package org.apache.nifi.web.security.otp;

import java.util.Arrays;
import java.util.Collections;
import java.util.Set;
import org.apache.nifi.admin.service.IdpUserGroupService;
import org.apache.nifi.authorization.AccessPolicyProvider;
import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.authorization.Group;
import org.apache.nifi.authorization.ManagedAuthorizer;
import org.apache.nifi.authorization.User;
import org.apache.nifi.authorization.UserAndGroups;
import org.apache.nifi.authorization.UserGroupProvider;
import org.apache.nifi.authorization.user.NiFiUser;
import org.apache.nifi.authorization.user.NiFiUserDetails;
import org.apache.nifi.idp.IdpType;
import org.apache.nifi.idp.IdpUserGroup;
import org.apache.nifi.util.NiFiProperties;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;

/* loaded from: input_file:org/apache/nifi/web/security/otp/OtpAuthenticationProviderTest.class */
public class OtpAuthenticationProviderTest {
    private static final String UI_EXTENSION_AUTHENTICATED_USER = "ui-extension-token-authenticated-user";
    private static final String UI_EXTENSION_TOKEN = "ui-extension-token";
    private static final String DOWNLOAD_AUTHENTICATED_USER = "download-token-authenticated-user";
    private static final String DOWNLOAD_TOKEN = "download-token";
    private OtpService otpService;
    private OtpAuthenticationProvider otpAuthenticationProvider;
    private NiFiProperties nifiProperties;
    private IdpUserGroupService idpUserGroupService;

    @Before
    public void setUp() throws Exception {
        this.otpService = (OtpService) Mockito.mock(OtpService.class);
        ((OtpService) Mockito.doAnswer(new Answer<String>() { // from class: org.apache.nifi.web.security.otp.OtpAuthenticationProviderTest.1
            /* renamed from: answer, reason: merged with bridge method [inline-methods] */
            public String m8answer(InvocationOnMock invocationOnMock) throws Throwable {
                if (OtpAuthenticationProviderTest.DOWNLOAD_TOKEN.equals((String) invocationOnMock.getArguments()[0])) {
                    return OtpAuthenticationProviderTest.DOWNLOAD_AUTHENTICATED_USER;
                }
                throw new OtpAuthenticationException("Invalid token");
            }
        }).when(this.otpService)).getAuthenticationFromDownloadToken(ArgumentMatchers.anyString());
        ((OtpService) Mockito.doAnswer(new Answer<String>() { // from class: org.apache.nifi.web.security.otp.OtpAuthenticationProviderTest.2
            /* renamed from: answer, reason: merged with bridge method [inline-methods] */
            public String m9answer(InvocationOnMock invocationOnMock) throws Throwable {
                if (OtpAuthenticationProviderTest.UI_EXTENSION_TOKEN.equals((String) invocationOnMock.getArguments()[0])) {
                    return OtpAuthenticationProviderTest.UI_EXTENSION_AUTHENTICATED_USER;
                }
                throw new OtpAuthenticationException("Invalid token");
            }
        }).when(this.otpService)).getAuthenticationFromUiExtensionToken(ArgumentMatchers.anyString());
        this.idpUserGroupService = (IdpUserGroupService) Mockito.mock(IdpUserGroupService.class);
        this.otpAuthenticationProvider = new OtpAuthenticationProvider(this.otpService, (NiFiProperties) Mockito.mock(NiFiProperties.class), (Authorizer) Mockito.mock(Authorizer.class), this.idpUserGroupService);
    }

