package org.apereo.cas.support.oauth.web;

import java.nio.charset.StandardCharsets;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.BasicCredentialMetaData;
import org.apereo.cas.authentication.BasicIdentifiableCredential;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.DefaultAuthenticationBuilder;
import org.apereo.cas.authentication.DefaultHandlerResult;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.WebApplicationServiceFactory;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ReturnAllAttributeReleasePolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController;
import org.apereo.cas.ticket.accesstoken.AccessToken;
import org.apereo.cas.ticket.code.DefaultOAuthCodeFactory;
import org.apereo.cas.ticket.code.OAuthCode;
import org.apereo.cas.ticket.code.OAuthCodeFactory;
import org.apereo.cas.ticket.refreshtoken.DefaultRefreshTokenFactory;
import org.apereo.cas.ticket.refreshtoken.RefreshToken;
import org.apereo.cas.ticket.refreshtoken.RefreshTokenFactory;
import org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.pac4j.springframework.web.SecurityInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

/* loaded from: input_file:org/apereo/cas/support/oauth/web/OAuth20AccessTokenControllerTests.class */
public class OAuth20AccessTokenControllerTests extends AbstractOAuth20Tests {
    private static final String CONTEXT = "/oauth2.0/";
    private static final String CLIENT_ID = "1";
    private static final String CLIENT_SECRET = "secret";
    private static final String WRONG_CLIENT_SECRET = "wrongSecret";
    private static final String REDIRECT_URI = "http://someurl";
    private static final String OTHER_REDIRECT_URI = "http://someotherurl";
    private static final int TIMEOUT = 7200;
    private static final String ID = "1234";
    private static final String NAME = "attributeName";
    private static final String NAME2 = "attributeName2";
    private static final String VALUE = "attributeValue";
    private static final String USERNAME = "username";
    private static final String PASSWORD = "password";
    private static final String GOOD_USERNAME = "test";
    private static final String GOOD_PASSWORD = "test";
    private static final int DELTA = 2;

    @Autowired
    @Qualifier("defaultOAuthCodeFactory")
    private OAuthCodeFactory oAuthCodeFactory;

    @Autowired
    @Qualifier("defaultRefreshTokenFactory")
    private RefreshTokenFactory oAuthRefreshTokenFactory;

    @Autowired
    @Qualifier("accessTokenController")
    private OAuth20AccessTokenEndpointController oAuth20AccessTokenController;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("requiresAuthenticationAccessTokenInterceptor")
    private SecurityInterceptor requiresAuthenticationInterceptor;

    @Before
    public void setUp() {
        clearAllServices();
    }

    @Test
    public void verifyClientNoClientId() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", CLIENT_SECRET);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService()).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("error=invalid_request", mockHttpServletResponse.getContentAsString());
    }

    @Test
    public void verifyClientNoRedirectUri() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", CLIENT_SECRET);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService()).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("error=invalid_request", mockHttpServletResponse.getContentAsString());
    }

    @Test
    public void verifyClientNoAuthorizationCode() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", CLIENT_SECRET);
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService()).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("error=invalid_request", mockHttpServletResponse.getContentAsString());
    }

    @Test
    public void verifyClientBadAuthorizationCode() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", CLIENT_SECRET);
        mockHttpServletRequest.setParameter("grant_type", "badValue");
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService()).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("error=invalid_request", mockHttpServletResponse.getContentAsString());
    }

    @Test
    public void verifyClientNoClientSecret() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService()).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("error=invalid_request", mockHttpServletResponse.getContentAsString());
    }

    @Test
    public void verifyClientNoCode() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", CLIENT_SECRET);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        addCode(createPrincipal(), addRegisteredService());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("error=invalid_request", mockHttpServletResponse.getContentAsString());
    }

    @Test
    public void verifyClientNoCasService() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", CLIENT_SECRET);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), getRegisteredService(REDIRECT_URI, CLIENT_SECRET)).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("error=invalid_request", mockHttpServletResponse.getContentAsString());
    }

