package org.alfresco.repo.security.authentication.identityservice;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import java.util.Set;
import org.alfresco.repo.security.authentication.identityservice.IdentityServiceFacadeFactoryBean;
import org.assertj.core.api.Assertions;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.ArgumentMatchers;
import org.mockito.MockedStatic;
import org.mockito.Mockito;
import org.springframework.http.HttpStatus;
import org.springframework.http.RequestEntity;
import org.springframework.http.ResponseEntity;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:org/alfresco/repo/security/authentication/identityservice/ClientRegistrationProviderUnitTest.class */
public class ClientRegistrationProviderUnitTest {
    private static final String CLIENT_ID = "alfresco";
    private static final String OPENID_CONFIGURATION = "{\"token_endpoint\":\"https://login.serviceonline.alfresco/common/oauth2/v2.0/token\",\"token_endpoint_auth_methods_supported\":[\"client_secret_post\",\"private_key_jwt\",\"client_secret_basic\"],\"jwks_uri\":\"https://login.serviceonline.alfresco/common/discovery/v2.0/keys\",\"response_modes_supported\":[\"query\",\"fragment\",\"form_post\"],\"subject_types_supported\":[\"pairwise\"],\"id_token_signing_alg_values_supported\":[\"RS256\"],\"response_types_supported\":[\"code\",\"id_token\",\"code id_token\",\"id_token token\"],\"scopes_supported\":[\"openid\",\"profile\",\"email\",\"offline_access\"],\"issuer\":\"https://login.serviceonline.alfresco/alfresco/v2.0\",\"request_uri_parameter_supported\":false,\"userinfo_endpoint\":\"https://graph.service.alfresco/oidc/userinfo\",\"authorization_endpoint\":\"https://login.serviceonline.alfresco/common/oauth2/v2.0/authorize\",\"device_authorization_endpoint\":\"https://login.serviceonline.alfresco/common/oauth2/v2.0/devicecode\",\"http_logout_supported\":true,\"frontchannel_logout_supported\":true,\"end_session_endpoint\":\"https://login.serviceonline.alfresco/common/oauth2/v2.0/logout\",\"claims_supported\":[\"sub\",\"iss\",\"cloud_instance_name\",\"cloud_instance_host_name\",\"cloud_graph_host_name\",\"msgraph_host\",\"aud\",\"exp\",\"iat\",\"auth_time\",\"acr\",\"nonce\",\"preferred_username\",\"name\",\"tid\",\"ver\",\"at_hash\",\"c_hash\",\"email\"],\"kerberos_endpoint\":\"https://login.serviceonline.alfresco/common/kerberos\",\"tenant_region_scope\":null,\"cloud_instance_name\":\"serviceonline.alfresco\",\"cloud_graph_host_name\":\"graph.oidc.net\",\"msgraph_host\":\"graph.service.alfresco\",\"rbac_url\":\"https://pas.oidc.alfresco\"}";
    private static final String DISCOVERY_PATH_SEGMENTS = "/.well-known/openid-configuration";
    private static final String AUTH_SERVER = "https://login.serviceonline.alfresco";
    private IdentityServiceConfig config;
    private RestTemplate restTemplate;
    private OIDCProviderMetadata oidcResponse;
    private ArgumentCaptor<RequestEntity> requestEntityCaptor = ArgumentCaptor.forClass(RequestEntity.class);

    @Before
    public void setup() throws ParseException {
        this.config = new IdentityServiceConfig();
        this.config.setAuthServerUrl(AUTH_SERVER);
        this.config.setResource(CLIENT_ID);
        this.restTemplate = (RestTemplate) Mockito.mock(RestTemplate.class);
        ResponseEntity responseEntity = (ResponseEntity) Mockito.mock(ResponseEntity.class);
        Mockito.when(this.restTemplate.exchange((RequestEntity) this.requestEntityCaptor.capture(), (Class) ArgumentMatchers.eq(String.class))).thenReturn(responseEntity);
        Mockito.when(responseEntity.getStatusCode()).thenReturn(HttpStatus.OK);
        Mockito.when(Boolean.valueOf(responseEntity.hasBody())).thenReturn(true);
        Mockito.when(responseEntity.getBody()).thenReturn("");
        this.oidcResponse = (OIDCProviderMetadata) Mockito.spy(OIDCProviderMetadata.parse(OPENID_CONFIGURATION));
    }

    @Test
    public void shouldCreateClientRegistration() {
        this.config.setIssuerUrl("https://login.serviceonline.alfresco/alfresco/v2.0");
        Throwable th = null;
        try {
            MockedStatic mockStatic = Mockito.mockStatic(OIDCProviderMetadata.class);
            try {
                mockStatic.when(() -> {
                    OIDCProviderMetadata.parse((String) ArgumentMatchers.any(String.class));
                }).thenReturn(this.oidcResponse);
                ClientRegistration createClientRegistration = new IdentityServiceFacadeFactoryBean.ClientRegistrationProvider(this.config).createClientRegistration(this.restTemplate);
