package org.gridgain.control.agent.processor.action;

import java.util.UUID;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.compute.ComputeTask;
import org.apache.ignite.compute.ComputeTaskFuture;
import org.apache.ignite.internal.processors.security.IgniteSecurity;
import org.apache.ignite.internal.processors.security.SecurityContext;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.lang.IgniteInClosure;
import org.apache.ignite.plugin.security.AuthenticationContext;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.assertj.core.api.Assertions;
import org.gridgain.control.agent.AbstractOidcMockTest;
import org.gridgain.control.agent.ControlCenterAgent;
import org.gridgain.control.agent.StompDestinationsUtils;
import org.gridgain.control.agent.action.SessionRegistry;
import org.gridgain.control.agent.dto.action.AuthenticateCredentials;
import org.gridgain.control.agent.dto.action.JobResponse;
import org.gridgain.control.agent.dto.action.Request;
import org.gridgain.control.agent.dto.action.Status;
import org.gridgain.control.agent.dto.action.TaskResponse;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;

/* loaded from: input_file:org/gridgain/control/agent/processor/action/DistributedActionProcessorOidcMockTest.class */
public class DistributedActionProcessorOidcMockTest extends AbstractOidcMockTest {

    @Mock
    private ComputeTaskFuture<TaskResponse> computeTaskFut;
    private DistributedActionProcessor proc;

    @Override // org.gridgain.control.agent.AbstractOidcMockTest
    @Before
    public void setUp() throws Exception {
        super.setUp();
        this.proc = new DistributedActionProcessor(this.ctx);
        Mockito.when(this.compute.executeAsync((ComputeTask) ArgumentMatchers.any(ExecuteActionTask.class), ArgumentMatchers.any(Request.class))).thenReturn(this.computeTaskFut);
    }

    @Test
    public void shouldSendAuthenticateActionWithoutAuthentication() throws IgniteCheckedException {
        Request argument = new Request().setId(UUID.randomUUID()).setAction("SecurityActions.authenticate").setArgument(new AuthenticateCredentials().setCredentials(new SecurityCredentials((String) null, (String) null, U.map("tokenType", AbstractOidcMockTest.TOKEN_TYPE, "accessToken", AbstractOidcMockTest.TOKEN_VALUE))));
        this.proc.onActionRequest(argument);
        Assert.assertNull(argument.getSessionId());
        ((IgniteSecurity) Mockito.verify(this.security, Mockito.never())).withContext((SecurityContext) ArgumentMatchers.any(SecurityContext.class));
        ((SessionRegistry) Mockito.verify(this.sesRegistry, Mockito.never())).getSession((UUID) ArgumentMatchers.any());
        ((ComputeTaskFuture) Mockito.verify(this.computeTaskFut, Mockito.times(1))).listen((IgniteInClosure) ArgumentMatchers.any());
    }

    @Test
    public void shouldAuthenticateWithOidc() throws IgniteCheckedException {
        Request credentials = new Request().setId(UUID.randomUUID()).setAction("TestActionWithOidc.nodeIdAction").setCredentials(new SecurityCredentials((String) null, (String) null, U.map("tokenType", AbstractOidcMockTest.TOKEN_TYPE, "accessToken", AbstractOidcMockTest.TOKEN_VALUE)));
        this.proc.onActionRequest(credentials);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(AuthenticationContext.class);
        ((IgniteSecurity) Mockito.verify(this.security, Mockito.times(1))).authenticate((AuthenticationContext) forClass.capture());
        Assert.assertEquals(((AuthenticationContext) forClass.getValue()).credentials(), credentials.getCredentials());
        Assert.assertNull(credentials.getSessionId());
        ((IgniteSecurity) Mockito.verify(this.security, Mockito.times(1))).withContext((SecurityContext) ArgumentMatchers.any(SecurityContext.class));
        ((SessionRegistry) Mockito.verify(this.sesRegistry, Mockito.never())).getSession((UUID) ArgumentMatchers.any());
        ((ComputeTaskFuture) Mockito.verify(this.computeTaskFut, Mockito.times(1))).listen((IgniteInClosure) ArgumentMatchers.any());
    }