    @Test
    public void verifyClientRedirectUriDoesNotStartWithServiceId() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", OTHER_REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", CLIENT_SECRET);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService()).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("error=invalid_request", mockHttpServletResponse.getContentAsString());
    }

    @Test
    public void verifyClientWrongSecret() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", WRONG_CLIENT_SECRET);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService()).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("error=invalid_request", mockHttpServletResponse.getContentAsString());
    }

    @Test
    public void verifyClientExpiredCode() throws Exception {
        OAuthRegisteredService registeredService = getRegisteredService(REDIRECT_URI, CLIENT_SECRET);
        this.servicesManager.save(registeredService);
        HashMap hashMap = new HashMap();
        hashMap.put(NAME, VALUE);
        hashMap.put(NAME2, Arrays.asList(VALUE, VALUE));
        OAuthCode create = new DefaultOAuthCodeFactory(new AlwaysExpiresExpirationPolicy()).create(new WebApplicationServiceFactory().createService(registeredService.getServiceId()), getAuthentication(CoreAuthenticationTestUtils.getPrincipal(ID, hashMap)));
        this.oAuth20AccessTokenController.getTicketRegistry().addTicket(create);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", CLIENT_SECRET);
        mockHttpServletRequest.setParameter("code", create.getId());
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        this.servicesManager.save(getRegisteredService(REDIRECT_URI, CLIENT_SECRET));
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("error=invalid_grant", mockHttpServletResponse.getContentAsString());
    }

    @Test
    public void verifyClientAuthByParameter() throws Exception {
        internalVerifyClientOK(addRegisteredService(), false, false, false);
    }

    @Test
    public void verifyClientAuthByHeader() throws Exception {
        internalVerifyClientOK(addRegisteredService(), true, false, false);
    }

    @Test
    public void verifyClientAuthByParameterWithRefreshToken() throws Exception {
        OAuthRegisteredService addRegisteredService = addRegisteredService();
        addRegisteredService.setGenerateRefreshToken(true);
        internalVerifyClientOK(addRegisteredService, false, true, false);
    }

    @Test
    public void verifyClientAuthByHeaderWithRefreshToken() throws Exception {
        OAuthRegisteredService addRegisteredService = addRegisteredService();
        addRegisteredService.setGenerateRefreshToken(true);
        internalVerifyClientOK(addRegisteredService, true, true, false);
    }

    @Test
    public void verifyClientAuthJsonByParameter() throws Exception {
        OAuthRegisteredService addRegisteredService = addRegisteredService();
        addRegisteredService.setJsonFormat(true);
        internalVerifyClientOK(addRegisteredService, false, false, true);
    }

    @Test
    public void verifyClientAuthJsonByHeader() throws Exception {
        OAuthRegisteredService addRegisteredService = addRegisteredService();
        addRegisteredService.setJsonFormat(true);
        internalVerifyClientOK(addRegisteredService, true, false, true);
    }

    @Test
    public void verifyClientAuthJsonByParameterWithRefreshToken() throws Exception {
        OAuthRegisteredService addRegisteredService = addRegisteredService();
        addRegisteredService.setGenerateRefreshToken(true);
        addRegisteredService.setJsonFormat(true);
        internalVerifyClientOK(addRegisteredService, false, true, true);
    }

    @Test
    public void verifyClientAuthJsonByHeaderWithRefreshToken() throws Exception {
        OAuthRegisteredService addRegisteredService = addRegisteredService();
        addRegisteredService.setGenerateRefreshToken(true);
        addRegisteredService.setJsonFormat(true);
        internalVerifyClientOK(addRegisteredService, true, true, true);
    }

