package net.shibboleth.oidc.metadata.impl;

import com.google.common.base.Predicates;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.List;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.oidc.metadata.AbstractEvaluableMetadataCriterion;
import net.shibboleth.oidc.metadata.BatchBackingStore;
import net.shibboleth.oidc.metadata.DynamicBackingStore;
import net.shibboleth.oidc.metadata.MetadataManagementData;
import net.shibboleth.oidc.metadata.cache.CacheLoadingContext;
import net.shibboleth.oidc.metadata.cache.LoadingStrategy;
import net.shibboleth.oidc.metadata.cache.impl.BatchMetadataCache;
import net.shibboleth.oidc.metadata.cache.impl.DynamicMetadataCache;
import net.shibboleth.oidc.metadata.cache.impl.ManuallyTriggeredScheduledExecutorService;
import net.shibboleth.oidc.metadata.criterion.IssuerIDCriterion;
import net.shibboleth.oidc.metadata.impl.HTTPProviderConfigurationFetchingStrategy;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.resolver.CriteriaSet;
import net.shibboleth.shared.resolver.Criterion;
import net.shibboleth.shared.resolver.ResolverException;
import org.apache.hc.client5.http.classic.HttpClient;
import org.apache.hc.client5.http.classic.methods.HttpUriRequest;
import org.apache.hc.core5.http.ClassicHttpRequest;
import org.apache.hc.core5.http.ContentType;
import org.apache.hc.core5.http.ProtocolVersion;
import org.apache.hc.core5.http.io.HttpClientResponseHandler;
import org.apache.hc.core5.http.io.entity.ByteArrayEntity;
import org.apache.hc.core5.http.message.BasicClassicHttpResponse;
import org.apache.hc.core5.http.protocol.HttpContext;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/oidc/metadata/impl/OIDCProviderMetadataResolverTest.class */
public class OIDCProviderMetadataResolverTest {
    private static final String GOOD_PROVIDER_CONFIGURATION_INFO = "{\n\"issuer\": \"https://example.oidc.op.org\",\n\"authorization_endpoint\": \"https://example.oidc.op.org/o/oauth2/v2/auth\",\n\"device_authorization_endpoint\": \"https://oauth2.googleapis.com/device/code\",\n\"token_endpoint\": \"https://oauth2.googleapis.com/token\",\n\"userinfo_endpoint\": \"https://openidconnect.googleapis.com/v1/userinfo\",\n\"revocation_endpoint\": \"https://oauth2.googleapis.com/revoke\",\n\"jwks_uri\": \"https://www.googleapis.com/oauth2/v3/certs\",\n\"response_types_supported\": [\n\"code\",\n\"token\",\n\"id_token\",\n\"code token\",\n\"code id_token\",\n\"token id_token\",\n\"code token id_token\",\n\"none\"\n],\n\"subject_types_supported\": [\n\"public\"\n],\n\"id_token_signing_alg_values_supported\": [\n\"RS256\"\n],\n\"scopes_supported\": [\n\"openid\",\n\"email\",\n\"profile\"\n],\n\"token_endpoint_auth_methods_supported\": [\n\"client_secret_post\",\n\"client_secret_basic\"\n],\n\"claims_supported\": [\n\"aud\",\n\"email\",\n\"email_verified\",\n\"exp\",\n\"family_name\",\n\"given_name\",\n\"iat\",\n\"iss\",\n\"locale\",\n\"name\",\n\"picture\",\n\"sub\"\n],\n\"code_challenge_methods_supported\": [\n\"plain\",\n\"S256\"\n],\n\"grant_types_supported\": [\n\"authorization_code\",\n\"refresh_token\",\n\"urn:ietf:params:oauth:grant-type:device_code\",\n\"urn:ietf:params:oauth:grant-type:jwt-bearer\"\n]\n}";
    private OIDCProviderMetadataResolver dynResolver;
    private OIDCProviderMetadataResolver batchResolver;
    private HttpClient httpClient;
    private TestableDynamicMetadataCache<Issuer, OIDCProviderMetadata> dynCache;
    private TestableBatchMetadataCache<Issuer, OIDCProviderMetadata> batchCache;

