package org.apereo.cas.support.oauth.web;

import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController;
import org.apereo.cas.ticket.accesstoken.AccessToken;
import org.apereo.cas.ticket.code.OAuthCode;
import org.junit.Assert;
import org.junit.Test;
import org.pac4j.cas.profile.CasProfile;
import org.pac4j.core.util.CommonHelper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.view.RedirectView;

/* loaded from: input_file:org/apereo/cas/support/oauth/web/OAuth20AuthorizeControllerTests.class */
public class OAuth20AuthorizeControllerTests extends AbstractOAuth20Tests {
    private static final String ID = "id";
    private static final String FIRST_NAME_ATTRIBUTE = "firstName";
    private static final String FIRST_NAME = "jerome";
    private static final String LAST_NAME_ATTRIBUTE = "lastName";
    private static final String LAST_NAME = "LELEU";
    private static final String CONTEXT = "/oauth2.0/";
    private static final String CLIENT_ID = "1";
    private static final String REDIRECT_URI = "http://someurl";
    private static final String OTHER_REDIRECT_URI = "http://someotherurl";
    private static final String CAS_SERVER = "casserver";
    private static final String CAS_SCHEME = "https";
    private static final int CAS_PORT = 443;
    private static final String AUTHORIZE_URL = "https://casserver/oauth2.0/authorize";
    private static final String SERVICE_NAME = "serviceName";
    private static final String STATE = "state";

    @Autowired
    private OAuth20AuthorizeEndpointController oAuth20AuthorizeEndpointController;

    @Test
    public void verifyNoClientId() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        Assert.assertEquals("casServiceErrorView", this.oAuth20AuthorizeEndpointController.handleRequestInternal(mockHttpServletRequest, new MockHttpServletResponse()).getViewName());
    }

    @Test
    public void verifyNoRedirectUri() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        Assert.assertEquals("casServiceErrorView", this.oAuth20AuthorizeEndpointController.handleRequestInternal(mockHttpServletRequest, new MockHttpServletResponse()).getViewName());
    }

    @Test
    public void verifyNoResponseType() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        Assert.assertEquals("casServiceErrorView", this.oAuth20AuthorizeEndpointController.handleRequestInternal(mockHttpServletRequest, new MockHttpServletResponse()).getViewName());
    }

    @Test
    public void verifyBadResponseType() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", "badvalue");
        Assert.assertEquals("casServiceErrorView", this.oAuth20AuthorizeEndpointController.handleRequestInternal(mockHttpServletRequest, new MockHttpServletResponse()).getViewName());
    }

    @Test
    public void verifyNoCasService() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        Assert.assertEquals("casServiceErrorView", this.oAuth20AuthorizeEndpointController.handleRequestInternal(mockHttpServletRequest, new MockHttpServletResponse()).getViewName());
    }

    @Test
    public void verifyRedirectUriDoesNotStartWithServiceId() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.oAuth20AuthorizeEndpointController.getServicesManager().save(getRegisteredService(OTHER_REDIRECT_URI, CLIENT_ID));
        Assert.assertEquals("casServiceErrorView", this.oAuth20AuthorizeEndpointController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse).getViewName());
    }

    @Test
    public void verifyCodeNoProfile() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.CODE.name().toLowerCase());
        mockHttpServletRequest.setServerName(CAS_SERVER);
        mockHttpServletRequest.setServerPort(CAS_PORT);
        mockHttpServletRequest.setScheme(CAS_SCHEME);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(true);
        this.oAuth20AuthorizeEndpointController.getServicesManager().save(registeredService);
        mockHttpServletRequest.setSession(new MockHttpSession());
        Assert.assertEquals("casServiceErrorView", this.oAuth20AuthorizeEndpointController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse).getViewName());
    }

