package org.apereo.cas.support.oauth.web;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.WebApplicationServiceFactory;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.ticket.accesstoken.AccessToken;
import org.apereo.cas.ticket.code.DefaultOAuthCodeFactory;
import org.apereo.cas.ticket.code.OAuthCode;
import org.apereo.cas.ticket.refreshtoken.DefaultRefreshTokenFactory;
import org.apereo.cas.ticket.refreshtoken.RefreshToken;
import org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy;
import org.apereo.cas.util.CollectionUtils;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.springframework.http.HttpMethod;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.web.servlet.ModelAndView;

/* loaded from: input_file:org/apereo/cas/support/oauth/web/OAuth20AccessTokenControllerTests.class */
public class OAuth20AccessTokenControllerTests extends AbstractOAuth20Tests {
    @Before
    public void initialize() {
        clearAllServices();
    }

    @Test
    public void verifyClientNoClientId() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE))).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientNoRedirectUri() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE))).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientNoAuthorizationCode() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE))).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientBadGrantType() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("grant_type", "badValue");
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE))).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientDisallowedGrantType() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.PASSWORD.getType());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE))).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientNoClientSecret() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE))).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientNoCode() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        addCode(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE)));
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientNoCasService() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, "secret", CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE))).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientRedirectUriDoesNotStartWithServiceId() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.OTHER_REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE))).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientWrongSecret() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", AbstractOAuth20Tests.WRONG_CLIENT_SECRET);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE))).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientExpiredCode() throws Exception {
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, "secret", CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE));
        this.servicesManager.save(registeredService);
        HashMap hashMap = new HashMap();
        hashMap.put(AbstractOAuth20Tests.NAME, AbstractOAuth20Tests.VALUE);
        hashMap.put(AbstractOAuth20Tests.NAME2, Arrays.asList(AbstractOAuth20Tests.VALUE, AbstractOAuth20Tests.VALUE));
        OAuthCode create = new DefaultOAuthCodeFactory(new AlwaysExpiresExpirationPolicy()).create(new WebApplicationServiceFactory().createService(registeredService.getServiceId()), getAuthentication(CoreAuthenticationTestUtils.getPrincipal(AbstractOAuth20Tests.ID, hashMap)), new MockTicketGrantingTicket(AbstractOAuth20Tests.ID), new ArrayList(), (String) null, (String) null);
        this.ticketRegistry.addTicket(create);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("code", create.getId());
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        this.servicesManager.save(getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, "secret", CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE)));
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientAuthByParameter() throws Exception {
        internalVerifyClientOK(addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE)), false);
    }

    @Test
    public void verifyDeviceFlowGeneratesCode() throws Exception {
        addRegisteredService();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.DEVICE_CODE.getType());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        Map model = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse).getModel();
        Assert.assertTrue(model.containsKey("device_code"));
        Assert.assertTrue(model.containsKey("verification_uri"));
        Assert.assertTrue(model.containsKey("user_code"));
        Assert.assertTrue(model.containsKey("interval"));
        Assert.assertTrue(model.containsKey("expires_in"));
        String obj = model.get("device_code").toString();
        String obj2 = model.get("user_code").toString();
        MockHttpServletRequest mockHttpServletRequest2 = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/device");
        mockHttpServletRequest2.setParameter("usercode", obj2);
        Assert.assertTrue(this.deviceController.handlePostRequest(mockHttpServletRequest2, new MockHttpServletResponse()).getStatus().is2xxSuccessful());
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.DEVICE_CODE.getType());
        mockHttpServletRequest.setParameter("code", obj);
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse2, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse2);
        Assert.assertTrue(handleRequest.getModel().containsKey("access_token"));
        Assert.assertTrue(handleRequest.getModel().containsKey("expires_in"));
        Assert.assertTrue(handleRequest.getModel().containsKey("token_type"));
    }

    @Test
    public void verifyClientAuthByHeader() throws Exception {
        internalVerifyClientOK(addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE)), false);
    }

    @Test
    public void verifyClientAuthByParameterWithRefreshToken() throws Exception {
        OAuthRegisteredService addRegisteredService = addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE));
        addRegisteredService.setGenerateRefreshToken(true);
        internalVerifyClientOK(addRegisteredService, true);
    }

    @Test
    public void verifyClientAuthByHeaderWithRefreshToken() throws Exception {
        OAuthRegisteredService addRegisteredService = addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE));
        addRegisteredService.setGenerateRefreshToken(true);
        internalVerifyClientOK(addRegisteredService, true);
    }

    @Test
    public void verifyClientAuthJsonByParameter() throws Exception {
        internalVerifyClientOK(addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE)), false);
    }

    @Test
    public void verifyClientAuthJsonByHeader() throws Exception {
        internalVerifyClientOK(addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE)), false);
    }

    @Test
    public void verifyClientAuthJsonByParameterWithRefreshToken() throws Exception {
        OAuthRegisteredService addRegisteredService = addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE));
        addRegisteredService.setGenerateRefreshToken(true);
        internalVerifyClientOK(addRegisteredService, true);
    }

    @Test
    public void verifyClientAuthJsonByHeaderWithRefreshToken() throws Exception {
        OAuthRegisteredService addRegisteredService = addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE));
        addRegisteredService.setGenerateRefreshToken(true);
        internalVerifyClientOK(addRegisteredService, true);
    }

