package com.floragunn.searchguard.enterprise.auth.oidc;

import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.VariableResolvers;
import com.floragunn.searchguard.SearchGuardModulesRegistry;
import com.floragunn.searchguard.authc.AuthenticatorUnavailableException;
import com.floragunn.searchguard.authc.session.ActivatedFrontendConfig;
import com.floragunn.searchguard.authc.session.GetActivatedFrontendConfigAction;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.enterprise.auth.oidc.TestJwk;
import com.floragunn.searchsupport.StaticSettings;
import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import java.net.MalformedURLException;
import java.nio.charset.Charset;
import java.util.Arrays;
import java.util.Collection;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.xcontent.NamedXContentRegistry;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:com/floragunn/searchguard/enterprise/auth/oidc/OidcAuthenticatorRedirectUrlTest.class */
public class OidcAuthenticatorRedirectUrlTest {
    private static final Logger log = LogManager.getLogger(OidcAuthenticatorRedirectUrlTest.class);
    private static final ActivatedFrontendConfig.AuthMethod OIDC_AUTH_METHOD = new ActivatedFrontendConfig.AuthMethod("oidc", "OIDC", (String) null);
    private OidcAuthenticator authenticator;
    private static MockIpdServer mockIdpServer;
    private final String frontendBaseUrl;
    private final String expectedOidcRedirectUrl;

    @Parameterized.Parameters
    public static Collection<Object[]> testParameters() {
        return Arrays.asList(new Object[]{"https://search.frontend.com", "https://search.frontend.com/auth/openid/login"}, new Object[]{"https://search.frontend.com/", "https://search.frontend.com/auth/openid/login"}, new Object[]{"https://search.com/frontend", "https://search.com/frontend/auth/openid/login"}, new Object[]{"https://search.com/frontend/", "https://search.com/frontend/auth/openid/login"}, new Object[]{"https://search.com/evem/more/hidden/frontend/", "https://search.com/evem/more/hidden/frontend/auth/openid/login"}, new Object[]{"https://search.com/evem/more/hidden/frontend", "https://search.com/evem/more/hidden/frontend/auth/openid/login"});
    }

    public OidcAuthenticatorRedirectUrlTest(String str, String str2) {
        this.frontendBaseUrl = str;
        this.expectedOidcRedirectUrl = str2;
    }

    @BeforeClass
    public static void startIdpServer() throws IOException {
        mockIdpServer = MockIpdServer.forKeySet(TestJwk.Jwks.ALL).start();
    }

    @AfterClass
    public static void tearDown() {
        if (mockIdpServer != null) {
            try {
                mockIdpServer.close();
            } catch (Exception e) {
                log.error("Cannot stop IdP server", e);
            }
        }
    }

    @Before
    public void before() throws ConfigValidationException {
        this.authenticator = new OidcAuthenticator(ImmutableMap.of("idp.openid_configuration_url", mockIdpServer.getDiscoverUri().toString(), "client_id", "search-guard-client", "client_secret", "s3cret", "pkce", false), new ConfigurationRepository.Context(VariableResolvers.ALL, (SearchGuardModulesRegistry) null, (StaticSettings) null, (NamedXContentRegistry) null, (com.floragunn.fluent.collections.ImmutableMap) null));
    }

    @Test
    public void shouldCreateValidOidcRedirectUrl() throws AuthenticatorUnavailableException, MalformedURLException {
        MatcherAssert.assertThat((String) URLEncodedUtils.parse(this.authenticator.activateFrontendConfig(OIDC_AUTH_METHOD, new GetActivatedFrontendConfigAction.Request((String) null, (String) null, this.frontendBaseUrl)).getSsoLocation(), Charset.forName("UTF-8")).stream().filter(nameValuePair -> {
            return "redirect_uri".equals(nameValuePair.getName());
        }).map(nameValuePair2 -> {
            return nameValuePair2.getValue();
        }).findFirst().orElseThrow(() -> {
            return new IllegalStateException("Redirect url not found");
        }), Matchers.equalTo(this.expectedOidcRedirectUrl));
    }
}
