package org.apache.nifi.web.security.saml2.web.authentication;

import jakarta.servlet.http.Cookie;
import java.time.Duration;
import java.util.Collections;
import java.util.regex.Pattern;
import org.apache.nifi.authorization.util.IdentityMapping;
import org.apache.nifi.web.security.cookie.ApplicationCookieName;
import org.apache.nifi.web.security.jwt.provider.BearerTokenProvider;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:org/apache/nifi/web/security/saml2/web/authentication/Saml2AuthenticationSuccessHandlerTest.class */
class Saml2AuthenticationSuccessHandlerTest {
    private static final String REQUEST_URI = "/nifi-api";
    private static final int SERVER_PORT = 8080;
    static final String ROOT_PATH = "/";
    private static final String ALLOWED_CONTEXT_PATHS_PARAMETER = "allowedContextPaths";

    @Mock
    BearerTokenProvider bearerTokenProvider;
    MockHttpServletRequest httpServletRequest;
    MockHttpServletResponse httpServletResponse;
    Saml2AuthenticationSuccessHandler handler;
    private static final Duration EXPIRATION = Duration.ofMinutes(1);
    private static final String IDENTITY = Authentication.class.getSimpleName();
    private static final String AUTHORITY = GrantedAuthority.class.getSimpleName();
    private static final String LOCALHOST_URL = "http://localhost:8080";
    private static final String UI_PATH = "/nifi/";
    private static final String TARGET_URL = String.format("%s%s", LOCALHOST_URL, UI_PATH);
    static final String FORWARDED_PATH = "/forwarded";
    static final String FORWARDED_COOKIE_PATH = String.format("%s/", FORWARDED_PATH);
    private static final String FORWARDED_TARGET_URL = String.format("%s%s%s", LOCALHOST_URL, FORWARDED_PATH, UI_PATH);
    private static final Pattern MATCH_PATTERN = Pattern.compile("(.*)");
    private static final String FIRST_GROUP = "$1";
    private static final IdentityMapping UPPER_IDENTITY_MAPPING = new IdentityMapping(IdentityMapping.Transform.UPPER.toString(), MATCH_PATTERN, FIRST_GROUP, IdentityMapping.Transform.UPPER);
    private static final IdentityMapping LOWER_IDENTITY_MAPPING = new IdentityMapping(IdentityMapping.Transform.LOWER.toString(), MATCH_PATTERN, FIRST_GROUP, IdentityMapping.Transform.LOWER);

    Saml2AuthenticationSuccessHandlerTest() {
    }

    @BeforeEach
    void setHandler() {
        this.handler = new Saml2AuthenticationSuccessHandler(this.bearerTokenProvider, Collections.singletonList(UPPER_IDENTITY_MAPPING), Collections.singletonList(LOWER_IDENTITY_MAPPING), EXPIRATION);
        this.httpServletRequest = new MockHttpServletRequest();
        this.httpServletRequest.setServerPort(SERVER_PORT);
        this.httpServletResponse = new MockHttpServletResponse();
    }

    @Test
    void testDetermineTargetUrl() {
        this.httpServletRequest.setRequestURI(REQUEST_URI);
        assertTargetUrlEquals(TARGET_URL);
        assertBearerCookieAdded(ROOT_PATH);
    }

    @Test
    void testDetermineTargetUrlForwardedPath() {
        this.httpServletRequest.getServletContext().setInitParameter(ALLOWED_CONTEXT_PATHS_PARAMETER, FORWARDED_PATH);
        this.httpServletRequest.addHeader("X-Forwarded-Prefix", FORWARDED_PATH);
        this.httpServletRequest.setRequestURI(REQUEST_URI);
        assertTargetUrlEquals(FORWARDED_TARGET_URL);
        assertBearerCookieAdded(FORWARDED_COOKIE_PATH);
    }

    void assertTargetUrlEquals(String str) {
        Assertions.assertEquals(str, this.handler.determineTargetUrl(this.httpServletRequest, this.httpServletResponse, new TestingAuthenticationToken(IDENTITY, IDENTITY, new String[]{AUTHORITY})));
    }

    void assertBearerCookieAdded(String str) {
        Cookie cookie = this.httpServletResponse.getCookie(ApplicationCookieName.AUTHORIZATION_BEARER.getCookieName());
        Assertions.assertNotNull(cookie);
        Assertions.assertEquals(str, cookie.getPath());
    }
}
