package it.geosolutions.geostore.rest.security.oauth2.openid_connect;

import it.geosolutions.geostore.services.rest.model.SessionToken;
import it.geosolutions.geostore.services.rest.security.TokenAuthenticationCache;
import it.geosolutions.geostore.services.rest.security.oauth2.OAuth2Configuration;
import it.geosolutions.geostore.services.rest.security.oauth2.OAuth2SessionServiceDelegate;
import it.geosolutions.geostore.services.rest.security.oauth2.OAuth2Utils;
import it.geosolutions.geostore.services.rest.security.oauth2.TokenDetails;
import java.util.Date;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.HttpServerErrorException;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:it/geosolutions/geostore/rest/security/oauth2/openid_connect/RefreshTokenServiceTest.class */
public class RefreshTokenServiceTest {
    private TestOAuth2SessionServiceDelegate serviceDelegate;
    private OAuth2Configuration configuration;
    private OAuth2RestTemplate restTemplate;
    private MockHttpServletRequest mockRequest;
    private MockHttpServletResponse mockResponse;
    private DefaultOAuth2AccessToken mockOAuth2AccessToken;

    @Mock
    private TokenAuthenticationCache authenticationCache;

    /* loaded from: input_file:it/geosolutions/geostore/rest/security/oauth2/openid_connect/RefreshTokenServiceTest$TestOAuth2SessionServiceDelegate.class */
    class TestOAuth2SessionServiceDelegate extends OAuth2SessionServiceDelegate {
        private OAuth2RestTemplate restTemplate;
        private OAuth2Configuration configuration;
        private OAuth2AccessToken currentAccessToken;
        protected TokenAuthenticationCache authenticationCache;

        public TestOAuth2SessionServiceDelegate() {
            super((RestTemplate) null, (OAuth2Configuration) null);
        }

        public void setRestTemplate(OAuth2RestTemplate oAuth2RestTemplate) {
            this.restTemplate = oAuth2RestTemplate;
        }

        public void setConfiguration(OAuth2Configuration oAuth2Configuration) {
            this.configuration = oAuth2Configuration;
        }

        protected OAuth2RestTemplate restTemplate() {
            return this.restTemplate;
        }

        protected OAuth2Configuration configuration() {
            return this.configuration;
        }

        protected HttpServletRequest getRequest() {
            return RefreshTokenServiceTest.this.mockRequest;
        }

        protected HttpServletResponse getResponse() {
            return RefreshTokenServiceTest.this.mockResponse;
        }

        protected TokenDetails getTokenDetails(Authentication authentication) {
            return super.getTokenDetails(authentication);
        }

        protected OAuth2AccessToken retrieveAccessToken(String str, Long l) {
            return this.currentAccessToken;
        }

        protected TokenAuthenticationCache cache() {
            return this.authenticationCache;
        }

        protected void updateAuthToken(String str, OAuth2AccessToken oAuth2AccessToken, OAuth2RefreshToken oAuth2RefreshToken, OAuth2Configuration oAuth2Configuration) {
            this.currentAccessToken = oAuth2AccessToken;
            Authentication authentication = (Authentication) Mockito.mock(Authentication.class);
            TokenDetails tokenDetails = (TokenDetails) Mockito.mock(TokenDetails.class);
            Mockito.when(tokenDetails.getAccessToken()).thenReturn(oAuth2AccessToken);
            Mockito.when(OAuth2Utils.getTokenDetails(authentication)).thenReturn(tokenDetails);
            this.authenticationCache.removeEntry(str);
            this.authenticationCache.putCacheEntry(oAuth2AccessToken.getValue(), authentication);
        }
    }

