package org.apereo.cas.support.oauth.web;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.nio.charset.StandardCharsets;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.ComponentSerializationPlan;
import org.apereo.cas.ComponentSerializationPlanConfigurator;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.DefaultAuthenticationBuilder;
import org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.credential.BasicIdentifiableCredential;
import org.apereo.cas.authentication.metadata.BasicCredentialMetaData;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.WebApplicationServiceFactory;
import org.apereo.cas.config.CasCoreAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationHandlersConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationMetadataConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationPolicyConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationPrincipalConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationServiceSelectionStrategyConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationSupportConfiguration;
import org.apereo.cas.config.CasCoreConfiguration;
import org.apereo.cas.config.CasCoreHttpConfiguration;
import org.apereo.cas.config.CasCoreServicesAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreServicesConfiguration;
import org.apereo.cas.config.CasCoreTicketCatalogConfiguration;
import org.apereo.cas.config.CasCoreTicketComponentSerializationConfiguration;
import org.apereo.cas.config.CasCoreTicketIdGeneratorsConfiguration;
import org.apereo.cas.config.CasCoreTicketsConfiguration;
import org.apereo.cas.config.CasCoreUtilConfiguration;
import org.apereo.cas.config.CasCoreUtilSerializationConfiguration;
import org.apereo.cas.config.CasCoreWebConfiguration;
import org.apereo.cas.config.CasDefaultServiceTicketIdGeneratorsConfiguration;
import org.apereo.cas.config.CasOAuthAuthenticationServiceSelectionStrategyConfiguration;
import org.apereo.cas.config.CasOAuthComponentSerializationConfiguration;
import org.apereo.cas.config.CasOAuthConfiguration;
import org.apereo.cas.config.CasOAuthThrottleConfiguration;
import org.apereo.cas.config.CasPersonDirectoryConfiguration;
import org.apereo.cas.config.CasThrottlingConfiguration;
import org.apereo.cas.config.support.CasWebApplicationServiceFactoryConfiguration;
import org.apereo.cas.config.support.EnvironmentConversionServiceInitializer;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.logout.config.CasCoreLogoutConfiguration;
import org.apereo.cas.mock.MockServiceTicket;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.AbstractRegisteredService;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ReturnAllAttributeReleasePolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20DeviceUserCodeApprovalEndpointController;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20AccessTokenResponseGenerator;
import org.apereo.cas.ticket.accesstoken.AccessToken;
import org.apereo.cas.ticket.code.OAuthCode;
import org.apereo.cas.ticket.code.OAuthCodeFactory;
import org.apereo.cas.ticket.refreshtoken.RefreshToken;
import org.apereo.cas.ticket.refreshtoken.RefreshTokenFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.SchedulingUtils;
import org.apereo.cas.web.config.CasCookieConfiguration;
import org.junit.jupiter.api.Assertions;
import org.pac4j.springframework.web.SecurityInterceptor;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.aop.AopAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
import org.springframework.http.HttpMethod;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.transaction.annotation.EnableTransactionManagement;
import org.springframework.web.servlet.ModelAndView;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@EnableAspectJAutoProxy(proxyTargetClass = true)
@SpringBootTest(classes = {AopAutoConfiguration.class, CasCoreAuthenticationConfiguration.class, CasCoreServicesAuthenticationConfiguration.class, CasCoreAuthenticationPrincipalConfiguration.class, CasCoreAuthenticationPolicyConfiguration.class, CasCoreAuthenticationMetadataConfiguration.class, CasCoreAuthenticationSupportConfiguration.class, CasCoreAuthenticationHandlersConfiguration.class, CasOAuth20TestAuthenticationEventExecutionPlanConfiguration.class, CasDefaultServiceTicketIdGeneratorsConfiguration.class, CasCoreTicketIdGeneratorsConfiguration.class, CasWebApplicationServiceFactoryConfiguration.class, CasCoreHttpConfiguration.class, CasCoreServicesConfiguration.class, CasOAuthConfiguration.class, CasCoreTicketsConfiguration.class, CasCoreConfiguration.class, CasCookieConfiguration.class, CasOAuthComponentSerializationConfiguration.class, CasOAuthThrottleConfiguration.class, CasThrottlingConfiguration.class, CasCoreAuthenticationServiceSelectionStrategyConfiguration.class, CasCoreAuthenticationServiceSelectionStrategyConfiguration.class, CasOAuthAuthenticationServiceSelectionStrategyConfiguration.class, CasCoreTicketCatalogConfiguration.class, CasCoreTicketComponentSerializationConfiguration.class, CasOAuth20TestAuthenticationEventExecutionPlanConfiguration.class, CasCoreUtilSerializationConfiguration.class, CasPersonDirectoryConfiguration.class, OAuthTestConfiguration.class, RefreshAutoConfiguration.class, CasCoreLogoutConfiguration.class, CasCoreUtilConfiguration.class, CasCoreWebConfiguration.class})
@DirtiesContext
@EnableTransactionManagement(proxyTargetClass = true)
@ContextConfiguration(initializers = {EnvironmentConversionServiceInitializer.class})
/* loaded from: input_file:org/apereo/cas/support/oauth/web/AbstractOAuth20Tests.class */
public abstract class AbstractOAuth20Tests {
    public static final ObjectMapper MAPPER = new ObjectMapper().findAndRegisterModules();
    public static final String CONTEXT = "/oauth2.0/";
    public static final String CLIENT_ID = "1";
    public static final String CLIENT_SECRET = "secret";
    public static final String WRONG_CLIENT_SECRET = "wrongSecret";
    public static final String REDIRECT_URI = "http://someurl";
    public static final String OTHER_REDIRECT_URI = "http://someotherurl";
    public static final int TIMEOUT = 7200;
    public static final String ID = "casuser";
    public static final String NAME = "attributeName";
    public static final String ATTRIBUTES_PARAM = "attributes";
    public static final String NAME2 = "attributeName2";
    public static final String VALUE = "attributeValue";
    public static final String USERNAME = "username";
    public static final String PASSWORD = "password";
    public static final String GOOD_USERNAME = "test";
    public static final String GOOD_PASSWORD = "test";
    public static final int DELTA = 2;