                Assertions.assertThat(createClientRegistration).isNotNull();
                Assertions.assertThat(createClientRegistration.getClientId()).isNotNull();
                Assertions.assertThat(createClientRegistration.getProviderDetails().getAuthorizationUri()).isNotNull();
                Assertions.assertThat(createClientRegistration.getProviderDetails().getTokenUri()).isNotNull();
                Assertions.assertThat(createClientRegistration.getProviderDetails().getJwkSetUri()).isNotNull();
                Assertions.assertThat(createClientRegistration.getProviderDetails().getUserInfoEndpoint()).isNotNull();
                Assertions.assertThat(createClientRegistration.getProviderDetails().getIssuerUri()).isNotNull();
                Assertions.assertThat(((RequestEntity) this.requestEntityCaptor.getValue()).getUrl().toASCIIString()).isEqualTo("https://login.serviceonline.alfresco/.well-known/openid-configuration");
                if (mockStatic != null) {
                    mockStatic.close();
                }
            } catch (Throwable th2) {
                if (mockStatic != null) {
                    mockStatic.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Test
    public void shouldCreateClientRegistrationWithoutIssuerConfigured() {
        this.config.setIssuerUrl((String) null);
        Throwable th = null;
        try {
            MockedStatic mockStatic = Mockito.mockStatic(OIDCProviderMetadata.class);
            try {
                mockStatic.when(() -> {
                    OIDCProviderMetadata.parse((String) ArgumentMatchers.any(String.class));
                }).thenReturn(this.oidcResponse);
                ClientRegistration createClientRegistration = new IdentityServiceFacadeFactoryBean.ClientRegistrationProvider(this.config).createClientRegistration(this.restTemplate);
                Assertions.assertThat(createClientRegistration).isNotNull();
                Assertions.assertThat(createClientRegistration.getClientId()).isNotNull();
                Assertions.assertThat(createClientRegistration.getProviderDetails().getAuthorizationUri()).isNotNull();
                Assertions.assertThat(createClientRegistration.getProviderDetails().getTokenUri()).isNotNull();
                Assertions.assertThat(createClientRegistration.getProviderDetails().getJwkSetUri()).isNotNull();
                Assertions.assertThat(createClientRegistration.getProviderDetails().getUserInfoEndpoint()).isNotNull();
                Assertions.assertThat(createClientRegistration.getProviderDetails().getIssuerUri()).isNotNull();
                Assertions.assertThat(((RequestEntity) this.requestEntityCaptor.getValue()).getUrl().toASCIIString()).isEqualTo("https://login.serviceonline.alfresco/.well-known/openid-configuration");
                if (mockStatic != null) {
                    mockStatic.close();
                }
            } catch (Throwable th2) {
                if (mockStatic != null) {
                    mockStatic.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Test
    public void shouldThrowIdentityServiceExceptionIfIssuerIsNotValid() {
        this.config.setIssuerUrl("https://invalidissuer.alfresco");
        Throwable th = null;
        try {
            MockedStatic mockStatic = Mockito.mockStatic(OIDCProviderMetadata.class);
            try {
                mockStatic.when(() -> {
                    OIDCProviderMetadata.parse((String) ArgumentMatchers.any(String.class));
                }).thenReturn(this.oidcResponse);
                Assert.assertThrows(IdentityServiceException.class, () -> {
                    new IdentityServiceFacadeFactoryBean.ClientRegistrationProvider(this.config).createClientRegistration(this.restTemplate);
                });
                if (mockStatic != null) {
                    mockStatic.close();
                }
            } catch (Throwable th2) {
                if (mockStatic != null) {
                    mockStatic.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Test
    public void shouldThrowIdentityServiceExceptionIfIssuerIsNull() {
        Throwable th = null;
        try {
            MockedStatic mockStatic = Mockito.mockStatic(OIDCProviderMetadata.class);
            try {
                Mockito.when(this.oidcResponse.getIssuer()).thenReturn((Object) null);
                mockStatic.when(() -> {
                    OIDCProviderMetadata.parse((String) ArgumentMatchers.any(String.class));
