package org.apereo.cas.support.oauth.web.endpoints;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.stream.Stream;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.WebApplicationServiceFactory;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.web.AbstractOAuth20Tests;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.ticket.code.OAuth20Code;
import org.apereo.cas.ticket.code.OAuth20DefaultOAuthCodeFactory;
import org.apereo.cas.ticket.refreshtoken.OAuth20DefaultRefreshTokenFactory;
import org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken;
import org.apereo.cas.util.CollectionUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.web.servlet.ModelAndView;

@Tag("OAuth")
/* loaded from: input_file:org/apereo/cas/support/oauth/web/endpoints/OAuth20AccessTokenEndpointControllerTests.class */
public class OAuth20AccessTokenEndpointControllerTests extends AbstractOAuth20Tests {
    public static Stream<OAuthRegisteredService> getParameters() {
        return Stream.of((Object[]) new OAuthRegisteredService[]{getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, "secret", CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE)), getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, "secret", new HashSet())});
    }

    @BeforeEach
    public void initialize() {
        clearAllServices();
    }

    @MethodSource({"getParameters"})
    @ParameterizedTest
    public void verifyClientNoClientId(OAuthRegisteredService oAuthRegisteredService) {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        Principal createPrincipal = createPrincipal();
        this.servicesManager.save(oAuthRegisteredService);
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal, oAuthRegisteredService).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(401, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientNoRedirectUri() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE))).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(400, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientNoAuthorizationCode() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE))).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(400, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientBadGrantType() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("grant_type", "badValue");
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE))).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(400, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientDisallowedGrantType() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.CLIENT_CREDENTIALS.getType());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE))).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(400, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientNoClientSecret() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE))).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(401, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientNoCode() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        addCode(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE)));
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(400, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @MethodSource({"getParameters"})
    @ParameterizedTest
    public void verifyClientNoCasService(OAuthRegisteredService oAuthRegisteredService) {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), oAuthRegisteredService).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(401, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @MethodSource({"getParameters"})
    @ParameterizedTest
    public void verifyClientRedirectUriDoesNotStartWithServiceId(OAuthRegisteredService oAuthRegisteredService) throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.OTHER_REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        Principal createPrincipal = createPrincipal();
        this.servicesManager.save(oAuthRegisteredService);
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal, oAuthRegisteredService).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(400, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @MethodSource({"getParameters"})
    @ParameterizedTest
    public void verifyClientWrongSecret(OAuthRegisteredService oAuthRegisteredService) throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", AbstractOAuth20Tests.WRONG_CLIENT_SECRET);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        Principal createPrincipal = createPrincipal();
        this.servicesManager.save(oAuthRegisteredService);
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal, oAuthRegisteredService).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(401, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyClientEmptySecret() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCode(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE), "")).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(200, mockHttpServletResponse.getStatus());
        Assertions.assertTrue(handleRequest.getModel().containsKey("access_token"));
    }

    @Test
    public void verifyPKCECodeVerifier() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("code_verifier", AbstractOAuth20Tests.CODE_CHALLENGE);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCodeWithChallenge(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE), "secret"), AbstractOAuth20Tests.CODE_CHALLENGE, AbstractOAuth20Tests.CODE_CHALLENGE_METHOD_PLAIN).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(200, mockHttpServletResponse.getStatus());
        Assertions.assertTrue(handleRequest.getModel().containsKey("access_token"));
    }

