
            }
            sb.append('\"').append(str).append('\"');
        }
        sb.append(']');
        return sb.toString();
    }
}
