package net.shibboleth.idp.plugin.authn.duo.nimbus.impl;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jwt.JWT;
import java.io.IOException;
import javax.annotation.Nonnull;
import net.shibboleth.idp.plugin.authn.duo.DefaultDuoOIDCIntegration;
import net.shibboleth.idp.plugin.authn.duo.DuoClientException;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import org.apache.http.HttpResponse;
import org.apache.http.StatusLine;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.entity.StringEntity;
import org.apache.http.protocol.HttpContext;
import org.mockito.Mockito;
import org.opensaml.security.httpclient.HttpClientSecurityParameters;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/nimbus/impl/NimbusClientTest.class */
public class NimbusClientTest {

    @Nonnull
    private NimbusClient client;

    @Nonnull
    private DefaultDuoOIDCIntegration integ;

    @NotEmpty
    @Nonnull
    private final String ID_TOKEN_RESPONSE = "{\n   \"access_token\": \"SlAV32hkKG\",\n   \"token_type\": \"Bearer\",\n   \"refresh_token\": \"8xLOxBtZp9\",\n   \"expires_in\": 3600,\n   \"id_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJpc3MiOiJodHRwczovL2FwaS1jOWYyNGM1YS5kdW9zZWN1cml0eS5jb20vb2F1dGgvdjEvdG9rZW4iLCJzdWIiOiJqZG9lIiwiYXV0aF9jb250ZXh0Ijp7ImZhY3RvciI6ImR1b19wdXNoIiwicmVhc29uIjoidXNlcl9hcHByb3ZlZCIsInVzZXIiOnsia2V5IjoiRlU1TDhQNDZRR0dTT1VKV0c1OVkiLCJuYW1lIjoiamRvZSIsImdyb3VwcyI6W119LCJ0eGlkIjoiNzAxMDE0MDQtZDM1Yi00OTYxLTk5OGYtZjY3ZmQ1NTQxZDg3IiwiZW1haWwiOiJqZG9lQGV4YW1wbGUuY29tIiwiZXZlbnRfdHlwZSI6ImF1dGhlbnRpY2F0aW9uIiwiYXBwbGljYXRpb24iOnsia2V5IjoiREZRNkdFUldHNUxJVUlWVjJNNFAiLCJuYW1lIjoiU2hpYmJvbGV0aCBJbnRlZ3JhdGlvbiBUZXN0aW5nIn0sIm9vZF9zb2Z0d2FyZSI6bnVsbCwicmVzdWx0Ijoic3VjY2VzcyIsImF1dGhfZGV2aWNlIjp7ImlwIjoiODIuMTcuODkuMjMyIiwibmFtZSI6Iis0NCA3ODUyIDExOTg4MSIsImxvY2F0aW9uIjp7ImNvdW50cnkiOiJVbml0ZWQgS2luZ2RvbSIsInN0YXRlIjoiV2FsZXMiLCJjaXR5IjoiQ2FyZGlmZiJ9fSwiYWNjZXNzX2RldmljZSI6eyJob3N0bmFtZSI6bnVsbCwiaXAiOiI4Mi4xNy44OS4yMzIiLCJsb2NhdGlvbiI6eyJjb3VudHJ5IjoiVW5pdGVkIEtpbmdkb20iLCJzdGF0ZSI6IldhbGVzIiwiY2l0eSI6IkNhcmRpZmYifX0sImlzb3RpbWVzdGFtcCI6IjIwMjAtMDctMDdUMTY6MDg6MzAuNjA3MDc1KzAwOjAwIiwiYWxpYXMiOiIiLCJ0aW1lc3RhbXAiOjE1OTQxMzgxMTB9LCJhdWQiOiJERlE2R0VSV0c1TElVSVZWMk00UCIsImF1dGhfcmVzdWx0Ijp7InN0YXR1c19tc2ciOiJMb2dpbiBTdWNjZXNzZnVsIiwic3RhdHVzIjoiYWxsb3ciLCJyZXN1bHQiOiJhbGxvdyJ9LCJpYXQiOjE1OTQxMzgxMTEsImV4cCI6MTU5NDE0MTcxMCwiYXV0aF90aW1lIjoxNTk0MTM4MTEwfQ.K2PM8maUONOhMbRBgsVY8ty0mpQ6tUJQsr23vdqTWuH3PXRVyKtNfUeypm5d-OAJwka-epOUMbNmWZxcNYK5dQ\"\n  }";