    /* loaded from: input_file:net/shibboleth/oidc/metadata/impl/OIDCProviderMetadataResolverTest$AlwaysFilterEvaluableMetadataCriterion.class */
    class AlwaysFilterEvaluableMetadataCriterion extends AbstractEvaluableMetadataCriterion<OIDCProviderMetadata> {
        protected AlwaysFilterEvaluableMetadataCriterion(Class<OIDCProviderMetadata> cls, boolean z) {
            super(cls, z);
        }

        public boolean doTest(OIDCProviderMetadata oIDCProviderMetadata) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:net/shibboleth/oidc/metadata/impl/OIDCProviderMetadataResolverTest$TestableBatchMetadataCache.class */
    public class TestableBatchMetadataCache<IdentifierType, MetadataType> extends BatchMetadataCache<IdentifierType, MetadataType> {
        TestableBatchMetadataCache(@Nonnull BatchBackingStore<IdentifierType, MetadataType> batchBackingStore, @Nullable ScheduledExecutorService scheduledExecutorService) {
            super(batchBackingStore, scheduledExecutorService);
        }

        /* renamed from: getBackingStore, reason: merged with bridge method [inline-methods] */
        public BatchBackingStore<IdentifierType, MetadataType> m1getBackingStore() {
            return super.getBackingStore();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:net/shibboleth/oidc/metadata/impl/OIDCProviderMetadataResolverTest$TestableDynamicMetadataCache.class */
    public class TestableDynamicMetadataCache<IdentifierType, MetadataType> extends DynamicMetadataCache<IdentifierType, MetadataType> {
        TestableDynamicMetadataCache(DynamicBackingStore<IdentifierType, MetadataType> dynamicBackingStore, ScheduledExecutorService scheduledExecutorService) {
            super(dynamicBackingStore, scheduledExecutorService);
        }

        /* renamed from: getBackingStore, reason: merged with bridge method [inline-methods] */
        public DynamicBackingStore<IdentifierType, MetadataType> m2getBackingStore() {
            return super.getBackingStore();
        }
    }

    /* loaded from: input_file:net/shibboleth/oidc/metadata/impl/OIDCProviderMetadataResolverTest$WrongTypeEvaluableMetadataCriterion.class */
    class WrongTypeEvaluableMetadataCriterion extends AbstractEvaluableMetadataCriterion<EntityDescriptor> {
        protected WrongTypeEvaluableMetadataCriterion(Class<EntityDescriptor> cls, boolean z) {
            super(cls, z);
        }

        public boolean doTest(EntityDescriptor entityDescriptor) {
            return false;
        }
    }

    /* loaded from: input_file:net/shibboleth/oidc/metadata/impl/OIDCProviderMetadataResolverTest$WrongTypeOfCriterion.class */
    class WrongTypeOfCriterion implements Criterion {
        WrongTypeOfCriterion() {
        }
    }

    @BeforeMethod
    public void setup() throws Exception {
        setupDynamicGlobalCache();
        setupBatchGlobalCache();
        this.dynResolver = new OIDCProviderMetadataResolver(this.dynCache);
        this.dynResolver.setId("mockDynmaicHttpOIDCProvider");
        this.dynResolver.initialize();
        this.batchResolver = new OIDCProviderMetadataResolver(this.batchCache);
        this.batchResolver.setId("mockBatchFileOIDCProvider");
        this.batchResolver.initialize();
    }

    private void setupBatchGlobalCache() throws ComponentInitializationException {
        LoadingStrategy loadingStrategy = new LoadingStrategy() { // from class: net.shibboleth.oidc.metadata.impl.OIDCProviderMetadataResolverTest.1
            public byte[] load(CacheLoadingContext cacheLoadingContext) {
                return OIDCProviderMetadataResolverTest.GOOD_PROVIDER_CONFIGURATION_INFO.getBytes();
            }

