package ca.uhn.fhir.rest.server.security;

import static org.junit.Assert.assertThat;
import static org.junit.Assert.fail;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

import java.util.HashMap;

import javax.servlet.http.HttpServletRequest;

import org.hamcrest.core.StringContains;
import org.junit.Test;
import org.mitre.jose.keystore.JWKSetKeyStore;
import org.mitre.jwt.signer.service.impl.DefaultJwtSigningAndValidationService;
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
import org.mitre.oauth2.model.RegisteredClient;
import org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService;
import org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService;
import org.mitre.openid.connect.config.ServerConfiguration;
import org.springframework.core.io.ClassPathResource;

import ca.uhn.fhir.model.api.IResource;
import ca.uhn.fhir.model.dstu.composite.CodingDt;
import ca.uhn.fhir.model.dstu.resource.Observation;
import ca.uhn.fhir.rest.annotation.RequiredParam;
import ca.uhn.fhir.rest.annotation.Search;
import ca.uhn.fhir.rest.param.ReferenceParam;
import ca.uhn.fhir.rest.param.TokenOrListParam;
import ca.uhn.fhir.rest.server.Constants;
import ca.uhn.fhir.rest.server.IResourceProvider;
import ca.uhn.fhir.rest.server.exceptions.AuthenticationException;

public class OpenIdConnectBearerTokenServerInterceptorTest {

	@Test
	public void testValidateToken() throws Exception {

		StaticServerConfigurationService srv = new StaticServerConfigurationService();
		srv.setServers(new HashMap<String, ServerConfiguration>());
		ServerConfiguration srvCfg = new ServerConfiguration();
		srvCfg.setJwksUri("AAAAAA");
		srvCfg.setIssuer("http://localhost:8888/uhn-openid-connect/");
		srv.getServers().put("http://localhost:8888/uhn-openid-connect/", srvCfg);
		srv.afterPropertiesSet();

		StaticClientConfigurationService cli = new StaticClientConfigurationService();
		cli.setClients(new HashMap<String, RegisteredClient>());
		cli.getClients().put("http://localhost:8888/uhn-openid-connect/", new RegisteredClient());

		OpenIdConnectBearerTokenServerInterceptor mgr = new OpenIdConnectBearerTokenServerInterceptor();
		mgr.setClientConfigurationService(cli);
		mgr.setServerConfigurationService(srv);

		HttpServletRequest req = mock(HttpServletRequest.class);
		when(req.getHeader(Constants.HEADER_AUTHORIZATION))
				.thenReturn(
						"Bearer "
								+ "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0MDY4NDE4NTgsImF1ZCI6WyJjbGllbnQiXSwiaXNzIjoiaHR0cDpcL1wvbG9jYWxob3N0Ojg4ODhcL3Vobi1vcGVuaWQtY29ubmVjdFwvIiwianRpIjoiOTNiMzRjOTUtNTNiMC00YzZmLTkwYjEtYWVjODRjZTc3OGFhIiwiaWF0IjoxNDA2ODM4MjU4fQ.fYtwehPUulUYnDG_10bN6TNf7uw2FNUh_E40YagpITrVfXsV06pjU2YpNgy8nbSFmxY9IBH44UXTmMH9PLFiRn88WsPMSrUQbFCcvGIYwhqkRjGm_J1Y6oWIafUzCwZBCvk4Ne44p3DJRR6FSZRnnC850p55901DGQmNLe-rZJk3t0MHl6wySduqT3K1-Vbuq-7H6xLE10hKpLhSqBTghpQNKNjm48jm0sHcFa3ENWzyWPOmpNfzDKmJAYK2UnBtqNSJP6AJzVrJXqSu-uzasq0VOVcRU4n8b39vU1olbho1eKF0cfQlQwbrtvWipBJJSsRp_tmB9SV9BXhENxOFTw");

		JWKSetCacheService val = mock(JWKSetCacheService.class);

		JWKSetKeyStore keyStore = new JWKSetKeyStore();
		keyStore.setLocation(new ClassPathResource("/svr_keystore.jwks"));
		DefaultJwtSigningAndValidationService valSvc = new DefaultJwtSigningAndValidationService(keyStore);
		when(val.getValidator("AAAAAA")).thenReturn(valSvc);

		mgr.setValidationServices(val);

		try {
			mgr.authenticate(req);
			fail();
		} catch (AuthenticationException e) {
			assertThat(e.getMessage(), StringContains.containsString("expired"));
		}

		mgr.setTimeSkewAllowance(10 * 365 * 24 * 60 * 60);
		mgr.authenticate(req);

	}
	
	
}