    private void internalVerifyClientOK(RegisteredService registeredService, boolean z, boolean z2, boolean z3) throws Exception {
        String substringBetween;
        Principal createPrincipal = createPrincipal();
        OAuthCode addCode = addCode(createPrincipal, registeredService);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        if (z) {
            mockHttpServletRequest.addHeader("Authorization", "Basic " + Base64.encodeBase64String("1:secret".getBytes(StandardCharsets.UTF_8)));
        } else {
            mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
            mockHttpServletRequest.setParameter("client_secret", CLIENT_SECRET);
        }
        mockHttpServletRequest.setParameter("code", addCode.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertNull(this.oAuth20AccessTokenController.getTicketRegistry().getTicket(addCode.getId()));
        Assert.assertEquals(200L, mockHttpServletResponse.getStatus());
        String contentAsString = mockHttpServletResponse.getContentAsString();
        if (z3) {
            Assert.assertEquals("application/json", mockHttpServletResponse.getContentType());
            Assert.assertTrue(contentAsString.contains("\"access_token\":\"AT-"));
            if (z2) {
                Assert.assertTrue(contentAsString.contains("\"refresh_token\":\"RT-"));
            }
            Assert.assertTrue(contentAsString.contains("\"expires_in\":7"));
            substringBetween = StringUtils.substringBetween(contentAsString, "access_token\":\"", "\",\"");
        } else {
            Assert.assertEquals("text/plain", mockHttpServletResponse.getContentType());
            Assert.assertTrue(contentAsString.contains("access_token=AT-"));
            if (z2) {
                Assert.assertTrue(contentAsString.contains("refresh_token=RT-"));
            }
            Assert.assertTrue(contentAsString.contains("expires_in="));
            substringBetween = StringUtils.substringBetween(contentAsString, "access_token=", "&");
        }
        Assert.assertEquals(createPrincipal, this.oAuth20AccessTokenController.getTicketRegistry().getTicket(substringBetween, AccessToken.class).getAuthentication().getPrincipal());
        Assert.assertTrue(getTimeLeft(contentAsString, z2, z3) >= 7188);
    }

    private static int getTimeLeft(String str, boolean z, boolean z2) {
        return z2 ? z ? Integer.parseInt(StringUtils.substringBetween(str, "expires_in\":", ",")) : Integer.parseInt(StringUtils.substringBetween(str, "expires_in\":", "}")) : z ? Integer.parseInt(StringUtils.substringBetween(str, "&expires_in=", "&refresh_token")) : Integer.parseInt(StringUtils.substringAfter(str, "&expires_in="));
    }

    @Test
    public void verifyUserNoClientId() throws Exception {
        addRegisteredService();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.PASSWORD.name().toLowerCase());
        mockHttpServletRequest.setParameter(USERNAME, "test");
        mockHttpServletRequest.setParameter(PASSWORD, "test");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("error=invalid_request", mockHttpServletResponse.getContentAsString());
    }

    @Test
    public void verifyUserNoCasService() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.PASSWORD.name().toLowerCase());
        mockHttpServletRequest.setParameter(USERNAME, "test");
        mockHttpServletRequest.setParameter(PASSWORD, "test");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("error=invalid_request", mockHttpServletResponse.getContentAsString());
    }

    @Test
    public void verifyUserBadAuthorizationCode() throws Exception {
        addRegisteredService();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter(USERNAME, "test");
        mockHttpServletRequest.setParameter(PASSWORD, "test");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("error=invalid_request", mockHttpServletResponse.getContentAsString());
    }

    @Test
    public void verifyUserBadCredentials() throws Exception {
        addRegisteredService();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.PASSWORD.name().toLowerCase());
        mockHttpServletRequest.setParameter(USERNAME, "test");
        mockHttpServletRequest.setParameter(PASSWORD, "badPassword");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("error=invalid_request", mockHttpServletResponse.getContentAsString());
    }

    @Test
    public void verifyUserAuth() throws Exception {
        addRegisteredService();
        internalVerifyUserAuth(false, false);
    }

    @Test
    public void verifyUserAuthWithRefreshToken() throws Exception {
        addRegisteredService().setGenerateRefreshToken(true);
        internalVerifyUserAuth(true, false);
    }

    @Test
    public void verifyJsonUserAuth() throws Exception {
        addRegisteredService().setJsonFormat(true);
        internalVerifyUserAuth(false, true);
    }