            public String getSourceIdentifier() {
                return "Mock loading source";
            }
        };
        Function function = bArr -> {
            try {
                return List.of(OIDCProviderMetadata.parse(new String(bArr, "UTF-8")));
            } catch (ParseException | UnsupportedEncodingException e) {
                return null;
            }
        };
        this.batchCache = new TestableBatchMetadataCache<>(new DefaultBatchBackingStore(), new ManuallyTriggeredScheduledExecutorService());
        this.batchCache.setParsingStrategy(function);
        this.batchCache.setLoadingStrategy(loadingStrategy);
        this.batchCache.setId("MockBatchCache");
        this.batchCache.setIdentifierExtractionStrategy((v0) -> {
            return v0.getIssuer();
        });
        this.batchCache.setCriteriaToIdentifierStrategy(criteriaSet -> {
            IssuerIDCriterion issuerIDCriterion = (IssuerIDCriterion) criteriaSet.get(IssuerIDCriterion.class);
            if (issuerIDCriterion != null) {
                return issuerIDCriterion.getIssuerID();
            }
            return null;
        });
        this.batchCache.setMetadataFilterStrategy((oIDCProviderMetadata, metadataFilterContext) -> {
            return oIDCProviderMetadata;
        });
        this.batchCache.setRefreshDelayFactor(Float.valueOf(0.75f));
        this.batchCache.setMinRefreshDelay(Duration.ofMillis(1000L));
        this.batchCache.setMaxRefreshDelay(Duration.ofMillis(1000L));
        this.batchCache.setSourceMetadataValidPredicate(Predicates.alwaysTrue());
        this.batchCache.setRefreshDelayFactor(Float.valueOf(0.75f));
        this.batchCache.setMetadataValidPredicate(Predicates.alwaysTrue());
        this.batchCache.setSourceMetadataExpiryStrategy(bArr2 -> {
            return Instant.now().plus((TemporalAmount) Duration.ofMinutes(5L));
        });
    }

    private void setupDynamicGlobalCache() throws Exception {
        this.httpClient = (HttpClient) Mockito.mock(HttpClient.class);
        Mockito.when(this.httpClient.execute((ClassicHttpRequest) ArgumentMatchers.any(ClassicHttpRequest.class), (HttpContext) ArgumentMatchers.any(HttpContext.class), (HttpClientResponseHandler) ArgumentMatchers.any(HttpClientResponseHandler.class))).thenReturn(OIDCProviderMetadata.parse(GOOD_PROVIDER_CONFIGURATION_INFO));
        HTTPProviderConfigurationFetchingStrategy hTTPProviderConfigurationFetchingStrategy = new HTTPProviderConfigurationFetchingStrategy(this.httpClient, new HTTPProviderConfigurationFetchingStrategy.OIDCProviderMetadataResponseHandler());
        hTTPProviderConfigurationFetchingStrategy.setId("Mock HTTP Fetching Strategy");
        hTTPProviderConfigurationFetchingStrategy.initialize();
        this.dynCache = new TestableDynamicMetadataCache<>(new DefaultDynamicBackingStore(), new ManuallyTriggeredScheduledExecutorService());
        this.dynCache.setFetchStrategy(hTTPProviderConfigurationFetchingStrategy);
        this.dynCache.setIdentifierExtractionStrategy((v0) -> {
            return v0.getIssuer();
        });
        this.dynCache.setMetadataExpirationTimeStrategy(expirationTimeContext -> {
            return expirationTimeContext.getNow().plus((TemporalAmount) Duration.ofMinutes(5L));
        });
        this.dynCache.setCriteriaToIdentifierStrategy(criteriaSet -> {
            IssuerIDCriterion issuerIDCriterion = (IssuerIDCriterion) criteriaSet.get(IssuerIDCriterion.class);
            if (issuerIDCriterion != null) {
                return issuerIDCriterion.getIssuerID();
            }
            return null;
        });
        this.dynCache.setCleanupTaskInterval(Duration.ofSeconds(100L));
        this.dynCache.setInitialCleanupTaskDelay(Duration.ofSeconds(1L));
        this.dynCache.setMaxIdleEntityData(Duration.ofMinutes(10L));
        this.dynCache.setRemoveIdleEntityData(true);
        this.dynCache.setRefreshDelayFactor(Float.valueOf(0.75f));
        this.dynCache.setMinCacheDuration(Duration.ofMinutes(10L));
        this.dynCache.setMaxCacheDuration(Duration.ofMinutes(20L));
        this.dynCache.setMetadataFilterStrategy((oIDCProviderMetadata, metadataFilterContext) -> {
            return oIDCProviderMetadata;
        });
        this.dynCache.setMetadataValidPredicate(Predicates.alwaysTrue());
        this.dynCache.setId("MockDynCache");
    }

