package org.apache.nifi.web.security.oidc.userinfo;

import java.time.Instant;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.nifi.authorization.util.IdentityMapping;
import org.apache.nifi.web.security.jwt.provider.SupportedClaim;
import org.apache.nifi.web.security.oidc.OidcConfigurationException;
import org.apache.nifi.web.security.oidc.client.web.OidcRegistrationProperty;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;

/* loaded from: input_file:org/apache/nifi/web/security/oidc/userinfo/StandardOidcUserServiceTest.class */
class StandardOidcUserServiceTest {
    private static final String REDIRECT_URI = "https://localhost:8443/nifi-api/callback";
    private static final String AUTHORIZATION_URI = "http://localhost/authorize";
    private static final String TOKEN_URI = "http://localhost/token";
    private static final String CLIENT_ID = "client-id";
    private static final String ACCESS_TOKEN = "access";
    private static final String ID_TOKEN = "id";
    private static final String USER_NAME_CLAIM = "email";
    private static final String FALLBACK_CLAIM = "preferred_username";
    private static final String MISSING_CLAIM = "missing";
    private StandardOidcUserService service;
    private static final String SUBJECT = String.class.getSimpleName();
    private static final String IDENTITY = Authentication.class.getSimpleName();
    private static final Pattern MATCH_PATTERN = Pattern.compile("(.*)");
    private static final String FIRST_GROUP = "$1";
    private static final IdentityMapping UPPER_IDENTITY_MAPPING = new IdentityMapping(IdentityMapping.Transform.UPPER.toString(), MATCH_PATTERN, FIRST_GROUP, IdentityMapping.Transform.UPPER);

    StandardOidcUserServiceTest() {
    }

    @BeforeEach
    void setService() {
        this.service = new StandardOidcUserService(Arrays.asList(USER_NAME_CLAIM, FALLBACK_CLAIM), Collections.singletonList(UPPER_IDENTITY_MAPPING));
    }

    @Test
    void testLoadUser() {
        OidcUser loadUser = this.service.loadUser(getUserRequest(USER_NAME_CLAIM));
        Assertions.assertNotNull(loadUser);
        Assertions.assertEquals(IDENTITY.toUpperCase(), loadUser.getName());
    }

    @Test
    void testLoadUserFallbackClaim() {
        OidcUser loadUser = this.service.loadUser(getUserRequest(FALLBACK_CLAIM));
        Assertions.assertNotNull(loadUser);
        Assertions.assertEquals(IDENTITY.toUpperCase(), loadUser.getName());
    }

    @Test
    void testLoadUserClaimNotFound() {
        OidcUserRequest userRequest = getUserRequest(MISSING_CLAIM);
        Assertions.assertThrows(OidcConfigurationException.class, () -> {
            this.service.loadUser(userRequest);
        });
    }

    OidcUserRequest getUserRequest(String str) {
        ClientRegistration build = getClientRegistrationBuilder().build();
        Instant now = Instant.now();
        Instant instant = Instant.MAX;
        return new OidcUserRequest(build, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, ACCESS_TOKEN, now, instant), new OidcIdToken(ID_TOKEN, now, instant, getClaims(str)));
    }

    Map<String, Object> getClaims(String str) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(SupportedClaim.SUBJECT.getClaim(), SUBJECT);
        linkedHashMap.put(SupportedClaim.ISSUED_AT.getClaim(), Instant.now());
        linkedHashMap.put(SupportedClaim.EXPIRATION.getClaim(), Instant.MAX);
        linkedHashMap.put(str, IDENTITY);
        return linkedHashMap;
    }

    ClientRegistration.Builder getClientRegistrationBuilder() {
        return ClientRegistration.withRegistrationId(OidcRegistrationProperty.REGISTRATION_ID.getProperty()).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI);
    }
}
