package io.jans.as.server.ssa.ws.rs;

import com.google.common.collect.Lists;
import io.jans.as.common.model.ssa.Ssa;
import io.jans.as.common.model.ssa.SsaState;
import io.jans.as.model.config.BaseDnConfiguration;
import io.jans.as.model.config.StaticConfiguration;
import io.jans.as.model.config.WebKeysConfiguration;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.crypto.AbstractCryptoProvider;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.model.error.IErrorType;
import io.jans.as.model.exception.CryptoProviderException;
import io.jans.as.model.jwk.Algorithm;
import io.jans.as.model.jwk.JSONWebKeySet;
import io.jans.as.model.jwk.KeyOpsType;
import io.jans.as.model.jwk.Use;
import io.jans.as.model.jwt.Jwt;
import io.jans.as.model.jwt.JwtClaims;
import io.jans.as.model.jwt.JwtHeader;
import io.jans.as.model.ssa.SsaConfiguration;
import io.jans.as.model.ssa.SsaRequestParam;
import io.jans.as.model.ssa.SsaScopeType;
import io.jans.as.server.model.common.ExecutionContext;
import io.jans.orm.PersistenceEntryManager;
import io.jans.orm.exception.EntryPersistenceException;
import io.jans.orm.search.filter.Filter;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.Response;
import java.util.Collections;
import java.util.GregorianCalendar;
import java.util.List;
import java.util.TimeZone;
import java.util.UUID;
import org.json.JSONObject;
import org.mockito.ArgumentCaptor;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.testng.MockitoTestNGListener;
import org.slf4j.Logger;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Listeners;
import org.testng.annotations.Test;

@Listeners({MockitoTestNGListener.class})
/* loaded from: input_file:io/jans/as/server/ssa/ws/rs/SsaServiceTest.class */
public class SsaServiceTest {

    @Mock
    private Logger log;

    @InjectMocks
    private SsaService ssaService;

    @Mock
    private AppConfiguration appConfiguration;

    @Mock
    private PersistenceEntryManager persistenceEntryManager;

    @Mock
    private StaticConfiguration staticConfiguration;

    @Mock
    private WebKeysConfiguration webKeysConfiguration;

    @Mock
    private AbstractCryptoProvider cryptoProvider;

    @Mock
    private ErrorResponseFactory errorResponseFactory;
    private Ssa ssa;

    @BeforeMethod
    public void setUp() {
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
        gregorianCalendar.add(10, 24);
        this.ssa = new Ssa();
        this.ssa.setId(UUID.randomUUID().toString());
        this.ssa.setOrgId("test-org-id-1000");
        this.ssa.setExpirationDate(gregorianCalendar.getTime());
        this.ssa.setDescription("Test description");
        this.ssa.getAttributes().setSoftwareId("scan-api-test");
        this.ssa.getAttributes().setSoftwareRoles(Collections.singletonList("password"));
        this.ssa.getAttributes().setGrantTypes(Collections.singletonList("client_credentials"));
        this.ssa.getAttributes().setOneTimeUse(true);
        this.ssa.getAttributes().setRotateSsa(true);
        this.ssa.getAttributes().setLifetime(86400);
    }

    @Test
    public void fillPayload_whenCallsWithScopes_shouldGetScopeClaimInPayload() {
        this.ssa.getAttributes().setScopes(Lists.newArrayList(new String[]{"scope1", "scope2"}));
        JwtClaims jwtClaims = new JwtClaims();
        this.ssaService.fillPayload(jwtClaims, this.ssa);
        Assert.assertEquals(jwtClaims.getClaimAsString("scope"), "scope1 scope2");
    }

    @Test
    public void persist_ssa_valid() {
        this.ssaService.persist(this.ssa);
        ((PersistenceEntryManager) Mockito.verify(this.persistenceEntryManager)).persist(Mockito.any(Ssa.class));
        Mockito.verifyNoInteractions(new Object[]{this.log});
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Ssa.class);
        ((PersistenceEntryManager) Mockito.verify(this.persistenceEntryManager)).persist(forClass.capture());
        assertSsaWithAux(this.ssa, (Ssa) forClass.getValue());
    }

