package org.apache.nifi.web.security.jwt.converter;

import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.PlainJWT;
import java.util.Collections;
import java.util.HashMap;
import org.apache.nifi.admin.service.IdpUserGroupService;
import org.apache.nifi.authorization.AccessPolicyProvider;
import org.apache.nifi.authorization.Group;
import org.apache.nifi.authorization.ManagedAuthorizer;
import org.apache.nifi.authorization.UserAndGroups;
import org.apache.nifi.authorization.UserGroupProvider;
import org.apache.nifi.authorization.user.NiFiUser;
import org.apache.nifi.authorization.user.NiFiUserDetails;
import org.apache.nifi.idp.IdpUserGroup;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.security.token.NiFiAuthenticationToken;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.security.oauth2.jwt.Jwt;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:org/apache/nifi/web/security/jwt/converter/StandardJwtAuthenticationConverterTest.class */
public class StandardJwtAuthenticationConverterTest {
    private static final String USERNAME = "NiFi";
    private static final String AUTHORIZER_GROUP = "AuthorizerGroup";
    private static final String PROVIDER_GROUP = "ProviderGroup";
    private static final String TYPE_FIELD = "typ";
    private static final String JWT_TYPE = "JWT";

    @Mock
    private ManagedAuthorizer authorizer;

    @Mock
    private AccessPolicyProvider accessPolicyProvider;

    @Mock
    private UserGroupProvider userGroupProvider;

    @Mock
    private UserAndGroups userAndGroups;

    @Mock
    private IdpUserGroupService idpUserGroupService;
    private StandardJwtAuthenticationConverter converter;

    @BeforeEach
    public void setConverter() {
        this.converter = new StandardJwtAuthenticationConverter(this.authorizer, this.idpUserGroupService, NiFiProperties.createBasicNiFiProperties("", new HashMap()));
        Mockito.when(this.authorizer.getAccessPolicyProvider()).thenReturn(this.accessPolicyProvider);
        Mockito.when(this.accessPolicyProvider.getUserGroupProvider()).thenReturn(this.userGroupProvider);
        Mockito.when(this.userGroupProvider.getUserAndGroups((String) ArgumentMatchers.eq(USERNAME))).thenReturn(this.userAndGroups);
        Mockito.when(this.userAndGroups.getGroups()).thenReturn(Collections.singleton(new Group.Builder().name(AUTHORIZER_GROUP).identifier(AUTHORIZER_GROUP).build()));
        IdpUserGroup idpUserGroup = new IdpUserGroup();
        idpUserGroup.setGroupName(PROVIDER_GROUP);
        Mockito.when(this.idpUserGroupService.getUserGroups((String) ArgumentMatchers.eq(USERNAME))).thenReturn(Collections.singletonList(idpUserGroup));
    }

    @Test
    public void testConvert() {
        NiFiAuthenticationToken convert = this.converter.convert(Jwt.withTokenValue(new PlainJWT(new JWTClaimsSet.Builder().subject(USERNAME).build()).serialize()).header(TYPE_FIELD, JWT_TYPE).subject(USERNAME).build());
        Assertions.assertNotNull(convert);
        Assertions.assertEquals(USERNAME, convert.toString());
        NiFiUser niFiUser = ((NiFiUserDetails) convert.getDetails()).getNiFiUser();
        Assertions.assertEquals(Collections.singleton(AUTHORIZER_GROUP), niFiUser.getGroups());
        Assertions.assertEquals(Collections.singleton(PROVIDER_GROUP), niFiUser.getIdentityProviderGroups());
    }
}