    @NotEmpty
    @Nonnull
    private final String ID_TOKEN_RESPONSE_ERROR = "\"{\"error\": \"invalid_grant\", \"error_description\": \"The provided authorization grant (e.g., authorization code) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.\"}";

    @NotEmpty
    @Nonnull
    private final String ID_TOKEN_REPONSE_NULL = "";

    @NotEmpty
    @Nonnull
    private final String HEALTH_CHECK_REPONSE = "{\n  \"stat\" : \"OK\",\n  \"response\" : {\n    \"timestamp\" : 1601288503\n  },\n  \"code\" : null,\n  \"timestamp\" : null,\n  \"message\" : null,\n  \"message_detail\" : null\n}";

    @NotEmpty
    @Nonnull
    private final String HEALTH_CHECK_REPONSE_ERROR = "{\n  \"stat\" : \"FAIL\",\n  \"response\" : null,\n  \"code\" : 40002,\n  \"timestamp\" : 1601290156,\n  \"message\" : \"invalid_client\",\n  \"message_detail\" : \"The provided client_assertion was invalid.\"\n}";

    @NotEmpty
    @Nonnull
    private final String HEALTH_CHECK_REPONSE_MORE_FIELDS = "{\n  \"stat\" : \"OK\",\n  \"response\" : {\n    \"timestamp\" : 1601288503\n  },\n  \"code\" : null,\n  \"timestamp\" : null,\n  \"message\" : null,\n  \"new_field\" : null,\n  \"message_detail\" : null\n}";

    @BeforeMethod
    public void setup() throws Exception {
        this.integ = new DefaultDuoOIDCIntegration();
        this.integ.setAPIHost("api-c9f24c5a.duosecurity.com");
        this.integ.setClientId("DIU6GEFWG5LIUTVV2M3N");
        this.integ.setRedirectURI("http://localhost/");
        this.integ.setSecretKey("TeXvZxKul47v1Wew2zb6xRPzAJewJ34MP2w8Uith");
        this.integ.setAuthorizeEndpoint("/oauth/v1/authorize");
        this.integ.setTokenEndpoint("/oauth/v1/token");
        this.integ.setHealthCheckEndpoint("/oauth/v1/health_check");
    }