    @Test
    public void shouldNotAuthenticationWithOidc() throws IgniteCheckedException {
        this.proc.onActionRequest(new Request().setId(UUID.randomUUID()).setAction("TestActionWithOidc.nodeIdAction").setCredentials(new SecurityCredentials((String) null, (String) null, U.map("wrong-arg", AbstractOidcMockTest.TOKEN_VALUE))));
        ((IgniteSecurity) Mockito.verify(this.security, Mockito.never())).withContext((SecurityContext) ArgumentMatchers.any(SecurityContext.class));
        ((IgniteSecurity) Mockito.verify(this.security, Mockito.never())).authenticate((AuthenticationContext) ArgumentMatchers.any());
        ArgumentCaptor forClass = ArgumentCaptor.forClass(TaskResponse.class);
        ArgumentCaptor forClass2 = ArgumentCaptor.forClass(JobResponse.class);
        ((ControlCenterAgent) Mockito.verify(this.agent, Mockito.times(1))).sendToControlCenter((String) ArgumentMatchers.eq(StompDestinationsUtils.buildActionTaskResponseDest(CLUSTER_ID)), forClass.capture());
        ((ControlCenterAgent) Mockito.verify(this.agent, Mockito.times(1))).sendToControlCenter((String) ArgumentMatchers.eq(StompDestinationsUtils.buildActionJobResponseDest(CLUSTER_ID)), forClass2.capture());
        Assert.assertEquals(Status.FAILED, ((TaskResponse) forClass.getValue()).getStatus());
        Assert.assertEquals(Status.FAILED, ((JobResponse) forClass2.getValue()).getStatus());
        Assertions.assertThat(((JobResponse) forClass2.getValue()).getError().getMessage()).startsWith("Failed to authenticate, the session with provided sessionId");
    }

    @Test
    public void shouldThrowInvalidCredentials() throws IgniteCheckedException {
        this.proc.onActionRequest(new Request().setId(UUID.randomUUID()).setAction("TestActionWithOidc.nodeIdAction").setCredentials(new SecurityCredentials((String) null, (String) null, U.map("tokenType", AbstractOidcMockTest.TOKEN_TYPE, "accessToken", "wrong"))));
        ((IgniteSecurity) Mockito.verify(this.security, Mockito.never())).withContext((SecurityContext) ArgumentMatchers.any(SecurityContext.class));
        ((IgniteSecurity) Mockito.verify(this.security, Mockito.times(1))).authenticate((AuthenticationContext) ArgumentMatchers.any());
        ArgumentCaptor forClass = ArgumentCaptor.forClass(TaskResponse.class);
        ArgumentCaptor forClass2 = ArgumentCaptor.forClass(JobResponse.class);
        ((ControlCenterAgent) Mockito.verify(this.agent, Mockito.times(1))).sendToControlCenter((String) ArgumentMatchers.eq(StompDestinationsUtils.buildActionTaskResponseDest(CLUSTER_ID)), forClass.capture());
        ((ControlCenterAgent) Mockito.verify(this.agent, Mockito.times(1))).sendToControlCenter((String) ArgumentMatchers.eq(StompDestinationsUtils.buildActionJobResponseDest(CLUSTER_ID)), forClass2.capture());
        Assert.assertEquals(Status.FAILED, ((TaskResponse) forClass.getValue()).getStatus());
        Assert.assertEquals(Status.FAILED, ((JobResponse) forClass2.getValue()).getStatus());
        Assertions.assertThat(((JobResponse) forClass2.getValue()).getError().getMessage()).startsWith("Failed to authenticate remote client (invalid credentials?)");
    }
}
