package org.apache.nifi.web.security.oidc.client.web;

import java.io.IOException;
import java.time.Instant;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.apache.nifi.components.state.Scope;
import org.apache.nifi.components.state.StateManager;
import org.apache.nifi.components.state.StateMap;
import org.apache.nifi.web.security.oidc.client.web.converter.AuthorizedClientConverter;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentCaptor;
import org.mockito.ArgumentMatchers;
import org.mockito.Captor;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:org/apache/nifi/web/security/oidc/client/web/StandardOidcAuthorizedClientRepositoryTest.class */
class StandardOidcAuthorizedClientRepositoryTest {
    private static final String IDENTITY = "user-identity";
    private static final String ENCODED_CLIENT = "encoded-client";
    private static final String CLIENT_ID = "client-id";
    private static final String REDIRECT_URI = "http://localhost:8080";
    private static final String AUTHORIZATION_URI = "http://localhost/authorize";
    private static final String TOKEN_URI = "http://localhost/token";
    private static final String TOKEN = "token";
    private static final int EXPIRES_OFFSET = 60;

    @Mock
    StateManager stateManager;

    @Mock
    StateMap stateMap;

    @Mock
    AuthorizedClientConverter authorizedClientConverter;

    @Mock
    OidcAuthorizedClient authorizedClient;

    @Captor
    ArgumentCaptor<Map<String, String>> stateMapCaptor;
    MockHttpServletRequest request;
    MockHttpServletResponse response;
    StandardOidcAuthorizedClientRepository repository;
    private static final String REGISTRATION_ID = OidcRegistrationProperty.REGISTRATION_ID.getProperty();
    private static final Scope SCOPE = Scope.LOCAL;

    StandardOidcAuthorizedClientRepositoryTest() {
    }

    @BeforeEach
    void setRepository() {
        this.repository = new StandardOidcAuthorizedClientRepository(this.stateManager, this.authorizedClientConverter);
        this.request = new MockHttpServletRequest();
        this.response = new MockHttpServletResponse();
    }

    @Test
    void testLoadAuthorizedClientNotFound() throws IOException {
        Authentication authentication = (Authentication) Mockito.mock(Authentication.class);
        Mockito.when(authentication.getName()).thenReturn(IDENTITY);
        Mockito.when(this.stateManager.getState((Scope) ArgumentMatchers.eq(SCOPE))).thenReturn(this.stateMap);
        Assertions.assertNull(this.repository.loadAuthorizedClient(REGISTRATION_ID, authentication, this.request));
    }

    @Test
    void testLoadAuthorizedClientFound() throws IOException {
        Authentication authentication = (Authentication) Mockito.mock(Authentication.class);
        Mockito.when(authentication.getName()).thenReturn(IDENTITY);
        Mockito.when(this.stateMap.get((String) ArgumentMatchers.eq(IDENTITY))).thenReturn(ENCODED_CLIENT);
        Mockito.when(this.stateManager.getState((Scope) ArgumentMatchers.eq(SCOPE))).thenReturn(this.stateMap);
        Mockito.when(this.authorizedClientConverter.getDecoded((String) ArgumentMatchers.eq(ENCODED_CLIENT))).thenReturn(this.authorizedClient);
        Assertions.assertEquals(this.authorizedClient, this.repository.loadAuthorizedClient(REGISTRATION_ID, authentication, this.request));
    }