    @MethodSource({"getParameters"})
    @ParameterizedTest
    public void verifyPKCEInvalidCodeVerifier(OAuthRegisteredService oAuthRegisteredService) {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("code_verifier", "invalidcode");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        Principal createPrincipal = createPrincipal();
        this.servicesManager.save(oAuthRegisteredService);
        mockHttpServletRequest.setParameter("code", addCodeWithChallenge(createPrincipal, oAuthRegisteredService, AbstractOAuth20Tests.CODE_CHALLENGE, AbstractOAuth20Tests.CODE_CHALLENGE_METHOD_PLAIN).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(401, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyPKCEEmptySecret() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "");
        mockHttpServletRequest.setParameter("code_verifier", AbstractOAuth20Tests.CODE_CHALLENGE);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter("code", addCodeWithChallenge(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE), ""), AbstractOAuth20Tests.CODE_CHALLENGE, AbstractOAuth20Tests.CODE_CHALLENGE_METHOD_PLAIN).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(200, mockHttpServletResponse.getStatus());
        Assertions.assertTrue(handleRequest.getModel().containsKey("access_token"));
    }

    @MethodSource({"getParameters"})
    @ParameterizedTest
    public void verifyPKCEWrongSecret(OAuthRegisteredService oAuthRegisteredService) {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", AbstractOAuth20Tests.WRONG_CLIENT_SECRET);
        mockHttpServletRequest.setParameter("code_verifier", AbstractOAuth20Tests.CODE_CHALLENGE);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        Principal createPrincipal = createPrincipal();
        this.servicesManager.save(oAuthRegisteredService);
        mockHttpServletRequest.setParameter("code", addCodeWithChallenge(createPrincipal, oAuthRegisteredService, AbstractOAuth20Tests.CODE_CHALLENGE, AbstractOAuth20Tests.CODE_CHALLENGE_METHOD_PLAIN).getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(401, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @MethodSource({"getParameters"})
    @ParameterizedTest
    public void verifyClientExpiredCode(OAuthRegisteredService oAuthRegisteredService) throws Exception {
        this.servicesManager.save(oAuthRegisteredService);
        HashMap hashMap = new HashMap();
        hashMap.put(AbstractOAuth20Tests.NAME, List.of(AbstractOAuth20Tests.VALUE));
        hashMap.put(AbstractOAuth20Tests.NAME2, List.of(AbstractOAuth20Tests.VALUE, AbstractOAuth20Tests.VALUE));
        OAuth20Code create = new OAuth20DefaultOAuthCodeFactory(alwaysExpiresExpirationPolicyBuilder(), this.servicesManager).create(new WebApplicationServiceFactory().createService(oAuthRegisteredService.getServiceId()), getAuthentication(CoreAuthenticationTestUtils.getPrincipal(AbstractOAuth20Tests.ID, hashMap)), new MockTicketGrantingTicket(AbstractOAuth20Tests.ID), new ArrayList(), (String) null, (String) null, AbstractOAuth20Tests.CLIENT_ID, new HashMap());
        this.ticketRegistry.addTicket(create);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("code", create.getId());
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(400, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @MethodSource({"getParameters"})
    @ParameterizedTest
    public void verifyClientAuthByParameter(OAuthRegisteredService oAuthRegisteredService) {
        this.servicesManager.save(oAuthRegisteredService);
        assertClientOK(oAuthRegisteredService, false);
    }

    @MethodSource({"getParameters"})
    @ParameterizedTest
    public void verifyClientAuthWithJwtAccessToken(OAuthRegisteredService oAuthRegisteredService) {
        oAuthRegisteredService.setJwtAccessToken(true);
        this.servicesManager.save(oAuthRegisteredService);
        assertClientOK(oAuthRegisteredService, false);
    }

