package net.shibboleth.idp.plugin.oidc.op.profile.impl;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientRegistrationRequest;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Collections;
import java.util.HashSet;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.protocol.HttpContext;
import org.mockito.Mockito;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/impl/CheckRedirectUrisTest.class */
public class CheckRedirectUrisTest extends BaseOIDCRegistrationRequestTest {
    CheckRedirectURIs action;
    URI redirectUri1;
    URI redirectUri2;

    @BeforeMethod
    public void setUp() throws ComponentInitializationException, URISyntaxException, ClientProtocolException, IOException {
        this.action = new CheckRedirectURIs();
        this.action.setObjectMapper(new ObjectMapper());
        this.action.setHttpClient(buildMockHttpClient("mock"));
        this.action.initialize();
        this.redirectUri1 = new URI("https://example.org/cb1");
        this.redirectUri2 = new URI("https://example.org/cb2");
    }

    @Test
    public void testNoMessage() throws ComponentInitializationException {
        setUpContext(null);
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidMessageContext");
    }

    @Test
    public void testNullRedirectUris() throws ComponentInitializationException {
        setUpContext(new OIDCClientRegistrationRequest((URI) null, new OIDCClientMetadata(), (BearerAccessToken) null));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "MissingRedirectionURIs");
    }

    @Test
    public void testEmptyRedirectUris() throws ComponentInitializationException {
        assertEvent("MissingRedirectionURIs", new OIDCClientMetadata(), (URI[]) null);
    }

    @Test
    public void testSingleRedirectUri() throws ComponentInitializationException {
        assertEvent(null, new OIDCClientMetadata(), this.redirectUri1);
    }

    @Test
    public void testTwoRedirectUris() throws ComponentInitializationException {
        assertEvent(null, new OIDCClientMetadata(), this.redirectUri1, this.redirectUri2);
    }

    @Test
    public void testFailingSectorIdUriContents() throws Exception {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setSectorIDURI(new URI("https://invalid.scheme.org/cb"));
        initializeActionWithClient(buildMockHttpClient(null));
        assertEvent("InvalidRedirectionURIs", oIDCClientMetadata, this.redirectUri1);
    }

    @Test
    public void testEmptySectorIdUriContents() throws Exception {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setSectorIDURI(new URI("https://invalid.scheme.org/cb"));
        initializeActionWithClient(buildMockHttpClient(""));
        assertEvent("InvalidRedirectionURIs", oIDCClientMetadata, this.redirectUri1);
    }

    @Test
    public void testInvalidJsonSectorIdUri() throws Exception {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setSectorIDURI(new URI("https://invalid.scheme.org/cb"));
        initializeActionWithClient(buildMockHttpClient("Not_JSON"));
        assertEvent("InvalidRedirectionURIs", oIDCClientMetadata, this.redirectUri1);
    }

    @Test
    public void testInvalidSectorIdUriContents() throws Exception {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setSectorIDURI(new URI("https://invalid.scheme.org/cb"));
        initializeActionWithClient(buildMockHttpClient("[ \"https://not.existing.uri.org/\" ]"));
        assertEvent("InvalidRedirectionURIs", oIDCClientMetadata, this.redirectUri1);
    }

    @Test
    public void testInvalidUrlContents() throws Exception {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setSectorIDURI(new URI("https://invalid.scheme.org/cb"));
        initializeActionWithClient(buildMockHttpClient("[ \"http://not valid url/\" ]"));
        assertEvent("InvalidRedirectionURIs", oIDCClientMetadata, this.redirectUri1);
    }

    @Test
    public void testValidSectorIdUriContents() throws Exception {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setSectorIDURI(new URI("https://invalid.scheme.org/cb"));
        initializeActionWithClient(buildMockHttpClient("[ \"" + this.redirectUri1 + "\", \"" + this.redirectUri2 + "\" ]"));
        assertEvent(null, oIDCClientMetadata, this.redirectUri1);
    }

    @Test
    public void testCheckForbiddenHostname() throws Exception {
        Assert.assertFalse(this.action.checkForbiddenHostname(Collections.singleton(new URI("custom.test:/testing")), "testing"));
        Assert.assertTrue(this.action.checkForbiddenHostname(Collections.singleton(new URI("custom.test://testing")), "testing"));
        Assert.assertTrue(this.action.checkForbiddenHostname(Collections.singleton(new URI("http://localhost")), "localhost"));
    }

    @Test(expectedExceptions = {ComponentInitializationException.class})
    public void testNoObjectMapper() throws Exception {
        this.action = new CheckRedirectURIs();
        this.action.setHttpClient(buildMockHttpClient("mock"));
        this.action.initialize();
    }

    protected void initializeActionWithClient(HttpClient httpClient) throws ComponentInitializationException {
        this.action = new CheckRedirectURIs();
        this.action.setHttpClient(httpClient);
        this.action.setObjectMapper(new ObjectMapper());
        this.action.initialize();
    }

    protected HttpClient buildMockHttpClient(String str) throws ClientProtocolException, IOException {
        HttpClient httpClient = (HttpClient) Mockito.mock(HttpClient.class);
        if (str == null) {
            Mockito.when(httpClient.execute((HttpUriRequest) Mockito.any())).thenThrow(new Throwable[]{new IOException("mock")});
        } else {
            HttpResponse httpResponse = (HttpResponse) Mockito.mock(HttpResponse.class);
            HttpEntity httpEntity = (HttpEntity) Mockito.mock(HttpEntity.class);
            Mockito.when(httpEntity.getContent()).thenReturn(new ByteArrayInputStream(str.getBytes()));
            Mockito.when(httpResponse.getEntity()).thenReturn(httpEntity);
            Mockito.when(httpClient.execute((HttpUriRequest) Mockito.any(), (HttpContext) Mockito.any())).thenReturn(httpResponse);
        }
        return httpClient;
    }

    protected void assertEvent(String str, OIDCClientMetadata oIDCClientMetadata, URI... uriArr) throws ComponentInitializationException {
        HashSet hashSet = new HashSet();
        if (uriArr != null) {
            hashSet = new HashSet();
            for (URI uri : uriArr) {
                hashSet.add(uri);
            }
        }
        oIDCClientMetadata.setRedirectionURIs(hashSet);
        setUpContext(new OIDCClientRegistrationRequest((URI) null, oIDCClientMetadata, (BearerAccessToken) null));
        if (str != null) {
            ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), str);
        } else {
            Assert.assertNull(this.action.execute(this.requestCtx));
        }
    }
}
