package org.apache.nifi.web.security.jwt.converter;

import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.jwt.BadJwtException;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtDecoderFactory;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:org/apache/nifi/web/security/jwt/converter/StandardIssuerJwtDecoderTest.class */
class StandardIssuerJwtDecoderTest {
    private static final String HEADER_PAYLOAD = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJuaWZpIiwiaXNzIjoiaHR0cHM6Ly9uaWZpLmFwYWNoZS5vcmcifQ";
    private static final String TOKEN_VALUE = String.format("%s.cqEFAyICNyF5kDbYtsSgA73auanainaO44_q1GEDXeQ", HEADER_PAYLOAD);
    private static final String ISSUER = "https://nifi.apache.org";
    private static final String LOCALHOST_ISSUER = "https://localhost";
    private static final String TYPE_FIELD = "typ";
    private static final String JWT_TYPE = "JWT";

    @Mock
    private JwtDecoder applicationJwtDecoder;

    @Mock
    private JwtDecoderFactory<ClientRegistration> jwtDecoderFactory;

    @Mock
    private ClientRegistrationRepository clientRegistrationRepository;

    @Mock
    private ClientRegistration clientRegistration;

    @Mock
    private ClientRegistration.ProviderDetails providerDetails;

    @Mock
    private JwtDecoder clientRegistrationDecoder;

    StandardIssuerJwtDecoderTest() {
    }

    @Test
    void testClientRegistrationNotConfigured() {
        Mockito.when(this.clientRegistrationRepository.findByRegistrationId(ArgumentMatchers.anyString())).thenReturn((Object) null);
        StandardIssuerJwtDecoder standardIssuerJwtDecoder = new StandardIssuerJwtDecoder(this.applicationJwtDecoder, this.jwtDecoderFactory, this.clientRegistrationRepository);
        Jwt jwt = getJwt();
        Mockito.when(this.applicationJwtDecoder.decode((String) ArgumentMatchers.eq(TOKEN_VALUE))).thenReturn(jwt);
        Assertions.assertEquals(jwt, standardIssuerJwtDecoder.decode(TOKEN_VALUE));
    }

    @Test
    void testClientRegistrationConfiguredIssuerFound() {
        setClientRegistration();
        StandardIssuerJwtDecoder standardIssuerJwtDecoder = new StandardIssuerJwtDecoder(this.applicationJwtDecoder, this.jwtDecoderFactory, this.clientRegistrationRepository);
        Mockito.when(this.clientRegistration.getProviderDetails()).thenReturn(this.providerDetails);
        Mockito.when(this.providerDetails.getIssuerUri()).thenReturn(ISSUER);
        Jwt jwt = getJwt();
        Mockito.when(this.clientRegistrationDecoder.decode((String) ArgumentMatchers.eq(TOKEN_VALUE))).thenReturn(jwt);
        Assertions.assertEquals(jwt, standardIssuerJwtDecoder.decode(TOKEN_VALUE));
    }

    @Test
    void testClientRegistrationConfiguredIssuerNotFound() {
        setClientRegistration();
        StandardIssuerJwtDecoder standardIssuerJwtDecoder = new StandardIssuerJwtDecoder(this.applicationJwtDecoder, this.jwtDecoderFactory, this.clientRegistrationRepository);
        Mockito.when(this.clientRegistration.getProviderDetails()).thenReturn(this.providerDetails);
        Mockito.when(this.providerDetails.getIssuerUri()).thenReturn(LOCALHOST_ISSUER);
        Jwt jwt = getJwt();
        Mockito.when(this.applicationJwtDecoder.decode((String) ArgumentMatchers.eq(TOKEN_VALUE))).thenReturn(jwt);
        Assertions.assertEquals(jwt, standardIssuerJwtDecoder.decode(TOKEN_VALUE));
    }

    @Test
    void testClientRegistrationConfiguredTokenNotFound() {
        setClientRegistration();
        StandardIssuerJwtDecoder standardIssuerJwtDecoder = new StandardIssuerJwtDecoder(this.applicationJwtDecoder, this.jwtDecoderFactory, this.clientRegistrationRepository);
        Assertions.assertThrows(BadJwtException.class, () -> {
            standardIssuerJwtDecoder.decode((String) null);
        });
    }

    @Test
    void testClientRegistrationConfiguredTokenNotValid() {
        setClientRegistration();
        StandardIssuerJwtDecoder standardIssuerJwtDecoder = new StandardIssuerJwtDecoder(this.applicationJwtDecoder, this.jwtDecoderFactory, this.clientRegistrationRepository);
        Assertions.assertThrows(BadJwtException.class, () -> {
            standardIssuerJwtDecoder.decode(String.class.getSimpleName());
        });
    }

    private void setClientRegistration() {
        Mockito.when(this.clientRegistrationRepository.findByRegistrationId(ArgumentMatchers.anyString())).thenReturn(this.clientRegistration);
        Mockito.when(this.jwtDecoderFactory.createDecoder((ClientRegistration) ArgumentMatchers.eq(this.clientRegistration))).thenReturn(this.clientRegistrationDecoder);
    }

    private Jwt getJwt() {
        return Jwt.withTokenValue(TOKEN_VALUE).header(TYPE_FIELD, JWT_TYPE).issuedAt(Instant.now()).expiresAt(Instant.now().plus((TemporalAmount) Duration.ofHours(1L))).build();
    }
}
