package org.apache.nifi.web.security.oidc.client.web.converter;

import java.time.Instant;
import java.util.LinkedHashMap;
import org.apache.nifi.encrypt.PropertyEncryptor;
import org.apache.nifi.web.security.jwt.provider.SupportedClaim;
import org.apache.nifi.web.security.logout.LogoutRequest;
import org.apache.nifi.web.security.oidc.client.web.OidcAuthorizedClient;
import org.apache.nifi.web.security.oidc.client.web.OidcRegistrationProperty;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:org/apache/nifi/web/security/oidc/client/web/converter/StandardAuthorizedClientConverterTest.class */
class StandardAuthorizedClientConverterTest {
    private static final String CLIENT_ID = "client-id";
    private static final String REDIRECT_URI = "http://localhost:8080";
    private static final String AUTHORIZATION_URI = "http://localhost/authorize";
    private static final String TOKEN_URI = "http://localhost/token";
    private static final String USER_IDENTITY = LogoutRequest.class.getSimpleName();
    private static final String ACCESS_TOKEN = "access";
    private static final String REFRESH_TOKEN = "refresh";
    private static final String ID_TOKEN = "id";

    @Mock
    ClientRegistrationRepository clientRegistrationRepository;
    StandardAuthorizedClientConverter converter;

    /* loaded from: input_file:org/apache/nifi/web/security/oidc/client/web/converter/StandardAuthorizedClientConverterTest$StringPropertyEncryptor.class */
    private static class StringPropertyEncryptor implements PropertyEncryptor {
        private StringPropertyEncryptor() {
        }

        public String encrypt(String str) {
            return str;
        }

        public String decrypt(String str) {
            return str;
        }
    }

    StandardAuthorizedClientConverterTest() {
    }

    @BeforeEach
    void setConverter() {
        this.converter = new StandardAuthorizedClientConverter(new StringPropertyEncryptor(), this.clientRegistrationRepository);
    }

    @Test
    void testGetEncoded() {
        Assertions.assertNotNull(this.converter.getEncoded(getOidcAuthorizedClient(new OAuth2RefreshToken(REFRESH_TOKEN, Instant.now()))));
    }

    @Test
    void testGetDecodedInvalid() {
        Assertions.assertNull(this.converter.getDecoded(String.class.getName()));
    }

    @Test
    void testGetEncodedDecoded() {
        OidcAuthorizedClient oidcAuthorizedClient = getOidcAuthorizedClient(new OAuth2RefreshToken(REFRESH_TOKEN, Instant.now()));
        String encoded = this.converter.getEncoded(oidcAuthorizedClient);
        Assertions.assertNotNull(encoded);
        ClientRegistration clientRegistration = getClientRegistration();
        Mockito.when(this.clientRegistrationRepository.findByRegistrationId((String) ArgumentMatchers.eq(OidcRegistrationProperty.REGISTRATION_ID.getProperty()))).thenReturn(clientRegistration);
        OidcAuthorizedClient decoded = this.converter.getDecoded(encoded);
        Assertions.assertEquals(decoded.getClientRegistration().getRedirectUri(), clientRegistration.getRedirectUri());
        assertAuthorizedClientEquals(oidcAuthorizedClient, decoded);
    }

    @Test
    void testGetEncodedDecodedNullRefreshToken() {
        OidcAuthorizedClient oidcAuthorizedClient = getOidcAuthorizedClient(null);
        String encoded = this.converter.getEncoded(oidcAuthorizedClient);
        Assertions.assertNotNull(encoded);
        ClientRegistration clientRegistration = getClientRegistration();
        Mockito.when(this.clientRegistrationRepository.findByRegistrationId((String) ArgumentMatchers.eq(OidcRegistrationProperty.REGISTRATION_ID.getProperty()))).thenReturn(clientRegistration);
        OidcAuthorizedClient decoded = this.converter.getDecoded(encoded);
        Assertions.assertEquals(decoded.getClientRegistration().getRedirectUri(), clientRegistration.getRedirectUri());
        assertAuthorizedClientEquals(oidcAuthorizedClient, decoded);
    }

    void assertAuthorizedClientEquals(OidcAuthorizedClient oidcAuthorizedClient, OidcAuthorizedClient oidcAuthorizedClient2) {
        Assertions.assertNotNull(oidcAuthorizedClient2);
        Assertions.assertEquals(oidcAuthorizedClient.getPrincipalName(), oidcAuthorizedClient2.getPrincipalName());
        Assertions.assertEquals(oidcAuthorizedClient.getAccessToken().getTokenValue(), oidcAuthorizedClient2.getAccessToken().getTokenValue());
        Assertions.assertEquals(oidcAuthorizedClient.getAccessToken().getExpiresAt(), oidcAuthorizedClient2.getAccessToken().getExpiresAt());
        OidcIdToken idToken = oidcAuthorizedClient2.getIdToken();
        Assertions.assertEquals(oidcAuthorizedClient.getIdToken().getTokenValue(), idToken.getTokenValue());
        Assertions.assertEquals(oidcAuthorizedClient.getIdToken().getExpiresAt(), idToken.getExpiresAt());
        Assertions.assertEquals(USER_IDENTITY, idToken.getSubject());
        OAuth2RefreshToken refreshToken = oidcAuthorizedClient.getRefreshToken();
        if (refreshToken == null) {
            Assertions.assertNull(oidcAuthorizedClient2.getRefreshToken());
            return;
        }
        OAuth2RefreshToken refreshToken2 = oidcAuthorizedClient2.getRefreshToken();
        Assertions.assertNotNull(refreshToken2);
        Assertions.assertEquals(refreshToken.getTokenValue(), refreshToken2.getTokenValue());
        Assertions.assertEquals(refreshToken.getExpiresAt(), refreshToken2.getExpiresAt());
    }

    OidcAuthorizedClient getOidcAuthorizedClient(OAuth2RefreshToken oAuth2RefreshToken) {
        Instant now = Instant.now();
        Instant instant = Instant.MAX;
        ClientRegistration clientRegistration = getClientRegistration();
        OAuth2AccessToken oAuth2AccessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, ACCESS_TOKEN, now, instant);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(SupportedClaim.ISSUED_AT.getClaim(), now);
        linkedHashMap.put(SupportedClaim.EXPIRATION.getClaim(), instant);
        return new OidcAuthorizedClient(clientRegistration, USER_IDENTITY, oAuth2AccessToken, oAuth2RefreshToken, new OidcIdToken(ID_TOKEN, now, instant, linkedHashMap));
    }

    ClientRegistration getClientRegistration() {
        return ClientRegistration.withRegistrationId(OidcRegistrationProperty.REGISTRATION_ID.getProperty()).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).clientId(CLIENT_ID).redirectUri(REDIRECT_URI).authorizationUri(AUTHORIZATION_URI).tokenUri(TOKEN_URI).build();
    }
}