    @Test
    public void verifyCodeRedirectToClient() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.CODE.name().toLowerCase());
        mockHttpServletRequest.setServerName(CAS_SERVER);
        mockHttpServletRequest.setServerPort(CAS_PORT);
        mockHttpServletRequest.setScheme(CAS_SCHEME);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(true);
        this.oAuth20AuthorizeEndpointController.getServicesManager().save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(ID);
        HashMap hashMap = new HashMap();
        hashMap.put(FIRST_NAME_ATTRIBUTE, FIRST_NAME);
        hashMap.put(LAST_NAME_ATTRIBUTE, LAST_NAME);
        casProfile.addAttributes(hashMap);
        MockHttpSession mockHttpSession = new MockHttpSession();
        mockHttpSession.putValue("pac4jUserProfiles", casProfile);
        mockHttpServletRequest.setSession(mockHttpSession);
        RedirectView view = this.oAuth20AuthorizeEndpointController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse).getView();
        Assert.assertTrue(view instanceof RedirectView);
        String url = view.getUrl();
        Assert.assertTrue(url.startsWith("http://someurl?code=OC-"));
        OAuthCode ticket = this.oAuth20AuthorizeEndpointController.getTicketRegistry().getTicket(StringUtils.substringAfter(url, "?code="));
        Assert.assertNotNull(ticket);
        Principal principal = ticket.getAuthentication().getPrincipal();
        Assert.assertEquals(ID, principal.getId());
        Map attributes = principal.getAttributes();
        Assert.assertEquals(hashMap.size(), attributes.size());
        Assert.assertEquals(FIRST_NAME, attributes.get(FIRST_NAME_ATTRIBUTE));
    }

    @Test
    public void verifyTokenRedirectToClient() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.TOKEN.name().toLowerCase());
        mockHttpServletRequest.setServerName(CAS_SERVER);
        mockHttpServletRequest.setServerPort(CAS_PORT);
        mockHttpServletRequest.setScheme(CAS_SCHEME);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(true);
        this.oAuth20AuthorizeEndpointController.getServicesManager().save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(ID);
        HashMap hashMap = new HashMap();
        hashMap.put(FIRST_NAME_ATTRIBUTE, FIRST_NAME);
        hashMap.put(LAST_NAME_ATTRIBUTE, LAST_NAME);
        casProfile.addAttributes(hashMap);
        MockHttpSession mockHttpSession = new MockHttpSession();
        mockHttpServletRequest.setSession(mockHttpSession);
        mockHttpSession.putValue("pac4jUserProfiles", casProfile);
        RedirectView view = this.oAuth20AuthorizeEndpointController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse).getView();
        Assert.assertTrue(view instanceof RedirectView);
        String url = view.getUrl();
        Assert.assertTrue(url.startsWith("http://someurl#access_token="));
        AccessToken ticket = this.oAuth20AuthorizeEndpointController.getTicketRegistry().getTicket(StringUtils.substringBetween(url, "#access_token=", "&token_type=bearer"));
        Assert.assertNotNull(ticket);
        Principal principal = ticket.getAuthentication().getPrincipal();
        Assert.assertEquals(ID, principal.getId());
        Map attributes = principal.getAttributes();
        Assert.assertEquals(hashMap.size(), attributes.size());
        Assert.assertEquals(FIRST_NAME, attributes.get(FIRST_NAME_ATTRIBUTE));
    }

    @Test
    public void verifyCodeRedirectToClientWithState() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.CODE.name().toLowerCase());
        mockHttpServletRequest.setServerName(CAS_SERVER);
        mockHttpServletRequest.setServerPort(CAS_PORT);
        mockHttpServletRequest.setScheme(CAS_SCHEME);
        mockHttpServletRequest.setParameter(STATE, STATE);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(true);
        this.oAuth20AuthorizeEndpointController.getServicesManager().save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(ID);
        HashMap hashMap = new HashMap();
        hashMap.put(FIRST_NAME_ATTRIBUTE, FIRST_NAME);
        hashMap.put(LAST_NAME_ATTRIBUTE, LAST_NAME);
        casProfile.addAttributes(hashMap);
        MockHttpSession mockHttpSession = new MockHttpSession();
        mockHttpServletRequest.setSession(mockHttpSession);
        mockHttpSession.putValue("pac4jUserProfiles", casProfile);
        RedirectView view = this.oAuth20AuthorizeEndpointController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse).getView();
        Assert.assertTrue(view instanceof RedirectView);
        String url = view.getUrl();
        Assert.assertTrue(url.startsWith("http://someurl?code=OC-"));
        OAuthCode ticket = this.oAuth20AuthorizeEndpointController.getTicketRegistry().getTicket(StringUtils.substringBefore(StringUtils.substringAfter(url, "?code="), "&state="));
        Assert.assertNotNull(ticket);
        Principal principal = ticket.getAuthentication().getPrincipal();
        Assert.assertEquals(ID, principal.getId());
        Map attributes = principal.getAttributes();
        Assert.assertEquals(hashMap.size(), attributes.size());
        Assert.assertEquals(FIRST_NAME, attributes.get(FIRST_NAME_ATTRIBUTE));
    }

