package au.csiro.pathling.fhir;

import au.csiro.pathling.config.TerminologyAuthConfiguration;
import ca.uhn.fhir.rest.client.api.IHttpRequest;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import lombok.Generated;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentMatcher;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:au/csiro/pathling/fhir/ClientAuthInterceptorTest.class */
class ClientAuthInterceptorTest {
    public static final String TOKEN_URL = "https://auth.ontoserver.csiro.au/auth/realms/aehrc/protocol/openid-connect/token";
    public static final String CLIENT_ID = "someclient";
    public static final String CLIENT_SECRET = "somesecret";
    public static final String SCOPE = "openid";
    public static final int TOKEN_EXPIRY_TOLERANCE = 0;
    ClientAuthInterceptor interceptor;
    CloseableHttpClient httpClient;
    IHttpRequest request;
    CloseableHttpResponse response;

    @Generated
    private static final Logger log = LoggerFactory.getLogger(ClientAuthInterceptorTest.class);
    public static final StringEntity VALID_RESPONSE_BODY = new StringEntity("{\n  \"access_token\": \"foo\",\n  \"token_type\": \"access_token\",\n  \"expires_in\": 1,\n  \"refresh_token\": \"bar\",\n  \"scope\": \"openid\"\n}", StandardCharsets.UTF_8);

    ClientAuthInterceptorTest() {
    }

    @BeforeEach
    void setUp() {
        this.httpClient = (CloseableHttpClient) Mockito.mock(CloseableHttpClient.class);
        this.request = (IHttpRequest) Mockito.mock(IHttpRequest.class);
        this.response = (CloseableHttpResponse) Mockito.mock(CloseableHttpResponse.class);
        this.interceptor = new ClientAuthInterceptor(this.httpClient, TerminologyAuthConfiguration.builder().tokenEndpoint(TOKEN_URL).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET).scope(SCOPE).tokenExpiryTolerance(0L).build());
    }

    @Test
    void authorization() throws IOException, InterruptedException {
        Header header = (Header) Mockito.mock(Header.class);
        Mockito.when(header.getValue()).thenReturn("application/json");
        Mockito.when(this.response.getFirstHeader((String) ArgumentMatchers.eq("Content-Type"))).thenReturn(header);
        Mockito.when(this.response.getEntity()).thenReturn(VALID_RESPONSE_BODY);
        Mockito.when(this.httpClient.execute((HttpUriRequest) ArgumentMatchers.argThat(matchesRequest()))).thenReturn(this.response);
        this.interceptor.handleClientRequest(this.request);
        this.interceptor.handleClientRequest(this.request);
        Thread.sleep(2000L);
        this.interceptor.handleClientRequest(this.request);
        ((CloseableHttpClient) Mockito.verify(this.httpClient, Mockito.times(2))).execute((HttpUriRequest) ArgumentMatchers.any());
        ((CloseableHttpClient) Mockito.verify(this.httpClient, Mockito.times(2))).execute((HttpUriRequest) ArgumentMatchers.argThat(matchesRequest()));
    }

    @Test
    void missingContentType() throws IOException {
        Mockito.when(this.response.getFirstHeader((String) ArgumentMatchers.eq("Content-Type"))).thenReturn((Object) null);
        Mockito.when(this.response.getEntity()).thenReturn(VALID_RESPONSE_BODY);
        Mockito.when(this.httpClient.execute((HttpUriRequest) ArgumentMatchers.argThat(matchesRequest()))).thenReturn(this.response);
        Assertions.assertEquals("Client credentials response contains no Content-Type header", ((ClientProtocolException) Assertions.assertThrows(ClientProtocolException.class, () -> {
            this.interceptor.handleClientRequest(this.request);
        })).getMessage());
    }