    @Test
    public void verifyJsonUserAuthWithRefreshToken() throws Exception {
        OAuthRegisteredService addRegisteredService = addRegisteredService();
        addRegisteredService.setGenerateRefreshToken(true);
        addRegisteredService.setJsonFormat(true);
        internalVerifyUserAuth(true, true);
    }

    private void internalVerifyUserAuth(boolean z, boolean z2) throws Exception {
        String substringBetween;
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.PASSWORD.name().toLowerCase());
        mockHttpServletRequest.setParameter(USERNAME, "test");
        mockHttpServletRequest.setParameter(PASSWORD, "test");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(200L, mockHttpServletResponse.getStatus());
        String contentAsString = mockHttpServletResponse.getContentAsString();
        if (z2) {
            Assert.assertEquals("application/json", mockHttpServletResponse.getContentType());
            Assert.assertTrue(contentAsString.contains("\"access_token\":\"AT-"));
            if (z) {
                Assert.assertTrue(contentAsString.contains("\"refresh_token\":\"RT-"));
            }
            Assert.assertTrue(contentAsString.contains("\"expires_in\":7"));
            substringBetween = StringUtils.substringBetween(contentAsString, "access_token\":\"", "\",\"");
        } else {
            Assert.assertEquals("text/plain", mockHttpServletResponse.getContentType());
            Assert.assertTrue(contentAsString.contains("access_token="));
            if (z) {
                Assert.assertTrue(contentAsString.contains("refresh_token="));
            }
            Assert.assertTrue(contentAsString.contains("expires_in="));
            substringBetween = StringUtils.substringBetween(contentAsString, "access_token=", "&");
        }
        Assert.assertEquals("test", this.oAuth20AccessTokenController.getTicketRegistry().getTicket(substringBetween, AccessToken.class).getAuthentication().getPrincipal().getId());
        Assert.assertTrue(getTimeLeft(contentAsString, z, z2) >= 7188);
    }

    @Test
    public void verifyRefreshTokenExpiredToken() throws Exception {
        Principal createPrincipal = createPrincipal();
        OAuthRegisteredService addRegisteredService = addRegisteredService();
        RefreshToken create = new DefaultRefreshTokenFactory(new AlwaysExpiresExpirationPolicy()).create(new WebApplicationServiceFactory().createService(addRegisteredService.getServiceId()), getAuthentication(createPrincipal));
        this.oAuth20AccessTokenController.getTicketRegistry().addTicket(create);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", CLIENT_SECRET);
        mockHttpServletRequest.setParameter("refresh_token", create.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("error=invalid_grant", mockHttpServletResponse.getContentAsString());
    }

    @Test
    public void verifyRefreshTokenBadCredentials() throws Exception {
        RefreshToken addRefreshToken = addRefreshToken(createPrincipal(), addRegisteredService());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", WRONG_CLIENT_SECRET);
        mockHttpServletRequest.setParameter("refresh_token", addRefreshToken.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("error=invalid_request", mockHttpServletResponse.getContentAsString());
    }

    @Test
    public void verifyRefreshTokenMissingToken() throws Exception {
        addRegisteredService();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", CLIENT_SECRET);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("error=invalid_request", mockHttpServletResponse.getContentAsString());
    }

    @Test
    public void verifyRefreshTokenOK() throws Exception {
        internalVerifyRefreshTokenOk(addRegisteredService(), false);
    }

    @Test
    public void verifyRefreshTokenOKWithRefreshToken() throws Exception {
        OAuthRegisteredService addRegisteredService = addRegisteredService();
        addRegisteredService.setGenerateRefreshToken(true);
        internalVerifyRefreshTokenOk(addRegisteredService, false);
    }

    @Test
    public void verifyJsonRefreshTokenOK() throws Exception {
        OAuthRegisteredService addRegisteredService = addRegisteredService();
        addRegisteredService.setJsonFormat(true);
        internalVerifyRefreshTokenOk(addRegisteredService, true);
    }