    @AfterMethod
    public void tearDown() {
        if (this.dynResolver != null) {
            this.dynResolver.destroy();
        }
        if (this.batchResolver != null) {
            this.batchResolver.destroy();
        }
    }

    @Test
    void testBatchResolve() throws Exception {
        this.batchCache.initialize();
        Iterable resolve = this.batchResolver.resolve(new CriteriaSet(new Criterion[]{new IssuerIDCriterion(new Issuer("https://example.oidc.op.org"))}));
        Assert.assertNotNull(resolve);
        Assert.assertTrue(resolve.iterator().hasNext());
        Assert.assertTrue(((OIDCProviderMetadata) resolve.iterator().next()).getIssuer().equals(new Issuer("https://example.oidc.op.org")));
    }

    @Test
    void testLookupFails_InvalidMetadata() throws Exception {
        this.dynCache.setMetadataValidPredicate(Predicates.alwaysFalse());
        this.dynCache.initialize();
        Issuer issuer = new Issuer("https://example.oidc.op.org");
        MetadataManagementData computeManagementDataIfAbsent = this.dynCache.m2getBackingStore().computeManagementDataIfAbsent(issuer, (v1) -> {
            return new MetadataManagementData(v1);
        });
        Instant now = Instant.now();
        computeManagementDataIfAbsent.setLastUpdateTime(now.minus((TemporalAmount) Duration.ofMinutes(10L)));
        computeManagementDataIfAbsent.setExpirationTime(now.plus((TemporalAmount) Duration.ofMinutes(10L)));
        computeManagementDataIfAbsent.setRefreshTriggerTime(now.plus((TemporalAmount) Duration.ofMinutes(10L)));
        OIDCProviderMetadata parse = OIDCProviderMetadata.parse(GOOD_PROVIDER_CONFIGURATION_INFO);
        this.dynCache.m2getBackingStore().getOrderedValues().add(parse);
        this.dynCache.m2getBackingStore().getIndexedValues().put(issuer, List.of(parse));
        Iterable resolve = this.dynResolver.resolve(new CriteriaSet(new Criterion[]{new IssuerIDCriterion(new Issuer("https://example.oidc.op.org"))}));
        Assert.assertNotNull(resolve);
        Assert.assertFalse(resolve.iterator().hasNext());
    }

