package org.alfresco.repo.security.authentication.identityservice;

import java.util.Map;
import java.util.Optional;
import org.alfresco.repo.security.authentication.identityservice.IdentityServiceFacade;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;

/* loaded from: input_file:org/alfresco/repo/security/authentication/identityservice/IdentityServiceJITProvisioningHandlerUnitTest.class */
public class IdentityServiceJITProvisioningHandlerUnitTest {

    @Mock
    private IdentityServiceFacade identityServiceFacade;

    @Mock
    private PersonService personService;

    @Mock
    private IdentityServiceFacade.DecodedAccessToken decodedAccessToken;

    @Mock
    private TransactionService transactionService;

    @Mock
    private OIDCUserInfo userInfo;
    private IdentityServiceJITProvisioningHandler jitProvisioningHandler;
    private static final String JWT_TOKEN = "myToken";

    @Before
    public void setup() {
        MockitoAnnotations.initMocks(this);
        Mockito.when(Boolean.valueOf(this.transactionService.isReadOnly())).thenReturn(false);
        Mockito.when(this.identityServiceFacade.decodeToken(JWT_TOKEN)).thenReturn(this.decodedAccessToken);
        Mockito.when(Boolean.valueOf(this.personService.createMissingPeople())).thenReturn(true);
        this.jitProvisioningHandler = new IdentityServiceJITProvisioningHandler(this.identityServiceFacade, this.personService, this.transactionService);
    }

    @Test
    public void shouldExtractUserInfoForExistingUser() {
        Mockito.when(Boolean.valueOf(this.personService.personExists("johny123"))).thenReturn(true);
        Mockito.when(this.decodedAccessToken.getClaim("preferred_username")).thenReturn("johny123");
        Optional extractUserInfoAndCreateUserIfNeeded = this.jitProvisioningHandler.extractUserInfoAndCreateUserIfNeeded(JWT_TOKEN);
        Assert.assertTrue(extractUserInfoAndCreateUserIfNeeded.isPresent());
        Assert.assertEquals("johny123", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).username());
        Assert.assertFalse(((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).allFieldsNotEmpty());
        ((IdentityServiceFacade) Mockito.verify(this.identityServiceFacade, Mockito.never())).getUserInfo(JWT_TOKEN);
    }

    @Test
    public void shouldExtractUserInfoFromAccessTokenAndCreateUser() {
        Mockito.when(Boolean.valueOf(this.personService.personExists("johny123"))).thenReturn(false);
        Mockito.when(this.decodedAccessToken.getClaim("preferred_username")).thenReturn("johny123");
        Mockito.when(this.decodedAccessToken.getClaim("given_name")).thenReturn("John");
        Mockito.when(this.decodedAccessToken.getClaim("family_name")).thenReturn("Doe");
        Mockito.when(this.decodedAccessToken.getClaim("email")).thenReturn("johny123@email.com");
        Optional extractUserInfoAndCreateUserIfNeeded = this.jitProvisioningHandler.extractUserInfoAndCreateUserIfNeeded(JWT_TOKEN);
        Assert.assertTrue(extractUserInfoAndCreateUserIfNeeded.isPresent());
        Assert.assertEquals("johny123", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).username());
        Assert.assertEquals("John", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).firstName());
        Assert.assertEquals("Doe", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).lastName());
        Assert.assertEquals("johny123@email.com", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).email());
        Assert.assertTrue(((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).allFieldsNotEmpty());
        ((PersonService) Mockito.verify(this.personService)).createPerson((Map) ArgumentMatchers.any());
        ((IdentityServiceFacade) Mockito.verify(this.identityServiceFacade, Mockito.never())).getUserInfo(JWT_TOKEN);
    }

