package org.apereo.cas.support.oauth.web;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.nio.charset.StandardCharsets;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.ComponentSerializationPlan;
import org.apereo.cas.ComponentSerializationPlanConfigurator;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.BasicCredentialMetaData;
import org.apereo.cas.authentication.BasicIdentifiableCredential;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.DefaultAuthenticationBuilder;
import org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.WebApplicationServiceFactory;
import org.apereo.cas.config.CasCoreAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationHandlersConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationMetadataConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationPolicyConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationPrincipalConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationServiceSelectionStrategyConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationSupportConfiguration;
import org.apereo.cas.config.CasCoreComponentSerializationConfiguration;
import org.apereo.cas.config.CasCoreConfiguration;
import org.apereo.cas.config.CasCoreHttpConfiguration;
import org.apereo.cas.config.CasCoreServicesAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreServicesConfiguration;
import org.apereo.cas.config.CasCoreTicketCatalogConfiguration;
import org.apereo.cas.config.CasCoreTicketIdGeneratorsConfiguration;
import org.apereo.cas.config.CasCoreTicketsConfiguration;
import org.apereo.cas.config.CasCoreUtilConfiguration;
import org.apereo.cas.config.CasCoreUtilSerializationConfiguration;
import org.apereo.cas.config.CasCoreWebConfiguration;
import org.apereo.cas.config.CasDefaultServiceTicketIdGeneratorsConfiguration;
import org.apereo.cas.config.CasOAuthAuthenticationServiceSelectionStrategyConfiguration;
import org.apereo.cas.config.CasOAuthComponentSerializationConfiguration;
import org.apereo.cas.config.CasOAuthConfiguration;
import org.apereo.cas.config.CasOAuthThrottleConfiguration;
import org.apereo.cas.config.CasPersonDirectoryConfiguration;
import org.apereo.cas.config.support.CasWebApplicationServiceFactoryConfiguration;
import org.apereo.cas.config.support.EnvironmentConversionServiceInitializer;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.logout.config.CasCoreLogoutConfiguration;
import org.apereo.cas.mock.MockServiceTicket;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.AbstractRegisteredService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ReturnAllAttributeReleasePolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController;
import org.apereo.cas.ticket.accesstoken.AccessToken;
import org.apereo.cas.ticket.code.OAuthCode;
import org.apereo.cas.ticket.code.OAuthCodeFactory;
import org.apereo.cas.ticket.refreshtoken.RefreshToken;
import org.apereo.cas.ticket.refreshtoken.RefreshTokenFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.SchedulingUtils;
import org.apereo.cas.web.config.CasCookieConfiguration;
import org.junit.Assert;
import org.junit.runner.RunWith;
import org.pac4j.springframework.web.SecurityInterceptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.aop.AopAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
import org.springframework.http.HttpMethod;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.transaction.annotation.EnableTransactionManagement;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@SpringBootTest(classes = {AopAutoConfiguration.class, CasCoreAuthenticationConfiguration.class, CasCoreServicesAuthenticationConfiguration.class, CasCoreAuthenticationPrincipalConfiguration.class, CasCoreAuthenticationPolicyConfiguration.class, CasCoreAuthenticationMetadataConfiguration.class, CasCoreAuthenticationSupportConfiguration.class, CasCoreAuthenticationHandlersConfiguration.class, CasOAuth20TestAuthenticationEventExecutionPlanConfiguration.class, CasDefaultServiceTicketIdGeneratorsConfiguration.class, CasCoreTicketIdGeneratorsConfiguration.class, CasWebApplicationServiceFactoryConfiguration.class, CasCoreHttpConfiguration.class, CasCoreServicesConfiguration.class, CasOAuthConfiguration.class, CasCoreTicketsConfiguration.class, CasCoreConfiguration.class, CasCookieConfiguration.class, CasOAuthComponentSerializationConfiguration.class, CasOAuthThrottleConfiguration.class, CasCoreAuthenticationServiceSelectionStrategyConfiguration.class, CasCoreAuthenticationServiceSelectionStrategyConfiguration.class, CasOAuthAuthenticationServiceSelectionStrategyConfiguration.class, CasCoreTicketCatalogConfiguration.class, CasCoreComponentSerializationConfiguration.class, CasOAuth20TestAuthenticationEventExecutionPlanConfiguration.class, CasCoreUtilSerializationConfiguration.class, CasPersonDirectoryConfiguration.class, OAuthTestConfiguration.class, RefreshAutoConfiguration.class, CasCoreLogoutConfiguration.class, CasCoreUtilConfiguration.class, CasCoreWebConfiguration.class})
@EnableTransactionManagement(proxyTargetClass = true)
@ContextConfiguration(initializers = {EnvironmentConversionServiceInitializer.class})
@EnableAspectJAutoProxy(proxyTargetClass = true)
@DirtiesContext
@RunWith(SpringRunner.class)
/* loaded from: input_file:org/apereo/cas/support/oauth/web/AbstractOAuth20Tests.class */
public abstract class AbstractOAuth20Tests {
    public static final String CONTEXT = "/oauth2.0/";
    public static final String CLIENT_ID = "1";
    public static final String CLIENT_SECRET = "secret";
    public static final String WRONG_CLIENT_SECRET = "wrongSecret";
    public static final String REDIRECT_URI = "http://someurl";
    public static final String OTHER_REDIRECT_URI = "http://someotherurl";
    public static final int TIMEOUT = 7200;
    public static final String ID = "1234";
    public static final String NAME = "attributeName";
    public static final String NAME2 = "attributeName2";
    public static final String VALUE = "attributeValue";
    public static final String USERNAME = "username";
    public static final String PASSWORD = "password";
    public static final String GOOD_USERNAME = "test";
    public static final String GOOD_PASSWORD = "test";
    public static final int DELTA = 2;
    public static final String ERROR_EQUALS = "error=";