    @Test
    void testLookupEventualSuccess_InvalidMetadata() throws Exception {
        AtomicInteger atomicInteger = new AtomicInteger();
        this.dynCache.setMetadataValidPredicate(oIDCProviderMetadata -> {
            int andIncrement = atomicInteger.getAndIncrement();
            return (andIncrement == 0 || andIncrement == 1) ? false : true;
        });
        this.dynCache.initialize();
        Issuer issuer = new Issuer("https://example.oidc.op.org");
        MetadataManagementData computeManagementDataIfAbsent = this.dynCache.m2getBackingStore().computeManagementDataIfAbsent(issuer, (v1) -> {
            return new MetadataManagementData(v1);
        });
        Instant now = Instant.now();
        Instant minus = now.minus((TemporalAmount) Duration.ofMinutes(10L));
        computeManagementDataIfAbsent.setLastUpdateTime(minus);
        computeManagementDataIfAbsent.setExpirationTime(now.plus((TemporalAmount) Duration.ofMinutes(10L)));
        computeManagementDataIfAbsent.setRefreshTriggerTime(now.plus((TemporalAmount) Duration.ofMinutes(10L)));
        OIDCProviderMetadata parse = OIDCProviderMetadata.parse(GOOD_PROVIDER_CONFIGURATION_INFO);
        this.dynCache.m2getBackingStore().getOrderedValues().add(parse);
        this.dynCache.m2getBackingStore().getIndexedValues().put(issuer, List.of(parse));
        Iterable resolve = this.dynResolver.resolve(new CriteriaSet(new Criterion[]{new IssuerIDCriterion(new Issuer("https://example.oidc.op.org"))}));
        Assert.assertNotNull(resolve);
        Assert.assertTrue(resolve.iterator().hasNext());
        Assert.assertTrue(computeManagementDataIfAbsent.getLastUpdateTime().isAfter(minus));
    }

    @Test
    void testDynResolve() throws ResolverException, IOException, ComponentInitializationException {
        this.dynCache.initialize();
        Iterable resolve = this.dynResolver.resolve(new CriteriaSet(new Criterion[]{new IssuerIDCriterion(new Issuer("https://example.oidc.op.org"))}));
        Assert.assertNotNull(resolve);
        Assert.assertTrue(resolve.iterator().hasNext());
    }

    @Test
    void testDynResolve_Filter() throws ResolverException, IOException, ComponentInitializationException {
        this.dynCache.initialize();
        Iterable resolve = this.dynResolver.resolve(new CriteriaSet(new Criterion[]{new IssuerIDCriterion(new Issuer("https://example.oidc.op.org")), new AlwaysFilterEvaluableMetadataCriterion(OIDCProviderMetadata.class, true)}));
        Assert.assertNotNull(resolve);
        Assert.assertTrue(!resolve.iterator().hasNext());
    }

    @Test
    void testDynResolve_MetadataNeedsRefresh() throws ResolverException, IOException, ParseException, ComponentInitializationException {
        this.dynCache.initialize();
        Issuer issuer = new Issuer("https://example.oidc.op.org");
        MetadataManagementData computeManagementDataIfAbsent = this.dynCache.m2getBackingStore().computeManagementDataIfAbsent(issuer, (v1) -> {
            return new MetadataManagementData(v1);
        });
        Instant now = Instant.now();
        computeManagementDataIfAbsent.setLastUpdateTime(now);
        computeManagementDataIfAbsent.setExpirationTime(now.plus((TemporalAmount) Duration.ofMinutes(1L)));
        computeManagementDataIfAbsent.setRefreshTriggerTime(now.minus((TemporalAmount) Duration.ofMinutes(1L)));
        OIDCProviderMetadata parse = OIDCProviderMetadata.parse(GOOD_PROVIDER_CONFIGURATION_INFO);
        this.dynCache.m2getBackingStore().getOrderedValues().add(parse);
        this.dynCache.m2getBackingStore().getIndexedValues().put(issuer, List.of(parse));
        Iterable resolve = this.dynResolver.resolve(new CriteriaSet(new Criterion[]{new IssuerIDCriterion(issuer)}));
        Assert.assertNotNull(resolve);
        Assert.assertTrue(resolve.iterator().hasNext());
    }