    @Test
    public void verifyDeviceFlowGeneratesCode() throws Exception {
        addRegisteredService();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.DEVICE_CODE.getType());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        Map model = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse).getModel();
        Assertions.assertTrue(model.containsKey("device_code"));
        Assertions.assertTrue(model.containsKey("verification_uri"));
        Assertions.assertTrue(model.containsKey("user_code"));
        Assertions.assertTrue(model.containsKey("interval"));
        Assertions.assertTrue(model.containsKey("expires_in"));
        String obj = model.get("device_code").toString();
        String obj2 = model.get("user_code").toString();
        MockHttpServletRequest mockHttpServletRequest2 = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/device");
        mockHttpServletRequest2.setParameter("usercode", obj2);
        ModelAndView handlePostRequest = this.deviceController.handlePostRequest(mockHttpServletRequest2, new MockHttpServletResponse());
        Assertions.assertNotNull(handlePostRequest);
        HttpStatus status = handlePostRequest.getStatus();
        Assertions.assertNotNull(status);
        Assertions.assertTrue(status.is2xxSuccessful());
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.DEVICE_CODE.getType());
        mockHttpServletRequest.setParameter("code", obj);
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse2, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse2);
        Assertions.assertTrue(handleRequest.getModel().containsKey("access_token"));
        Assertions.assertTrue(handleRequest.getModel().containsKey("expires_in"));
        Assertions.assertTrue(handleRequest.getModel().containsKey("token_type"));
    }

    @MethodSource({"getParameters"})
    @ParameterizedTest
    public void verifyClientAuthByHeader(OAuthRegisteredService oAuthRegisteredService) {
        this.servicesManager.save(oAuthRegisteredService);
        assertClientOK(oAuthRegisteredService, false);
    }

    @Test
    public void verifyClientAuthByParameterWithRefreshToken() {
        OAuthRegisteredService addRegisteredService = addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE));
        addRegisteredService.setGenerateRefreshToken(true);
        assertClientOK(addRegisteredService, true);
    }

    @Test
    public void verifyClientAuthByHeaderWithRefreshToken() {
        OAuthRegisteredService addRegisteredService = addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE));
        addRegisteredService.setGenerateRefreshToken(true);
        assertClientOK(addRegisteredService, true);
    }

    @Test
    public void verifyClientAuthJsonByParameterWithRefreshToken() {
        OAuthRegisteredService addRegisteredService = addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE));
        addRegisteredService.setGenerateRefreshToken(true);
        assertClientOK(addRegisteredService, true);
    }

    @Test
    public void verifyClientAuthJsonByHeaderWithRefreshToken() {
        OAuthRegisteredService addRegisteredService = addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE));
        addRegisteredService.setGenerateRefreshToken(true);
        assertClientOK(addRegisteredService, true);
    }

    @Test
    public void ensureOnlyRefreshTokenIsAcceptedForRefreshGrant() {
        addRegisteredService(true, CollectionUtils.wrapSet(new OAuth20GrantTypes[]{OAuth20GrantTypes.PASSWORD, OAuth20GrantTypes.REFRESH_TOKEN}));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setSession(new MockHttpSession());
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.PASSWORD.name().toLowerCase());
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.USERNAME, "test");
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.PASSWORD, "test");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertTrue(handleRequest.getModel().containsKey("refresh_token"));
        Assertions.assertTrue(handleRequest.getModel().containsKey("access_token"));
        String obj = handleRequest.getModel().get("refresh_token").toString();
        String obj2 = handleRequest.getModel().get("access_token").toString();
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("refresh_token", obj2);
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse2);
        Assertions.assertEquals(400, mockHttpServletResponse2.getStatus());
        mockHttpServletRequest.setParameter("refresh_token", obj);
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        ModelAndView handleRequest2 = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse3);
        Assertions.assertEquals(200, mockHttpServletResponse3.getStatus());
        Assertions.assertTrue(handleRequest2.getModel().containsKey("access_token"));
    }

    @Test
    public void verifyUserNoClientId() throws Exception {
        addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.PASSWORD));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.PASSWORD.name().toLowerCase());
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.USERNAME, "test");
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.PASSWORD, "test");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(401, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyUserNoCasService() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.PASSWORD.name().toLowerCase());
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.USERNAME, "test");
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.PASSWORD, "test");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(401, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyUserBadAuthorizationCode() throws Exception {
        addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.AUTHORIZATION_CODE));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.USERNAME, "test");
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.PASSWORD, "test");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(400, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyUserBadCredentials() throws Exception {
        addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.PASSWORD));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.PASSWORD.name().toLowerCase());
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.USERNAME, "test");
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.PASSWORD, "badPassword");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(401, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyUserAuth() {
        addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.PASSWORD));
        assertUserAuth(false, true);
    }

