package org.apereo.cas.support.oauth.validator.token;

import java.util.HashSet;
import javax.servlet.http.HttpSession;
import org.apereo.cas.authentication.principal.DefaultPrincipalFactory;
import org.apereo.cas.authentication.principal.WebApplicationServiceFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.authenticator.OAuth20CasAuthenticationBuilder;
import org.apereo.cas.support.oauth.profile.DefaultOAuth20ProfileScopeToAttributesFilter;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.ticket.code.DefaultOAuthCodeFactory;
import org.apereo.cas.ticket.code.OAuthCodeExpirationPolicy;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.CollectionUtils;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.profile.CommonProfile;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

/* loaded from: input_file:org/apereo/cas/support/oauth/validator/token/OAuth20AuthorizationCodeGrantTypeTokenRequestValidatorTests.class */
public class OAuth20AuthorizationCodeGrantTypeTokenRequestValidatorTests {
    private static final String SUPPORTING_SERVICE_TICKET = "OC-SUPPORTING";
    private static final String NON_SUPPORTING_SERVICE_TICKET = "OC-NON-SUPPORTING";
    private static final String PROMISCUOUS_SERVICE_TICKET = "OC-PROMISCUOUS";
    private OAuth20TokenRequestValidator validator;
    private TicketRegistry ticketRegistry;

    private void registerTicket(String str, OAuthRegisteredService oAuthRegisteredService) {
        Mockito.when(this.ticketRegistry.getTicket((String) Mockito.eq(str), (Class) Mockito.any())).thenReturn(new DefaultOAuthCodeFactory(new OAuthCodeExpirationPolicy(1, 60L)).create(new OAuth20CasAuthenticationBuilder(new DefaultPrincipalFactory(), new WebApplicationServiceFactory(), new DefaultOAuth20ProfileScopeToAttributesFilter(), new CasConfigurationProperties()).buildService(oAuthRegisteredService, (J2EContext) null, false), RegisteredServiceTestUtils.getAuthentication(), new MockTicketGrantingTicket("casuser"), new HashSet()));
    }

    @Before
    public void before() {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        RegisteredService service = RequestValidatorTestUtils.getService("https://google.com", RequestValidatorTestUtils.SUPPORTING_CLIENT_ID, RequestValidatorTestUtils.SUPPORTING_CLIENT_ID, "secret", CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE));
        RegisteredService service2 = RequestValidatorTestUtils.getService("https://example.com", RequestValidatorTestUtils.NON_SUPPORTING_CLIENT_ID, RequestValidatorTestUtils.NON_SUPPORTING_CLIENT_ID, "secret", CollectionUtils.wrapSet(OAuth20GrantTypes.PASSWORD));
        RegisteredService promiscousService = RequestValidatorTestUtils.getPromiscousService("https://another.example.com", RequestValidatorTestUtils.PROMISCUOUS_CLIENT_ID, RequestValidatorTestUtils.PROMISCUOUS_CLIENT_ID, "secret");
        this.ticketRegistry = (TicketRegistry) Mockito.mock(TicketRegistry.class);
        registerTicket(SUPPORTING_SERVICE_TICKET, service);
        registerTicket(NON_SUPPORTING_SERVICE_TICKET, service2);
        registerTicket(PROMISCUOUS_SERVICE_TICKET, promiscousService);
        Mockito.when(servicesManager.getAllServices()).thenReturn(CollectionUtils.wrapList(new RegisteredService[]{service, service2, promiscousService}));
        this.validator = new OAuth20AuthorizationCodeGrantTypeTokenRequestValidator(servicesManager, this.ticketRegistry, new RegisteredServiceAccessStrategyAuditableEnforcer(), new WebApplicationServiceFactory());
    }

    @Test
    public void verifyOperation() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        CommonProfile commonProfile = new CommonProfile();
        commonProfile.setClientName("clientBasicAuth");
        commonProfile.setId(RequestValidatorTestUtils.SUPPORTING_CLIENT_ID);
        HttpSession session = mockHttpServletRequest.getSession(true);
        session.setAttribute("pac4jUserProfiles", commonProfile);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.getType());
        mockHttpServletRequest.setParameter("redirect_uri", "https://google.com");
        mockHttpServletRequest.setParameter("code", SUPPORTING_SERVICE_TICKET);
        Assert.assertTrue(this.validator.validate(new J2EContext(mockHttpServletRequest, mockHttpServletResponse)));
        mockHttpServletRequest.setParameter("grant_type", "unsupported");
        Assert.assertFalse(this.validator.validate(new J2EContext(mockHttpServletRequest, mockHttpServletResponse)));
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.PASSWORD.getType());
        Assert.assertFalse(this.validator.validate(new J2EContext(mockHttpServletRequest, mockHttpServletResponse)));
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.getType());
        mockHttpServletRequest.setParameter("code", NON_SUPPORTING_SERVICE_TICKET);
        mockHttpServletRequest.setParameter("redirect_uri", "https://example.com");
        commonProfile.setId(RequestValidatorTestUtils.NON_SUPPORTING_CLIENT_ID);
        session.setAttribute("pac4jUserProfiles", commonProfile);
        Assert.assertFalse(this.validator.validate(new J2EContext(mockHttpServletRequest, mockHttpServletResponse)));
        mockHttpServletRequest.setParameter("code", PROMISCUOUS_SERVICE_TICKET);
        commonProfile.setId(RequestValidatorTestUtils.PROMISCUOUS_CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", "https://another.example.com");
        session.setAttribute("pac4jUserProfiles", commonProfile);
        Assert.assertTrue(this.validator.validate(new J2EContext(mockHttpServletRequest, mockHttpServletResponse)));
    }
}
