package de.gematik.bbriccs.rest.idp;

import de.gematik.bbriccs.fhir.codec.EmptyResource;
import de.gematik.bbriccs.rest.fd.FdRequest;
import de.gematik.bbriccs.rest.headers.HttpHeader;
import de.gematik.bbriccs.rest.headers.JwtHeaderKey;
import de.gematik.bbriccs.rest.idp.IdpTokenHeaderProvider;
import de.gematik.bbriccs.smartcards.Egk;
import de.gematik.bbriccs.smartcards.SmartcardArchive;
import de.gematik.bbriccs.smartcards.SmartcardCertificate;
import de.gematik.idp.client.IdpClient;
import de.gematik.idp.client.IdpClientRuntimeException;
import de.gematik.idp.client.IdpTokenResult;
import de.gematik.idp.crypto.EcSignerUtility;
import de.gematik.idp.crypto.RsaSignerUtility;
import de.gematik.idp.crypto.model.PkiIdentity;
import de.gematik.idp.token.JsonWebToken;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.function.UnaryOperator;
import org.hl7.fhir.r4.model.Bundle;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.mockito.MockedStatic;
import org.mockito.Mockito;

/* loaded from: input_file:de/gematik/bbriccs/rest/idp/IdpTokenHeaderProviderTest.class */
class IdpTokenHeaderProviderTest {
    private static SmartcardArchive sca;

    IdpTokenHeaderProviderTest() {
    }

    @BeforeAll
    static void setupSmartcards() {
        sca = SmartcardArchive.fromResources();
    }

