package org.alfresco.repo.security.authentication.identityservice.admin;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.time.Instant;
import org.alfresco.repo.security.authentication.external.RemoteUserMapper;
import org.alfresco.repo.security.authentication.identityservice.IdentityServiceFacade;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.ArgumentMatchers;
import org.mockito.Captor;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
import org.springframework.security.oauth2.client.registration.ClientRegistration;

/* loaded from: input_file:org/alfresco/repo/security/authentication/identityservice/admin/IdentityServiceAdminConsoleAuthenticatorUnitTest.class */
public class IdentityServiceAdminConsoleAuthenticatorUnitTest {
    private static final String ALFRESCO_ACCESS_TOKEN = "ALFRESCO_ACCESS_TOKEN";
    private static final String ALFRESCO_REFRESH_TOKEN = "ALFRESCO_REFRESH_TOKEN";
    private static final String ALFRESCO_TOKEN_EXPIRATION = "ALFRESCO_TOKEN_EXPIRATION";

    @Mock
    HttpServletRequest request;

    @Mock
    HttpServletResponse response;

    @Mock
    IdentityServiceFacade identityServiceFacade;

    @Mock
    AdminConsoleAuthenticationCookiesService cookiesService;

    @Mock
    RemoteUserMapper remoteUserMapper;

    @Mock
    IdentityServiceFacade.AccessTokenAuthorization accessTokenAuthorization;

    @Mock
    IdentityServiceFacade.AccessToken accessToken;

    @Captor
    ArgumentCaptor<AdminConsoleHttpServletRequestWrapper> requestCaptor;
    IdentityServiceAdminConsoleAuthenticator authenticator;
    StringBuffer adminConsoleURL = new StringBuffer("http://localhost:8080/admin-console");

    @Before
    public void setup() {
        MockitoAnnotations.initMocks(this);
        ClientRegistration clientRegistration = (ClientRegistration) Mockito.mock(ClientRegistration.class);
        ClientRegistration.ProviderDetails providerDetails = (ClientRegistration.ProviderDetails) Mockito.mock(ClientRegistration.ProviderDetails.class);
        Mockito.when(clientRegistration.getProviderDetails()).thenReturn(providerDetails);
        Mockito.when(clientRegistration.getClientId()).thenReturn("alfresco");
        Mockito.when(providerDetails.getAuthorizationUri()).thenReturn("http://localhost:8999/auth");
        Mockito.when(this.identityServiceFacade.getClientRegistration()).thenReturn(clientRegistration);
        Mockito.when(this.request.getRequestURL()).thenReturn(this.adminConsoleURL);
        Mockito.when(this.remoteUserMapper.getRemoteUser(this.request)).thenReturn((Object) null);
        this.authenticator = new IdentityServiceAdminConsoleAuthenticator();
        this.authenticator.setActive(true);
        this.authenticator.setIdentityServiceFacade(this.identityServiceFacade);
        this.authenticator.setCookiesService(this.cookiesService);
        this.authenticator.setRemoteUserMapper(this.remoteUserMapper);
    }

    @Test
    public void shouldCallRemoteMapperIfTokenIsInCookies() {
        Mockito.when(this.cookiesService.getCookie(ALFRESCO_ACCESS_TOKEN, this.request)).thenReturn("JWT_TOKEN");
        Mockito.when(this.cookiesService.getCookie(ALFRESCO_TOKEN_EXPIRATION, this.request)).thenReturn(String.valueOf(Instant.now().plusSeconds(60L).toEpochMilli()));
        Mockito.when(this.remoteUserMapper.getRemoteUser((HttpServletRequest) this.requestCaptor.capture())).thenReturn("admin");
        String adminConsoleUser = this.authenticator.getAdminConsoleUser(this.request, this.response);
        Assert.assertEquals("Bearer JWT_TOKEN", ((AdminConsoleHttpServletRequestWrapper) this.requestCaptor.getValue()).getHeader("Authorization"));
        Assert.assertEquals("admin", adminConsoleUser);
        Assert.assertTrue(this.authenticator.isActive());
    }

