package org.apache.nifi.web.security.oidc;

import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.AuthorizationGrant;
import com.nimbusds.oauth2.sdk.id.State;
import java.net.URI;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/nifi/web/security/oidc/OidcServiceTest.class */
public class OidcServiceTest {
    public static final String TEST_REQUEST_IDENTIFIER = "test-request-identifier";
    public static final String TEST_STATE = "test-state";

    @Test(expected = IllegalStateException.class)
    public void testOidcNotEnabledCreateState() throws Exception {
        getServiceWithNoOidcSupport().createState(TEST_REQUEST_IDENTIFIER);
    }

    @Test(expected = IllegalStateException.class)
    public void testCreateStateMultipleInvocations() throws Exception {
        OidcService serviceWithOidcSupport = getServiceWithOidcSupport();
        serviceWithOidcSupport.createState(TEST_REQUEST_IDENTIFIER);
        serviceWithOidcSupport.createState(TEST_REQUEST_IDENTIFIER);
    }

    @Test(expected = IllegalStateException.class)
    public void testOidcNotEnabledValidateState() throws Exception {
        getServiceWithNoOidcSupport().isStateValid(TEST_REQUEST_IDENTIFIER, new State(TEST_STATE));
    }

    @Test
    public void testOidcUnknownState() throws Exception {
        Assert.assertFalse(getServiceWithOidcSupport().isStateValid(TEST_REQUEST_IDENTIFIER, new State(TEST_STATE)));
    }

    @Test
    public void testValidateState() throws Exception {
        OidcService serviceWithOidcSupport = getServiceWithOidcSupport();
        Assert.assertTrue(serviceWithOidcSupport.isStateValid(TEST_REQUEST_IDENTIFIER, serviceWithOidcSupport.createState(TEST_REQUEST_IDENTIFIER)));
    }

    @Test
    public void testValidateStateExpiration() throws Exception {
        OidcService serviceWithOidcSupportAndCustomExpiration = getServiceWithOidcSupportAndCustomExpiration(1, TimeUnit.SECONDS);
        State createState = serviceWithOidcSupportAndCustomExpiration.createState(TEST_REQUEST_IDENTIFIER);
        Thread.sleep(3000L);
        Assert.assertFalse(serviceWithOidcSupportAndCustomExpiration.isStateValid(TEST_REQUEST_IDENTIFIER, createState));
    }

    @Test(expected = IllegalStateException.class)
    public void testOidcNotEnabledExchangeCode() throws Exception {
        getServiceWithNoOidcSupport().exchangeAuthorizationCode(TEST_REQUEST_IDENTIFIER, getAuthorizationCodeGrant());
    }

    @Test(expected = IllegalStateException.class)
    public void testExchangeCodeMultipleInvocation() throws Exception {
        OidcService serviceWithOidcSupport = getServiceWithOidcSupport();
        serviceWithOidcSupport.exchangeAuthorizationCode(TEST_REQUEST_IDENTIFIER, getAuthorizationCodeGrant());
        serviceWithOidcSupport.exchangeAuthorizationCode(TEST_REQUEST_IDENTIFIER, getAuthorizationCodeGrant());
    }

    @Test(expected = IllegalStateException.class)
    public void testOidcNotEnabledGetJwt() throws Exception {
        getServiceWithNoOidcSupport().getJwt(TEST_REQUEST_IDENTIFIER);
    }

    @Test
    public void testGetJwt() throws Exception {
        OidcService serviceWithOidcSupport = getServiceWithOidcSupport();
        serviceWithOidcSupport.exchangeAuthorizationCode(TEST_REQUEST_IDENTIFIER, getAuthorizationCodeGrant());
        Assert.assertNotNull(serviceWithOidcSupport.getJwt(TEST_REQUEST_IDENTIFIER));
    }

    @Test
    public void testGetJwtExpiration() throws Exception {
        OidcService serviceWithOidcSupportAndCustomExpiration = getServiceWithOidcSupportAndCustomExpiration(1, TimeUnit.SECONDS);
        serviceWithOidcSupportAndCustomExpiration.exchangeAuthorizationCode(TEST_REQUEST_IDENTIFIER, getAuthorizationCodeGrant());
        Thread.sleep(3000L);
        Assert.assertNull(serviceWithOidcSupportAndCustomExpiration.getJwt(TEST_REQUEST_IDENTIFIER));
    }

    private OidcService getServiceWithNoOidcSupport() {
        OidcIdentityProvider oidcIdentityProvider = (OidcIdentityProvider) Mockito.mock(OidcIdentityProvider.class);
        Mockito.when(Boolean.valueOf(oidcIdentityProvider.isOidcEnabled())).thenReturn(false);
        OidcService oidcService = new OidcService(oidcIdentityProvider);
        Assert.assertFalse(oidcService.isOidcEnabled());
        return oidcService;
    }

    private OidcService getServiceWithOidcSupport() throws Exception {
        OidcIdentityProvider oidcIdentityProvider = (OidcIdentityProvider) Mockito.mock(OidcIdentityProvider.class);
        Mockito.when(Boolean.valueOf(oidcIdentityProvider.isOidcEnabled())).thenReturn(true);
        Mockito.when(oidcIdentityProvider.exchangeAuthorizationCode((AuthorizationGrant) ArgumentMatchers.any())).then(invocationOnMock -> {
            return UUID.randomUUID().toString();
        });
        OidcService oidcService = new OidcService(oidcIdentityProvider);
        Assert.assertTrue(oidcService.isOidcEnabled());
        return oidcService;
    }

    private OidcService getServiceWithOidcSupportAndCustomExpiration(int i, TimeUnit timeUnit) throws Exception {
        OidcIdentityProvider oidcIdentityProvider = (OidcIdentityProvider) Mockito.mock(OidcIdentityProvider.class);
        Mockito.when(Boolean.valueOf(oidcIdentityProvider.isOidcEnabled())).thenReturn(true);
        Mockito.when(oidcIdentityProvider.exchangeAuthorizationCode((AuthorizationGrant) ArgumentMatchers.any())).then(invocationOnMock -> {
            return UUID.randomUUID().toString();
        });
        OidcService oidcService = new OidcService(oidcIdentityProvider, i, timeUnit);
        Assert.assertTrue(oidcService.isOidcEnabled());
        return oidcService;
    }

    private AuthorizationCodeGrant getAuthorizationCodeGrant() {
        return new AuthorizationCodeGrant(new AuthorizationCode("code"), URI.create("http://localhost:8080/nifi"));
    }
}