    @Autowired
    @Qualifier("accessTokenController")
    protected OAuth20AccessTokenEndpointController controller;

    @Autowired
    @Qualifier("accessTokenResponseGenerator")
    protected OAuth20AccessTokenResponseGenerator accessTokenResponseGenerator;

    @Autowired
    @Qualifier("deviceUserCodeApprovalEndpointController")
    protected OAuth20DeviceUserCodeApprovalEndpointController deviceController;

    @Autowired
    @Qualifier("servicesManager")
    protected ServicesManager servicesManager;

    @Autowired
    @Qualifier("requiresAuthenticationAccessTokenInterceptor")
    protected SecurityInterceptor requiresAuthenticationInterceptor;

    @Autowired
    protected ApplicationContext applicationContext;

    @Autowired
    @Qualifier("defaultOAuthCodeFactory")
    protected OAuthCodeFactory oAuthCodeFactory;

    @Autowired
    @Qualifier("defaultRefreshTokenFactory")
    protected RefreshTokenFactory oAuthRefreshTokenFactory;

    @Autowired
    @Qualifier("ticketRegistry")
    protected TicketRegistry ticketRegistry;

    @TestConfiguration
    /* loaded from: input_file:org/apereo/cas/support/oauth/web/AbstractOAuth20Tests$OAuthTestConfiguration.class */
    public static class OAuthTestConfiguration implements ComponentSerializationPlanConfigurator, InitializingBean {

        @Autowired
        protected ApplicationContext applicationContext;

        public void init() {
            SchedulingUtils.prepScheduledAnnotationBeanPostProcessor(this.applicationContext);
        }

        public void afterPropertiesSet() {
            init();
        }

        @Bean
        public List inMemoryRegisteredServices() {
            AbstractRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService("^(https?|imaps?)://.*", OAuthRegisteredService.class);
            registeredService.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
            return CollectionUtils.wrapList(new AbstractRegisteredService[]{registeredService});
        }

        public void configureComponentSerializationPlan(ComponentSerializationPlan componentSerializationPlan) {
            componentSerializationPlan.registerSerializableClass(MockTicketGrantingTicket.class);
            componentSerializationPlan.registerSerializableClass(MockServiceTicket.class);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Principal createPrincipal() {
        HashMap hashMap = new HashMap();
        hashMap.put(NAME, List.of(VALUE));
        hashMap.put(NAME2, List.of(VALUE, VALUE));
        return CoreAuthenticationTestUtils.getPrincipal(ID, hashMap);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthRegisteredService getRegisteredService(String str, String str2, Set<OAuth20GrantTypes> set) {
        OAuthRegisteredService oAuthRegisteredService = new OAuthRegisteredService();
        oAuthRegisteredService.setName("The registered service name");
        oAuthRegisteredService.setServiceId(str);
        oAuthRegisteredService.setClientId(CLIENT_ID);
        oAuthRegisteredService.setClientSecret(str2);
        oAuthRegisteredService.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
        oAuthRegisteredService.setSupportedGrantTypes((HashSet) set.stream().map((v0) -> {
            return v0.getType();
        }).collect(Collectors.toCollection(HashSet::new)));
        return oAuthRegisteredService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthRegisteredService addRegisteredService(Set<OAuth20GrantTypes> set) {
        return addRegisteredService(false, set);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthRegisteredService addRegisteredService(Set<OAuth20GrantTypes> set, String str) {
        return addRegisteredService(false, set, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthRegisteredService addRegisteredService() {
        return addRegisteredService(false, (Set<OAuth20GrantTypes>) EnumSet.noneOf(OAuth20GrantTypes.class));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthRegisteredService addRegisteredService(boolean z, Set<OAuth20GrantTypes> set) {
        return addRegisteredService(z, set, "secret");
    }

