package io.jans.as.server.session.ws.rs;

import io.jans.as.common.model.session.SessionId;
import io.jans.as.model.common.GrantType;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.crypto.AbstractCryptoProvider;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.server.audit.ApplicationAuditLogger;
import io.jans.as.server.model.common.AuthorizationGrant;
import io.jans.as.server.model.common.AuthorizationGrantList;
import io.jans.as.server.service.ClientService;
import io.jans.as.server.service.CookieService;
import io.jans.as.server.service.GrantService;
import io.jans.as.server.service.RedirectionUriService;
import io.jans.as.server.service.SessionIdService;
import io.jans.as.server.service.external.ExternalApplicationSessionService;
import io.jans.as.server.service.external.ExternalEndSessionService;
import io.jans.model.security.Identity;
import jakarta.ws.rs.WebApplicationException;
import org.json.JSONObject;
import org.mockito.ArgumentMatchers;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.testng.MockitoTestNGListener;
import org.slf4j.Logger;
import org.testng.Assert;
import org.testng.AssertJUnit;
import org.testng.annotations.Listeners;
import org.testng.annotations.Test;

@Listeners({MockitoTestNGListener.class})
/* loaded from: input_file:io/jans/as/server/session/ws/rs/EndSessionRestWebServiceImplTest.class */
public class EndSessionRestWebServiceImplTest {
    private static final String DUMMY_JWT = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE2NjM2NzcxODUsImV4cCI6MTY5NTIxMzE4NSwiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJFbWFpbCI6Impyb2NrZXRAZXhhbXBsZS5jb20iLCJzaWQiOiIxMjM0IiwiUm9sZSI6IlByb2plY3QgQWRtaW5pc3RyYXRvciJ9.pmJ5kTvxyfOUGOXTzYA1DMjbF96lfCF1dVSn_70nf2Q";
    private static final AuthorizationGrant GRANT = new AuthorizationGrant() { // from class: io.jans.as.server.session.ws.rs.EndSessionRestWebServiceImplTest.1
        public GrantType getGrantType() {
            return GrantType.AUTHORIZATION_CODE;
        }
    };

    @InjectMocks
    private EndSessionRestWebServiceImpl endSessionRestWebService;

    @Mock
    private Logger log;

    @Mock
    private ErrorResponseFactory errorResponseFactory;

    @Mock
    private RedirectionUriService redirectionUriService;

    @Mock
    private AuthorizationGrantList authorizationGrantList;

    @Mock
    private ExternalApplicationSessionService externalApplicationSessionService;

    @Mock
    private ExternalEndSessionService externalEndSessionService;

    @Mock
    private SessionIdService sessionIdService;

    @Mock
    private CookieService cookieService;

    @Mock
    private ClientService clientService;

    @Mock
    private GrantService grantService;

    @Mock
    private Identity identity;

    @Mock
    private ApplicationAuditLogger applicationAuditLogger;

    @Mock
    private AppConfiguration appConfiguration;

    @Mock
    private LogoutTokenFactory logoutTokenFactory;

    @Mock
    private AbstractCryptoProvider cryptoProvider;

    @Test
    public void validateIdTokenHint_whenIdTokenHintIsBlank_shouldGetNoError() {
        Assert.assertNull(this.endSessionRestWebService.validateIdTokenHint("", (SessionId) null, "http://postlogout.com"));
    }

    @Test(expectedExceptions = {WebApplicationException.class})
    public void validateIdTokenHint_whenIdTokenHintIsBlankButRequired_shouldGetError() {
        Mockito.when(this.appConfiguration.getForceIdTokenHintPrecense()).thenReturn(true);
        this.endSessionRestWebService.validateIdTokenHint("", (SessionId) null, "http://postlogout.com");
    }

    @Test(expectedExceptions = {WebApplicationException.class})
    public void validateIdTokenHint_whenIdTokenIsNotInDbAndExpiredIsNotAllowed_shouldGetError() {
        Mockito.when(this.appConfiguration.getRejectEndSessionIfIdTokenExpired()).thenReturn(true);
        Mockito.when(this.endSessionRestWebService.getTokenHintGrant("test")).thenReturn((Object) null);
        this.endSessionRestWebService.validateIdTokenHint("testToken", (SessionId) null, "http://postlogout.com");
    }

    @Test(expectedExceptions = {WebApplicationException.class})
    public void validateIdTokenHint_whenIdTokenIsNotValidJwt_shouldGetError() {
        Mockito.when(this.appConfiguration.getEndSessionWithAccessToken()).thenReturn(true);
        Mockito.when(this.endSessionRestWebService.getTokenHintGrant("notValidJwt")).thenReturn(GRANT);
        this.endSessionRestWebService.validateIdTokenHint("notValidJwt", (SessionId) null, "http://postlogout.com");
    }

