package org.apache.qpid.server.security.auth.sasl.oauth2;

import org.apache.qpid.server.model.NamedAddressSpace;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.manager.oauth2.OAuth2AuthenticationProvider;
import org.apache.qpid.test.utils.UnitTestBase;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/qpid/server/security/auth/sasl/oauth2/OAuth2NegotiatorTest.class */
public class OAuth2NegotiatorTest extends UnitTestBase {
    private static final String VALID_TOKEN = "token";
    private static final byte[] VALID_RESPONSE = "auth=Bearer token\u0001\u0001".getBytes();
    private static final byte[] VALID_TOKEN_WITH_CRUD = "user=xxx\u0001auth=Bearer token\u0001host=localhost\u0001\u0001".getBytes();
    private static final byte[] RESPONSE_WITH_NO_TOKEN = "host=localhost\u0001\u0001".getBytes();
    private static final byte[] RESPONSE_WITH_MALFORMED_AUTH = "auth=wibble\u0001\u0001".getBytes();
    private OAuth2Negotiator _negotiator;
    private OAuth2AuthenticationProvider<?> _authenticationProvider;

    @BeforeEach
    public void setUp() throws Exception {
        this._authenticationProvider = (OAuth2AuthenticationProvider) Mockito.mock(OAuth2AuthenticationProvider.class);
        this._negotiator = new OAuth2Negotiator(this._authenticationProvider, (NamedAddressSpace) null);
    }

    @Test
    public void testHandleResponse_ResponseHasAuthOnly() {
        doHandleResponseWithValidResponse(VALID_RESPONSE);
    }

    @Test
    public void testHandleResponse_ResponseAuthAndOthers() {
        doHandleResponseWithValidResponse(VALID_TOKEN_WITH_CRUD);
    }

    @Test
    public void testHandleResponse_ResponseAuthAbsent() {
        AuthenticationResult handleResponse = this._negotiator.handleResponse(RESPONSE_WITH_NO_TOKEN);
        Assertions.assertEquals(AuthenticationResult.AuthenticationStatus.ERROR, handleResponse.getStatus(), "Unexpected result status");
        Assertions.assertNull(handleResponse.getMainPrincipal(), "Unexpected result principal");
    }

    @Test
    public void testHandleResponse_ResponseAuthMalformed() {
        AuthenticationResult handleResponse = this._negotiator.handleResponse(RESPONSE_WITH_MALFORMED_AUTH);
        Assertions.assertEquals(AuthenticationResult.AuthenticationStatus.ERROR, handleResponse.getStatus(), "Unexpected result status");
        Assertions.assertNull(handleResponse.getMainPrincipal(), "Unexpected result principal");
    }

    private void doHandleResponseWithValidResponse(byte[] bArr) {
        AuthenticationResult authenticationResult = (AuthenticationResult) Mockito.mock(AuthenticationResult.class);
        Mockito.when(this._authenticationProvider.authenticateViaAccessToken((String) ArgumentMatchers.eq(VALID_TOKEN), (NamedAddressSpace) ArgumentMatchers.any())).thenReturn(authenticationResult);
        Assertions.assertEquals(authenticationResult, this._negotiator.handleResponse(bArr), "Unexpected result");
        ((OAuth2AuthenticationProvider) Mockito.verify(this._authenticationProvider)).authenticateViaAccessToken((String) ArgumentMatchers.eq(VALID_TOKEN), (NamedAddressSpace) ArgumentMatchers.any());
        Assertions.assertEquals(AuthenticationResult.AuthenticationStatus.ERROR, this._negotiator.handleResponse(bArr).getStatus(), "Unexpected second result status");
    }

    @Test
    public void testHandleNoInitialResponse() {
        AuthenticationResult handleResponse = this._negotiator.handleResponse(new byte[0]);
        Assertions.assertEquals(AuthenticationResult.AuthenticationStatus.CONTINUE, handleResponse.getStatus(), "Unexpected authentication status");
        Assertions.assertArrayEquals(new byte[0], handleResponse.getChallenge(), "Unexpected authentication challenge");
    }

    @Test
    public void testHandleNoInitialResponseNull() {
        AuthenticationResult handleResponse = this._negotiator.handleResponse((byte[]) null);
        Assertions.assertEquals(AuthenticationResult.AuthenticationStatus.CONTINUE, handleResponse.getStatus(), "Unexpected authentication status");
        Assertions.assertArrayEquals(new byte[0], handleResponse.getChallenge(), "Unexpected authentication challenge");
    }
}