    @Test
    public void verifyJsonRefreshTokenOKWithRefreshToken() throws Exception {
        OAuthRegisteredService addRegisteredService = addRegisteredService();
        addRegisteredService.setGenerateRefreshToken(true);
        addRegisteredService.setJsonFormat(true);
        internalVerifyRefreshTokenOk(addRegisteredService, true);
    }

    private void internalVerifyRefreshTokenOk(RegisteredService registeredService, boolean z) throws Exception {
        String substringBetween;
        Principal createPrincipal = createPrincipal();
        RefreshToken addRefreshToken = addRefreshToken(createPrincipal, registeredService);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", CLIENT_SECRET);
        mockHttpServletRequest.setParameter("refresh_token", addRefreshToken.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(200L, mockHttpServletResponse.getStatus());
        String contentAsString = mockHttpServletResponse.getContentAsString();
        if (z) {
            Assert.assertEquals("application/json", mockHttpServletResponse.getContentType());
            Assert.assertTrue(contentAsString.contains("\"access_token\":\"AT-"));
            Assert.assertFalse(contentAsString.contains("\"refresh_token\":\"RT-"));
            Assert.assertTrue(contentAsString.contains("\"expires_in\":7"));
            substringBetween = StringUtils.substringBetween(contentAsString, "access_token\":\"", "\",\"");
        } else {
            Assert.assertEquals("text/plain", mockHttpServletResponse.getContentType());
            Assert.assertTrue(contentAsString.contains("access_token="));
            Assert.assertFalse(contentAsString.contains("refresh_token="));
            Assert.assertTrue(contentAsString.contains("expires_in="));
            substringBetween = StringUtils.substringBetween(contentAsString, "access_token=", "&");
        }
        Assert.assertEquals(createPrincipal, this.oAuth20AccessTokenController.getTicketRegistry().getTicket(substringBetween, AccessToken.class).getAuthentication().getPrincipal());
        Assert.assertTrue(getTimeLeft(contentAsString, false, z) >= 7188);
    }

    private static Principal createPrincipal() {
        HashMap hashMap = new HashMap();
        hashMap.put(NAME, VALUE);
        hashMap.put(NAME2, Arrays.asList(VALUE, VALUE));
        return CoreAuthenticationTestUtils.getPrincipal(ID, hashMap);
    }

    private OAuthRegisteredService addRegisteredService() {
        OAuthRegisteredService registeredService = getRegisteredService(REDIRECT_URI, CLIENT_SECRET);
        this.servicesManager.save(registeredService);
        return registeredService;
    }

    private OAuthCode addCode(Principal principal, RegisteredService registeredService) {
        Authentication authentication = getAuthentication(principal);
        OAuthCode create = this.oAuthCodeFactory.create(new WebApplicationServiceFactory().createService(registeredService.getServiceId()), authentication);
        this.oAuth20AccessTokenController.getTicketRegistry().addTicket(create);
        return create;
    }

    private RefreshToken addRefreshToken(Principal principal, RegisteredService registeredService) {
        Authentication authentication = getAuthentication(principal);
        RefreshToken create = this.oAuthRefreshTokenFactory.create(new WebApplicationServiceFactory().createService(registeredService.getServiceId()), authentication);
        this.oAuth20AccessTokenController.getTicketRegistry().addTicket(create);
        return create;
    }

    private static OAuthRegisteredService getRegisteredService(String str, String str2) {
        OAuthRegisteredService oAuthRegisteredService = new OAuthRegisteredService();
        oAuthRegisteredService.setName("The registered service name");
        oAuthRegisteredService.setServiceId(str);
        oAuthRegisteredService.setClientId(CLIENT_ID);
        oAuthRegisteredService.setClientSecret(str2);
        oAuthRegisteredService.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
        return oAuthRegisteredService;
    }

    private void clearAllServices() {
        this.servicesManager.getAllServices().forEach(registeredService -> {
            this.servicesManager.delete(registeredService.getId());
        });
        this.servicesManager.load();
    }

    private static Authentication getAuthentication(Principal principal) {
        BasicCredentialMetaData basicCredentialMetaData = new BasicCredentialMetaData(new BasicIdentifiableCredential(principal.getId()));
        return DefaultAuthenticationBuilder.newInstance().setPrincipal(principal).setAuthenticationDate(ZonedDateTime.now()).addCredential(basicCredentialMetaData).addSuccess(principal.getClass().getCanonicalName(), new DefaultHandlerResult(principal.getClass().getCanonicalName(), basicCredentialMetaData, principal, new ArrayList())).build();
    }
}