    @Test
    void testSaveAuthorizedClient() throws IOException {
        OAuth2AuthenticationToken oAuth2AuthenticationToken = (OAuth2AuthenticationToken) Mockito.mock(OAuth2AuthenticationToken.class);
        OidcUser oidcUser = (OidcUser) Mockito.mock(OidcUser.class);
        OidcIdToken oidcIdToken = (OidcIdToken) Mockito.mock(OidcIdToken.class);
        OAuth2AccessToken oAuth2AccessToken = (OAuth2AccessToken) Mockito.mock(OAuth2AccessToken.class);
        Mockito.when(oAuth2AuthenticationToken.getName()).thenReturn(IDENTITY);
        Mockito.when(oAuth2AuthenticationToken.getPrincipal()).thenReturn(oidcUser);
        Mockito.when(oidcUser.getIdToken()).thenReturn(oidcIdToken);
        Mockito.when(this.authorizedClient.getClientRegistration()).thenReturn(getClientRegistration());
        Mockito.when(this.authorizedClient.getPrincipalName()).thenReturn(IDENTITY);
        Mockito.when(this.authorizedClient.getAccessToken()).thenReturn(oAuth2AccessToken);
        Mockito.when(this.stateManager.getState((Scope) ArgumentMatchers.eq(SCOPE))).thenReturn(this.stateMap);
        Mockito.when(this.authorizedClientConverter.getEncoded((OidcAuthorizedClient) ArgumentMatchers.isA(OidcAuthorizedClient.class))).thenReturn(ENCODED_CLIENT);
        this.repository.saveAuthorizedClient(this.authorizedClient, oAuth2AuthenticationToken, this.request, this.response);
        ((AuthorizedClientConverter) Mockito.verify(this.authorizedClientConverter)).getEncoded((OidcAuthorizedClient) ArgumentMatchers.isA(OidcAuthorizedClient.class));
        ((StateManager) Mockito.verify(this.stateManager)).replace((StateMap) ArgumentMatchers.eq(this.stateMap), (Map) this.stateMapCaptor.capture(), (Scope) ArgumentMatchers.eq(SCOPE));
        Assertions.assertEquals(ENCODED_CLIENT, (String) ((Map) this.stateMapCaptor.getValue()).get(IDENTITY));
    }

    @Test
    void testRemoveAuthorizedClient() throws IOException {
        Authentication authentication = (Authentication) Mockito.mock(Authentication.class);
        Mockito.when(authentication.getName()).thenReturn(IDENTITY);
        Mockito.when(this.stateManager.getState((Scope) ArgumentMatchers.eq(SCOPE))).thenReturn(this.stateMap);
        this.repository.removeAuthorizedClient(REGISTRATION_ID, authentication, this.request, this.response);
        ((StateManager) Mockito.verify(this.stateManager)).replace((StateMap) ArgumentMatchers.eq(this.stateMap), (Map) this.stateMapCaptor.capture(), (Scope) ArgumentMatchers.eq(SCOPE));
        Assertions.assertTrue(((Map) this.stateMapCaptor.getValue()).isEmpty());
    }

    @Test
    void testRemoveAuthorizedClientStateManagerException() throws IOException {
        Authentication authentication = (Authentication) Mockito.mock(Authentication.class);
        Mockito.when(authentication.getName()).thenReturn(IDENTITY);
        Mockito.when(this.stateManager.getState((Scope) ArgumentMatchers.eq(SCOPE))).thenThrow(new Throwable[]{new IOException()});
        Assertions.assertDoesNotThrow(() -> {
            this.repository.removeAuthorizedClient(REGISTRATION_ID, authentication, this.request, this.response);
        });
    }

    @Test
    void testDeleteExpiredEmpty() throws IOException {
        Mockito.when(this.stateManager.getState((Scope) ArgumentMatchers.eq(SCOPE))).thenReturn(this.stateMap);
        Assertions.assertTrue(this.repository.deleteExpired().isEmpty());
    }

    @Test
    void testDeleteExpired() throws IOException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(IDENTITY, ENCODED_CLIENT);
        Mockito.when(this.stateMap.toMap()).thenReturn(linkedHashMap);
        Mockito.when(this.stateManager.getState((Scope) ArgumentMatchers.eq(SCOPE))).thenReturn(this.stateMap);
        Mockito.when(this.authorizedClient.getAccessToken()).thenReturn(new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, TOKEN, Instant.MIN, Instant.now().minusSeconds(60L)));
        Mockito.when(this.authorizedClientConverter.getDecoded((String) ArgumentMatchers.eq(ENCODED_CLIENT))).thenReturn(this.authorizedClient);
        List deleteExpired = this.repository.deleteExpired();
        Assertions.assertFalse(deleteExpired.isEmpty());
        Assertions.assertEquals(this.authorizedClient, (OidcAuthorizedClient) deleteExpired.iterator().next());
    }

    ClientRegistration getClientRegistration() {
        return ClientRegistration.withRegistrationId(OidcRegistrationProperty.REGISTRATION_ID.getProperty()).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI).build();
    }
}