    @Test
    public void shouldRefreshExpiredTokenAndCallRemoteMapper() {
        Mockito.when(this.cookiesService.getCookie(ALFRESCO_ACCESS_TOKEN, this.request)).thenReturn("EXPIRED_JWT_TOKEN");
        Mockito.when(this.cookiesService.getCookie(ALFRESCO_REFRESH_TOKEN, this.request)).thenReturn("REFRESH_TOKEN");
        Mockito.when(this.cookiesService.getCookie(ALFRESCO_TOKEN_EXPIRATION, this.request)).thenReturn(String.valueOf(Instant.now().minusSeconds(60L).toEpochMilli()));
        Mockito.when(this.accessToken.getTokenValue()).thenReturn("REFRESHED_JWT_TOKEN");
        Mockito.when(this.accessToken.getExpiresAt()).thenReturn(Instant.now().plusSeconds(60L));
        Mockito.when(this.accessTokenAuthorization.getAccessToken()).thenReturn(this.accessToken);
        Mockito.when(this.accessTokenAuthorization.getRefreshTokenValue()).thenReturn("REFRESH_TOKEN");
        Mockito.when(this.identityServiceFacade.authorize((IdentityServiceFacade.AuthorizationGrant) ArgumentMatchers.any(IdentityServiceFacade.AuthorizationGrant.class))).thenReturn(this.accessTokenAuthorization);
        Mockito.when(this.remoteUserMapper.getRemoteUser((HttpServletRequest) this.requestCaptor.capture())).thenReturn("admin");
        String adminConsoleUser = this.authenticator.getAdminConsoleUser(this.request, this.response);
        ((AdminConsoleAuthenticationCookiesService) Mockito.verify(this.cookiesService)).addCookie(ALFRESCO_ACCESS_TOKEN, "REFRESHED_JWT_TOKEN", this.response);
        ((AdminConsoleAuthenticationCookiesService) Mockito.verify(this.cookiesService)).addCookie(ALFRESCO_REFRESH_TOKEN, "REFRESH_TOKEN", this.response);
        Assert.assertEquals("Bearer REFRESHED_JWT_TOKEN", ((AdminConsoleHttpServletRequestWrapper) this.requestCaptor.getValue()).getHeader("Authorization"));
        Assert.assertEquals("admin", adminConsoleUser);
    }

    @Test
    public void shouldCallAuthChallenge() throws IOException {
        String str = "http://localhost:8999/auth?client_id=alfresco&redirect_uri=" + ((Object) this.adminConsoleURL) + "&response_type=code&scope=openid";
        this.authenticator.requestAuthentication(this.request, this.response);
        ((HttpServletResponse) Mockito.verify(this.response)).sendRedirect(str);
    }

    @Test
    public void shouldResetCookiesAndCallAuthChallenge() throws IOException {
        Mockito.when(this.cookiesService.getCookie(ALFRESCO_ACCESS_TOKEN, this.request)).thenReturn("EXPIRED_JWT_TOKEN");
        Mockito.when(this.cookiesService.getCookie(ALFRESCO_REFRESH_TOKEN, this.request)).thenReturn("REFRESH_TOKEN");
        Mockito.when(this.cookiesService.getCookie(ALFRESCO_TOKEN_EXPIRATION, this.request)).thenReturn(String.valueOf(Instant.now().minusSeconds(60L).toEpochMilli()));
        Mockito.when(this.identityServiceFacade.authorize((IdentityServiceFacade.AuthorizationGrant) ArgumentMatchers.any(IdentityServiceFacade.AuthorizationGrant.class))).thenThrow(IdentityServiceFacade.AuthorizationException.class);
        String adminConsoleUser = this.authenticator.getAdminConsoleUser(this.request, this.response);
        ((AdminConsoleAuthenticationCookiesService) Mockito.verify(this.cookiesService)).resetCookie(ALFRESCO_ACCESS_TOKEN, this.response);
        ((AdminConsoleAuthenticationCookiesService) Mockito.verify(this.cookiesService)).resetCookie(ALFRESCO_REFRESH_TOKEN, this.response);
        ((AdminConsoleAuthenticationCookiesService) Mockito.verify(this.cookiesService)).resetCookie(ALFRESCO_TOKEN_EXPIRATION, this.response);
        Assert.assertNull(adminConsoleUser);
    }

    @Test
    public void shouldAuthorizeCodeAndSetCookies() {
        Mockito.when(this.request.getParameter("code")).thenReturn("auth_code");
        Mockito.when(this.accessToken.getTokenValue()).thenReturn("JWT_TOKEN");
        Mockito.when(this.accessToken.getExpiresAt()).thenReturn(Instant.now().plusSeconds(60L));
        Mockito.when(this.accessTokenAuthorization.getAccessToken()).thenReturn(this.accessToken);
        Mockito.when(this.accessTokenAuthorization.getRefreshTokenValue()).thenReturn("REFRESH_TOKEN");
        Mockito.when(this.identityServiceFacade.authorize(IdentityServiceFacade.AuthorizationGrant.authorizationCode("auth_code", this.adminConsoleURL.toString()))).thenReturn(this.accessTokenAuthorization);
        Mockito.when(this.remoteUserMapper.getRemoteUser((HttpServletRequest) this.requestCaptor.capture())).thenReturn("admin");
        String adminConsoleUser = this.authenticator.getAdminConsoleUser(this.request, this.response);
        ((AdminConsoleAuthenticationCookiesService) Mockito.verify(this.cookiesService)).addCookie(ALFRESCO_ACCESS_TOKEN, "JWT_TOKEN", this.response);
        ((AdminConsoleAuthenticationCookiesService) Mockito.verify(this.cookiesService)).addCookie(ALFRESCO_REFRESH_TOKEN, "REFRESH_TOKEN", this.response);
        Assert.assertEquals("Bearer JWT_TOKEN", ((AdminConsoleHttpServletRequestWrapper) this.requestCaptor.getValue()).getHeader("Authorization"));
        Assert.assertEquals("admin", adminConsoleUser);
    }

    @Test
    public void shouldExtractUsernameFromAuthorizationHeader() {
        Mockito.when(this.remoteUserMapper.getRemoteUser(this.request)).thenReturn("admin");
        Assert.assertEquals("admin", this.authenticator.getAdminConsoleUser(this.request, this.response));
    }
}