    @Test
    public void verifyUserAuthForServiceWithoutSecret() {
        addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.PASSWORD), "");
        assertUserAuth(false, false);
    }

    @Test
    public void verifyUserAuthWithRefreshToken() {
        addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.PASSWORD)).setGenerateRefreshToken(true);
        assertUserAuth(true, true);
    }

    @Test
    public void verifyJsonUserAuth() {
        addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.PASSWORD));
        assertUserAuth(false, true);
    }

    @Test
    public void verifyJsonUserAuthWithRefreshToken() {
        addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.PASSWORD)).setGenerateRefreshToken(true);
        assertUserAuth(true, true);
    }

    private void assertUserAuth(boolean z, boolean z2) {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        if (z2) {
            mockHttpServletRequest.setParameter("client_secret", "secret");
        }
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.PASSWORD.name().toLowerCase());
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.USERNAME, "test");
        mockHttpServletRequest.setParameter(AbstractOAuth20Tests.PASSWORD, "test");
        mockHttpServletRequest.addHeader("service", AbstractOAuth20Tests.REDIRECT_URI);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(200, mockHttpServletResponse.getStatus());
        Assertions.assertTrue(handleRequest.getModel().containsKey("access_token"));
        if (z) {
            Assertions.assertTrue(handleRequest.getModel().containsKey("refresh_token"));
        }
        Assertions.assertTrue(handleRequest.getModel().containsKey("expires_in"));
        Assertions.assertEquals("test", this.ticketRegistry.getTicket(handleRequest.getModel().get("access_token").toString(), OAuth20AccessToken.class).getAuthentication().getPrincipal().getId());
        Assertions.assertTrue(Integer.parseInt(handleRequest.getModel().get("expires_in").toString()) >= 7188);
    }

    @Test
    public void verifyRefreshTokenExpiredToken() {
        Principal createPrincipal = createPrincipal();
        OAuthRegisteredService addRegisteredService = addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN));
        Authentication authentication = getAuthentication(createPrincipal);
        OAuth20RefreshToken create = new OAuth20DefaultRefreshTokenFactory(alwaysExpiresExpirationPolicyBuilder(), this.servicesManager).create(new WebApplicationServiceFactory().createService(addRegisteredService.getServiceId()), authentication, new MockTicketGrantingTicket(AbstractOAuth20Tests.ID), new ArrayList(), AbstractOAuth20Tests.CLIENT_ID, new HashMap());
        this.ticketRegistry.addTicket(create);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("refresh_token", create.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(400, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyRefreshTokenBadCredentials() throws Exception {
        OAuth20RefreshToken addRefreshToken = addRefreshToken(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN)));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", AbstractOAuth20Tests.WRONG_CLIENT_SECRET);
        mockHttpServletRequest.setParameter("refresh_token", addRefreshToken.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(401, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyRefreshTokenEmptySecret() throws Exception {
        OAuth20RefreshToken addRefreshToken = addRefreshToken(createPrincipal(), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN), ""));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "");
        mockHttpServletRequest.setParameter("refresh_token", addRefreshToken.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(200, mockHttpServletResponse.getStatus());
        Assertions.assertTrue(handleRequest.getModel().containsKey("access_token"));
    }

    @Test
    public void verifyRefreshTokenMissingToken() throws Exception {
        addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(400, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyRefreshTokenOKWithExpiredTicketGrantingTicket() throws Exception {
        Principal createPrincipal = createPrincipal();
        OAuth20RefreshToken addRefreshToken = addRefreshToken(createPrincipal, addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN)));
        addRefreshToken.getTicketGrantingTicket().markTicketExpired();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("refresh_token", addRefreshToken.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(200, mockHttpServletResponse.getStatus());
        Assertions.assertEquals(createPrincipal, this.ticketRegistry.getTicket(handleRequest.getModel().get("access_token").toString(), OAuth20AccessToken.class).getAuthentication().getPrincipal());
        Assertions.assertTrue(Integer.parseInt(handleRequest.getModel().get("expires_in").toString()) >= 7188);
    }