    @Test
    void shouldAuthenticateViaSmartcardWithCaching() {
        Egk egk = sca.getEgk(0);
        IdpTokenHeaderProvider.JwtHeaderProviderBuilder usingScope = IdpTokenHeaderProvider.withDiscoveryDocumentUrl("https://idp-ref.app.ti-dienste.de/.well-known/openid-configuration").withRedirectUrl("https://test-ps.gematik.de/bbriccs").withClientId("bbriccsTestPs").usingScope("bbriccs");
        MockedStatic mockStatic = Mockito.mockStatic(IdpClient.class);
        try {
            IdpClient idpClient = (IdpClient) Mockito.mock(IdpClient.class);
            IdpClient.IdpClientBuilder idpClientBuilder = (IdpClient.IdpClientBuilder) Mockito.mock(IdpClient.IdpClientBuilder.class);
            Mockito.when(idpClientBuilder.redirectUrl(Mockito.anyString())).thenReturn(idpClientBuilder);
            Mockito.when(idpClientBuilder.clientId(Mockito.anyString())).thenReturn(idpClientBuilder);
            Mockito.when(idpClientBuilder.discoveryDocumentUrl(Mockito.anyString())).thenReturn(idpClientBuilder);
            Mockito.when(idpClientBuilder.scopes(Mockito.anySet())).thenReturn(idpClientBuilder);
            Mockito.when(idpClientBuilder.build()).thenReturn(idpClient);
            mockStatic.when(IdpClient::builder).thenReturn(idpClientBuilder);
            IdpTokenResult build = IdpTokenResult.builder().accessToken(new JsonWebToken("ABC")).build();
            build.setExpiresIn(1000);
            Mockito.when(idpClient.login((PkiIdentity) Mockito.any())).thenReturn(build).thenReturn(IdpTokenResult.builder().accessToken(new JsonWebToken("XYZ")).build());
            IdpTokenHeaderProvider idpTokenHeaderProvider = (IdpTokenHeaderProvider) Assertions.assertDoesNotThrow(() -> {
                return usingScope.authenticateWith(egk);
            });
            FdRequest<EmptyResource, Bundle> createMockRequest = createMockRequest();
            HttpHeader httpHeader = (HttpHeader) Assertions.assertDoesNotThrow(() -> {
                return idpTokenHeaderProvider.forRequest(createMockRequest);
            });
            Assertions.assertEquals(JwtHeaderKey.AUTHORIZATION.getKey(), httpHeader.key());
            Assertions.assertNotNull(httpHeader.value());
            Assertions.assertEquals(httpHeader.value(), ((HttpHeader) Assertions.assertDoesNotThrow(() -> {
                return idpTokenHeaderProvider.forRequest(createMockRequest);
            })).value());
            if (mockStatic != null) {
                mockStatic.close();
            }
        } catch (Throwable th) {
            if (mockStatic != null) {
                try {
                    mockStatic.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void shouldRefreshIfTokenExpired() {
        Egk egk = sca.getEgk(0);
        IdpTokenHeaderProvider.JwtHeaderProviderBuilder usingScope = IdpTokenHeaderProvider.withDiscoveryDocumentUrl("https://idp-ref.app.ti-dienste.de/.well-known/openid-configuration").withRedirectUrl("https://test-ps.gematik.de/bbriccs").withClientId("bbriccsTestPs").usingScope("bbriccs");
        MockedStatic mockStatic = Mockito.mockStatic(IdpClient.class);
        try {
            IdpClient idpClient = (IdpClient) Mockito.mock(IdpClient.class);
            IdpClient.IdpClientBuilder idpClientBuilder = (IdpClient.IdpClientBuilder) Mockito.mock(IdpClient.IdpClientBuilder.class);
            Mockito.when(idpClientBuilder.redirectUrl(Mockito.anyString())).thenReturn(idpClientBuilder);
            Mockito.when(idpClientBuilder.clientId(Mockito.anyString())).thenReturn(idpClientBuilder);
            Mockito.when(idpClientBuilder.discoveryDocumentUrl(Mockito.anyString())).thenReturn(idpClientBuilder);
            Mockito.when(idpClientBuilder.scopes(Mockito.anySet())).thenReturn(idpClientBuilder);
            Mockito.when(idpClientBuilder.build()).thenReturn(idpClient);
            mockStatic.when(IdpClient::builder).thenReturn(idpClientBuilder);
            IdpTokenResult build = IdpTokenResult.builder().accessToken(new JsonWebToken("ABC")).build();
            build.setExpiresIn(0);
            Mockito.when(idpClient.login((PkiIdentity) Mockito.any())).thenReturn(build).thenReturn(IdpTokenResult.builder().accessToken(new JsonWebToken("XYZ")).build());
            IdpTokenHeaderProvider idpTokenHeaderProvider = (IdpTokenHeaderProvider) Assertions.assertDoesNotThrow(() -> {
                return usingScope.authenticateWith(egk);
            });
            FdRequest<EmptyResource, Bundle> createMockRequest = createMockRequest();
            HttpHeader httpHeader = (HttpHeader) Assertions.assertDoesNotThrow(() -> {
                return idpTokenHeaderProvider.forRequest(createMockRequest);
            });
            Assertions.assertEquals(JwtHeaderKey.AUTHORIZATION.getKey(), httpHeader.key());
            Assertions.assertNotNull(httpHeader.value());
            Assertions.assertEquals("Bearer ABC", httpHeader.value());
            HttpHeader httpHeader2 = (HttpHeader) Assertions.assertDoesNotThrow(() -> {
                return idpTokenHeaderProvider.forRequest(createMockRequest);
            });
            Assertions.assertNotNull(httpHeader2.value());
            Assertions.assertNotEquals(httpHeader.value(), httpHeader2.value());
            Assertions.assertEquals("Bearer XYZ", httpHeader2.value());
            if (mockStatic != null) {
                mockStatic.close();
            }
        } catch (Throwable th) {
            if (mockStatic != null) {
                try {