    @Test
    public void testUiExtensionPath() throws Exception {
        Mockito.when(this.idpUserGroupService.getUserGroups(ArgumentMatchers.anyString())).thenReturn(Collections.emptyList());
        NiFiUserDetails niFiUserDetails = (NiFiUserDetails) this.otpAuthenticationProvider.authenticate(new OtpAuthenticationRequestToken(UI_EXTENSION_TOKEN, false, (String) null)).getPrincipal();
        Assert.assertEquals(UI_EXTENSION_AUTHENTICATED_USER, niFiUserDetails.getUsername());
        Assert.assertNotNull(niFiUserDetails.getNiFiUser());
        Assert.assertNull(niFiUserDetails.getNiFiUser().getGroups());
        Assert.assertNotNull(niFiUserDetails.getNiFiUser().getIdentityProviderGroups());
        Assert.assertEquals(0L, niFiUserDetails.getNiFiUser().getIdentityProviderGroups().size());
        Assert.assertNotNull(niFiUserDetails.getNiFiUser().getAllGroups());
        Assert.assertEquals(0L, niFiUserDetails.getNiFiUser().getAllGroups().size());
        ((OtpService) Mockito.verify(this.otpService, Mockito.times(1))).getAuthenticationFromUiExtensionToken(UI_EXTENSION_TOKEN);
        ((OtpService) Mockito.verify(this.otpService, Mockito.never())).getAuthenticationFromDownloadToken(ArgumentMatchers.anyString());
    }

    @Test
    public void testDownload() throws Exception {
        Mockito.when(this.idpUserGroupService.getUserGroups(ArgumentMatchers.anyString())).thenReturn(Collections.emptyList());
        NiFiUserDetails niFiUserDetails = (NiFiUserDetails) this.otpAuthenticationProvider.authenticate(new OtpAuthenticationRequestToken(DOWNLOAD_TOKEN, true, (String) null)).getPrincipal();
        Assert.assertEquals(DOWNLOAD_AUTHENTICATED_USER, niFiUserDetails.getUsername());
        Assert.assertNotNull(niFiUserDetails.getNiFiUser());
        Assert.assertNull(niFiUserDetails.getNiFiUser().getGroups());
        Assert.assertNotNull(niFiUserDetails.getNiFiUser().getIdentityProviderGroups());
        Assert.assertEquals(0L, niFiUserDetails.getNiFiUser().getIdentityProviderGroups().size());
        Assert.assertNotNull(niFiUserDetails.getNiFiUser().getAllGroups());
        Assert.assertEquals(0L, niFiUserDetails.getNiFiUser().getAllGroups().size());
        ((OtpService) Mockito.verify(this.otpService, Mockito.never())).getAuthenticationFromUiExtensionToken(ArgumentMatchers.anyString());
        ((OtpService) Mockito.verify(this.otpService, Mockito.times(1))).getAuthenticationFromDownloadToken(DOWNLOAD_TOKEN);
    }

    @Test
    public void testWhenIdpUserGroupsArePresent() {
        Mockito.when(this.idpUserGroupService.getUserGroups(DOWNLOAD_AUTHENTICATED_USER)).thenReturn(Arrays.asList(createIdpUserGroup(1, DOWNLOAD_AUTHENTICATED_USER, "group1", IdpType.SAML), createIdpUserGroup(2, DOWNLOAD_AUTHENTICATED_USER, "group2", IdpType.SAML)));
        NiFiUserDetails niFiUserDetails = (NiFiUserDetails) this.otpAuthenticationProvider.authenticate(new OtpAuthenticationRequestToken(DOWNLOAD_TOKEN, true, (String) null)).getPrincipal();
        Assert.assertEquals(DOWNLOAD_AUTHENTICATED_USER, niFiUserDetails.getUsername());
        NiFiUser niFiUser = niFiUserDetails.getNiFiUser();
        Assert.assertNotNull(niFiUser);
        Assert.assertNull(niFiUser.getGroups());
        Assert.assertNotNull(niFiUser.getIdentityProviderGroups());
        Assert.assertEquals(2L, niFiUser.getIdentityProviderGroups().size());
        Assert.assertTrue(niFiUser.getIdentityProviderGroups().contains("group1"));
        Assert.assertTrue(niFiUser.getIdentityProviderGroups().contains("group1"));
        ((OtpService) Mockito.verify(this.otpService, Mockito.never())).getAuthenticationFromUiExtensionToken(ArgumentMatchers.anyString());
        ((OtpService) Mockito.verify(this.otpService, Mockito.times(1))).getAuthenticationFromDownloadToken(DOWNLOAD_TOKEN);
    }