    @Test
    public void shouldExtractUserInfoFromUserInfoEndpointAndCreateUser() {
        Mockito.when(this.userInfo.username()).thenReturn("johny123");
        Mockito.when(this.userInfo.firstName()).thenReturn("John");
        Mockito.when(this.userInfo.lastName()).thenReturn("Doe");
        Mockito.when(this.userInfo.email()).thenReturn("johny123@email.com");
        Mockito.when(Boolean.valueOf(this.personService.personExists("johny123"))).thenReturn(false);
        Mockito.when(this.decodedAccessToken.getClaim("preferred_username")).thenReturn("johny123");
        Mockito.when(this.identityServiceFacade.getUserInfo(JWT_TOKEN)).thenReturn(Optional.of(this.userInfo));
        Optional extractUserInfoAndCreateUserIfNeeded = this.jitProvisioningHandler.extractUserInfoAndCreateUserIfNeeded(JWT_TOKEN);
        Assert.assertTrue(extractUserInfoAndCreateUserIfNeeded.isPresent());
        Assert.assertEquals("johny123", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).username());
        Assert.assertEquals("John", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).firstName());
        Assert.assertEquals("Doe", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).lastName());
        Assert.assertEquals("johny123@email.com", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).email());
        Assert.assertTrue(((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).allFieldsNotEmpty());
        ((PersonService) Mockito.verify(this.personService)).createPerson((Map) ArgumentMatchers.any());
        ((IdentityServiceFacade) Mockito.verify(this.identityServiceFacade)).getUserInfo(JWT_TOKEN);
    }

    @Test
    public void shouldReturnEmptyOptionalIfUsernameNotExtracted() {
        Mockito.when(this.identityServiceFacade.getUserInfo(JWT_TOKEN)).thenReturn(Optional.of(this.userInfo));
        Assert.assertFalse(this.jitProvisioningHandler.extractUserInfoAndCreateUserIfNeeded(JWT_TOKEN).isPresent());
        ((PersonService) Mockito.verify(this.personService, Mockito.never())).createPerson((Map) ArgumentMatchers.any());
        ((IdentityServiceFacade) Mockito.verify(this.identityServiceFacade)).getUserInfo(JWT_TOKEN);
    }

    @Test
    public void shouldCallUserInfoEndpointToGetUsername() {
        Mockito.when(Boolean.valueOf(this.personService.personExists("johny123"))).thenReturn(true);
        Mockito.when(this.decodedAccessToken.getClaim("preferred_username")).thenReturn("");
        Mockito.when(this.userInfo.username()).thenReturn("johny123");
        Mockito.when(this.identityServiceFacade.getUserInfo(JWT_TOKEN)).thenReturn(Optional.of(this.userInfo));
        Optional extractUserInfoAndCreateUserIfNeeded = this.jitProvisioningHandler.extractUserInfoAndCreateUserIfNeeded(JWT_TOKEN);
        Assert.assertTrue(extractUserInfoAndCreateUserIfNeeded.isPresent());
        Assert.assertEquals("johny123", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).username());
        Assert.assertEquals("", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).firstName());
        Assert.assertEquals("", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).lastName());
        Assert.assertEquals("", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).email());
        Assert.assertFalse(((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).allFieldsNotEmpty());
        ((PersonService) Mockito.verify(this.personService, Mockito.never())).createPerson((Map) ArgumentMatchers.any());
        ((IdentityServiceFacade) Mockito.verify(this.identityServiceFacade)).getUserInfo(JWT_TOKEN);
    }

    @Test
    public void shouldNotCallUserInfoEndpointIfTokenIsNullOrEmpty() {
        this.jitProvisioningHandler.extractUserInfoAndCreateUserIfNeeded((String) null);
        this.jitProvisioningHandler.extractUserInfoAndCreateUserIfNeeded("");
        ((PersonService) Mockito.verify(this.personService, Mockito.never())).createPerson((Map) ArgumentMatchers.any());
        ((IdentityServiceFacade) Mockito.verify(this.identityServiceFacade, Mockito.never())).decodeToken((String) null);
        ((IdentityServiceFacade) Mockito.verify(this.identityServiceFacade, Mockito.never())).decodeToken("");
        ((IdentityServiceFacade) Mockito.verify(this.identityServiceFacade, Mockito.never())).getUserInfo((String) null);
        ((IdentityServiceFacade) Mockito.verify(this.identityServiceFacade, Mockito.never())).getUserInfo("");
    }
}