    protected OAuthRegisteredService addRegisteredService(boolean z, Set<OAuth20GrantTypes> set, String str) {
        OAuthRegisteredService registeredService = getRegisteredService(REDIRECT_URI, str, set);
        registeredService.setGenerateRefreshToken(z);
        this.servicesManager.save(registeredService);
        return registeredService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Authentication getAuthentication(Principal principal) {
        BasicCredentialMetaData basicCredentialMetaData = new BasicCredentialMetaData(new BasicIdentifiableCredential(principal.getId()));
        return DefaultAuthenticationBuilder.newInstance().setPrincipal(principal).setAuthenticationDate(ZonedDateTime.now(ZoneOffset.UTC)).addCredential(basicCredentialMetaData).addSuccess(principal.getClass().getCanonicalName(), new DefaultAuthenticationHandlerExecutionResult(principal.getClass().getCanonicalName(), basicCredentialMetaData, principal, new ArrayList())).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthCode addCode(Principal principal, OAuthRegisteredService oAuthRegisteredService) {
        Authentication authentication = getAuthentication(principal);
        OAuthCode create = this.oAuthCodeFactory.create(new WebApplicationServiceFactory().createService(oAuthRegisteredService.getClientId()), authentication, new MockTicketGrantingTicket(ID), new ArrayList(), (String) null, (String) null, CLIENT_ID, new HashMap());
        this.ticketRegistry.addTicket(create);
        return create;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RefreshToken addRefreshToken(Principal principal, OAuthRegisteredService oAuthRegisteredService) {
        Authentication authentication = getAuthentication(principal);
        RefreshToken create = this.oAuthRefreshTokenFactory.create(new WebApplicationServiceFactory().createService(oAuthRegisteredService.getServiceId()), authentication, new MockTicketGrantingTicket(ID), new ArrayList(), CLIENT_ID, new HashMap());
        this.ticketRegistry.addTicket(create);
        return create;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void clearAllServices() {
        this.servicesManager.getAllServices().forEach(registeredService -> {
            this.servicesManager.delete(registeredService.getId());
        });
        this.servicesManager.load();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Pair<String, String> assertClientOK(OAuthRegisteredService oAuthRegisteredService, boolean z) {
        return assertClientOK(oAuthRegisteredService, z, null);
    }

    protected Pair<String, String> assertClientOK(OAuthRegisteredService oAuthRegisteredService, boolean z, String str) {
        Principal createPrincipal = createPrincipal();
        OAuthCode addCode = addCode(createPrincipal, oAuthRegisteredService);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.addHeader("Authorization", "Basic " + EncodingUtils.encodeBase64("1:secret".getBytes(StandardCharsets.UTF_8)));
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        if (StringUtils.isNotBlank(str)) {
            mockHttpServletRequest.setParameter("scope", str);
        }
        mockHttpServletRequest.setParameter("code", addCode.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertNull(this.ticketRegistry.getTicket(addCode.getId()));
        Assertions.assertEquals(200, mockHttpServletResponse.getStatus());
        String str2 = "";
        Map model = handleRequest.getModel();
        Assertions.assertTrue(model.containsKey("access_token"));
        if (z) {
            Assertions.assertTrue(model.containsKey("refresh_token"));
            str2 = model.get("refresh_token").toString();
        }
        Assertions.assertTrue(model.containsKey("expires_in"));
        String obj = model.get("access_token").toString();
        Assertions.assertEquals(createPrincipal, this.ticketRegistry.getTicket(obj, AccessToken.class).getAuthentication().getPrincipal());
        Assertions.assertTrue(Integer.parseInt(model.get("expires_in").toString()) >= 7188);
        return Pair.of(obj, str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Pair<AccessToken, RefreshToken> assertRefreshTokenOk(OAuthRegisteredService oAuthRegisteredService) {
        Principal createPrincipal = createPrincipal();
        return assertRefreshTokenOk(oAuthRegisteredService, addRefreshToken(createPrincipal, oAuthRegisteredService), createPrincipal);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Pair<AccessToken, RefreshToken> assertRefreshTokenOk(OAuthRegisteredService oAuthRegisteredService, RefreshToken refreshToken, Principal principal) throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_id", CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("refresh_token", refreshToken.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(200, mockHttpServletResponse.getStatus());
        Assertions.assertTrue(handleRequest.getModel().containsKey("access_token"));
        Assertions.assertFalse(handleRequest.getModel().containsKey("refresh_token"));
        Assertions.assertTrue(handleRequest.getModel().containsKey("expires_in"));
        AccessToken ticket = this.ticketRegistry.getTicket(handleRequest.getModel().get("access_token").toString(), AccessToken.class);
        Assertions.assertEquals(principal, ticket.getAuthentication().getPrincipal());
        Assertions.assertTrue(Integer.parseInt(handleRequest.getModel().get("expires_in").toString()) >= 7188);
        return Pair.of(ticket, refreshToken);
    }
}
