package org.apache.nifi.web.security.oidc;

import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.AuthorizationGrant;
import com.nimbusds.oauth2.sdk.id.State;
import java.net.URI;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/nifi/web/security/oidc/OidcServiceTest.class */
public class OidcServiceTest {
    public static final String TEST_REQUEST_IDENTIFIER = "test-request-identifier";
    public static final String TEST_STATE = "test-state";

    @Test
    public void testOidcNotEnabledCreateState() {
        OidcService serviceWithNoOidcSupport = getServiceWithNoOidcSupport();
        Assertions.assertThrows(IllegalStateException.class, () -> {
            serviceWithNoOidcSupport.createState(TEST_REQUEST_IDENTIFIER);
        });
    }

    @Test
    public void testCreateStateMultipleInvocations() {
        OidcService serviceWithOidcSupport = getServiceWithOidcSupport();
        serviceWithOidcSupport.createState(TEST_REQUEST_IDENTIFIER);
        Assertions.assertThrows(IllegalStateException.class, () -> {
            serviceWithOidcSupport.createState(TEST_REQUEST_IDENTIFIER);
        });
    }

    @Test
    public void testOidcNotEnabledValidateState() {
        OidcService serviceWithNoOidcSupport = getServiceWithNoOidcSupport();
        Assertions.assertThrows(IllegalStateException.class, () -> {
            serviceWithNoOidcSupport.isStateValid(TEST_REQUEST_IDENTIFIER, new State(TEST_STATE));
        });
    }

    @Test
    public void testOidcUnknownState() {
        Assertions.assertFalse(getServiceWithOidcSupport().isStateValid(TEST_REQUEST_IDENTIFIER, new State(TEST_STATE)));
    }

    @Test
    public void testValidateState() {
        OidcService serviceWithOidcSupport = getServiceWithOidcSupport();
        Assertions.assertTrue(serviceWithOidcSupport.isStateValid(TEST_REQUEST_IDENTIFIER, serviceWithOidcSupport.createState(TEST_REQUEST_IDENTIFIER)));
    }

    @Test
    public void testValidateStateExpiration() throws Exception {
        OidcService serviceWithOidcSupportAndCustomExpiration = getServiceWithOidcSupportAndCustomExpiration(1, TimeUnit.SECONDS);
        State createState = serviceWithOidcSupportAndCustomExpiration.createState(TEST_REQUEST_IDENTIFIER);
        Thread.sleep(3000L);
        Assertions.assertFalse(serviceWithOidcSupportAndCustomExpiration.isStateValid(TEST_REQUEST_IDENTIFIER, createState));
    }

    @Test
    public void testStoreJwtMultipleInvocation() {
        OidcService serviceWithOidcSupport = getServiceWithOidcSupport();
        serviceWithOidcSupport.storeJwt(TEST_REQUEST_IDENTIFIER, "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ik5pRmkgT0lEQyBVbml0IFRlc3RlciIsImlhdCI6MTUxNjIzOTAyMiwiZXhwIjoxNTE2MzM5MDIyLCJpc3MiOiJuaWZpX3VuaXRfdGVzdF9hdXRoyZyJ9.b4NIl0RONKdVLOH0D1eObdwAEX8qX-ExqB8KuKSZFLw");
        Assertions.assertThrows(IllegalStateException.class, () -> {
            serviceWithOidcSupport.storeJwt(TEST_REQUEST_IDENTIFIER, "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI5ODc2NTQzMjEwIiwibmFtZSI6Ik5pRmkgT0lEQyBVbml0IFRlc3RlciIsImlhdCI6MTUxNjIzOTAyMiwiZXhwIjoxNTE2MzM5MDIyLCJpc3MiOiJuaWZpX3VuaXRfdGVzdF9hdXRob3JpdHkiLCJhdWQiOiJhbGwiLCJ1c2VybmFtZSI6Im9pZGNfdGVzdCIsImVtYWlsIjoib2lkY190ZXN0QG5pZmkuYXBhY2hlLm9yZyJ9.nlYhplDLXeGAwW62rJ_ZnEaG7nxEB4TbaJNK-_pC4WQ");
        });
    }

    @Test
    public void testOidcNotEnabledExchangeCodeForLoginAuthenticationToken() {
        OidcService serviceWithNoOidcSupport = getServiceWithNoOidcSupport();
        Assertions.assertThrows(IllegalStateException.class, () -> {
            serviceWithNoOidcSupport.exchangeAuthorizationCodeForLoginAuthenticationToken(getAuthorizationGrant());
        });
    }

    @Test
    public void testOidcNotEnabledExchangeCodeForAccessToken() {
        OidcService serviceWithNoOidcSupport = getServiceWithNoOidcSupport();
        Assertions.assertThrows(IllegalStateException.class, () -> {
            serviceWithNoOidcSupport.exchangeAuthorizationCodeForAccessToken(getAuthorizationGrant());
        });
    }

    @Test
    public void testOidcNotEnabledExchangeCodeForIdToken() {
        OidcService serviceWithNoOidcSupport = getServiceWithNoOidcSupport();
        Assertions.assertThrows(IllegalStateException.class, () -> {
            serviceWithNoOidcSupport.exchangeAuthorizationCodeForIdToken(getAuthorizationGrant());
        });
    }

    @Test
    public void testOidcNotEnabledGetJwt() {
        OidcService serviceWithNoOidcSupport = getServiceWithNoOidcSupport();
        Assertions.assertThrows(IllegalStateException.class, () -> {
            serviceWithNoOidcSupport.getJwt(TEST_REQUEST_IDENTIFIER);
        });
    }

    private OidcService getServiceWithNoOidcSupport() {
        OidcIdentityProvider oidcIdentityProvider = (OidcIdentityProvider) Mockito.mock(OidcIdentityProvider.class);
        Mockito.when(Boolean.valueOf(oidcIdentityProvider.isOidcEnabled())).thenReturn(false);
        OidcService oidcService = new OidcService(oidcIdentityProvider);
        Assertions.assertFalse(oidcService.isOidcEnabled());
        return oidcService;
    }

    private OidcService getServiceWithOidcSupport() {
        OidcIdentityProvider oidcIdentityProvider = (OidcIdentityProvider) Mockito.mock(OidcIdentityProvider.class);
        Mockito.when(Boolean.valueOf(oidcIdentityProvider.isOidcEnabled())).thenReturn(true);
        OidcService oidcService = new OidcService(oidcIdentityProvider);
        Assertions.assertTrue(oidcService.isOidcEnabled());
        return oidcService;
    }

    private OidcService getServiceWithOidcSupportAndCustomExpiration(int i, TimeUnit timeUnit) throws Exception {
        OidcIdentityProvider oidcIdentityProvider = (OidcIdentityProvider) Mockito.mock(OidcIdentityProvider.class);
        Mockito.when(Boolean.valueOf(oidcIdentityProvider.isOidcEnabled())).thenReturn(true);
        Mockito.when(oidcIdentityProvider.exchangeAuthorizationCodeforLoginAuthenticationToken((AuthorizationGrant) ArgumentMatchers.any())).then(invocationOnMock -> {
            return UUID.randomUUID().toString();
        });
        OidcService oidcService = new OidcService(oidcIdentityProvider, i, timeUnit);
        Assertions.assertTrue(oidcService.isOidcEnabled());
        return oidcService;
    }

    private AuthorizationGrant getAuthorizationGrant() {
        return new AuthorizationCodeGrant(new AuthorizationCode("code"), URI.create("http://localhost:8080/nifi"));
    }
}
