package org.apache.nifi.web.security.jwt;

import java.util.Properties;
import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.authorization.user.NiFiUserDetails;
import org.apache.nifi.properties.StandardNiFiProperties;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.security.InvalidAuthenticationException;
import org.apache.nifi.web.security.token.LoginAuthenticationToken;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/nifi/web/security/jwt/JwtAuthenticationProviderTest.class */
public class JwtAuthenticationProviderTest {

    @Rule
    public ExpectedException expectedException = ExpectedException.none();
    private static final int EXPIRATION_MILLIS = 60000;
    private static final String CLIENT_ADDRESS = "127.0.0.1";
    private static final String ADMIN_IDENTITY = "nifiadmin";
    private static final String REALMED_ADMIN_KERBEROS_IDENTITY = "nifiadmin@nifi.apache.org";
    private static final String UNKNOWN_TOKEN = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1bmtub3duX3Rva2VuIiwiaXNzIjoiS2VyYmVyb3NQcm92aWRlciIsImF1ZCI6IktlcmJlcm9zUHJvdmlkZXIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJ1bmtub3duX3Rva2VuIiwia2lkIjoxLCJleHAiOjE2OTI0NTQ2NjcsImlhdCI6MTU5MjQxMTQ2N30.PpOGx3Ul5ydokOOuzKdaRKv1kxy6Q4jGy7rBPU8PqxY";
    private NiFiProperties properties;
    private JwtService jwtService;
    private JwtAuthenticationProvider jwtAuthenticationProvider;

    @Before
    public void setUp() throws Exception {
        this.jwtService = new JwtService(new TestKeyService());
        Properties properties = new Properties();
        NiFiProperties niFiProperties = this.properties;
        properties.put("nifi.security.identity.mapping.pattern.", "^(.*?)@(.*?)$");
        NiFiProperties niFiProperties2 = this.properties;
        properties.put("nifi.security.identity.mapping.value.", "$1");
        this.properties = new StandardNiFiProperties(properties);
        this.jwtAuthenticationProvider = new JwtAuthenticationProvider(this.jwtService, this.properties, (Authorizer) Mockito.mock(Authorizer.class));
    }

    @Test
    public void testAdminIdentityAndTokenIsValid() throws Exception {
        Assert.assertEquals(ADMIN_IDENTITY, ((NiFiUserDetails) this.jwtAuthenticationProvider.authenticate(new JwtAuthenticationRequestToken(this.jwtService.generateSignedToken(new LoginAuthenticationToken(ADMIN_IDENTITY, 60000L, "MockIdentityProvider")), CLIENT_ADDRESS)).getPrincipal()).getUsername());
    }

    @Test
    public void testKerberosRealmedIdentityAndTokenIsValid() throws Exception {
        Assert.assertEquals(ADMIN_IDENTITY, ((NiFiUserDetails) this.jwtAuthenticationProvider.authenticate(new JwtAuthenticationRequestToken(this.jwtService.generateSignedToken(new LoginAuthenticationToken(REALMED_ADMIN_KERBEROS_IDENTITY, 60000L, "MockIdentityProvider")), CLIENT_ADDRESS)).getPrincipal()).getUsername());
    }

    @Test
    public void testFailToAuthenticateWithUnknownToken() throws Exception {
        this.expectedException.expect(InvalidAuthenticationException.class);
        this.expectedException.expectMessage("Unable to validate the access token.");
        this.jwtService.generateSignedToken(new LoginAuthenticationToken(ADMIN_IDENTITY, 60000L, "MockIdentityProvider"));
        this.jwtAuthenticationProvider.authenticate(new JwtAuthenticationRequestToken(UNKNOWN_TOKEN, CLIENT_ADDRESS));
    }
}