    RefreshTokenServiceTest() {
    }

    @BeforeEach
    void setUp() {
        MockitoAnnotations.openMocks(this);
        this.configuration = (OAuth2Configuration) Mockito.mock(OAuth2Configuration.class);
        this.restTemplate = (OAuth2RestTemplate) Mockito.mock(OAuth2RestTemplate.class);
        this.authenticationCache = (TokenAuthenticationCache) Mockito.mock(TokenAuthenticationCache.class);
        this.serviceDelegate = (TestOAuth2SessionServiceDelegate) Mockito.spy(new TestOAuth2SessionServiceDelegate());
        this.serviceDelegate.setRestTemplate(this.restTemplate);
        this.serviceDelegate.setConfiguration(this.configuration);
        this.serviceDelegate.authenticationCache = this.authenticationCache;
        this.mockRequest = new MockHttpServletRequest();
        this.mockResponse = new MockHttpServletResponse();
        RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(this.mockRequest));
        Mockito.when(Boolean.valueOf(this.configuration.isEnabled())).thenReturn(true);
        Mockito.when(Integer.valueOf(this.configuration.getMaxRetries())).thenReturn(3);
        Mockito.when(this.configuration.getClientId()).thenReturn("testClientId");
        Mockito.when(this.configuration.getClientSecret()).thenReturn("testClientSecret");
        Mockito.when(this.configuration.buildRefreshTokenURI()).thenReturn("https://example.com/oauth2/token");
        this.mockOAuth2AccessToken = new DefaultOAuth2AccessToken("providedAccessToken");
        this.mockOAuth2AccessToken.setRefreshToken(new DefaultOAuth2RefreshToken("existingRefreshToken"));
        this.mockOAuth2AccessToken.setExpiration(new Date(System.currentTimeMillis() + 3600000));
        this.serviceDelegate.currentAccessToken = this.mockOAuth2AccessToken;
        Authentication authentication = (Authentication) Mockito.mock(Authentication.class);
        TokenDetails tokenDetails = (TokenDetails) Mockito.mock(TokenDetails.class);
        Mockito.when(tokenDetails.getIdToken()).thenReturn("mockIdToken");
        ((TestOAuth2SessionServiceDelegate) Mockito.doReturn(tokenDetails).when(this.serviceDelegate)).getTokenDetails(authentication);
        Mockito.when(this.authenticationCache.get("providedAccessToken")).thenReturn(authentication);
        SecurityContext securityContext = (SecurityContext) Mockito.mock(SecurityContext.class);
        Mockito.when(securityContext.getAuthentication()).thenReturn(authentication);
        SecurityContextHolder.setContext(securityContext);
    }

    @AfterEach
    void tearDown() {
        RequestContextHolder.resetRequestAttributes();
        Mockito.framework().clearInlineMocks();
    }

    @Test
    void testRefreshWithValidTokens() {
        DefaultOAuth2AccessToken defaultOAuth2AccessToken = new DefaultOAuth2AccessToken("newAccessToken");
        defaultOAuth2AccessToken.setRefreshToken(new DefaultOAuth2RefreshToken("newRefreshToken"));
        defaultOAuth2AccessToken.setExpiration(new Date(System.currentTimeMillis() + 7200000));
        ResponseEntity responseEntity = new ResponseEntity(defaultOAuth2AccessToken, HttpStatus.OK);
        Mockito.when(Boolean.valueOf(this.configuration.isEnabled())).thenReturn(true);
        Mockito.when(this.configuration.getClientId()).thenReturn("testClientId");
        Mockito.when(this.configuration.getClientSecret()).thenReturn("testClientSecret");
        Mockito.when(this.configuration.buildRefreshTokenURI()).thenReturn("https://example.com/oauth2/token");
        Mockito.when(Long.valueOf(this.configuration.getInitialBackoffDelay())).thenReturn(1000L);
        Mockito.when(Integer.valueOf(this.configuration.getMaxRetries())).thenReturn(3);
        Mockito.when(this.restTemplate.exchange(Mockito.anyString(), (HttpMethod) Mockito.eq(HttpMethod.POST), (HttpEntity) Mockito.any(HttpEntity.class), (Class) Mockito.eq(OAuth2AccessToken.class), new Object[0])).thenReturn(responseEntity);
        Mockito.when(this.serviceDelegate.getRequest()).thenReturn(this.mockRequest);
        Mockito.when(this.serviceDelegate.getResponse()).thenReturn(this.mockResponse);
        SessionToken refresh = this.serviceDelegate.refresh("providedRefreshToken", "providedAccessToken");
        Assertions.assertNotNull(refresh, "SessionToken should not be null");
        Assertions.assertEquals("newAccessToken", refresh.getAccessToken(), "Access token should be updated");
        Assertions.assertEquals("newRefreshToken", refresh.getRefreshToken(), "Refresh token should be updated");
        Assertions.assertTrue(refresh.getExpires().longValue() > System.currentTimeMillis(), "Token expiration should be in the future");
        Assertions.assertEquals("bearer", refresh.getTokenType(), "Token type should be 'bearer'");
        ((TokenAuthenticationCache) Mockito.verify(this.authenticationCache)).putCacheEntry((String) Mockito.eq("newAccessToken"), (Authentication) Mockito.any(Authentication.class));
        ((TestOAuth2SessionServiceDelegate) Mockito.verify(this.serviceDelegate, Mockito.never())).handleRefreshFailure(Mockito.anyString(), Mockito.anyString(), (OAuth2Configuration) Mockito.any(OAuth2Configuration.class));
    }

