package org.apache.nifi.web.security.oidc.registration;

import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.openid.connect.sdk.SubjectType;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import java.net.URI;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Objects;
import java.util.Properties;
import java.util.Set;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.security.oidc.OidcConfigurationException;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AuthenticationMethod;
import org.springframework.web.client.RestOperations;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:org/apache/nifi/web/security/oidc/registration/StandardClientRegistrationProviderTest.class */
class StandardClientRegistrationProviderTest {
    private static final String DISCOVERY_URL = "http://localhost/.well-known/openid-configuration";
    private static final String ISSUER = "http://localhost";
    private static final String CLIENT_ID = "client-id";
    private static final String CLIENT_SECRET = "client-secret";
    private static final String USER_NAME_ATTRIBUTE_NAME = "sub";
    private static final String INVALID_CONFIGURATION = "{}";

    @Mock
    RestOperations restOperations;
    private static final URI JWK_SET_URI = URI.create("http://localhost/jwks");
    private static final URI TOKEN_ENDPOINT_URI = URI.create("http://localhost/oauth2/v1/token");
    private static final URI USER_INFO_URI = URI.create("http://localhost/oauth2/v1/userinfo");
    private static final URI AUTHORIZATION_ENDPOINT_URI = URI.create("http://localhost/oauth2/v1/authorize");
    private static final Set<String> EXPECTED_SCOPES = new LinkedHashSet(Arrays.asList("openid", "email", "profile"));

    StandardClientRegistrationProviderTest() {
    }

    @Test
    void testGetClientRegistration() {
        StandardClientRegistrationProvider standardClientRegistrationProvider = new StandardClientRegistrationProvider(getProperties(), this.restOperations);
        Mockito.when((String) this.restOperations.getForObject((String) ArgumentMatchers.eq(DISCOVERY_URL), (Class) ArgumentMatchers.eq(String.class), new Object[0])).thenReturn(getProviderMetadata().toString());
        ClientRegistration clientRegistration = standardClientRegistrationProvider.getClientRegistration();
        Assertions.assertNotNull(clientRegistration);
        Assertions.assertEquals(CLIENT_ID, clientRegistration.getClientId());
        Assertions.assertEquals(CLIENT_SECRET, clientRegistration.getClientSecret());
        ClientRegistration.ProviderDetails providerDetails = clientRegistration.getProviderDetails();
        Assertions.assertEquals(ISSUER, providerDetails.getIssuerUri());
        Assertions.assertEquals(JWK_SET_URI.toString(), providerDetails.getJwkSetUri());
        Assertions.assertEquals(AUTHORIZATION_ENDPOINT_URI.toString(), providerDetails.getAuthorizationUri());
        Assertions.assertEquals(TOKEN_ENDPOINT_URI.toString(), providerDetails.getTokenUri());
        ClientRegistration.ProviderDetails.UserInfoEndpoint userInfoEndpoint = providerDetails.getUserInfoEndpoint();
        Assertions.assertEquals(USER_INFO_URI.toString(), userInfoEndpoint.getUri());
        Assertions.assertEquals(USER_NAME_ATTRIBUTE_NAME, userInfoEndpoint.getUserNameAttributeName());
        Assertions.assertEquals(AuthenticationMethod.HEADER, userInfoEndpoint.getAuthenticationMethod());
        Assertions.assertEquals(EXPECTED_SCOPES, clientRegistration.getScopes());
    }

    @Test
    void testGetClientRegistrationRetrievalFailed() {
        StandardClientRegistrationProvider standardClientRegistrationProvider = new StandardClientRegistrationProvider(getProperties(), this.restOperations);
        Mockito.when((String) this.restOperations.getForObject((String) ArgumentMatchers.eq(DISCOVERY_URL), (Class) ArgumentMatchers.eq(String.class), new Object[0])).thenThrow(new Throwable[]{new RuntimeException()});
        Objects.requireNonNull(standardClientRegistrationProvider);
        Assertions.assertThrows(OidcConfigurationException.class, standardClientRegistrationProvider::getClientRegistration);
    }

    @Test
    void testGetClientRegistrationParsingFailed() {
        StandardClientRegistrationProvider standardClientRegistrationProvider = new StandardClientRegistrationProvider(getProperties(), this.restOperations);
        Mockito.when((String) this.restOperations.getForObject((String) ArgumentMatchers.eq(DISCOVERY_URL), (Class) ArgumentMatchers.eq(String.class), new Object[0])).thenReturn(INVALID_CONFIGURATION);
        Objects.requireNonNull(standardClientRegistrationProvider);
        Assertions.assertThrows(OidcConfigurationException.class, standardClientRegistrationProvider::getClientRegistration);
    }

    private NiFiProperties getProperties() {
        Properties properties = new Properties();
        properties.put("nifi.security.user.oidc.discovery.url", DISCOVERY_URL);
        properties.put("nifi.security.user.oidc.client.id", CLIENT_ID);
        properties.put("nifi.security.user.oidc.client.secret", CLIENT_SECRET);
        properties.put("nifi.security.user.oidc.claim.identifying.user", USER_NAME_ATTRIBUTE_NAME);
        properties.put("nifi.security.user.oidc.additional.scopes", "profile");
        return NiFiProperties.createBasicNiFiProperties((String) null, properties);
    }

    private OIDCProviderMetadata getProviderMetadata() {
        OIDCProviderMetadata oIDCProviderMetadata = new OIDCProviderMetadata(new Issuer(ISSUER), Collections.singletonList(SubjectType.PUBLIC), JWK_SET_URI);
        oIDCProviderMetadata.setTokenEndpointURI(TOKEN_ENDPOINT_URI);
        oIDCProviderMetadata.setUserInfoEndpointURI(USER_INFO_URI);
        oIDCProviderMetadata.setAuthorizationEndpointURI(AUTHORIZATION_ENDPOINT_URI);
        Scope scope = new Scope();
        scope.add("openid");
        scope.add("email");
        scope.add("profile");
        scope.add("address");
        oIDCProviderMetadata.setScopes(scope);
        return oIDCProviderMetadata;
    }
}