    @Test
    public void merge_ssa_valid() {
        this.ssaService.merge(this.ssa);
        ((PersistenceEntryManager) Mockito.verify(this.persistenceEntryManager)).merge(Mockito.any(Ssa.class));
        Mockito.verifyNoInteractions(new Object[]{this.log});
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Ssa.class);
        ((PersistenceEntryManager) Mockito.verify(this.persistenceEntryManager)).merge(forClass.capture());
        assertSsaWithAux(this.ssa, (Ssa) forClass.getValue());
    }

    @Test
    public void findSsaByJti_jtiValid_ssaValid() {
        BaseDnConfiguration baseDnConfiguration = new BaseDnConfiguration();
        baseDnConfiguration.setSsa("ou=ssa,o=jans");
        Mockito.when(this.staticConfiguration.getBaseDn()).thenReturn(baseDnConfiguration);
        Mockito.when(this.persistenceEntryManager.find((Class) Mockito.any(), Mockito.anyString())).thenReturn(this.ssa);
        Assert.assertNotNull(this.ssaService.findSsaByJti("my-jti"), "ssa is null");
        Mockito.verifyNoMoreInteractions(new Object[]{this.persistenceEntryManager});
    }

    @Test
    public void findSsaByJti_jtiNotFound_ssaNull() {
        BaseDnConfiguration baseDnConfiguration = new BaseDnConfiguration();
        baseDnConfiguration.setSsa("ou=ssa,o=jans");
        Mockito.when(this.staticConfiguration.getBaseDn()).thenReturn(baseDnConfiguration);
        Mockito.when(this.persistenceEntryManager.find((Class) Mockito.any(), Mockito.anyString())).thenThrow(new Throwable[]{new EntryPersistenceException(" Failed to lookup entry by key")});
        Assert.assertNull(this.ssaService.findSsaByJti("my-jti"), "ssa is not null");
        Mockito.verifyNoMoreInteractions(new Object[]{this.persistenceEntryManager});
    }

    @Test
    public void getSsaList_withDeveloperScope_valid() {
        BaseDnConfiguration baseDnConfiguration = new BaseDnConfiguration();
        baseDnConfiguration.setSsa("ou=ssa,o=jans");
        Mockito.when(this.staticConfiguration.getBaseDn()).thenReturn(baseDnConfiguration);
        Assert.assertNotNull(this.ssaService.getSsaList((String) null, (String) null, (SsaState) null, "test-client", new String[]{SsaScopeType.SSA_DEVELOPER.getValue()}));
        ((Logger) Mockito.verify(this.log)).trace((String) Mockito.eq("Filter with AND created: " + String.format("[(creatorId=%s)]", "test-client")));
        ((PersistenceEntryManager) Mockito.verify(this.persistenceEntryManager)).findEntries((String) Mockito.any(), (Class) Mockito.any(), (Filter) Mockito.any());
        Mockito.verifyNoMoreInteractions(new Object[]{this.log});
    }

    @Test
    public void getSsaList_withJti_valid() {
        BaseDnConfiguration baseDnConfiguration = new BaseDnConfiguration();
        baseDnConfiguration.setSsa("ou=ssa,o=jans");
        Mockito.when(this.staticConfiguration.getBaseDn()).thenReturn(baseDnConfiguration);
        Assert.assertNotNull(this.ssaService.getSsaList("test-jti", (String) null, (SsaState) null, "test-client", new String[0]));
        ((Logger) Mockito.verify(this.log)).trace((String) Mockito.eq("Filter with AND created: " + String.format("[(inum=%s)]", "test-jti")));
        ((PersistenceEntryManager) Mockito.verify(this.persistenceEntryManager)).findEntries((String) Mockito.any(), (Class) Mockito.any(), (Filter) Mockito.any());
        Mockito.verifyNoMoreInteractions(new Object[]{this.log});
    }