    @Test
    public void ensureOnlyRefreshTokenIsAcceptedForRefreshGrant() throws Exception {
        addRegisteredService(true, CollectionUtils.wrapSet(new OAuth20GrantTypes[]{OAuth20GrantTypes.PASSWORD, OAuth20GrantTypes.REFRESH_TOKEN}));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setSession(new MockHttpSession());
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.PASSWORD.name().toLowerCase());
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.USERNAME, "test");
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.PASSWORD, "test");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertTrue(handleRequest.getModel().containsKey("refresh_token"));
        Assert.assertTrue(handleRequest.getModel().containsKey("access_token"));
        String obj = handleRequest.getModel().get("refresh_token").toString();
        String obj2 = handleRequest.getModel().get("access_token").toString();
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("refresh_token", obj2);
        this.controller.handleRequest(mockHttpServletRequest, new MockHttpServletResponse());
        Assert.assertEquals(400L, r0.getStatus());
        mockHttpServletRequest.setParameter("refresh_token", obj);
        ModelAndView handleRequest2 = this.controller.handleRequest(mockHttpServletRequest, new MockHttpServletResponse());
        Assert.assertEquals(200L, r0.getStatus());
        Assert.assertTrue(handleRequest2.getModel().containsKey("access_token"));
    }

    @Test
    public void verifyUserNoClientId() throws Exception {
        addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.PASSWORD));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.PASSWORD.name().toLowerCase());
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.USERNAME, "test");
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.PASSWORD, "test");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyUserNoCasService() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.PASSWORD.name().toLowerCase());
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.USERNAME, "test");
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.PASSWORD, "test");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyUserBadAuthorizationCode() throws Exception {
        addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.USERNAME, "test");
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.PASSWORD, "test");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyUserBadCredentials() throws Exception {
        addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.PASSWORD));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.PASSWORD.name().toLowerCase());
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.USERNAME, "test");
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.PASSWORD, "badPassword");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyUserAuth() throws Exception {
        addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.PASSWORD));
        internalVerifyUserAuth(false);
    }

    @Test
    public void verifyUserAuthWithRefreshToken() throws Exception {
        addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.PASSWORD)).setGenerateRefreshToken(true);
        internalVerifyUserAuth(true);
    }

    @Test
    public void verifyJsonUserAuth() throws Exception {
        addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.PASSWORD));
        internalVerifyUserAuth(false);
    }

    @Test
    public void verifyJsonUserAuthWithRefreshToken() throws Exception {
        addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.PASSWORD)).setGenerateRefreshToken(true);
        internalVerifyUserAuth(true);
    }

    private void internalVerifyUserAuth(boolean z) throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.PASSWORD.name().toLowerCase());
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.USERNAME, "test");
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.PASSWORD, "test");
        mockHttpServletRequest.addHeader("service", AbstractOAuth20Tests.REDIRECT_URI);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(200L, mockHttpServletResponse.getStatus());
        Assert.assertTrue(handleRequest.getModel().containsKey("access_token"));
        if (z) {
            Assert.assertTrue(handleRequest.getModel().containsKey("refresh_token"));
        }
        Assert.assertTrue(handleRequest.getModel().containsKey("expires_in"));
        Assert.assertEquals("test", this.ticketRegistry.getTicket(handleRequest.getModel().get("access_token").toString(), AccessToken.class).getAuthentication().getPrincipal().getId());
        Assert.assertTrue(Integer.parseInt(handleRequest.getModel().get("expires_in").toString()) >= 7188);
    }

    @Test
    public void verifyRefreshTokenExpiredToken() throws Exception {
        Principal createPrincipal = createPrincipal();
        OAuthRegisteredService addRegisteredService = addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN));
        RefreshToken create = new DefaultRefreshTokenFactory(new AlwaysExpiresExpirationPolicy()).create(new WebApplicationServiceFactory().createService(addRegisteredService.getServiceId()), getAuthentication(createPrincipal), new MockTicketGrantingTicket(AbstractOAuth20Tests.ID), new ArrayList());
        this.ticketRegistry.addTicket(create);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("refresh_token", create.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyRefreshTokenBadCredentials() throws Exception {
        RefreshToken addRefreshToken = addRefreshToken(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN)));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", AbstractOAuth20Tests.WRONG_CLIENT_SECRET);
        mockHttpServletRequest.setParameter("refresh_token", addRefreshToken.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyRefreshTokenMissingToken() throws Exception {
        addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(400L, mockHttpServletResponse.getStatus());
        Assert.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyRefreshTokenOKWithExpiredTicketGrantingTicket() throws Exception {
        Principal createPrincipal = createPrincipal();
        RefreshToken addRefreshToken = addRefreshToken(createPrincipal, addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN)));
        addRefreshToken.getTicketGrantingTicket().markTicketExpired();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("refresh_token", addRefreshToken.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assert.assertEquals(200L, mockHttpServletResponse.getStatus());
        Assert.assertEquals(createPrincipal, this.ticketRegistry.getTicket(handleRequest.getModel().get("access_token").toString(), AccessToken.class).getAuthentication().getPrincipal());
        Assert.assertTrue(Integer.parseInt(handleRequest.getModel().get("expires_in").toString()) >= 7188);
    }

    @Test
    public void verifyRefreshTokenOK() throws Exception {
        internalVerifyRefreshTokenOk(addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN)));
    }

    @Test
    public void verifyRefreshTokenOKWithRefreshToken() throws Exception {
        OAuthRegisteredService addRegisteredService = addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN));
        addRegisteredService.setGenerateRefreshToken(true);
        internalVerifyRefreshTokenOk(addRegisteredService);
    }

    @Test
    public void verifyJsonRefreshTokenOK() throws Exception {
        internalVerifyRefreshTokenOk(addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN)));
    }

    @Test
    public void verifyJsonRefreshTokenOKWithRefreshToken() throws Exception {
        OAuthRegisteredService addRegisteredService = addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN));
        addRegisteredService.setGenerateRefreshToken(true);
        internalVerifyRefreshTokenOk(addRegisteredService);
    }
}