    @Test
    void testRefreshWithInvalidRefreshToken() {
        Mockito.when(this.restTemplate.exchange(Mockito.anyString(), (HttpMethod) Mockito.eq(HttpMethod.POST), (HttpEntity) Mockito.any(HttpEntity.class), (Class) Mockito.eq(OAuth2AccessToken.class), new Object[0])).thenThrow(new Throwable[]{new HttpClientErrorException(HttpStatus.BAD_REQUEST)});
        SessionToken refresh = this.serviceDelegate.refresh("invalidRefreshToken", "providedAccessToken");
        Assertions.assertNotNull(refresh, "SessionToken should not be null even when refresh fails");
        Assertions.assertEquals("providedAccessToken", refresh.getAccessToken(), "Access token should remain unchanged");
        Assertions.assertEquals("existingRefreshToken", refresh.getRefreshToken(), "Refresh token should remain unchanged");
        Assertions.assertNotNull(refresh.getWarning(), "Warning message should be set");
        Assertions.assertTrue(refresh.getWarning().contains("Using existing access token."), "Expected error message in SessionToken");
    }

    @Test
    void testRefreshWithServerError() {
        Mockito.when(this.restTemplate.exchange(Mockito.anyString(), (HttpMethod) Mockito.eq(HttpMethod.POST), (HttpEntity) Mockito.any(HttpEntity.class), (Class) Mockito.eq(OAuth2AccessToken.class), new Object[0])).thenThrow(new Throwable[]{new HttpServerErrorException(HttpStatus.INTERNAL_SERVER_ERROR)});
        SessionToken refresh = this.serviceDelegate.refresh("providedRefreshToken", "providedAccessToken");
        Assertions.assertNotNull(refresh, "SessionToken should not be null even when refresh fails");
        Assertions.assertEquals("providedAccessToken", refresh.getAccessToken(), "Access token should remain unchanged after server error");
        Assertions.assertEquals("existingRefreshToken", refresh.getRefreshToken(), "Refresh token should remain unchanged after server error");
        Assertions.assertNotNull(refresh.getWarning(), "Warning message should be set");
        Assertions.assertTrue(refresh.getWarning().contains("Using existing access token."), "Expected error message in SessionToken");
        ((OAuth2RestTemplate) Mockito.verify(this.restTemplate, Mockito.times(3))).exchange(Mockito.anyString(), (HttpMethod) Mockito.eq(HttpMethod.POST), (HttpEntity) Mockito.any(HttpEntity.class), (Class) Mockito.eq(OAuth2AccessToken.class), new Object[0]);
    }