    @Test
    public void getSsaList_withOrgId_valid() {
        BaseDnConfiguration baseDnConfiguration = new BaseDnConfiguration();
        baseDnConfiguration.setSsa("ou=ssa,o=jans");
        Mockito.when(this.staticConfiguration.getBaseDn()).thenReturn(baseDnConfiguration);
        Assert.assertNotNull(this.ssaService.getSsaList((String) null, "org-id-test-1", (SsaState) null, "test-client", new String[0]));
        ((Logger) Mockito.verify(this.log)).trace((String) Mockito.eq("Filter with AND created: " + String.format("[(o=%s)]", "org-id-test-1")));
        ((PersistenceEntryManager) Mockito.verify(this.persistenceEntryManager)).findEntries((String) Mockito.any(), (Class) Mockito.any(), (Filter) Mockito.any());
        Mockito.verifyNoMoreInteractions(new Object[]{this.log});
    }

    @Test
    public void getSsaList_withStatus_valid() {
        BaseDnConfiguration baseDnConfiguration = new BaseDnConfiguration();
        baseDnConfiguration.setSsa("ou=ssa,o=jans");
        Mockito.when(this.staticConfiguration.getBaseDn()).thenReturn(baseDnConfiguration);
        SsaState ssaState = SsaState.ACTIVE;
        Assert.assertNotNull(this.ssaService.getSsaList((String) null, (String) null, ssaState, "test-client", new String[0]));
        ((Logger) Mockito.verify(this.log)).trace((String) Mockito.eq("Filter with AND created: " + String.format("[(jansState=%s)]", ssaState)));
        ((PersistenceEntryManager) Mockito.verify(this.persistenceEntryManager)).findEntries((String) Mockito.any(), (Class) Mockito.any(), (Filter) Mockito.any());
        Mockito.verifyNoMoreInteractions(new Object[]{this.log});
    }

    @Test
    public void getSsaList_withNullParam_valid() {
        BaseDnConfiguration baseDnConfiguration = new BaseDnConfiguration();
        baseDnConfiguration.setSsa("ou=ssa,o=jans");
        Mockito.when(this.staticConfiguration.getBaseDn()).thenReturn(baseDnConfiguration);
        List ssaList = this.ssaService.getSsaList((String) null, (String) null, (SsaState) null, (String) null, new String[0]);
        Assert.assertNotNull(ssaList);
        Assert.assertTrue(ssaList.isEmpty());
        ((PersistenceEntryManager) Mockito.verify(this.persistenceEntryManager)).findEntries((String) Mockito.any(), (Class) Mockito.any(), (Filter) Mockito.any());
        Mockito.verifyNoInteractions(new Object[]{this.log});
    }

    @Test
    public void generateJwt_executionContextWithPostProcessorNull_jwtValid() throws Exception {
        SsaConfiguration ssaConfiguration = new SsaConfiguration();
        Mockito.when(this.appConfiguration.getSsaConfiguration()).thenReturn(ssaConfiguration);
        Mockito.when(this.appConfiguration.getIssuer()).thenReturn("https://test.jans.io");
        Mockito.when(this.cryptoProvider.getKeyId((JSONWebKeySet) Mockito.any(), (Algorithm) Mockito.any(), (Use) Mockito.any(), (KeyOpsType) Mockito.any())).thenReturn("kid-test");
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        assertSsaJwt(ssaConfiguration.getSsaSigningAlg(), "https://test.jans.io", this.ssa, this.ssaService.generateJwt(this.ssa, executionContext));
        ((ExecutionContext) Mockito.verify(executionContext)).getPostProcessor();
        Mockito.verifyNoMoreInteractions(new Object[]{executionContext});
    }

