package io.trino.server.security.oauth2;

import com.google.common.collect.ImmutableList;
import com.google.common.io.Resources;
import io.airlift.http.client.HttpClient;
import io.airlift.http.client.HttpClientConfig;
import io.airlift.http.client.jetty.JettyHttpClient;
import io.airlift.testing.Closeables;
import io.airlift.units.Duration;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SigningKeyResolver;
import io.trino.server.security.jwt.JwkService;
import io.trino.server.security.jwt.JwkSigningKeyResolver;
import io.trino.server.security.oauth2.ScribeJavaOAuth2Client;
import java.net.URI;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.assertj.core.api.Assertions;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/* loaded from: input_file:io/trino/server/security/oauth2/TestDynamicCallbackOAuth2Service.class */
public class TestDynamicCallbackOAuth2Service {
    private static final String CLIENT_ID = "client";
    private static final String CLIENT_SECRET = "secret";
    private final TestingHydraIdentityProvider hydraIdP = new TestingHydraIdentityProvider();
    private final HttpClient httpClient = new JettyHttpClient(new HttpClientConfig().setTrustStorePath(Resources.getResource("cert/localhost.pem").getPath()));
    private String hydraUrl;
    private SigningKeyResolver signingKeyResolver;

    @BeforeClass
    public void setUp() throws Exception {
        this.hydraIdP.start();
        this.hydraUrl = "https://localhost:" + this.hydraIdP.getAuthPort();
        this.hydraIdP.createClient("client", CLIENT_SECRET, TokenEndpointAuthMethod.CLIENT_SECRET_BASIC, ImmutableList.of("https://localhost:8080"), "https://localhost:8080/oauth2/callback");
        this.signingKeyResolver = new JwkSigningKeyResolver(new JwkService(URI.create(this.hydraUrl + "/.well-known/jwks.json"), this.httpClient, new Duration(5.0d, TimeUnit.MINUTES)));
    }

    @AfterClass(alwaysRun = true)
    public void tearDown() throws Exception {
        Closeables.closeAll(new AutoCloseable[]{this.hydraIdP, this.httpClient});
    }

    @Test
    public void testMultipleScopes() throws Exception {
        Assertions.assertThat((List) ((Claims) Jwts.parserBuilder().setSigningKeyResolver(this.signingKeyResolver).build().parseClaimsJws(new ScribeJavaOAuth2Client.DynamicCallbackOAuth2Service(new OAuth2Config().setIssuer(this.hydraUrl).setAuthUrl(this.hydraUrl + "/oauth2/auth").setTokenUrl(this.hydraUrl + "/oauth2/token").setJwksUrl(this.hydraUrl + "/.well-known/jwks.json").setClientId("client").setClientSecret(CLIENT_SECRET).setScopes("openid,offline"), this.httpClient).getAccessTokenClientCredentialsGrant().getAccessToken()).getBody()).get("scp", List.class)).containsExactlyInAnyOrder(new Object[]{"openid", "offline"});
    }
}
