package org.apereo.cas.support.oauth.authenticator;

import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.support.oauth.web.AbstractOAuth20Tests;
import org.apereo.cas.ticket.code.OAuthCodeImpl;
import org.apereo.cas.ticket.support.HardTimeoutExpirationPolicy;
import org.apereo.cas.util.DigestUtils;
import org.apereo.cas.util.EncodingUtils;
import org.junit.Assert;
import org.junit.Test;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.credentials.UsernamePasswordCredentials;
import org.pac4j.core.exception.CredentialsException;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

/* loaded from: input_file:org/apereo/cas/support/oauth/authenticator/OAuth20ProofKeyCodeExchangeAuthenticatorTests.class */
public class OAuth20ProofKeyCodeExchangeAuthenticatorTests extends BaseOAuth20AuthenticatorTests {
    protected OAuth20ProofKeyCodeExchangeAuthenticator authenticator;

    @Override // org.apereo.cas.support.oauth.authenticator.BaseOAuth20AuthenticatorTests
    public void initialize() {
        super.initialize();
        this.authenticator = new OAuth20ProofKeyCodeExchangeAuthenticator(this.servicesManager, this.serviceFactory, new RegisteredServiceAccessStrategyAuditableEnforcer(), this.ticketRegistry);
    }

    @Test
    public void verifyAuthenticationPlain() {
        UsernamePasswordCredentials usernamePasswordCredentials = new UsernamePasswordCredentials("client", "ABCD123");
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        this.ticketRegistry.addTicket(new OAuthCodeImpl("CODE-1234567890", RegisteredServiceTestUtils.getService(), RegisteredServiceTestUtils.getAuthentication(), new HardTimeoutExpirationPolicy(10L), new MockTicketGrantingTicket(AbstractOAuth20Tests.ID), new ArrayList(), "ABCD123", "plain"));
        mockHttpServletRequest.addParameter("code", "CODE-1234567890");
        this.authenticator.validate(usernamePasswordCredentials, new J2EContext(mockHttpServletRequest, new MockHttpServletResponse()));
        Assert.assertNotNull(usernamePasswordCredentials.getUserProfile());
        Assert.assertEquals("client", usernamePasswordCredentials.getUserProfile().getId());
    }

    @Test
    public void verifyAuthenticationHashed() {
        String encodeUrlSafeBase64 = EncodingUtils.encodeUrlSafeBase64(DigestUtils.sha256("ABCD1234").getBytes(StandardCharsets.UTF_8));
        UsernamePasswordCredentials usernamePasswordCredentials = new UsernamePasswordCredentials("client", "ABCD1234");
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        OAuthCodeImpl oAuthCodeImpl = new OAuthCodeImpl("CODE-1234567890", RegisteredServiceTestUtils.getService(), RegisteredServiceTestUtils.getAuthentication(), new HardTimeoutExpirationPolicy(10L), new MockTicketGrantingTicket(AbstractOAuth20Tests.ID), new ArrayList(), encodeUrlSafeBase64, "s256");
        this.ticketRegistry.addTicket(oAuthCodeImpl);
        mockHttpServletRequest.addParameter("code", oAuthCodeImpl.getId());
        this.authenticator.validate(usernamePasswordCredentials, new J2EContext(mockHttpServletRequest, new MockHttpServletResponse()));
        Assert.assertNotNull(usernamePasswordCredentials.getUserProfile());
        Assert.assertEquals("client", usernamePasswordCredentials.getUserProfile().getId());
    }

    @Test
    public void verifyAuthenticationNotHashedCorrectly() {
        UsernamePasswordCredentials usernamePasswordCredentials = new UsernamePasswordCredentials("client", "ABCD1234");
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        OAuthCodeImpl oAuthCodeImpl = new OAuthCodeImpl("CODE-1234567890", RegisteredServiceTestUtils.getService(), RegisteredServiceTestUtils.getAuthentication(), new HardTimeoutExpirationPolicy(10L), new MockTicketGrantingTicket(AbstractOAuth20Tests.ID), new ArrayList(), "something-else", "s256");
        this.ticketRegistry.addTicket(oAuthCodeImpl);
        mockHttpServletRequest.addParameter("code", oAuthCodeImpl.getId());
        J2EContext j2EContext = new J2EContext(mockHttpServletRequest, new MockHttpServletResponse());
        this.thrown.expect(CredentialsException.class);
        this.authenticator.validate(usernamePasswordCredentials, j2EContext);
    }
}
