package io.fabric8.kubernetes.client.utils;

import io.fabric8.kubernetes.api.model.Config;
import io.fabric8.kubernetes.api.model.NamedAuthInfo;
import io.fabric8.kubernetes.api.model.NamedContext;
import io.fabric8.kubernetes.client.internal.KubeConfigUtils;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.FileAttribute;
import java.util.HashMap;
import java.util.Map;
import okhttp3.Call;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Protocol;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:io/fabric8/kubernetes/client/utils/OpenIDConnectionUtilsTest.class */
class OpenIDConnectionUtilsTest {
    OkHttpClient mockClient = (OkHttpClient) Mockito.mock(OkHttpClient.class, Mockito.RETURNS_DEEP_STUBS);

    OpenIDConnectionUtilsTest() {
    }

    @Test
    void testLoadTokenURL() throws IOException {
        mockOkHttpClient(200, "{\"issuer\": \"https://accounts.example.com\", \"token_endpoint\": \"https://oauth2.exampleapis.com/token\"}");
        Map oIDCDiscoveryDocumentAsMap = OpenIDConnectionUtils.getOIDCDiscoveryDocumentAsMap(this.mockClient, "https://accounts.example.com");
        Assertions.assertNotNull(oIDCDiscoveryDocumentAsMap);
        Assertions.assertEquals("https://oauth2.exampleapis.com/token", oIDCDiscoveryDocumentAsMap.get("token_endpoint"));
    }

    @Test
    void testLoadTokenURLWhenNotFound() throws IOException {
        mockOkHttpClient(404, "{}");
        Assertions.assertTrue(OpenIDConnectionUtils.getOIDCDiscoveryDocumentAsMap(this.mockClient, "https://accounts.example.com").isEmpty());
    }

    @Test
    void testGetWellKnownUrlForOpenIDIssuer() {
        Assertions.assertEquals("https://accounts.example.com/.well-known/openid-configuration", OpenIDConnectionUtils.getWellKnownUrlForOpenIDIssuer("https://accounts.example.com"));
    }

    @Test
    void testRefreshOidcToken() throws IOException {
        mockOkHttpClient(200, "{\"id_token\":\"thisisatesttoken\",\"access_token\": \"thisisrefreshtoken\",\"expires_in\": 3599,\"scope\": \"openid https://www.exampleapis.com/auth/userinfo.email\",\"token_type\": \"Bearer\"}");
        Map refreshOidcToken = OpenIDConnectionUtils.refreshOidcToken(this.mockClient, "test-client-id", "test-refresh-token", "test-client-secret", "https://oauth2.exampleapis.com/token");
        Assertions.assertNotNull(refreshOidcToken);
        Assertions.assertEquals("thisisatesttoken", refreshOidcToken.get("id_token"));
    }

    @Test
    void testFetchOIDCProviderDiscoveryDocumentAndRefreshToken() throws IOException {
        HashMap hashMap = new HashMap();
        hashMap.put("token_endpoint", "https://oauth2.exampleapis.com/token");
        mockOkHttpClient(200, "{\"id_token\":\"thisisatesttoken\",\"access_token\": \"thisisrefreshtoken\",\"expires_in\": 3599,\"scope\": \"openid https://www.exampleapis.com/auth/userinfo.email\",\"token_type\": \"Bearer\"}");
        String oIDCProviderTokenEndpointAndRefreshToken = OpenIDConnectionUtils.getOIDCProviderTokenEndpointAndRefreshToken(this.mockClient, hashMap, "test-client-id", "test-refresh-token", "test-client-secret", "some.access.token", false);
        Assertions.assertNotNull(oIDCProviderTokenEndpointAndRefreshToken);
        Assertions.assertEquals("thisisatesttoken", oIDCProviderTokenEndpointAndRefreshToken);
    }

    @Test
    void testPersistKubeConfigWithUpdatedToken() throws IOException {
        HashMap hashMap = new HashMap();
        hashMap.put("id_token", "id-token-updated");
        hashMap.put("access_token", "refresh-token-updated");
        File file = Files.createTempFile("test", "kubeconfig", new FileAttribute[0]).toFile();
        Files.copy(getClass().getResourceAsStream("/test-kubeconfig-oidc"), Paths.get(file.getPath(), new String[0]), StandardCopyOption.REPLACE_EXISTING);
        Assertions.assertTrue(OpenIDConnectionUtils.persistKubeConfigWithUpdatedToken(file.getAbsolutePath(), hashMap));
        Config parseConfig = KubeConfigUtils.parseConfig(file);
        Assertions.assertNotNull(parseConfig);
        NamedContext currentContext = KubeConfigUtils.getCurrentContext(parseConfig);
        Assertions.assertNotNull(currentContext);
        int namedUserIndexFromConfig = KubeConfigUtils.getNamedUserIndexFromConfig(parseConfig, currentContext.getContext().getUser());
        Assertions.assertTrue(namedUserIndexFromConfig > 0);
        Map config = ((NamedAuthInfo) parseConfig.getUsers().get(namedUserIndexFromConfig)).getUser().getAuthProvider().getConfig();
        Assertions.assertFalse(config.isEmpty());
        Assertions.assertEquals("id-token-updated", config.get("id-token"));
        Assertions.assertEquals("refresh-token-updated", config.get("refresh-token"));
    }

    @Test
    void testResolveOIDCTokenFromAuthConfigShouldReturnOldTokenWhenRefreshNotSupported() {
        HashMap hashMap = new HashMap();
        hashMap.put("client-id", "client-id");
        hashMap.put("client-secret", "client-secret");
        hashMap.put("id-token", "id-token");
        Assertions.assertEquals("id-token", OpenIDConnectionUtils.resolveOIDCTokenFromAuthConfig(hashMap));
    }

    @Test
    void testgetParametersFromDiscoveryResponse() {
        HashMap hashMap = new HashMap();
        hashMap.put("issuer", "https://api.login.example.com");
        hashMap.put("token_endpoint", "https//api.login.example.com/oauth2/get_token");
        hashMap.put("jwks_uri", "https//api.login.example.com/openid/v1/certs");
        Assertions.assertEquals("https//api.login.example.com/oauth2/get_token", OpenIDConnectionUtils.getParametersFromDiscoveryResponse(hashMap, "token_endpoint"));
        Assertions.assertEquals("", OpenIDConnectionUtils.getParametersFromDiscoveryResponse(hashMap, "userinfo_endpoint"));
    }

    private void mockOkHttpClient(int i, String str) throws IOException {
        Call call = (Call) Mockito.mock(Call.class);
        Mockito.when(call.execute()).thenReturn(mockResponse(i, str));
        Mockito.when(this.mockClient.newCall((Request) ArgumentMatchers.any())).thenReturn(call);
    }

    private Response mockResponse(int i, String str) {
        return new Response.Builder().request(new Request.Builder().url("http://mock").build()).protocol(Protocol.HTTP_1_1).code(i).body(ResponseBody.create(MediaType.get("application/json"), str)).message("mock").build();
    }
}
