package com.floragunn.searchguard.enterprise.auth.oidc;

import com.browserup.bup.BrowserUpProxy;
import com.browserup.bup.BrowserUpProxyServer;
import com.floragunn.codova.config.net.ProxyConfig;
import com.floragunn.codova.config.net.TLSConfig;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.searchguard.authc.AuthenticatorUnavailableException;
import com.floragunn.searchguard.enterprise.auth.oidc.TestJwk;
import com.floragunn.searchguard.test.helper.cluster.FileHelper;
import com.google.common.collect.ImmutableMap;
import java.io.FileNotFoundException;
import java.net.InetAddress;
import org.apache.http.entity.ContentType;
import org.apache.http.util.EntityUtils;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/auth/oidc/OpenIdProviderClientTest.class */
public class OpenIdProviderClientTest {
    private static final TLSConfig IDP_TLS_CONFIG;
    protected static MockIpdServer mockIdpServer;
    protected static BrowserUpProxy httpProxy;

    @BeforeClass
    public static void setUp() throws Exception {
        mockIdpServer = MockIpdServer.forKeySet(TestJwk.Jwks.ALL).start();
        httpProxy = new BrowserUpProxyServer();
        httpProxy.start(0, InetAddress.getByName("127.0.0.8"), InetAddress.getByName("127.0.0.9"));
        mockIdpServer.setRequireValidCodes(false);
    }

    @AfterClass
    public static void tearDown() {
        if (mockIdpServer != null) {
            try {
                mockIdpServer.close();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        if (httpProxy != null) {
            httpProxy.abort();
        }
    }

    @Test
    public void proxyTest() throws Exception {
        MockIpdServer start = MockIpdServer.forKeySet(TestJwk.Jwks.ALL).acceptConnectionsOnlyFromInetAddress(InetAddress.getByName("127.0.0.9")).start();
        try {
            OpenIdProviderClient openIdProviderClient = new OpenIdProviderClient(start.getDiscoverUri(), (TLSConfig) null, (ProxyConfig) null, true);
            start.setRequireValidCodes(false);
            try {
                openIdProviderClient.getOidcConfiguration();
                Assert.fail();
            } catch (AuthenticatorUnavailableException e) {
                Assert.assertTrue(e.getMessage(), e.getMessage().contains("HTTP/1.1 451"));
            }
            OpenIdProviderClient openIdProviderClient2 = new OpenIdProviderClient(start.getDiscoverUri(), (TLSConfig) null, ProxyConfig.parse(ImmutableMap.of("proxy.host", "127.0.0.8", "proxy.port", Integer.valueOf(httpProxy.getPort()), "proxy.scheme", "http"), "proxy"), true);
            OidcProviderConfig oidcProviderConfig = (OidcProviderConfig) openIdProviderClient2.getOidcConfiguration().get();
            Assert.assertTrue(oidcProviderConfig.toJsonString(), oidcProviderConfig.toBasicObject().containsKey("token_endpoint"));
            String entityUtils = EntityUtils.toString(openIdProviderClient2.callTokenEndpoint("grant_type=authorization_code&code=wusch".getBytes(), ContentType.create("application/x-www-form-urlencoded")).getEntity());
            Assert.assertEquals(entityUtils, 200L, r0.getStatusLine().getStatusCode());
            Assert.assertTrue(entityUtils, entityUtils.contains("access_token"));
            if (start != null) {
                start.close();
            }
        } catch (Throwable th) {
            if (start != null) {
                try {
                    start.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void cacheTest() throws AuthenticatorUnavailableException {
        KeySetRetriever keySetRetriever = new KeySetRetriever(new OpenIdProviderClient(mockIdpServer.getDiscoverUri(), (TLSConfig) null, (ProxyConfig) null, true));
        keySetRetriever.get();
        Assert.assertEquals(1L, r0.getOidcCacheMisses());
        Assert.assertEquals(0L, r0.getOidcCacheHits());
        keySetRetriever.get();
        Assert.assertEquals(1L, r0.getOidcCacheMisses());
        Assert.assertEquals(1L, r0.getOidcCacheHits());
    }

    @Test
    public void clientCertTest() throws Exception {
        MockIpdServer start = MockIpdServer.forKeySet(TestJwk.Jwks.ALL).useCustomTlsConfig(IDP_TLS_CONFIG).requireTlsClientCertFingerprint("67f4d3453f1d52c7d3868e76f052cfd696a18bf4a70d8ececd6306e2428bec96").start();
        try {
            new KeySetRetriever(new OpenIdProviderClient(start.getDiscoverUri(), new TLSConfig.Builder().trust(FileHelper.getAbsoluteFilePathFromClassPath("oidc/idp/root-ca.pem").toFile()).clientCert(FileHelper.getAbsoluteFilePathFromClassPath("oidc/idp/client.pem").toFile(), FileHelper.getAbsoluteFilePathFromClassPath("oidc/idp/client.key").toFile(), "secret").build(), (ProxyConfig) null, true)).get();
            if (start != null) {
                start.close();
            }
        } catch (Throwable th) {
            if (start != null) {
                try {
                    start.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    static {
        try {
            IDP_TLS_CONFIG = new TLSConfig.Builder().trust(FileHelper.getAbsoluteFilePathFromClassPath("oidc/idp/root-ca.pem").toFile()).clientCert(FileHelper.getAbsoluteFilePathFromClassPath("oidc/idp/idp.pem").toFile(), FileHelper.getAbsoluteFilePathFromClassPath("oidc/idp/idp.key").toFile(), "secret").build();
        } catch (FileNotFoundException | ConfigValidationException e) {
            throw new RuntimeException(e);
        }
    }
}