    @Autowired
    @Qualifier("accessTokenController")
    protected OAuth20AccessTokenEndpointController oAuth20AccessTokenController;

    @Autowired
    @Qualifier("servicesManager")
    protected ServicesManager servicesManager;

    @Autowired
    @Qualifier("requiresAuthenticationAccessTokenInterceptor")
    protected SecurityInterceptor requiresAuthenticationInterceptor;

    @Autowired
    protected ApplicationContext applicationContext;

    @Autowired
    @Qualifier("defaultOAuthCodeFactory")
    protected OAuthCodeFactory oAuthCodeFactory;

    @Autowired
    @Qualifier("defaultRefreshTokenFactory")
    protected RefreshTokenFactory oAuthRefreshTokenFactory;

    @Autowired
    @Qualifier("ticketRegistry")
    protected TicketRegistry ticketRegistry;

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractOAuth20Tests.class);
    private static final ObjectMapper MAPPER = new ObjectMapper();

    @TestConfiguration
    /* loaded from: input_file:org/apereo/cas/support/oauth/web/AbstractOAuth20Tests$OAuthTestConfiguration.class */
    public static class OAuthTestConfiguration implements ComponentSerializationPlanConfigurator {

        @Autowired
        protected ApplicationContext applicationContext;

        @PostConstruct
        public void init() {
            SchedulingUtils.prepScheduledAnnotationBeanPostProcessor(this.applicationContext);
        }

        @Bean
        public List inMemoryRegisteredServices() {
            AbstractRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService("^(https?|imaps?)://.*");
            registeredService.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
            ArrayList arrayList = new ArrayList();
            arrayList.add(registeredService);
            return arrayList;
        }