    @Test
    public void generateJwt_executionContextWithPostProcessor_jwtValid() throws Exception {
        SsaConfiguration ssaConfiguration = new SsaConfiguration();
        Mockito.when(this.appConfiguration.getSsaConfiguration()).thenReturn(ssaConfiguration);
        Mockito.when(this.appConfiguration.getIssuer()).thenReturn("https://test.jans.io");
        Mockito.when(this.cryptoProvider.getKeyId((JSONWebKeySet) Mockito.any(), (Algorithm) Mockito.any(), (Use) Mockito.any(), (KeyOpsType) Mockito.any())).thenReturn("kid-test");
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        Mockito.when(executionContext.getPostProcessor()).thenReturn(jsonWebResponse -> {
            return null;
        });
        assertSsaJwt(ssaConfiguration.getSsaSigningAlg(), "https://test.jans.io", this.ssa, this.ssaService.generateJwt(this.ssa, executionContext));
        ((ExecutionContext) Mockito.verify(executionContext, Mockito.times(2))).getPostProcessor();
    }

    @Test
    public void generateJwt_ssa_jwtValid() throws Exception {
        SsaConfiguration ssaConfiguration = new SsaConfiguration();
        Mockito.when(this.appConfiguration.getSsaConfiguration()).thenReturn(ssaConfiguration);
        Mockito.when(this.appConfiguration.getIssuer()).thenReturn("https://test.jans.io");
        Mockito.when(this.cryptoProvider.getKeyId((JSONWebKeySet) Mockito.any(), (Algorithm) Mockito.any(), (Use) Mockito.any(), (KeyOpsType) Mockito.any())).thenReturn("kid-test");
        assertSsaJwt(ssaConfiguration.getSsaSigningAlg(), "https://test.jans.io", this.ssa, this.ssaService.generateJwt(this.ssa));
        ((AbstractCryptoProvider) Mockito.verify(this.cryptoProvider)).sign((String) Mockito.any(), (String) Mockito.any(), (String) Mockito.eq((Object) null), (SignatureAlgorithm) Mockito.any());
    }

    @Test
    public void generateJwt_signatureAlgorithmNull_invalidSignature() {
        SsaConfiguration ssaConfiguration = new SsaConfiguration();
        ssaConfiguration.setSsaSigningAlg("WRONG-SIGNING-ALG");
        Mockito.when(this.appConfiguration.getSsaConfiguration()).thenReturn(ssaConfiguration);
        Mockito.when(this.errorResponseFactory.createWebApplicationException((Response.Status) Mockito.any(), (IErrorType) Mockito.any(), Mockito.anyString())).thenThrow(new Throwable[]{new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("{\"error\":\"invalid_signature\",\"description\":\"No algorithm found to sign the JWT.\"}").build())});
        WebApplicationException expectThrows = Assert.expectThrows(WebApplicationException.class, () -> {
            this.ssaService.generateJwt(this.ssa);
        });
        Assert.assertNotNull(expectThrows);
        Assert.assertEquals(expectThrows.getResponse().getStatus(), 400);
        Assert.assertNotNull(expectThrows.getResponse().getEntity());
        JSONObject jSONObject = new JSONObject(expectThrows.getResponse().getEntity().toString());
        Assert.assertTrue(jSONObject.has("error"));
        Assert.assertEquals(jSONObject.get("error"), "invalid_signature");
        Assert.assertTrue(jSONObject.has("description"));
        ((Logger) Mockito.verify(this.log)).error(Mockito.anyString(), Mockito.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{this.log});
        Mockito.verifyNoInteractions(new Object[]{this.cryptoProvider, this.webKeysConfiguration});
    }