    @Test
    public void testTokenExchange() throws Exception {
        HttpClient httpClient = (HttpClient) Mockito.mock(HttpClient.class);
        HttpResponse httpResponse = (HttpResponse) Mockito.mock(HttpResponse.class);
        StatusLine statusLine = (StatusLine) Mockito.mock(StatusLine.class);
        Mockito.when(httpResponse.getStatusLine()).thenReturn(statusLine);
        Mockito.when(Integer.valueOf(statusLine.getStatusCode())).thenReturn(200);
        Mockito.when(httpResponse.getEntity()).thenReturn(new StringEntity("{\n   \"access_token\": \"SlAV32hkKG\",\n   \"token_type\": \"Bearer\",\n   \"refresh_token\": \"8xLOxBtZp9\",\n   \"expires_in\": 3600,\n   \"id_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJpc3MiOiJodHRwczovL2FwaS1jOWYyNGM1YS5kdW9zZWN1cml0eS5jb20vb2F1dGgvdjEvdG9rZW4iLCJzdWIiOiJqZG9lIiwiYXV0aF9jb250ZXh0Ijp7ImZhY3RvciI6ImR1b19wdXNoIiwicmVhc29uIjoidXNlcl9hcHByb3ZlZCIsInVzZXIiOnsia2V5IjoiRlU1TDhQNDZRR0dTT1VKV0c1OVkiLCJuYW1lIjoiamRvZSIsImdyb3VwcyI6W119LCJ0eGlkIjoiNzAxMDE0MDQtZDM1Yi00OTYxLTk5OGYtZjY3ZmQ1NTQxZDg3IiwiZW1haWwiOiJqZG9lQGV4YW1wbGUuY29tIiwiZXZlbnRfdHlwZSI6ImF1dGhlbnRpY2F0aW9uIiwiYXBwbGljYXRpb24iOnsia2V5IjoiREZRNkdFUldHNUxJVUlWVjJNNFAiLCJuYW1lIjoiU2hpYmJvbGV0aCBJbnRlZ3JhdGlvbiBUZXN0aW5nIn0sIm9vZF9zb2Z0d2FyZSI6bnVsbCwicmVzdWx0Ijoic3VjY2VzcyIsImF1dGhfZGV2aWNlIjp7ImlwIjoiODIuMTcuODkuMjMyIiwibmFtZSI6Iis0NCA3ODUyIDExOTg4MSIsImxvY2F0aW9uIjp7ImNvdW50cnkiOiJVbml0ZWQgS2luZ2RvbSIsInN0YXRlIjoiV2FsZXMiLCJjaXR5IjoiQ2FyZGlmZiJ9fSwiYWNjZXNzX2RldmljZSI6eyJob3N0bmFtZSI6bnVsbCwiaXAiOiI4Mi4xNy44OS4yMzIiLCJsb2NhdGlvbiI6eyJjb3VudHJ5IjoiVW5pdGVkIEtpbmdkb20iLCJzdGF0ZSI6IldhbGVzIiwiY2l0eSI6IkNhcmRpZmYifX0sImlzb3RpbWVzdGFtcCI6IjIwMjAtMDctMDdUMTY6MDg6MzAuNjA3MDc1KzAwOjAwIiwiYWxpYXMiOiIiLCJ0aW1lc3RhbXAiOjE1OTQxMzgxMTB9LCJhdWQiOiJERlE2R0VSV0c1TElVSVZWMk00UCIsImF1dGhfcmVzdWx0Ijp7InN0YXR1c19tc2ciOiJMb2dpbiBTdWNjZXNzZnVsIiwic3RhdHVzIjoiYWxsb3ciLCJyZXN1bHQiOiJhbGxvdyJ9LCJpYXQiOjE1OTQxMzgxMTEsImV4cCI6MTU5NDE0MTcxMCwiYXV0aF90aW1lIjoxNTk0MTM4MTEwfQ.K2PM8maUONOhMbRBgsVY8ty0mpQ6tUJQsr23vdqTWuH3PXRVyKtNfUeypm5d-OAJwka-epOUMbNmWZxcNYK5dQ\"\n  }"));
        Mockito.when(httpClient.execute((HttpUriRequest) Mockito.any(), (HttpContext) Mockito.any())).thenReturn(httpResponse);
        this.client = new NimbusClient(this.integ, httpClient, (HttpClientSecurityParameters) null, new ObjectMapper());
        JWT exchangeAuthorizationCodeFor2FAResult = this.client.exchangeAuthorizationCodeFor2FAResult("code", "jdoe");
        Assert.assertNotNull(exchangeAuthorizationCodeFor2FAResult);
        Assert.assertEquals(exchangeAuthorizationCodeFor2FAResult.getJWTClaimsSet().getSubject(), "jdoe");
    }

    @Test(expectedExceptions = {DuoClientException.class})
    public void testTokenExchangeInternalServerErrorResponse() throws Exception {
        HttpClient httpClient = (HttpClient) Mockito.mock(HttpClient.class);
        HttpResponse httpResponse = (HttpResponse) Mockito.mock(HttpResponse.class);
        StatusLine statusLine = (StatusLine) Mockito.mock(StatusLine.class);
        Mockito.when(httpResponse.getStatusLine()).thenReturn(statusLine);
        Mockito.when(Integer.valueOf(statusLine.getStatusCode())).thenReturn(500);
        Mockito.when(httpResponse.getEntity()).thenReturn(new StringEntity(""));
        Mockito.when(httpClient.execute((HttpUriRequest) Mockito.any(), (HttpContext) Mockito.any())).thenReturn(httpResponse);
        this.client = new NimbusClient(this.integ, httpClient, (HttpClientSecurityParameters) null, new ObjectMapper());
        this.client.exchangeAuthorizationCodeFor2FAResult("code", "jdoe");
    }

    @Test
    public void testHealthCheck() throws Exception {
        HttpClient httpClient = (HttpClient) Mockito.mock(HttpClient.class);
        HttpResponse httpResponse = (HttpResponse) Mockito.mock(HttpResponse.class);
        StatusLine statusLine = (StatusLine) Mockito.mock(StatusLine.class);
        Mockito.when(httpResponse.getStatusLine()).thenReturn(statusLine);
        Mockito.when(Integer.valueOf(statusLine.getStatusCode())).thenReturn(200);
        Mockito.when(httpResponse.getEntity()).thenReturn(new StringEntity("{\n  \"stat\" : \"OK\",\n  \"response\" : {\n    \"timestamp\" : 1601288503\n  },\n  \"code\" : null,\n  \"timestamp\" : null,\n  \"message\" : null,\n  \"message_detail\" : null\n}"));
        Mockito.when(httpClient.execute((HttpUriRequest) Mockito.any(), (HttpContext) Mockito.any())).thenReturn(httpResponse);
        this.client = new NimbusClient(this.integ, httpClient, (HttpClientSecurityParameters) null, new ObjectMapper());
        Assert.assertEquals(this.client.healthCheck().getStatus(), "OK");
    }