    @Test
    void incorrectContentType() throws IOException {
        Header header = (Header) Mockito.mock(Header.class);
        Mockito.when(header.getValue()).thenReturn("audio/x-midi");
        Mockito.when(this.response.getFirstHeader((String) ArgumentMatchers.eq("Content-Type"))).thenReturn(header);
        Mockito.when(this.response.getEntity()).thenReturn(VALID_RESPONSE_BODY);
        Mockito.when(this.httpClient.execute((HttpUriRequest) ArgumentMatchers.argThat(matchesRequest()))).thenReturn(this.response);
        Assertions.assertEquals("Invalid response from token endpoint: content type is not application/json", ((ClientProtocolException) Assertions.assertThrows(ClientProtocolException.class, () -> {
            this.interceptor.handleClientRequest(this.request);
        })).getMessage());
    }

    @Test
    void missingAccessToken() throws IOException {
        Header header = (Header) Mockito.mock(Header.class);
        Mockito.when(header.getValue()).thenReturn("application/json");
        Mockito.when(this.response.getFirstHeader((String) ArgumentMatchers.eq("Content-Type"))).thenReturn(header);
        Mockito.when(this.response.getEntity()).thenReturn(new StringEntity("{\n  \"token_type\": \"access_token\",\n  \"expires_in\": 1,\n  \"refresh_token\": \"bar\",\n  \"scope\": \"openid\"\n}", StandardCharsets.UTF_8));
        Mockito.when(this.httpClient.execute((HttpUriRequest) ArgumentMatchers.argThat(matchesRequest()))).thenReturn(this.response);
        Mockito.when(this.httpClient.execute((HttpUriRequest) ArgumentMatchers.argThat(matchesRequest()))).thenReturn(this.response);
        Assertions.assertEquals("Client credentials grant does not contain access token", ((ClientProtocolException) Assertions.assertThrows(ClientProtocolException.class, () -> {
            this.interceptor.handleClientRequest(this.request);
        })).getMessage());
    }

    @Test
    void expiryLessThanTolerance() throws IOException {
        this.interceptor = new ClientAuthInterceptor(this.httpClient, TerminologyAuthConfiguration.builder().tokenEndpoint(TOKEN_URL).clientId(CLIENT_ID).clientSecret(CLIENT_SECRET).scope(SCOPE).tokenExpiryTolerance(10L).build());
        Header header = (Header) Mockito.mock(Header.class);
        Mockito.when(header.getValue()).thenReturn("application/json");
        Mockito.when(this.response.getFirstHeader((String) ArgumentMatchers.eq("Content-Type"))).thenReturn(header);
        Mockito.when(this.response.getEntity()).thenReturn(VALID_RESPONSE_BODY);
        Mockito.when(this.httpClient.execute((HttpUriRequest) ArgumentMatchers.argThat(matchesRequest()))).thenReturn(this.response);
        Assertions.assertEquals("Client credentials grant expiry is less than the tolerance: 1", ((ClientProtocolException) Assertions.assertThrows(ClientProtocolException.class, () -> {
            this.interceptor.handleClientRequest(this.request);
        })).getMessage());
    }

    @AfterEach
    void tearDown() throws IOException {
        this.interceptor.close();
        ClientAuthInterceptor.clearAccessContexts();
    }

    private static ArgumentMatcher<HttpUriRequest> matchesRequest() {
        return httpUriRequest -> {
            boolean z;
            if (!(httpUriRequest instanceof HttpPost)) {
                return false;
            }
            boolean z2 = httpUriRequest.getURI().toString().equals(TOKEN_URL) && httpUriRequest.getFirstHeader("Content-Type").getValue().equals("application/x-www-form-urlencoded") && httpUriRequest.getFirstHeader("Accept").getValue().equals("application/json");
            HttpEntity entity = ((HttpPost) httpUriRequest).getEntity();
            try {
                if (entity instanceof UrlEncodedFormEntity) {
                    if (EntityUtils.toString(entity).equals("grant_type=client_credentials&client_id=someclient&client_secret=somesecret&scope=openid")) {
                        z = true;
                        return !z2 && z;
                    }
                }
                z = false;
                if (z2) {
                }
            } catch (IOException e) {
                return false;
            }
        };
    }
}