    @Test
    public void testWhenUserGroupProviderGroupsAndIdpUserGroupsArePresent() {
        Mockito.when(this.idpUserGroupService.getUserGroups(DOWNLOAD_AUTHENTICATED_USER)).thenReturn(Arrays.asList(createIdpUserGroup(1, DOWNLOAD_AUTHENTICATED_USER, "group1", IdpType.SAML), createIdpUserGroup(2, DOWNLOAD_AUTHENTICATED_USER, "group2", IdpType.SAML)));
        final Group build = new Group.Builder().identifierGenerateRandom().name("group3").build();
        UserGroupProvider userGroupProvider = (UserGroupProvider) Mockito.mock(UserGroupProvider.class);
        Mockito.when(userGroupProvider.getUserAndGroups(DOWNLOAD_AUTHENTICATED_USER)).thenReturn(new UserAndGroups() { // from class: org.apache.nifi.web.security.otp.OtpAuthenticationProviderTest.3
            public User getUser() {
                return new User.Builder().identifier(OtpAuthenticationProviderTest.DOWNLOAD_AUTHENTICATED_USER).identity(OtpAuthenticationProviderTest.DOWNLOAD_AUTHENTICATED_USER).build();
            }

            public Set<Group> getGroups() {
                return Collections.singleton(build);
            }
        });
        AccessPolicyProvider accessPolicyProvider = (AccessPolicyProvider) Mockito.mock(AccessPolicyProvider.class);
        Mockito.when(accessPolicyProvider.getUserGroupProvider()).thenReturn(userGroupProvider);
        ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) Mockito.mock(ManagedAuthorizer.class);
        Mockito.when(managedAuthorizer.getAccessPolicyProvider()).thenReturn(accessPolicyProvider);
        this.otpAuthenticationProvider = new OtpAuthenticationProvider(this.otpService, (NiFiProperties) Mockito.mock(NiFiProperties.class), managedAuthorizer, this.idpUserGroupService);
        NiFiUserDetails niFiUserDetails = (NiFiUserDetails) this.otpAuthenticationProvider.authenticate(new OtpAuthenticationRequestToken(DOWNLOAD_TOKEN, true, (String) null)).getPrincipal();
        Assert.assertEquals(DOWNLOAD_AUTHENTICATED_USER, niFiUserDetails.getUsername());
        NiFiUser niFiUser = niFiUserDetails.getNiFiUser();
        Assert.assertNotNull(niFiUser);
        Assert.assertEquals(1L, niFiUser.getGroups().size());
        Assert.assertTrue(niFiUser.getGroups().contains("group3"));
        Assert.assertEquals(2L, niFiUser.getIdentityProviderGroups().size());
        Assert.assertTrue(niFiUser.getIdentityProviderGroups().contains("group1"));
        Assert.assertTrue(niFiUser.getIdentityProviderGroups().contains("group2"));
        Assert.assertEquals(3L, niFiUser.getAllGroups().size());
        Assert.assertTrue(niFiUser.getAllGroups().contains("group1"));
        Assert.assertTrue(niFiUser.getAllGroups().contains("group2"));
        Assert.assertTrue(niFiUser.getAllGroups().contains("group3"));
        ((OtpService) Mockito.verify(this.otpService, Mockito.never())).getAuthenticationFromUiExtensionToken(ArgumentMatchers.anyString());
        ((OtpService) Mockito.verify(this.otpService, Mockito.times(1))).getAuthenticationFromDownloadToken(DOWNLOAD_TOKEN);
    }

    private IdpUserGroup createIdpUserGroup(int i, String str, String str2, IdpType idpType) {
        IdpUserGroup idpUserGroup = new IdpUserGroup();
        idpUserGroup.setId(i);
        idpUserGroup.setIdentity(str);
        idpUserGroup.setGroupName(str2);
        idpUserGroup.setType(idpType);
        return idpUserGroup;
    }
}