                }).thenReturn(this.oidcResponse);
                Assert.assertThrows(IdentityServiceException.class, () -> {
                    new IdentityServiceFacadeFactoryBean.ClientRegistrationProvider(this.config).createClientRegistration(this.restTemplate);
                });
                if (mockStatic != null) {
                    mockStatic.close();
                }
            } catch (Throwable th2) {
                if (mockStatic != null) {
                    mockStatic.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Test
    public void shouldThrowIdentityServiceExceptionIfTokenEndpointIsNull() {
        Throwable th = null;
        try {
            MockedStatic mockStatic = Mockito.mockStatic(OIDCProviderMetadata.class);
            try {
                Mockito.when(this.oidcResponse.getTokenEndpointURI()).thenReturn((Object) null);
                mockStatic.when(() -> {
                    OIDCProviderMetadata.parse((String) ArgumentMatchers.any(String.class));
                }).thenReturn(this.oidcResponse);
                Assert.assertThrows(IdentityServiceException.class, () -> {
                    new IdentityServiceFacadeFactoryBean.ClientRegistrationProvider(this.config).createClientRegistration(this.restTemplate);
                });
                if (mockStatic != null) {
                    mockStatic.close();
                }
            } catch (Throwable th2) {
                if (mockStatic != null) {
                    mockStatic.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Test
    public void shouldThrowIdentityServiceExceptionIfAuthorizationEndpointIsNull() {
        Throwable th = null;
        try {
            MockedStatic mockStatic = Mockito.mockStatic(OIDCProviderMetadata.class);
            try {
                Mockito.when(this.oidcResponse.getAuthorizationEndpointURI()).thenReturn((Object) null);
                mockStatic.when(() -> {
                    OIDCProviderMetadata.parse((String) ArgumentMatchers.any(String.class));
                }).thenReturn(this.oidcResponse);
                Assert.assertThrows(IdentityServiceException.class, () -> {
                    new IdentityServiceFacadeFactoryBean.ClientRegistrationProvider(this.config).createClientRegistration(this.restTemplate);
                });
                if (mockStatic != null) {
                    mockStatic.close();
                }
            } catch (Throwable th2) {
                if (mockStatic != null) {
                    mockStatic.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Test
    public void shouldThrowIdentityServiceExceptionIfUserInfoEndpointIsNull() {
        Throwable th = null;
        try {
            MockedStatic mockStatic = Mockito.mockStatic(OIDCProviderMetadata.class);
            try {
                Mockito.when(this.oidcResponse.getUserInfoEndpointURI()).thenReturn((Object) null);
                mockStatic.when(() -> {
                    OIDCProviderMetadata.parse((String) ArgumentMatchers.any(String.class));
                }).thenReturn(this.oidcResponse);
                Assert.assertThrows(IdentityServiceException.class, () -> {
                    new IdentityServiceFacadeFactoryBean.ClientRegistrationProvider(this.config).createClientRegistration(this.restTemplate);
                });
                if (mockStatic != null) {
                    mockStatic.close();
                }
            } catch (Throwable th2) {
                if (mockStatic != null) {
                    mockStatic.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Test
    public void shouldThrowIdentityServiceExceptionIfJWKSetEndpointIsNull() {
        Throwable th = null;
        try {
            MockedStatic mockStatic = Mockito.mockStatic(OIDCProviderMetadata.class);
            try {
                Mockito.when(this.oidcResponse.getJWKSetURI()).thenReturn((Object) null);
                mockStatic.when(() -> {
                    OIDCProviderMetadata.parse((String) ArgumentMatchers.any(String.class));
                }).thenReturn(this.oidcResponse);
                Assert.assertThrows(IdentityServiceException.class, () -> {
                    new IdentityServiceFacadeFactoryBean.ClientRegistrationProvider(this.config).createClientRegistration(this.restTemplate);
                });
                if (mockStatic != null) {
                    mockStatic.close();
                }