    @Test
    public void verifyRefreshTokenOK() {
        assertRefreshTokenOk(addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN)));
    }

    @Test
    public void verifyRefreshTokenOKWithRefreshToken() {
        OAuthRegisteredService addRegisteredService = addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN));
        addRegisteredService.setGenerateRefreshToken(true);
        addRegisteredService.setRenewRefreshToken(true);
        assertRefreshTokenOk(addRegisteredService);
    }

    @Test
    public void verifyJsonRefreshTokenOK() {
        assertRefreshTokenOk(addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN)));
    }

    @Test
    public void verifyJsonRefreshTokenOKWithRefreshToken() {
        OAuthRegisteredService addRegisteredService = addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN));
        addRegisteredService.setGenerateRefreshToken(true);
        addRegisteredService.setRenewRefreshToken(true);
        assertRefreshTokenOk(addRegisteredService);
    }

    @Test
    public void verifyAccessTokenRequestWithRefreshTokenCannotExceedScopes() throws Exception {
        OAuth20RefreshToken addRefreshTokenWithScope = addRefreshTokenWithScope(createPrincipal(), List.of("profile"), addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN)));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("refresh_token", addRefreshTokenWithScope.getId());
        mockHttpServletRequest.setParameter("scope", "email");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(400, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_scope", handleRequest.getModel().get("error").toString());
    }

    @Test
    public void verifyAccessTokenRequestWithRefreshTokenWithoutRequestingScopes() throws Exception {
        OAuthRegisteredService addRegisteredService = addRegisteredService(CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN));
        Principal createPrincipal = createPrincipal();
        OAuth20RefreshToken addRefreshTokenWithScope = addRefreshTokenWithScope(createPrincipal, List.of("profile"), addRegisteredService);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase());
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("refresh_token", addRefreshTokenWithScope.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.controller.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(200, mockHttpServletResponse.getStatus());
        Assertions.assertTrue(handleRequest.getModel().containsKey("access_token"));
        if (addRegisteredService.isRenewRefreshToken()) {
            Assertions.assertTrue(handleRequest.getModel().containsKey("refresh_token"));
        } else {
            Assertions.assertFalse(handleRequest.getModel().containsKey("refresh_token"));
        }
        Assertions.assertNotNull(addRegisteredService.isRenewRefreshToken() ? (OAuth20RefreshToken) this.ticketRegistry.getTicket(handleRequest.getModel().get("refresh_token").toString(), OAuth20RefreshToken.class) : addRefreshTokenWithScope);
        Assertions.assertTrue(handleRequest.getModel().containsKey("expires_in"));
        Assertions.assertEquals(createPrincipal, this.ticketRegistry.getTicket(handleRequest.getModel().get("access_token").toString(), OAuth20AccessToken.class).getAuthentication().getPrincipal());
        Assertions.assertTrue(Integer.parseInt(handleRequest.getModel().get("expires_in").toString()) >= 7188);
    }

    private OAuth20RefreshToken addRefreshTokenWithScope(Principal principal, List<String> list, OAuthRegisteredService oAuthRegisteredService) {
        Authentication authentication = getAuthentication(principal);
        OAuth20RefreshToken create = this.oAuthRefreshTokenFactory.create(new WebApplicationServiceFactory().createService(oAuthRegisteredService.getServiceId()), authentication, new MockTicketGrantingTicket(AbstractOAuth20Tests.ID), list, AbstractOAuth20Tests.CLIENT_ID, new HashMap());
        this.ticketRegistry.addTicket(create);
        return create;
    }
}