    @Test
    void testRefreshWithNullResponse() {
        Mockito.when(this.restTemplate.exchange(Mockito.anyString(), (HttpMethod) Mockito.eq(HttpMethod.POST), (HttpEntity) Mockito.any(HttpEntity.class), (Class) Mockito.eq(OAuth2AccessToken.class), new Object[0])).thenReturn(new ResponseEntity((MultiValueMap) null, HttpStatus.OK));
        SessionToken refresh = this.serviceDelegate.refresh("providedRefreshToken", "providedAccessToken");
        Assertions.assertNotNull(refresh, "SessionToken should not be null even when response is null");
        Assertions.assertEquals("providedAccessToken", refresh.getAccessToken(), "Access token should remain unchanged");
        Assertions.assertEquals("existingRefreshToken", refresh.getRefreshToken(), "Refresh token should remain unchanged");
        Assertions.assertNotNull(refresh.getWarning(), "Warning message should be set");
        Assertions.assertTrue(refresh.getWarning().contains("Using existing access token."), "Expected warning message in SessionToken");
    }

    @Test
    void testRefreshWhenConfigurationDisabled() {
        Mockito.when(Boolean.valueOf(this.configuration.isEnabled())).thenReturn(false);
        SessionToken refresh = this.serviceDelegate.refresh("providedRefreshToken", "providedAccessToken");
        Assertions.assertNotNull(refresh, "SessionToken should not be null when configuration is disabled");
        Assertions.assertEquals("providedAccessToken", refresh.getAccessToken(), "Access token should remain unchanged");
        Assertions.assertEquals("existingRefreshToken", refresh.getRefreshToken(), "Refresh token should remain unchanged");
        ((OAuth2RestTemplate) Mockito.verify(this.restTemplate, Mockito.never())).exchange(Mockito.anyString(), (HttpMethod) Mockito.any(HttpMethod.class), (HttpEntity) Mockito.any(HttpEntity.class), (Class) Mockito.eq(OAuth2AccessToken.class), new Object[0]);
    }

    @Test
    void testRefreshWithMissingAccessToken() {
        String str = "providedRefreshToken";
        String str2 = null;
        Assertions.assertTrue(((Exception) Assertions.assertThrows(RuntimeException.class, () -> {
            this.serviceDelegate.refresh(str, str2);
        })).getMessage().contains("Either the accessToken or the refresh token are missing"), "Expected exception message");
    }

    @Test
    void testRefreshWhenCacheReturnsNullAuthentication() {
        Mockito.when(this.authenticationCache.get("providedAccessToken")).thenReturn((Object) null);
        SessionToken refresh = this.serviceDelegate.refresh("providedRefreshToken", "providedAccessToken");
        Assertions.assertNotNull(refresh, "SessionToken should not be null even when authentication is not found in cache");
        Assertions.assertEquals("providedAccessToken", refresh.getAccessToken(), "Access token should remain unchanged");
        Assertions.assertEquals("existingRefreshToken", refresh.getRefreshToken(), "Refresh token should remain unchanged");
    }

    @Test
    void testRefreshWhenAuthenticationIsAnonymous() {
        Mockito.when(this.authenticationCache.get("providedAccessToken")).thenReturn((Authentication) Mockito.mock(AnonymousAuthenticationToken.class));
        SessionToken refresh = this.serviceDelegate.refresh("providedRefreshToken", "providedAccessToken");
        Assertions.assertNotNull(refresh, "SessionToken should not be null even when authentication is anonymous");
        Assertions.assertEquals("providedAccessToken", refresh.getAccessToken(), "Access token should remain unchanged");
        Assertions.assertEquals("existingRefreshToken", refresh.getRefreshToken(), "Refresh token should remain unchanged");
    }

