package org.apereo.cas.support.oauth.validator.token;

import javax.servlet.http.HttpSession;
import org.apereo.cas.authentication.principal.WebApplicationServiceFactory;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20ConfigurationContext;
import org.apereo.cas.ticket.refreshtoken.RefreshToken;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.CollectionUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.pac4j.core.context.J2EContext;
import org.pac4j.core.profile.CommonProfile;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("OAuth")
/* loaded from: input_file:org/apereo/cas/support/oauth/validator/token/OAuth20RefreshTokenGrantTypeTokenRequestValidatorTests.class */
public class OAuth20RefreshTokenGrantTypeTokenRequestValidatorTests {
    private static final String SUPPORTING_SERVICE_TICKET = "RT-SUPPORTING";
    private static final String NON_SUPPORTING_SERVICE_TICKET = "RT-NON-SUPPORTING";
    private static final String PROMISCUOUS_SERVICE_TICKET = "RT-PROMISCUOUS";
    private TicketRegistry ticketRegistry;
    private OAuth20TokenRequestValidator validator;

    private void registerTicket(String str) {
        RefreshToken refreshToken = (RefreshToken) Mockito.mock(RefreshToken.class);
        Mockito.when(refreshToken.getId()).thenReturn(str);
        Mockito.when(Boolean.valueOf(refreshToken.isExpired())).thenReturn(false);
        Mockito.when(refreshToken.getAuthentication()).thenReturn(RegisteredServiceTestUtils.getAuthentication());
        Mockito.when(this.ticketRegistry.getTicket((String) Mockito.eq(str))).thenReturn(refreshToken);
    }

    @BeforeEach
    public void before() {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        Mockito.when(servicesManager.getAllServices()).thenReturn(CollectionUtils.wrapList(new RegisteredService[]{RequestValidatorTestUtils.getService("https://google.com", RequestValidatorTestUtils.SUPPORTING_CLIENT_ID, RequestValidatorTestUtils.SUPPORTING_CLIENT_ID, "secret", CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN)), RequestValidatorTestUtils.getService("https://example.com", RequestValidatorTestUtils.NON_SUPPORTING_CLIENT_ID, RequestValidatorTestUtils.NON_SUPPORTING_CLIENT_ID, "secret", CollectionUtils.wrapSet(OAuth20GrantTypes.PASSWORD)), RequestValidatorTestUtils.getPromiscuousService("https://another.example.com", RequestValidatorTestUtils.PROMISCUOUS_CLIENT_ID, RequestValidatorTestUtils.PROMISCUOUS_CLIENT_ID, "secret")}));
        this.ticketRegistry = (TicketRegistry) Mockito.mock(TicketRegistry.class);
        registerTicket(SUPPORTING_SERVICE_TICKET);
        registerTicket(NON_SUPPORTING_SERVICE_TICKET);
        registerTicket(PROMISCUOUS_SERVICE_TICKET);
        this.validator = new OAuth20RefreshTokenGrantTypeTokenRequestValidator(OAuth20ConfigurationContext.builder().servicesManager(servicesManager).ticketRegistry(this.ticketRegistry).webApplicationServiceServiceFactory(new WebApplicationServiceFactory()).registeredServiceAccessStrategyEnforcer(new RegisteredServiceAccessStrategyAuditableEnforcer()).build());
    }

    @Test
    public void verifyOperation() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        CommonProfile commonProfile = new CommonProfile();
        commonProfile.setClientName("clientBasicAuth");
        commonProfile.setId(RequestValidatorTestUtils.SUPPORTING_CLIENT_ID);
        HttpSession session = mockHttpServletRequest.getSession(true);
        Assertions.assertNotNull(session);
        session.setAttribute("pac4jUserProfiles", commonProfile);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.getType());
        mockHttpServletRequest.setParameter("client_id", RequestValidatorTestUtils.SUPPORTING_CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("refresh_token", SUPPORTING_SERVICE_TICKET);
        Assertions.assertTrue(this.validator.validate(new J2EContext(mockHttpServletRequest, mockHttpServletResponse)));
        commonProfile.setId(RequestValidatorTestUtils.NON_SUPPORTING_CLIENT_ID);
        session.setAttribute("pac4jUserProfiles", commonProfile);
        mockHttpServletRequest.setParameter("client_id", RequestValidatorTestUtils.NON_SUPPORTING_CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("refresh_token", NON_SUPPORTING_SERVICE_TICKET);
        Assertions.assertFalse(this.validator.validate(new J2EContext(mockHttpServletRequest, mockHttpServletResponse)));
        commonProfile.setId(RequestValidatorTestUtils.PROMISCUOUS_CLIENT_ID);
        session.setAttribute("pac4jUserProfiles", commonProfile);
        mockHttpServletRequest.setParameter("client_id", RequestValidatorTestUtils.PROMISCUOUS_CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("refresh_token", PROMISCUOUS_SERVICE_TICKET);
        Assertions.assertTrue(this.validator.validate(new J2EContext(mockHttpServletRequest, mockHttpServletResponse)));
    }
}