            } catch (Throwable th2) {
                if (mockStatic != null) {
                    mockStatic.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Test
    public void shouldCreateDiscoveryEndpointWithRealm() {
        this.config.setRealm(CLIENT_ID);
        this.config.setIssuerUrl("https://login.serviceonline.alfresco/alfresco/v2.0");
        Throwable th = null;
        try {
            MockedStatic mockStatic = Mockito.mockStatic(OIDCProviderMetadata.class);
            try {
                mockStatic.when(() -> {
                    OIDCProviderMetadata.parse((String) ArgumentMatchers.any(String.class));
                }).thenReturn(this.oidcResponse);
                new IdentityServiceFacadeFactoryBean.ClientRegistrationProvider(this.config).createClientRegistration(this.restTemplate);
                Assertions.assertThat(((RequestEntity) this.requestEntityCaptor.getValue()).getUrl().toASCIIString()).isEqualTo("https://login.serviceonline.alfresco/realms/alfresco/.well-known/openid-configuration");
                if (mockStatic != null) {
                    mockStatic.close();
                }
            } catch (Throwable th2) {
                if (mockStatic != null) {
                    mockStatic.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Test
    public void shouldSetAllSupportedScopes() {
        Throwable th = null;
        try {
            MockedStatic mockStatic = Mockito.mockStatic(OIDCProviderMetadata.class);
            try {
                mockStatic.when(() -> {
                    OIDCProviderMetadata.parse((String) ArgumentMatchers.any(String.class));
                }).thenReturn(this.oidcResponse);
                Assertions.assertThat(new IdentityServiceFacadeFactoryBean.ClientRegistrationProvider(this.config).createClientRegistration(this.restTemplate).getScopes().containsAll(Set.of("openid", "profile", "email"))).isTrue();
                if (mockStatic != null) {
                    mockStatic.close();
                }
            } catch (Throwable th2) {
                if (mockStatic != null) {
                    mockStatic.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Test
    public void shouldSetOneSupportedScope() {
        Throwable th = null;
        try {
            MockedStatic mockStatic = Mockito.mockStatic(OIDCProviderMetadata.class);
            try {
                Mockito.when(this.oidcResponse.getScopes()).thenReturn(new Scope(new String[]{"openid"}));
                mockStatic.when(() -> {
                    OIDCProviderMetadata.parse((String) ArgumentMatchers.any(String.class));
                }).thenReturn(this.oidcResponse);
                ClientRegistration createClientRegistration = new IdentityServiceFacadeFactoryBean.ClientRegistrationProvider(this.config).createClientRegistration(this.restTemplate);
                Assertions.assertThat(createClientRegistration.getScopes().size()).isEqualTo(1);
                Assertions.assertThat((String) createClientRegistration.getScopes().stream().findFirst().get()).isEqualTo("openid");
                if (mockStatic != null) {
                    mockStatic.close();
                }
            } catch (Throwable th2) {
                if (mockStatic != null) {
                    mockStatic.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Test
    public void shouldCreateDiscoveryEndpointFromIssuer() {
        this.config.setAuthServerUrl((String) null);
        this.config.setIssuerUrl("https://login.serviceonline.alfresco/alfresco/v2.0");
        Throwable th = null;
        try {
            MockedStatic mockStatic = Mockito.mockStatic(OIDCProviderMetadata.class);
            try {
                mockStatic.when(() -> {
                    OIDCProviderMetadata.parse((String) ArgumentMatchers.any(String.class));
                }).thenReturn(this.oidcResponse);
                new IdentityServiceFacadeFactoryBean.ClientRegistrationProvider(this.config).createClientRegistration(this.restTemplate);
                Assertions.assertThat(((RequestEntity) this.requestEntityCaptor.getValue()).getUrl().toASCIIString()).isEqualTo("https://login.serviceonline.alfresco/alfresco/v2.0/.well-known/openid-configuration");
                if (mockStatic != null) {
                    mockStatic.close();
                }
            } catch (Throwable th2) {
                if (mockStatic != null) {
                    mockStatic.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }
}