        public void configureComponentSerializationPlan(ComponentSerializationPlan componentSerializationPlan) {
            componentSerializationPlan.registerSerializableClass(MockTicketGrantingTicket.class);
            componentSerializationPlan.registerSerializableClass(MockServiceTicket.class);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Principal createPrincipal() {
        HashMap hashMap = new HashMap();
        hashMap.put(NAME, VALUE);
        hashMap.put(NAME2, Arrays.asList(VALUE, VALUE));
        return CoreAuthenticationTestUtils.getPrincipal(ID, hashMap);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthRegisteredService addRegisteredService() {
        return addRegisteredService(false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthRegisteredService addRegisteredService(boolean z) {
        OAuthRegisteredService registeredService = getRegisteredService(REDIRECT_URI, CLIENT_SECRET);
        registeredService.setGenerateRefreshToken(z);
        this.servicesManager.save(registeredService);
        return registeredService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthCode addCode(Principal principal, RegisteredService registeredService) {
        Authentication authentication = getAuthentication(principal);
        OAuthCode create = this.oAuthCodeFactory.create(new WebApplicationServiceFactory().createService(registeredService.getServiceId()), authentication, new MockTicketGrantingTicket("casuser"), new ArrayList());
        this.ticketRegistry.addTicket(create);
        return create;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RefreshToken addRefreshToken(Principal principal, RegisteredService registeredService) {
        Authentication authentication = getAuthentication(principal);
        RefreshToken create = this.oAuthRefreshTokenFactory.create(new WebApplicationServiceFactory().createService(registeredService.getServiceId()), authentication, new MockTicketGrantingTicket("casuser"), new ArrayList());
        this.ticketRegistry.addTicket(create);
        return create;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OAuthRegisteredService getRegisteredService(String str, String str2) {
        OAuthRegisteredService oAuthRegisteredService = new OAuthRegisteredService();
        oAuthRegisteredService.setName("The registered service name");
        oAuthRegisteredService.setServiceId(str);
        oAuthRegisteredService.setClientId(CLIENT_ID);
        oAuthRegisteredService.setClientSecret(str2);
        oAuthRegisteredService.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
        return oAuthRegisteredService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void clearAllServices() {
        this.servicesManager.getAllServices().forEach(registeredService -> {
            this.servicesManager.delete(registeredService.getId());
        });
        this.servicesManager.load();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Authentication getAuthentication(Principal principal) {
        BasicCredentialMetaData basicCredentialMetaData = new BasicCredentialMetaData(new BasicIdentifiableCredential(principal.getId()));
        return DefaultAuthenticationBuilder.newInstance().setPrincipal(principal).setAuthenticationDate(ZonedDateTime.now()).addCredential(basicCredentialMetaData).addSuccess(principal.getClass().getCanonicalName(), new DefaultAuthenticationHandlerExecutionResult(principal.getClass().getCanonicalName(), basicCredentialMetaData, principal, new ArrayList())).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Pair<String, String> internalVerifyClientOK(RegisteredService registeredService, boolean z, boolean z2) throws Exception {
        String substringBetween;
        Principal createPrincipal = createPrincipal();
        OAuthCode addCode = addCode(createPrincipal, registeredService);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.addHeader("Authorization", "Basic " + EncodingUtils.encodeBase64("1:secret".getBytes(StandardCharsets.UTF_8)));
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", CLIENT_SECRET);
        mockHttpServletRequest.setParameter("code", addCode.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertNull(this.ticketRegistry.getTicket(addCode.getId()));
        Assert.assertEquals(200L, mockHttpServletResponse.getStatus());
        String contentAsString = mockHttpServletResponse.getContentAsString();
        String str = null;
        if (z2) {
            Assert.assertEquals("application/json", mockHttpServletResponse.getContentType());
            Assert.assertTrue(contentAsString.contains("\"access_token\":\"AT-"));
            Map map = (Map) MAPPER.readValue(contentAsString, Map.class);
            if (z) {
                Assert.assertTrue(contentAsString.contains("\"refresh_token\":\"RT-"));
                str = map.get("refresh_token").toString();
            }
            Assert.assertTrue(contentAsString.contains("\"expires_in\":"));
            substringBetween = map.get("access_token").toString();
        } else {
            Assert.assertEquals("text/plain", mockHttpServletResponse.getContentType());
            Assert.assertTrue(contentAsString.contains("access_token=AT-"));
            if (z) {
                Assert.assertTrue(contentAsString.contains("refresh_token=RT-"));
                str = (String) Arrays.stream(contentAsString.split("&")).filter(str2 -> {
                    return str2.startsWith("refresh_token");
                }).map(str3 -> {
                    return StringUtils.remove(str3, "refresh_token=");
                }).findFirst().get();
            }
            Assert.assertTrue(contentAsString.contains("expires_in="));
            substringBetween = StringUtils.substringBetween(contentAsString, "access_token=", "&");
        }
        Assert.assertEquals(createPrincipal, this.ticketRegistry.getTicket(substringBetween, AccessToken.class).getAuthentication().getPrincipal());
        Assert.assertTrue(getTimeLeft(contentAsString, z, z2) >= 7188);
        return Pair.of(substringBetween, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int getTimeLeft(String str, boolean z, boolean z2) {
        return z2 ? z ? Integer.parseInt(StringUtils.substringBetween(str, "expires_in\":", ",")) : Integer.parseInt(StringUtils.substringBetween(str, "expires_in\":", "}")) : z ? Integer.parseInt(StringUtils.substringBetween(str, "&expires_in=", "&refresh_token")) : Integer.parseInt(StringUtils.substringAfter(str, "&expires_in="));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Pair<AccessToken, RefreshToken> internalVerifyRefreshTokenOk(OAuthRegisteredService oAuthRegisteredService, boolean z) throws Exception {
        Principal createPrincipal = createPrincipal();
        return internalVerifyRefreshTokenOk(oAuthRegisteredService, z, addRefreshToken(createPrincipal, oAuthRegisteredService), createPrincipal);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Pair<AccessToken, RefreshToken> internalVerifyRefreshTokenOk(OAuthRegisteredService oAuthRegisteredService, boolean z, RefreshToken refreshToken, Principal principal) throws Exception {
        String substringBetween;
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", CLIENT_SECRET);
        mockHttpServletRequest.setParameter("refresh_token", refreshToken.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20AccessTokenController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(200L, mockHttpServletResponse.getStatus());
        String contentAsString = mockHttpServletResponse.getContentAsString();
        if (z) {
            Map map = (Map) MAPPER.readValue(contentAsString, Map.class);
            Assert.assertEquals("application/json", mockHttpServletResponse.getContentType());
            Assert.assertTrue(contentAsString.contains("\"access_token\":\"AT-"));
            Assert.assertFalse(contentAsString.contains("\"refresh_token\":\"RT-"));
            Assert.assertTrue(contentAsString.contains("\"expires_in\":"));
            substringBetween = map.get("access_token").toString();
        } else {
            Assert.assertEquals("text/plain", mockHttpServletResponse.getContentType());
            Assert.assertTrue(contentAsString.contains("access_token="));
            Assert.assertFalse(contentAsString.contains("refresh_token="));
            Assert.assertTrue(contentAsString.contains("expires_in="));
            substringBetween = StringUtils.substringBetween(contentAsString, "access_token=", "&");
        }
        AccessToken ticket = this.ticketRegistry.getTicket(substringBetween, AccessToken.class);
        Assert.assertEquals(principal, ticket.getAuthentication().getPrincipal());
        Assert.assertTrue(getTimeLeft(contentAsString, false, z) >= 7188);
        return Pair.of(ticket, refreshToken);
    }
}