    @Test
    void testDynResolve_Filter_WrongMetadataType() throws ResolverException, IOException, ComponentInitializationException {
        this.dynCache.initialize();
        Iterable resolve = this.dynResolver.resolve(new CriteriaSet(new Criterion[]{new IssuerIDCriterion(new Issuer("https://example.oidc.op.org")), new WrongTypeEvaluableMetadataCriterion(EntityDescriptor.class, true)}));
        Assert.assertNotNull(resolve);
        Assert.assertTrue(resolve.iterator().hasNext());
    }

    @Test
    void testDynResolve_Filter_WrongClassType() throws ResolverException, IOException, ComponentInitializationException {
        this.dynCache.initialize();
        Iterable resolve = this.dynResolver.resolve(new CriteriaSet(new Criterion[]{new IssuerIDCriterion(new Issuer("https://example.oidc.op.org")), new WrongTypeOfCriterion()}));
        Assert.assertNotNull(resolve);
        Assert.assertTrue(resolve.iterator().hasNext());
    }

    @Test
    void testResponseHandler_WrongMIMEType() throws IOException {
        HTTPProviderConfigurationFetchingStrategy.OIDCProviderMetadataResponseHandler oIDCProviderMetadataResponseHandler = new HTTPProviderConfigurationFetchingStrategy.OIDCProviderMetadataResponseHandler();
        BasicClassicHttpResponse basicClassicHttpResponse = new BasicClassicHttpResponse(200, "OK");
        basicClassicHttpResponse.setVersion(new ProtocolVersion("HTTP", 1, 1));
        basicClassicHttpResponse.setEntity(new ByteArrayEntity(GOOD_PROVIDER_CONFIGURATION_INFO.getBytes(), ContentType.APPLICATION_JSON));
        Assert.assertNull(oIDCProviderMetadataResponseHandler.handleResponse(basicClassicHttpResponse));
    }

    @Test
    void testResolve_FromCache() throws ResolverException, IOException, ComponentInitializationException {
        this.dynCache.initialize();
        Assert.assertFalse(this.dynCache.m2getBackingStore().getIndexedValues().containsKey(new Issuer("https://example.oidc.op.org")));
        Iterable resolve = this.dynResolver.resolve(new CriteriaSet(new Criterion[]{new IssuerIDCriterion(new Issuer("https://example.oidc.op.org"))}));
        Assert.assertNotNull(resolve);
        Assert.assertTrue(resolve.iterator().hasNext());
        Assert.assertTrue(this.dynCache.m2getBackingStore().getIndexedValues().containsKey(new Issuer("https://example.oidc.op.org")));
        Mockito.when(this.httpClient.execute((ClassicHttpRequest) ArgumentMatchers.any(HttpUriRequest.class), (HttpContext) ArgumentMatchers.any(HttpContext.class), (HttpClientResponseHandler) ArgumentMatchers.any(HttpClientResponseHandler.class))).thenReturn((Object) null);
        Iterable resolve2 = this.dynResolver.resolve(new CriteriaSet(new Criterion[]{new IssuerIDCriterion(new Issuer("https://example.oidc.op.org"))}));
        Assert.assertNotNull(resolve2);
        Assert.assertTrue(resolve2.iterator().hasNext());
    }

    @Test
    void testResolve_NullResponse() throws ResolverException, IOException, ComponentInitializationException {
        this.dynCache.initialize();
        Mockito.when(this.httpClient.execute((ClassicHttpRequest) ArgumentMatchers.any(HttpUriRequest.class), (HttpContext) ArgumentMatchers.any(HttpContext.class), (HttpClientResponseHandler) ArgumentMatchers.any(HttpClientResponseHandler.class))).thenReturn((Object) null);
        Iterable resolve = this.dynResolver.resolve(new CriteriaSet(new Criterion[]{new IssuerIDCriterion(new Issuer("https://example.oidc.op.org"))}));
        Assert.assertNotNull(resolve);
        Assert.assertFalse(resolve.iterator().hasNext());
    }
}