    @Test
    public void verifyTokenRedirectToClientWithState() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.TOKEN.name().toLowerCase());
        mockHttpServletRequest.setServerName(CAS_SERVER);
        mockHttpServletRequest.setServerPort(CAS_PORT);
        mockHttpServletRequest.setScheme(CAS_SCHEME);
        mockHttpServletRequest.setParameter(STATE, STATE);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(true);
        this.oAuth20AuthorizeEndpointController.getServicesManager().save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(ID);
        HashMap hashMap = new HashMap();
        hashMap.put(FIRST_NAME_ATTRIBUTE, FIRST_NAME);
        hashMap.put(LAST_NAME_ATTRIBUTE, LAST_NAME);
        casProfile.addAttributes(hashMap);
        MockHttpSession mockHttpSession = new MockHttpSession();
        mockHttpServletRequest.setSession(mockHttpSession);
        mockHttpSession.putValue("pac4jUserProfiles", casProfile);
        RedirectView view = this.oAuth20AuthorizeEndpointController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse).getView();
        Assert.assertTrue(view instanceof RedirectView);
        String url = view.getUrl();
        Assert.assertTrue(url.startsWith("http://someurl#access_token="));
        Assert.assertTrue(url.contains("&state=state"));
        AccessToken ticket = this.oAuth20AuthorizeEndpointController.getTicketRegistry().getTicket(StringUtils.substringBetween(url, "#access_token=", "&token_type=bearer"));
        Assert.assertNotNull(ticket);
        Principal principal = ticket.getAuthentication().getPrincipal();
        Assert.assertEquals(ID, principal.getId());
        Map attributes = principal.getAttributes();
        Assert.assertEquals(hashMap.size(), attributes.size());
        Assert.assertEquals(FIRST_NAME, attributes.get(FIRST_NAME_ATTRIBUTE));
    }

    @Test
    public void verifyCodeRedirectToClientApproved() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.CODE.name().toLowerCase());
        mockHttpServletRequest.setServerName(CAS_SERVER);
        mockHttpServletRequest.setServerPort(CAS_PORT);
        mockHttpServletRequest.setScheme(CAS_SCHEME);
        mockHttpServletRequest.setParameter("bypass_approval_prompt", "true");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(false);
        this.oAuth20AuthorizeEndpointController.getServicesManager().save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(ID);
        HashMap hashMap = new HashMap();
        hashMap.put(FIRST_NAME_ATTRIBUTE, FIRST_NAME);
        hashMap.put(LAST_NAME_ATTRIBUTE, LAST_NAME);
        casProfile.addAttributes(hashMap);
        MockHttpSession mockHttpSession = new MockHttpSession();
        mockHttpServletRequest.setSession(mockHttpSession);
        mockHttpSession.putValue("pac4jUserProfiles", casProfile);
        RedirectView view = this.oAuth20AuthorizeEndpointController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse).getView();
        Assert.assertTrue(view instanceof RedirectView);
        String url = view.getUrl();
        Assert.assertTrue(url.startsWith("http://someurl?code=OC-"));
        OAuthCode ticket = this.oAuth20AuthorizeEndpointController.getTicketRegistry().getTicket(StringUtils.substringAfter(url, "?code="));
        Assert.assertNotNull(ticket);
        Principal principal = ticket.getAuthentication().getPrincipal();
        Assert.assertEquals(ID, principal.getId());
        Map attributes = principal.getAttributes();
        Assert.assertEquals(hashMap.size(), attributes.size());
        Assert.assertEquals(FIRST_NAME, attributes.get(FIRST_NAME_ATTRIBUTE));
    }

