package org.apereo.cas.uma.web.controllers.authz;

import java.util.HashSet;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.tuple.Triple;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.uma.ticket.permission.UmaPermissionTicket;
import org.apereo.cas.uma.ticket.resource.ResourceSetPolicy;
import org.apereo.cas.uma.ticket.resource.ResourceSetPolicyPermission;
import org.apereo.cas.uma.web.controllers.BaseUmaEndpointControllerTests;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;

@Tag("UMA")
/* loaded from: input_file:org/apereo/cas/uma/web/controllers/authz/UmaAuthorizationRequestEndpointControllerTests.class */
public class UmaAuthorizationRequestEndpointControllerTests extends BaseUmaEndpointControllerTests {
    @Test
    public void verifyPermTicketNoPolicy() throws Exception {
        String permissionTicketWith = getPermissionTicketWith(List.of("read", "write"));
        Triple<HttpServletRequest, HttpServletResponse, String> authenticateUmaRequestWithAuthorizationScope = authenticateUmaRequestWithAuthorizationScope();
        UmaAuthorizationRequest umaAuthorizationRequest = new UmaAuthorizationRequest();
        umaAuthorizationRequest.setGrantType(OAuth20GrantTypes.UMA_TICKET.getType());
        umaAuthorizationRequest.setTicket(permissionTicketWith);
        String json = umaAuthorizationRequest.toJson();
        UmaPermissionTicket ticket = this.ticketRegistry.getTicket(permissionTicketWith, UmaPermissionTicket.class);
        ticket.getResourceSet().setPolicies(new HashSet());
        this.ticketRegistry.updateTicket(ticket);
        Assertions.assertEquals(HttpStatus.BAD_REQUEST, this.umaAuthorizationRequestEndpointController.handleAuthorizationRequest(json, (HttpServletRequest) authenticateUmaRequestWithAuthorizationScope.getLeft(), (HttpServletResponse) authenticateUmaRequestWithAuthorizationScope.getMiddle()).getStatusCode());
    }

    @Test
    public void verifyAuthorizationOperation() throws Exception {
        String permissionTicketWith = getPermissionTicketWith(List.of("read", "write"));
        Triple<HttpServletRequest, HttpServletResponse, String> authenticateUmaRequestWithAuthorizationScope = authenticateUmaRequestWithAuthorizationScope();
        UmaAuthorizationRequest umaAuthorizationRequest = new UmaAuthorizationRequest();
        umaAuthorizationRequest.setGrantType(OAuth20GrantTypes.UMA_TICKET.getType());
        umaAuthorizationRequest.setTicket(permissionTicketWith);
        ResponseEntity handleAuthorizationRequest = this.umaAuthorizationRequestEndpointController.handleAuthorizationRequest(umaAuthorizationRequest.toJson(), (HttpServletRequest) authenticateUmaRequestWithAuthorizationScope.getLeft(), (HttpServletResponse) authenticateUmaRequestWithAuthorizationScope.getMiddle());
        Assertions.assertEquals(HttpStatus.OK, handleAuthorizationRequest.getStatusCode());
        Map map = (Map) handleAuthorizationRequest.getBody();
        Assertions.assertNotNull(map);
        Assertions.assertTrue(map.containsKey("code"));
        Assertions.assertTrue(map.containsKey("rpt"));
    }

    @Test
    public void verifyMismatchedClaims() throws Exception {
        String permissionTicketWith = getPermissionTicketWith(List.of("delete", "open"));
        Triple<HttpServletRequest, HttpServletResponse, String> authenticateUmaRequestWithAuthorizationScope = authenticateUmaRequestWithAuthorizationScope();
        String json = new UmaAuthorizationRequest().setGrantType(OAuth20GrantTypes.UMA_TICKET.getType()).setTicket(permissionTicketWith).toJson();
        ResourceSetPolicyPermission resourceSetPolicyPermission = new ResourceSetPolicyPermission();
        resourceSetPolicyPermission.getClaims().put("lastName", "Apereo");
        UmaPermissionTicket ticket = this.ticketRegistry.getTicket(permissionTicketWith, UmaPermissionTicket.class);
        ticket.getResourceSet().getScopes().add("hello");
        ResourceSetPolicy id = new ResourceSetPolicy().setId(2000L);
        id.getPermissions().add(resourceSetPolicyPermission);
        ticket.getResourceSet().getPolicies().add(id);
        Assertions.assertEquals(HttpStatus.PERMANENT_REDIRECT, this.umaAuthorizationRequestEndpointController.handleAuthorizationRequest(json, (HttpServletRequest) authenticateUmaRequestWithAuthorizationScope.getLeft(), (HttpServletResponse) authenticateUmaRequestWithAuthorizationScope.getMiddle()).getStatusCode());
    }

