package org.apache.nifi.web.security.saml2.registration;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Objects;
import java.util.Properties;
import javax.net.ssl.SSLSocketFactory;
import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.MockWebServer;
import org.apache.commons.io.IOUtils;
import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.security.util.TemporaryKeyStoreBuilder;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.security.saml2.SamlConfigurationException;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;

/* loaded from: input_file:org/apache/nifi/web/security/saml2/registration/StandardRegistrationBuilderProviderTest.class */
class StandardRegistrationBuilderProviderTest {
    private static final String LOCALHOST = "localhost";
    private static final String METADATA_PATH = "/saml/sso-circle-meta.xml";
    private static final int HTTP_NOT_FOUND = 404;
    private static final boolean PROXY_DISABLED = false;
    private MockWebServer mockWebServer;

    StandardRegistrationBuilderProviderTest() {
    }

    @BeforeEach
    void startServer() throws IOException {
        this.mockWebServer = new MockWebServer();
        this.mockWebServer.start();
    }

    @AfterEach
    void shutdownServer() throws IOException {
        this.mockWebServer.shutdown();
    }

    @Test
    void testGetRegistrationBuilderFileUrl() {
        assertRegistrationFound(getProperties(getFileMetadataUrl()));
    }

    @Test
    void testGetRegistrationBuilderHttpUrl() throws IOException {
        this.mockWebServer.enqueue(new MockResponse().setBody(getMetadata()));
        assertRegistrationFound(getProperties(getMetadataUrl()));
    }

    @Test
    void testGetRegistrationBuilderHttpUrlNotFound() {
        this.mockWebServer.enqueue(new MockResponse().setResponseCode(HTTP_NOT_FOUND));
        StandardRegistrationBuilderProvider standardRegistrationBuilderProvider = new StandardRegistrationBuilderProvider(getProperties(getMetadataUrl()));
        standardRegistrationBuilderProvider.getClass();
        Assertions.assertTrue(Assertions.assertThrows(SamlConfigurationException.class, standardRegistrationBuilderProvider::getRegistrationBuilder).getMessage().contains(Integer.toString(HTTP_NOT_FOUND)));
    }

    @Test
    void testGetRegistrationBuilderHttpsUrl() throws IOException, TlsException {
        TlsConfiguration build = new TemporaryKeyStoreBuilder().build();
        this.mockWebServer.useHttps((SSLSocketFactory) Objects.requireNonNull(SslContextFactory.createSSLSocketFactory(build)), false);
        this.mockWebServer.enqueue(new MockResponse().setBody(getMetadata()));
        assertRegistrationFound(getProperties(getMetadataUrl(), build));
    }

    private String getMetadataUrl() {
        return this.mockWebServer.url(METADATA_PATH).newBuilder().host(LOCALHOST).build().toString();
    }

    private void assertRegistrationFound(NiFiProperties niFiProperties) {
        Assertions.assertEquals(Saml2MessageBinding.POST, new StandardRegistrationBuilderProvider(niFiProperties).getRegistrationBuilder().build().getAssertionConsumerServiceBinding());
    }

    private NiFiProperties getProperties(String str) {
        Properties properties = new Properties();
        properties.setProperty("nifi.security.user.saml.idp.metadata.url", str);
        return NiFiProperties.createBasicNiFiProperties((String) null, properties);
    }

    private NiFiProperties getProperties(String str, TlsConfiguration tlsConfiguration) {
        Properties properties = new Properties();
        properties.setProperty("nifi.security.user.saml.idp.metadata.url", str);
        properties.setProperty("nifi.security.user.saml.http.client.truststore.strategy", "NIFI");
        properties.setProperty("nifi.security.keystore", tlsConfiguration.getKeystorePath());
        properties.setProperty("nifi.security.keystoreType", tlsConfiguration.getKeystoreType().getType());
        properties.setProperty("nifi.security.keystorePasswd", tlsConfiguration.getKeystorePassword());
        properties.setProperty("nifi.security.keyPasswd", tlsConfiguration.getKeyPassword());
        properties.setProperty("nifi.security.truststore", tlsConfiguration.getTruststorePath());
        properties.setProperty("nifi.security.truststoreType", tlsConfiguration.getTruststoreType().getType());
        properties.setProperty("nifi.security.truststorePasswd", tlsConfiguration.getTruststorePassword());
        return NiFiProperties.createBasicNiFiProperties((String) null, properties);
    }

    final String getMetadata() throws IOException {
        InputStream inputStream = (InputStream) Objects.requireNonNull(getClass().getResourceAsStream(METADATA_PATH));
        Throwable th = PROXY_DISABLED;
        try {
            try {
                String iOUtils = IOUtils.toString(inputStream, StandardCharsets.UTF_8);
                if (inputStream != null) {
                    if (th != null) {
                        try {
                            inputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        inputStream.close();
                    }
                }
                return iOUtils;
            } finally {
            }
        } catch (Throwable th3) {
            if (inputStream != null) {
                if (th != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    inputStream.close();
                }
            }
            throw th3;
        }
    }

    private String getFileMetadataUrl() {
        return ((URL) Objects.requireNonNull(getClass().getResource(METADATA_PATH))).toString();
    }
}