    @Test
    public void testHealthCheckMoreFields() throws Exception {
        HttpClient httpClient = (HttpClient) Mockito.mock(HttpClient.class);
        HttpResponse httpResponse = (HttpResponse) Mockito.mock(HttpResponse.class);
        StatusLine statusLine = (StatusLine) Mockito.mock(StatusLine.class);
        Mockito.when(httpResponse.getStatusLine()).thenReturn(statusLine);
        Mockito.when(Integer.valueOf(statusLine.getStatusCode())).thenReturn(200);
        Mockito.when(httpResponse.getEntity()).thenReturn(new StringEntity("{\n  \"stat\" : \"OK\",\n  \"response\" : {\n    \"timestamp\" : 1601288503\n  },\n  \"code\" : null,\n  \"timestamp\" : null,\n  \"message\" : null,\n  \"new_field\" : null,\n  \"message_detail\" : null\n}"));
        Mockito.when(httpClient.execute((HttpUriRequest) Mockito.any(), (HttpContext) Mockito.any())).thenReturn(httpResponse);
        this.client = new NimbusClient(this.integ, httpClient, (HttpClientSecurityParameters) null, new ObjectMapper());
        Assert.assertEquals(this.client.healthCheck().getStatus(), "OK");
    }

    @Test
    public void testHealthCheckError() throws Exception {
        HttpClient httpClient = (HttpClient) Mockito.mock(HttpClient.class);
        HttpResponse httpResponse = (HttpResponse) Mockito.mock(HttpResponse.class);
        StatusLine statusLine = (StatusLine) Mockito.mock(StatusLine.class);
        Mockito.when(httpResponse.getStatusLine()).thenReturn(statusLine);
        Mockito.when(Integer.valueOf(statusLine.getStatusCode())).thenReturn(200);
        Mockito.when(httpResponse.getEntity()).thenReturn(new StringEntity("{\n  \"stat\" : \"FAIL\",\n  \"response\" : null,\n  \"code\" : 40002,\n  \"timestamp\" : 1601290156,\n  \"message\" : \"invalid_client\",\n  \"message_detail\" : \"The provided client_assertion was invalid.\"\n}"));
        Mockito.when(httpClient.execute((HttpUriRequest) Mockito.any(), (HttpContext) Mockito.any())).thenReturn(httpResponse);
        this.client = new NimbusClient(this.integ, httpClient, (HttpClientSecurityParameters) null, new ObjectMapper());
        Assert.assertEquals(this.client.healthCheck().getStatus(), "FAIL");
    }

    @Test(expectedExceptions = {DuoClientException.class})
    public void testHealthEndpointTimeout() throws Exception {
        HttpClient httpClient = (HttpClient) Mockito.mock(HttpClient.class);
        Mockito.when(httpClient.execute((HttpUriRequest) Mockito.any(), (HttpContext) Mockito.any())).thenThrow(IOException.class);
        this.client = new NimbusClient(this.integ, httpClient, (HttpClientSecurityParameters) null, new ObjectMapper());
        this.client.healthCheck();
    }

    @Test
    public void testAuthURL() throws DuoClientException {
        this.client = new NimbusClient(this.integ, (HttpClient) Mockito.mock(HttpClient.class), (HttpClientSecurityParameters) null, new ObjectMapper());
        String createAuthUrl = this.client.createAuthUrl("jdoe", "RRFSFERGERGSDDSXXXXQWERG", "a_nonce");
        Assert.assertNotNull(createAuthUrl);
        Assert.assertTrue(createAuthUrl.contains("response_type"));
        Assert.assertTrue(createAuthUrl.contains("client_id"));
        Assert.assertTrue(createAuthUrl.contains("request"));
        Assert.assertTrue(createAuthUrl.contains("redirect_uri"));
        Assert.assertTrue(createAuthUrl.contains("scope"));
        Assert.assertTrue(createAuthUrl.contains("nonce"));
    }
}