    @Test
    void testRefreshWithExpiredAccessToken() {
        this.mockOAuth2AccessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
        this.serviceDelegate.currentAccessToken = this.mockOAuth2AccessToken;
        DefaultOAuth2AccessToken defaultOAuth2AccessToken = new DefaultOAuth2AccessToken("newAccessToken");
        defaultOAuth2AccessToken.setRefreshToken(new DefaultOAuth2RefreshToken("newRefreshToken"));
        defaultOAuth2AccessToken.setExpiration(new Date(System.currentTimeMillis() + 7200000));
        Mockito.when(this.restTemplate.exchange(Mockito.anyString(), (HttpMethod) Mockito.eq(HttpMethod.POST), (HttpEntity) Mockito.any(HttpEntity.class), (Class) Mockito.eq(OAuth2AccessToken.class), new Object[0])).thenReturn(new ResponseEntity(defaultOAuth2AccessToken, HttpStatus.OK));
        SessionToken refresh = this.serviceDelegate.refresh("providedRefreshToken", "expiredAccessToken");
        Assertions.assertNotNull(refresh, "SessionToken should not be null");
        Assertions.assertEquals("newAccessToken", refresh.getAccessToken(), "Access token should be updated");
        Assertions.assertEquals("newRefreshToken", refresh.getRefreshToken(), "Refresh token should be updated");
        Assertions.assertTrue(refresh.getExpires().longValue() > System.currentTimeMillis(), "Token expiration should be in the future");
    }

    @Test
    void testRefreshWithExpiredTokenAndUnsuccessfulRefresh() {
        this.mockOAuth2AccessToken.setExpiration(new Date(System.currentTimeMillis() - 300000));
        this.serviceDelegate.currentAccessToken = this.mockOAuth2AccessToken;
        Mockito.when(this.restTemplate.exchange(Mockito.anyString(), (HttpMethod) Mockito.eq(HttpMethod.POST), (HttpEntity) Mockito.any(HttpEntity.class), (Class) Mockito.eq(OAuth2AccessToken.class), new Object[0])).thenThrow(new Throwable[]{new HttpClientErrorException(HttpStatus.UNAUTHORIZED)});
        Assertions.assertNull(this.serviceDelegate.refresh("expiredRefreshToken", "expiredAccessToken"), "SessionToken should be null when the token is expired and cannot be refreshed");
        ((OAuth2RestTemplate) Mockito.verify(this.restTemplate, Mockito.times(3))).exchange(Mockito.anyString(), (HttpMethod) Mockito.eq(HttpMethod.POST), (HttpEntity) Mockito.any(HttpEntity.class), (Class) Mockito.eq(OAuth2AccessToken.class), new Object[0]);
    }

    @Test
    void testRefreshWithUserRedirectRequiredException() {
        Mockito.when(this.restTemplate.exchange(Mockito.anyString(), (HttpMethod) Mockito.eq(HttpMethod.POST), (HttpEntity) Mockito.any(HttpEntity.class), (Class) Mockito.eq(OAuth2AccessToken.class), new Object[0])).thenThrow(new Throwable[]{new UserRedirectRequiredException("redirect_uri", new HashMap())});
        SessionToken refresh = this.serviceDelegate.refresh("providedRefreshToken", "providedAccessToken");
        Assertions.assertNotNull(refresh, "SessionToken should not be null even when redirect is required");
        Assertions.assertEquals("providedAccessToken", refresh.getAccessToken(), "Access token should remain unchanged");
        Assertions.assertEquals("existingRefreshToken", refresh.getRefreshToken(), "Refresh token should remain unchanged");
        Assertions.assertNotNull(refresh.getWarning(), "Warning message should be set");
        Assertions.assertTrue(refresh.getWarning().contains("A redirect is required to get the user's approval"), "Expected redirect warning message in SessionToken");
        ((TestOAuth2SessionServiceDelegate) Mockito.verify(this.serviceDelegate, Mockito.never())).handleRefreshFailure(Mockito.anyString(), Mockito.anyString(), (OAuth2Configuration) Mockito.any(OAuth2Configuration.class));
    }
}