    @Test
    public void generateJwt_kidNull_invalidSignature() throws CryptoProviderException {
        SsaConfiguration ssaConfiguration = new SsaConfiguration();
        ssaConfiguration.setSsaSigningAlg("RS256");
        Mockito.when(this.appConfiguration.getSsaConfiguration()).thenReturn(ssaConfiguration);
        Mockito.when(this.cryptoProvider.getKeyId((JSONWebKeySet) Mockito.any(), (Algorithm) Mockito.any(), (Use) Mockito.any(), (KeyOpsType) Mockito.any())).thenReturn((Object) null);
        Mockito.when(this.errorResponseFactory.createWebApplicationException((Response.Status) Mockito.any(), (IErrorType) Mockito.any(), Mockito.anyString())).thenThrow(new Throwable[]{new WebApplicationException(Response.status(Response.Status.BAD_REQUEST).entity("{\"error\":\"invalid_signature\",\"description\":\"No algorithm found to sign the JWT.\"}").build())});
        WebApplicationException expectThrows = Assert.expectThrows(WebApplicationException.class, () -> {
            this.ssaService.generateJwt(this.ssa);
        });
        Assert.assertNotNull(expectThrows);
        Assert.assertEquals(expectThrows.getResponse().getStatus(), 400);
        Assert.assertNotNull(expectThrows.getResponse().getEntity());
        JSONObject jSONObject = new JSONObject(expectThrows.getResponse().getEntity().toString());
        Assert.assertTrue(jSONObject.has("error"));
        Assert.assertEquals(jSONObject.get("error"), "invalid_signature");
        Assert.assertTrue(jSONObject.has("description"));
        ((Logger) Mockito.verify(this.log)).error(Mockito.anyString(), Mockito.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{this.cryptoProvider, this.log, this.errorResponseFactory});
        Mockito.verifyNoInteractions(new Object[]{this.webKeysConfiguration});
    }

    @Test
    public void generateJwt_customAttributesEmpty_jwtValid() throws Exception {
        SsaConfiguration ssaConfiguration = new SsaConfiguration();
        this.ssa.getAttributes().setCustomAttributes(Collections.singletonMap("test-key", "test-value"));
        Mockito.when(this.appConfiguration.getSsaConfiguration()).thenReturn(ssaConfiguration);
        Mockito.when(this.appConfiguration.getIssuer()).thenReturn("https://test.jans.io");
        Mockito.when(this.cryptoProvider.getKeyId((JSONWebKeySet) Mockito.any(), (Algorithm) Mockito.any(), (Use) Mockito.any(), (KeyOpsType) Mockito.any())).thenReturn("kid-test");
        assertSsaJwt(ssaConfiguration.getSsaSigningAlg(), "https://test.jans.io", this.ssa, this.ssaService.generateJwt(this.ssa));
        ((AbstractCryptoProvider) Mockito.verify(this.cryptoProvider)).sign((String) Mockito.any(), (String) Mockito.any(), (String) Mockito.eq((Object) null), (SignatureAlgorithm) Mockito.any());
    }

    @Test
    public void createNotAcceptableResponse_valid_response() {
        Response build = this.ssaService.createNotAcceptableResponse().build();
        Assert.assertNotNull(build, "Response is null");
        Assert.assertEquals(build.getStatus(), 406);
    }

    @Test
    public void createUnprocessableEntityResponse_valid_response() {
        Response build = this.ssaService.createUnprocessableEntityResponse().build();
        Assert.assertNotNull(build, "Response is null");
        Assert.assertEquals(build.getStatus(), 422);
    }