    @Test
    public void verifyTokenRedirectToClientApproved() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.TOKEN.name().toLowerCase());
        mockHttpServletRequest.setServerName(CAS_SERVER);
        mockHttpServletRequest.setServerPort(CAS_PORT);
        mockHttpServletRequest.setScheme(CAS_SCHEME);
        mockHttpServletRequest.setParameter("bypass_approval_prompt", "true");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(false);
        this.oAuth20AuthorizeEndpointController.getServicesManager().save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(ID);
        HashMap hashMap = new HashMap();
        hashMap.put(FIRST_NAME_ATTRIBUTE, FIRST_NAME);
        hashMap.put(LAST_NAME_ATTRIBUTE, LAST_NAME);
        casProfile.addAttributes(hashMap);
        MockHttpSession mockHttpSession = new MockHttpSession();
        mockHttpServletRequest.setSession(mockHttpSession);
        mockHttpSession.putValue("pac4jUserProfiles", casProfile);
        RedirectView view = this.oAuth20AuthorizeEndpointController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse).getView();
        Assert.assertTrue(view instanceof RedirectView);
        String url = view.getUrl();
        Assert.assertTrue(url.startsWith("http://someurl#access_token="));
        AccessToken ticket = this.oAuth20AuthorizeEndpointController.getTicketRegistry().getTicket(StringUtils.substringBetween(url, "#access_token=", "&token_type=bearer"));
        Assert.assertNotNull(ticket);
        Principal principal = ticket.getAuthentication().getPrincipal();
        Assert.assertEquals(ID, principal.getId());
        Map attributes = principal.getAttributes();
        Assert.assertEquals(hashMap.size(), attributes.size());
        Assert.assertEquals(FIRST_NAME, attributes.get(FIRST_NAME_ATTRIBUTE));
    }

    @Test
    public void verifyRedirectToApproval() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest("GET", "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.CODE.name().toLowerCase());
        mockHttpServletRequest.setServerName(CAS_SERVER);
        mockHttpServletRequest.setServerPort(CAS_PORT);
        mockHttpServletRequest.setScheme(CAS_SCHEME);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(false);
        this.oAuth20AuthorizeEndpointController.getServicesManager().save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(ID);
        HashMap hashMap = new HashMap();
        hashMap.put(FIRST_NAME_ATTRIBUTE, FIRST_NAME);
        hashMap.put(LAST_NAME_ATTRIBUTE, LAST_NAME);
        casProfile.addAttributes(hashMap);
        MockHttpSession mockHttpSession = new MockHttpSession();
        mockHttpServletRequest.setSession(mockHttpSession);
        mockHttpSession.putValue("pac4jUserProfiles", casProfile);
        ModelAndView handleRequestInternal = this.oAuth20AuthorizeEndpointController.handleRequestInternal(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals("oauthConfirmView", handleRequestInternal.getViewName());
        Map model = handleRequestInternal.getModel();
        Assert.assertEquals(CommonHelper.addParameter(AUTHORIZE_URL, "bypass_approval_prompt", "true"), model.get("callbackUrl"));
        Assert.assertEquals(SERVICE_NAME, model.get(SERVICE_NAME));
    }

    private static OAuthRegisteredService getRegisteredService(String str, String str2) {
        OAuthRegisteredService oAuthRegisteredService = new OAuthRegisteredService();
        oAuthRegisteredService.setName(str2);
        oAuthRegisteredService.setServiceId(str);
        oAuthRegisteredService.setClientId(CLIENT_ID);
        oAuthRegisteredService.setAttributeReleasePolicy(new ReturnAllowedAttributeReleasePolicy(Arrays.asList(FIRST_NAME_ATTRIBUTE)));
        return oAuthRegisteredService;
    }

    private void clearAllServices() {
        this.oAuth20AuthorizeEndpointController.getServicesManager().getAllServices().forEach(registeredService -> {
            this.oAuth20AuthorizeEndpointController.getServicesManager().delete(registeredService.getId());
        });
    }
}