                    mockStatic.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void shouldAuthenticateViaExternalAuthenticate() {
        Egk egk = sca.getEgk(0);
        IdpTokenHeaderProvider.JwtHeaderProviderBuilder usingScope = IdpTokenHeaderProvider.withDiscoveryDocumentUrl("https://idp-ref.app.ti-dienste.de/.well-known/openid-configuration").withRedirectUrl("https://test-ps.gematik.de/bbriccs").withClientId("bbriccsTestPs").usingScope("bbriccs");
        MockedStatic mockStatic = Mockito.mockStatic(IdpClient.class);
        try {
            IdpClient idpClient = (IdpClient) Mockito.mock(IdpClient.class);
            IdpClient.IdpClientBuilder idpClientBuilder = (IdpClient.IdpClientBuilder) Mockito.mock(IdpClient.IdpClientBuilder.class);
            Mockito.when(idpClientBuilder.redirectUrl(Mockito.anyString())).thenReturn(idpClientBuilder);
            Mockito.when(idpClientBuilder.clientId(Mockito.anyString())).thenReturn(idpClientBuilder);
            Mockito.when(idpClientBuilder.discoveryDocumentUrl(Mockito.anyString())).thenReturn(idpClientBuilder);
            Mockito.when(idpClientBuilder.scopes(Mockito.anySet())).thenReturn(idpClientBuilder);
            Mockito.when(idpClientBuilder.build()).thenReturn(idpClient);
            mockStatic.when(IdpClient::builder).thenReturn(idpClientBuilder);
            IdpTokenResult build = IdpTokenResult.builder().accessToken(new JsonWebToken("ABC")).build();
            build.setExpiresIn(1000);
            Mockito.when(idpClient.login((X509Certificate) Mockito.any(), (UnaryOperator) Mockito.any())).thenReturn(build).thenReturn(IdpTokenResult.builder().accessToken(new JsonWebToken("XYZ")).build());
            SmartcardCertificate autCertificate = egk.getAutCertificate();
            PkiIdentity build2 = PkiIdentity.builder().certificate(autCertificate.getX509Certificate()).privateKey(autCertificate.getPrivateKey()).build();
            UnaryOperator unaryOperator = bArr -> {
                return build2.getPrivateKey() instanceof RSAPrivateKey ? RsaSignerUtility.createRsaSignature(bArr, build2.getPrivateKey()) : EcSignerUtility.createEcSignature(bArr, build2.getPrivateKey());
            };
            IdpTokenHeaderProvider idpTokenHeaderProvider = (IdpTokenHeaderProvider) Assertions.assertDoesNotThrow(() -> {
                return usingScope.authenticateWith(autCertificate.getX509Certificate(), unaryOperator);
            });
            FdRequest<EmptyResource, Bundle> createMockRequest = createMockRequest();
            HttpHeader httpHeader = (HttpHeader) Assertions.assertDoesNotThrow(() -> {
                return idpTokenHeaderProvider.forRequest(createMockRequest);
            });
            Assertions.assertEquals(JwtHeaderKey.AUTHORIZATION.getKey(), httpHeader.key());
            Assertions.assertNotNull(httpHeader.value());
            Assertions.assertEquals(httpHeader.value(), ((HttpHeader) Assertions.assertDoesNotThrow(() -> {
                return idpTokenHeaderProvider.forRequest(createMockRequest);
            })).value());
            if (mockStatic != null) {
                mockStatic.close();
            }
        } catch (Throwable th) {
            if (mockStatic != null) {
                try {
                    mockStatic.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void shouldCatchNPEsFromIdpClient() {
        Egk egk = sca.getEgk(0);
        IdpTokenHeaderProvider.JwtHeaderProviderBuilder usingScope = IdpTokenHeaderProvider.withDiscoveryDocumentUrl("https://idp-ref.app.ti-dienste.de/.well-known/openid-configuration").withRedirectUrl("https://test-ps.gematik.de/bbriccs").withClientId("bbriccsTestPs").usingScope("bbriccs");
        MockedStatic mockStatic = Mockito.mockStatic(IdpClient.class);
        try {
            IdpClient idpClient = (IdpClient) Mockito.mock(IdpClient.class);
            IdpClient.IdpClientBuilder idpClientBuilder = (IdpClient.IdpClientBuilder) Mockito.mock(IdpClient.IdpClientBuilder.class);
            Mockito.when(idpClientBuilder.redirectUrl(Mockito.anyString())).thenReturn(idpClientBuilder);
            Mockito.when(idpClientBuilder.clientId(Mockito.anyString())).thenReturn(idpClientBuilder);
            Mockito.when(idpClientBuilder.discoveryDocumentUrl(Mockito.anyString())).thenReturn(idpClientBuilder);
            Mockito.when(idpClientBuilder.scopes(Mockito.anySet())).thenReturn(idpClientBuilder);
            Mockito.when(idpClientBuilder.build()).thenReturn(idpClient);
            mockStatic.when(IdpClient::builder).thenReturn(idpClientBuilder);
            Mockito.when(idpClient.login((PkiIdentity) Mockito.any())).thenThrow(NullPointerException.class);
            IdpTokenHeaderProvider idpTokenHeaderProvider = (IdpTokenHeaderProvider) Assertions.assertDoesNotThrow(() -> {
                return usingScope.authenticateWith(egk);
            });
            FdRequest<EmptyResource, Bundle> createMockRequest = createMockRequest();
            Assertions.assertThrows(IdpClientRuntimeException.class, () -> {
                idpTokenHeaderProvider.forRequest(createMockRequest);
            });
            if (mockStatic != null) {
                mockStatic.close();
            }
        } catch (Throwable th) {
            if (mockStatic != null) {
                try {
                    mockStatic.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private FdRequest<EmptyResource, Bundle> createMockRequest() {
        return (FdRequest) Mockito.mock(FdRequest.class);
    }
}