    private static void assertSsaJwt(String str, String str2, Ssa ssa, Jwt jwt) {
        Assert.assertNotNull(jwt, "The jwt is null");
        JwtHeader header = jwt.getHeader();
        Assert.assertNotNull(header.getSignatureAlgorithm().getJwsAlgorithm(), "The alg in jwt is null");
        Assert.assertEquals(header.getSignatureAlgorithm().getJwsAlgorithm().toString(), str);
        Assert.assertNotNull(header.getType(), "The type in jwt is null");
        Assert.assertTrue(header.getType().toString().equalsIgnoreCase("jwt"));
        JwtClaims claims = jwt.getClaims();
        Assert.assertNotNull(claims.getClaim(SsaRequestParam.ORG_ID.getName()), "The org_id in jwt is null");
        Assert.assertEquals(claims.getClaim(SsaRequestParam.ORG_ID.getName()), ssa.getOrgId());
        Assert.assertNotNull(claims.getClaim(SsaRequestParam.SOFTWARE_ID.getName()), "The software_id in jwt is null");
        Assert.assertEquals(claims.getClaim(SsaRequestParam.SOFTWARE_ID.getName()), ssa.getAttributes().getSoftwareId());
        Assert.assertNotNull(claims.getClaim(SsaRequestParam.SOFTWARE_ROLES.getName()), "The software_roles in jwt is null");
        Assert.assertEquals(claims.getClaim(SsaRequestParam.SOFTWARE_ROLES.getName()), ssa.getAttributes().getSoftwareRoles());
        Assert.assertNotNull(claims.getClaim(SsaRequestParam.GRANT_TYPES.getName()), "The grant_types in jwt is null");
        Assert.assertEquals(claims.getClaim(SsaRequestParam.GRANT_TYPES.getName()), ssa.getAttributes().getGrantTypes());
        Assert.assertNotNull(claims.getClaim(SsaRequestParam.JTI.getName()), "The jti in jwt is null");
        Assert.assertEquals(claims.getClaim(SsaRequestParam.JTI.getName()), ssa.getId());
        Assert.assertNotNull(claims.getClaim(SsaRequestParam.ISS.getName()), "The iss in jwt is null");
        Assert.assertEquals(claims.getClaim(SsaRequestParam.ISS.getName()), str2);
        Assert.assertNotNull(claims.getClaim(SsaRequestParam.IAT.getName()), "The iat in jwt is null");
        Assert.assertEquals(claims.getClaim(SsaRequestParam.IAT.getName()), ssa.getCreationDate());
        Assert.assertNotNull(claims.getClaim(SsaRequestParam.EXP.getName()), "The exp in jwt is null");
        Assert.assertEquals(claims.getClaim(SsaRequestParam.EXP.getName()), ssa.getExpirationDate());
        ssa.getAttributes().getCustomAttributes().forEach((str3, str4) -> {
            Assert.assertTrue(claims.hasClaim(str3));
            Assert.assertEquals(claims.getClaimAsString(str3), str4);
        });
    }

    private static void assertSsaWithAux(Ssa ssa, Ssa ssa2) {
        Assert.assertNotNull(ssa2, "ssa is null");
        Assert.assertNotNull(ssa2.getId(), "ssa id is null");
        Assert.assertEquals(ssa2.getId(), ssa.getId());
        Assert.assertNotNull(ssa2.getOrgId(), "ssa org_id is null");
        Assert.assertEquals(ssa2.getOrgId(), ssa.getOrgId());
        Assert.assertNotNull(ssa2.getExpirationDate(), "ssa expiration is null");
        Assert.assertEquals(ssa2.getExpirationDate(), ssa.getExpirationDate());
        Assert.assertNotNull(ssa2.getDescription(), "ssa description is null");
        Assert.assertEquals(ssa2.getDescription(), ssa.getDescription());
        Assert.assertNotNull(ssa2.getAttributes().getSoftwareId(), "ssa software_id is null");
        Assert.assertEquals(ssa2.getAttributes().getSoftwareId(), ssa.getAttributes().getSoftwareId());
        Assert.assertNotNull(ssa2.getAttributes().getSoftwareRoles(), "ssa software_roles is null");
        Assert.assertEquals(ssa2.getAttributes().getSoftwareRoles(), ssa.getAttributes().getSoftwareRoles());
        Assert.assertNotNull(ssa2.getAttributes().getGrantTypes(), "ssa grant_types is null");
        Assert.assertEquals(ssa2.getAttributes().getGrantTypes(), ssa.getAttributes().getGrantTypes());
        Assert.assertNotNull(ssa2.getAttributes().getOneTimeUse(), "ssa one_time_use is null");
        Assert.assertEquals(ssa2.getAttributes().getOneTimeUse(), ssa.getAttributes().getOneTimeUse());
        Assert.assertNotNull(ssa2.getAttributes().getRotateSsa(), "ssa rotate_ssa is null");
        Assert.assertEquals(ssa2.getAttributes().getRotateSsa(), ssa.getAttributes().getRotateSsa());
        Assert.assertNotNull(ssa2.getAttributes().getLifetime(), "ssa lifetime is null");
        Assert.assertEquals(ssa2.getAttributes().getLifetime(), ssa.getAttributes().getLifetime());
    }
}
