package org.apache.nifi.web.security.oidc.client.web;

import java.net.URI;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:org/apache/nifi/web/security/oidc/client/web/StandardOAuth2AuthorizationRequestResolverTest.class */
class StandardOAuth2AuthorizationRequestResolverTest {
    private static final String REDIRECT_URI = "https://localhost:8443/nifi-api/callback";
    private static final String ALLOWED_CONTEXT_PATHS_PARAMETER = "allowedContextPaths";
    private static final String AUTHORIZATION_URI = "http://localhost/authorize";
    private static final String TOKEN_URI = "http://localhost/token";
    private static final String CLIENT_ID = "client-id";
    MockHttpServletRequest httpServletRequest;
    MockHttpServletResponse httpServletResponse;

    @Mock
    ClientRegistrationRepository clientRegistrationRepository;
    StandardOAuth2AuthorizationRequestResolver resolver;
    private static final String FORWARDED_PATH = "/forwarded";
    private static final String FORWARDED_REDIRECT_URI = String.format("https://localhost.localdomain%s/nifi-api/callback", FORWARDED_PATH);
    private static final String REGISTRATION_ID = OidcRegistrationProperty.REGISTRATION_ID.getProperty();

    StandardOAuth2AuthorizationRequestResolverTest() {
    }

    @BeforeEach
    void setResolver() {
        this.resolver = new StandardOAuth2AuthorizationRequestResolver(this.clientRegistrationRepository);
        this.httpServletRequest = new MockHttpServletRequest();
        this.httpServletResponse = new MockHttpServletResponse();
    }

    @Test
    void testResolveNotFound() {
        Assertions.assertNull(this.resolver.resolve(this.httpServletRequest));
    }

    @Test
    void testResolveClientRegistrationIdNotFound() {
        Assertions.assertNull(this.resolver.resolve(this.httpServletRequest, (String) null));
    }

    @Test
    void testResolveFound() {
        URI create = URI.create(REDIRECT_URI);
        this.httpServletRequest.setScheme(create.getScheme());
        this.httpServletRequest.setServerPort(create.getPort());
        Mockito.when(this.clientRegistrationRepository.findByRegistrationId((String) ArgumentMatchers.eq(REGISTRATION_ID))).thenReturn(getClientRegistration());
        OAuth2AuthorizationRequest resolve = this.resolver.resolve(this.httpServletRequest, REGISTRATION_ID);
        Assertions.assertNotNull(resolve);
        Assertions.assertEquals(REDIRECT_URI, resolve.getRedirectUri());
    }

    @Test
    void testResolveFoundRedirectUriProxyHeaders() {
        Mockito.when(this.clientRegistrationRepository.findByRegistrationId((String) ArgumentMatchers.eq(REGISTRATION_ID))).thenReturn(getClientRegistration());
        this.httpServletRequest.getServletContext().setInitParameter(ALLOWED_CONTEXT_PATHS_PARAMETER, FORWARDED_PATH);
        URI create = URI.create(FORWARDED_REDIRECT_URI);
        this.httpServletRequest.addHeader("X-ProxyScheme", create.getScheme());
        this.httpServletRequest.addHeader("X-ProxyHost", create.getHost());
        this.httpServletRequest.addHeader("X-ProxyPort", Integer.valueOf(create.getPort()));
        this.httpServletRequest.addHeader("X-ProxyContextPath", FORWARDED_PATH);
        OAuth2AuthorizationRequest resolve = this.resolver.resolve(this.httpServletRequest, REGISTRATION_ID);
        Assertions.assertNotNull(resolve);
        Assertions.assertEquals(FORWARDED_REDIRECT_URI, resolve.getRedirectUri());
    }

    ClientRegistration getClientRegistration() {
        return ClientRegistration.withRegistrationId(OidcRegistrationProperty.REGISTRATION_ID.getProperty()).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI).build();
    }
}