    @Test
    public void verifyMissingGrant() throws Exception {
        Triple<HttpServletRequest, HttpServletResponse, String> authenticateUmaRequestWithAuthorizationScope = authenticateUmaRequestWithAuthorizationScope();
        Assertions.assertEquals(HttpStatus.BAD_REQUEST, this.umaAuthorizationRequestEndpointController.handleAuthorizationRequest(new UmaAuthorizationRequest().toJson(), (HttpServletRequest) authenticateUmaRequestWithAuthorizationScope.getLeft(), (HttpServletResponse) authenticateUmaRequestWithAuthorizationScope.getMiddle()).getStatusCode());
        Assertions.assertEquals(HttpStatus.BAD_REQUEST, this.umaAuthorizationRequestEndpointController.handleAuthorizationRequest(new UmaAuthorizationRequest().setGrantType((String) null).toJson(), (HttpServletRequest) authenticateUmaRequestWithAuthorizationScope.getLeft(), (HttpServletResponse) authenticateUmaRequestWithAuthorizationScope.getMiddle()).getStatusCode());
        Assertions.assertEquals(HttpStatus.BAD_REQUEST, this.umaAuthorizationRequestEndpointController.handleAuthorizationRequest(new UmaAuthorizationRequest().setGrantType("unknown").toJson(), (HttpServletRequest) authenticateUmaRequestWithAuthorizationScope.getLeft(), (HttpServletResponse) authenticateUmaRequestWithAuthorizationScope.getMiddle()).getStatusCode());
        Assertions.assertEquals(HttpStatus.BAD_REQUEST, this.umaAuthorizationRequestEndpointController.handleAuthorizationRequest(new UmaAuthorizationRequest().setGrantType(OAuth20GrantTypes.UMA_TICKET.getType()).setTicket((String) null).toJson(), (HttpServletRequest) authenticateUmaRequestWithAuthorizationScope.getLeft(), (HttpServletResponse) authenticateUmaRequestWithAuthorizationScope.getMiddle()).getStatusCode());
        Assertions.assertEquals(HttpStatus.BAD_REQUEST, this.umaAuthorizationRequestEndpointController.handleAuthorizationRequest(new UmaAuthorizationRequest().setGrantType(OAuth20GrantTypes.UMA_TICKET.getType()).setTicket("unknown-ticket").toJson(), (HttpServletRequest) authenticateUmaRequestWithAuthorizationScope.getLeft(), (HttpServletResponse) authenticateUmaRequestWithAuthorizationScope.getMiddle()).getStatusCode());
    }

    private String getPermissionTicketWith(List<String> list) {
        Triple<HttpServletRequest, HttpServletResponse, String> authenticateUmaRequestWithProtectionScope = authenticateUmaRequestWithProtectionScope();
        ResponseEntity registerResourceSet = this.umaCreateResourceSetRegistrationEndpointController.registerResourceSet(createUmaResourceRegistrationRequest(1000L, list).toJson(), (HttpServletRequest) authenticateUmaRequestWithProtectionScope.getLeft(), (HttpServletResponse) authenticateUmaRequestWithProtectionScope.getMiddle());
        Assertions.assertEquals(HttpStatus.OK, registerResourceSet.getStatusCode());
        Map map = (Map) registerResourceSet.getBody();
        Assertions.assertNotNull(map);
        long longValue = ((Long) map.get("resourceId")).longValue();
        Assertions.assertEquals(HttpStatus.OK, this.umaCreatePolicyForResourceSetEndpointController.createPolicyForResourceSet(longValue, createUmaPolicyRegistrationRequest(getCurrentProfile((HttpServletRequest) authenticateUmaRequestWithProtectionScope.getLeft(), (HttpServletResponse) authenticateUmaRequestWithProtectionScope.getMiddle()), list).toJson(), (HttpServletRequest) authenticateUmaRequestWithProtectionScope.getLeft(), (HttpServletResponse) authenticateUmaRequestWithProtectionScope.getMiddle()).getStatusCode());
        ResponseEntity handle = this.umaPermissionRegistrationEndpointController.handle(createUmaPermissionRegistrationRequest(longValue).toJson(), (HttpServletRequest) authenticateUmaRequestWithProtectionScope.getLeft(), (HttpServletResponse) authenticateUmaRequestWithProtectionScope.getMiddle());
        Assertions.assertEquals(HttpStatus.OK, handle.getStatusCode());
        Map map2 = (Map) handle.getBody();
        Assertions.assertNotNull(map2);
        return map2.get("ticket").toString();
    }
}