    @Test
    public void validateIdTokenHint_whenIdTokenIsValidJwt_shouldGetValidJwt() {
        Mockito.when(this.appConfiguration.getEndSessionWithAccessToken()).thenReturn(true);
        Mockito.when(this.endSessionRestWebService.getTokenHintGrant(DUMMY_JWT)).thenReturn(GRANT);
        AssertJUnit.assertNotNull(this.endSessionRestWebService.validateIdTokenHint(DUMMY_JWT, (SessionId) null, "http://postlogout.com"));
    }

    @Test(expectedExceptions = {WebApplicationException.class})
    public void validateIdTokenHint_whenIdTokenSignatureIsBad_shouldGetError() throws Exception {
        Mockito.when(this.appConfiguration.getEndSessionWithAccessToken()).thenReturn(false);
        Mockito.when(this.appConfiguration.getAllowEndSessionWithUnmatchedSid()).thenReturn(true);
        Mockito.when(this.endSessionRestWebService.getTokenHintGrant(DUMMY_JWT)).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(this.cryptoProvider.verifySignature(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (JSONObject) ArgumentMatchers.isNull(), (String) ArgumentMatchers.isNull(), (SignatureAlgorithm) ArgumentMatchers.any()))).thenReturn(false);
        Assert.assertNull(this.endSessionRestWebService.validateIdTokenHint(DUMMY_JWT, (SessionId) null, "http://postlogout.com"));
    }

    @Test
    public void validateIdTokenHint_whenIdTokenIsExpiredAndSidCheckIsNotRequired_shouldGetValidJwt() throws Exception {
        Mockito.when(this.appConfiguration.getEndSessionWithAccessToken()).thenReturn(false);
        Mockito.when(this.appConfiguration.getAllowEndSessionWithUnmatchedSid()).thenReturn(true);
        Mockito.when(this.endSessionRestWebService.getTokenHintGrant(DUMMY_JWT)).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(this.cryptoProvider.verifySignature(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (String) ArgumentMatchers.isNull(), (JSONObject) ArgumentMatchers.isNull(), (String) ArgumentMatchers.isNull(), (SignatureAlgorithm) ArgumentMatchers.any()))).thenReturn(true);
        AssertJUnit.assertNotNull(this.endSessionRestWebService.validateIdTokenHint(DUMMY_JWT, (SessionId) null, "http://postlogout.com"));
    }

    @Test
    public void validateIdTokenHint_whenIdTokenIsExpiredAndSidCheckIsRequired_shouldGetValidJwt() throws Exception {
        Mockito.when(this.appConfiguration.getEndSessionWithAccessToken()).thenReturn(false);
        Mockito.when(this.appConfiguration.getAllowEndSessionWithUnmatchedSid()).thenReturn(false);
        Mockito.when(this.endSessionRestWebService.getTokenHintGrant(DUMMY_JWT)).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(this.cryptoProvider.verifySignature(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (String) ArgumentMatchers.isNull(), (JSONObject) ArgumentMatchers.isNull(), (String) ArgumentMatchers.isNull(), (SignatureAlgorithm) ArgumentMatchers.any()))).thenReturn(true);
        SessionId sessionId = new SessionId();
        sessionId.setOutsideSid("1234");
        AssertJUnit.assertNotNull(this.endSessionRestWebService.validateIdTokenHint(DUMMY_JWT, sessionId, "http://postlogout.com"));
    }

    @Test(expectedExceptions = {WebApplicationException.class})
    public void validateIdTokenHint_whenIdTokenIsExpiredAndSidCheckIsRequiredButSessionHasAnotherSid_shouldGetError() throws Exception {
        Mockito.when(this.appConfiguration.getEndSessionWithAccessToken()).thenReturn(false);
        Mockito.when(this.appConfiguration.getAllowEndSessionWithUnmatchedSid()).thenReturn(false);
        Mockito.when(this.endSessionRestWebService.getTokenHintGrant(DUMMY_JWT)).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(this.cryptoProvider.verifySignature(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (String) ArgumentMatchers.isNull(), (JSONObject) ArgumentMatchers.isNull(), (String) ArgumentMatchers.isNull(), (SignatureAlgorithm) ArgumentMatchers.any()))).thenReturn(true);
        SessionId sessionId = new SessionId();
        sessionId.setOutsideSid("12345");
        AssertJUnit.assertNotNull(this.endSessionRestWebService.validateIdTokenHint(DUMMY_JWT, sessionId, "http://postlogout.com"));
    }
}
