package io.confluent.security.authentication.oidc;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.net.URI;
import java.net.URL;
import java.util.Calendar;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.Invocation;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Response;
import org.easymock.EasyMock;
import org.junit.Assert;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/confluent/security/authentication/oidc/OpenIdClientTest.class */
public final class OpenIdClientTest {
    private static final String CLIENT_ID = "client_id";
    private static final String CLIENT_SECRET = "client_secret";
    private static final String CLIENT_SECRET_BASIC = "Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=";
    private static final String ISSUER = "https://fake-issuer.okta.com/oauth2/default";
    private static final String METADATA_ENDPOINT = "https://fake-issuer.okta.com/oauth2/default/.well-known/openid-configuration";
    private static final String TOKEN_ENDPOINT = "/v1/token";
    private static final String ACCESS_TOKEN = "access_token";
    private static final String TOKEN_TYPE = "Bearer";
    private static final int EXPIRES_IN_SECONDS = 3600;
    private static final String SCOPE = "test";
    private Client clientMock;
    private Invocation.Builder invocationMock;
    private WebTarget targetMock;
    private Response responseMock;
    private ObjectMapper objectMapperMock;

    @BeforeEach
    public void setUp() throws Exception {
        this.clientMock = (Client) EasyMock.mock(Client.class);
        this.invocationMock = (Invocation.Builder) EasyMock.mock(Invocation.Builder.class);
        this.targetMock = (WebTarget) EasyMock.mock(WebTarget.class);
        this.responseMock = (Response) EasyMock.mock(Response.class);
        this.objectMapperMock = (ObjectMapper) EasyMock.mock(ObjectMapper.class);
    }

    @Test
    public void testSuccessfulClientCredentialsGrant() throws Exception {
        setUpMocks(1);
        ClientCredentialsGrant clientCredentialsGrant = new ClientCredentialsGrant(new HashSet(Collections.singletonList(SCOPE)));
        buildClient().handleGrant(clientCredentialsGrant);
        Assert.assertNotNull(clientCredentialsGrant.getTokenResponse());
        Assert.assertEquals(ACCESS_TOKEN, clientCredentialsGrant.getTokenResponse().getAccessToken());
        Assert.assertEquals(SCOPE, clientCredentialsGrant.getTokenResponse().getScope());
        Assert.assertNull(clientCredentialsGrant.getTokenResponse().getIdToken());
    }

    @Test
    public void testClientCredentialsGrantReturnsCachedResult() throws Exception {
        setUpMocks(1);
        ClientCredentialsGrant clientCredentialsGrant = new ClientCredentialsGrant(new HashSet(Collections.singletonList(SCOPE)));
        ClientCredentialsGrant clientCredentialsGrant2 = new ClientCredentialsGrant(new HashSet(Collections.singletonList(SCOPE)));
        OpenIdClient buildClient = buildClient();
        buildClient.handleGrant(clientCredentialsGrant);
        buildClient.handleGrant(clientCredentialsGrant2);
        Assert.assertNotNull(clientCredentialsGrant2.getTokenResponse());
        Assert.assertEquals(ACCESS_TOKEN, clientCredentialsGrant2.getTokenResponse().getAccessToken());
        Assert.assertEquals(SCOPE, clientCredentialsGrant2.getTokenResponse().getScope());
        Assert.assertNull(clientCredentialsGrant2.getTokenResponse().getIdToken());
    }

    @Test
    public void testClientCredentialsGrantUpdatesExpiredCache() throws Exception {
        setUpMocks(2);
        Calendar calendar = Calendar.getInstance();
        ClientCredentialsGrant clientCredentialsGrant = new ClientCredentialsGrant(new HashSet(Collections.singletonList(SCOPE)));
        ClientCredentialsGrant clientCredentialsGrant2 = new ClientCredentialsGrant(new HashSet(Collections.singletonList(SCOPE)));
        OpenIdClient buildClient = buildClient(calendar);
        buildClient.handleGrant(clientCredentialsGrant);
        calendar.add(13, EXPIRES_IN_SECONDS);
        buildClient.handleGrant(clientCredentialsGrant2);
        Assert.assertNotNull(clientCredentialsGrant2.getTokenResponse());
        Assert.assertEquals(ACCESS_TOKEN, clientCredentialsGrant2.getTokenResponse().getAccessToken());
        Assert.assertEquals(SCOPE, clientCredentialsGrant2.getTokenResponse().getScope());
        Assert.assertNull(clientCredentialsGrant2.getTokenResponse().getIdToken());
    }

    @AfterEach
    public void tearDown() throws Exception {
        EasyMock.verify(new Object[]{this.clientMock, this.invocationMock, this.targetMock, this.responseMock, this.objectMapperMock});
        EasyMock.reset(new Object[]{this.clientMock, this.invocationMock, this.targetMock, this.responseMock, this.objectMapperMock});
    }

    private void setUpMocks(int i) throws Exception {
        TokenResponse tokenResponse = new TokenResponse(ACCESS_TOKEN, TOKEN_TYPE, (String) null, 3600L, (String) null, SCOPE);
        MetadataResponse build = MetadataResponse.builder().tokenEndpoint(new URI(TOKEN_ENDPOINT)).build();
        EasyMock.expect(this.clientMock.target(new URI(TOKEN_ENDPOINT))).andReturn(this.targetMock).times(i);
        EasyMock.expect(this.objectMapperMock.readValue(new URL(METADATA_ENDPOINT), MetadataResponse.class)).andReturn(build);
        EasyMock.expect(this.objectMapperMock.convertValue(EasyMock.anyObject(ClientCredentialsGrant.class), (TypeReference) EasyMock.anyObject())).andReturn(new HashMap()).times(i);
        EasyMock.expect(this.targetMock.request(new String[]{"application/x-www-form-urlencoded"})).andReturn(this.invocationMock).times(i);
        EasyMock.expect(this.invocationMock.accept(new String[]{"application/json"})).andReturn(this.invocationMock).times(i);
        EasyMock.expect(this.invocationMock.header("Authorization", CLIENT_SECRET_BASIC)).andReturn(this.invocationMock).times(i);
        EasyMock.expect(this.invocationMock.post((Entity) EasyMock.anyObject())).andReturn(this.responseMock).times(i);
        EasyMock.expect(this.responseMock.getStatusInfo()).andReturn(Response.Status.OK).times(i);
        EasyMock.expect(this.responseMock.readEntity(TokenResponse.class)).andReturn(tokenResponse).times(i);
        EasyMock.replay(new Object[]{this.clientMock, this.invocationMock, this.targetMock, this.responseMock, this.objectMapperMock});
    }

    private OpenIdClient buildClient() {
        return buildClient(Calendar.getInstance());
    }

    private OpenIdClient buildClient(Calendar calendar) {
        return OpenIdClient.builder().credentialsSupplier(() -> {
            return new ClientCredentials(CLIENT_ID, CLIENT_SECRET);
        }).issuer(ISSUER).objectMapper(this.objectMapperMock).client(this.clientMock).calendar(calendar).build();
    }
}
