package org.apereo.cas.support.oauth.web.endpoints;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.AbstractOAuth20Tests;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
import org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.DefaultRegisteredServiceOAuthAccessTokenExpirationPolicy;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.ticket.code.OAuth20Code;
import org.apereo.cas.util.CollectionUtils;
import org.jose4j.jwt.JwtClaims;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.pac4j.cas.profile.CasProfile;
import org.pac4j.core.context.JEEContext;
import org.pac4j.core.context.session.SessionStore;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpMethod;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.view.RedirectView;

@Tag("OAuth")
/* loaded from: input_file:org/apereo/cas/support/oauth/web/endpoints/OAuth20AuthorizeEndpointControllerTests.class */
public class OAuth20AuthorizeEndpointControllerTests extends AbstractOAuth20Tests {
    private static final String AUTHORIZE_URL = "https://casserver/oauth2.0/authorize";
    private static final String SERVICE_NAME = "serviceName";
    private static final String STATE = "state";

    @Autowired
    @Qualifier("authorizeController")
    private OAuth20AuthorizeEndpointController oAuth20AuthorizeEndpointController;

    @Test
    public void verifyNoClientId() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Assertions.assertThrows(UnauthorizedServiceException.class, () -> {
            this.oAuth20AuthorizeEndpointController.handleRequestPost(mockHttpServletRequest, mockHttpServletResponse);
        });
    }

    @Test
    public void verifyNoRedirectUri() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Assertions.assertThrows(NoSuchElementException.class, () -> {
            this.oAuth20AuthorizeEndpointController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        });
    }

    @Test
    public void verifyNoResponseType() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Assertions.assertThrows(NoSuchElementException.class, () -> {
            this.oAuth20AuthorizeEndpointController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        });
    }

    @Test
    public void verifyBadResponseType() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", "badvalue");
        mockHttpServletRequest.setAttribute("error", "invalid_request");
        mockHttpServletRequest.setAttribute("error_with_callback", true);
        ModelAndView handleRequest = this.oAuth20AuthorizeEndpointController.handleRequest(mockHttpServletRequest, new MockHttpServletResponse());
        Assertions.assertTrue(handleRequest.getView() instanceof RedirectView);
        Assertions.assertEquals(handleRequest.getView().getUrl(), AbstractOAuth20Tests.REDIRECT_URI);
        Assertions.assertTrue(handleRequest.getModel().containsKey("error"));
        Assertions.assertEquals(handleRequest.getModel().get("error").toString(), "invalid_request");
    }

    @Test
    public void verifyNoCasService() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Assertions.assertThrows(UnauthorizedServiceException.class, () -> {
            this.oAuth20AuthorizeEndpointController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        });
    }

    @Test
    public void verifyRedirectUriDoesNotStartWithServiceId() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.servicesManager.save(getRegisteredService(AbstractOAuth20Tests.OTHER_REDIRECT_URI, AbstractOAuth20Tests.CLIENT_ID));
        Assertions.assertThrows(NoSuchElementException.class, () -> {
            this.oAuth20AuthorizeEndpointController.handleRequestPost(mockHttpServletRequest, mockHttpServletResponse);
        });
    }

    @Test
    public void verifyCodeNoProfile() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.CODE.name().toLowerCase());
        mockHttpServletRequest.setServerName(AbstractOAuth20Tests.CAS_SERVER);
        mockHttpServletRequest.setServerPort(AbstractOAuth20Tests.CAS_PORT);
        mockHttpServletRequest.setScheme(AbstractOAuth20Tests.CAS_SCHEME);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(true);
        this.servicesManager.save(registeredService);
        mockHttpServletRequest.setSession(new MockHttpSession());
        Assertions.assertThrows(NoSuchElementException.class, () -> {
            this.oAuth20AuthorizeEndpointController.handleRequestPost(mockHttpServletRequest, mockHttpServletResponse);
        });
    }

    @Test
    public void verifyMissingTicketGrantingTicket() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.CODE.name().toLowerCase());
        mockHttpServletRequest.setServerName(AbstractOAuth20Tests.CAS_SERVER);
        mockHttpServletRequest.setServerPort(AbstractOAuth20Tests.CAS_PORT);
        mockHttpServletRequest.setScheme(AbstractOAuth20Tests.CAS_SCHEME);
        mockHttpServletRequest.setContextPath("");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(true);
        this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getServicesManager().save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(AbstractOAuth20Tests.ID);
        mockHttpServletRequest.setSession(new MockHttpSession());
        this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getSessionStore().set(new JEEContext(mockHttpServletRequest, mockHttpServletResponse), "pac4jUserProfiles", CollectionUtils.wrapLinkedHashMap(casProfile.getClientName(), casProfile));
        Assertions.assertEquals("error/casServiceErrorView", this.oAuth20AuthorizeEndpointController.handleRequest(mockHttpServletRequest, mockHttpServletResponse).getViewName());
    }

    @Test
    public void verifyServiceAccessDenied() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.CODE.name().toLowerCase());
        mockHttpServletRequest.setServerName(AbstractOAuth20Tests.CAS_SERVER);
        mockHttpServletRequest.setServerPort(AbstractOAuth20Tests.CAS_PORT);
        mockHttpServletRequest.setScheme(AbstractOAuth20Tests.CAS_SCHEME);
        mockHttpServletRequest.setContextPath("");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(true);
        registeredService.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(Map.of("required", Set.of("value1"))));
        this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getServicesManager().save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(AbstractOAuth20Tests.ID);
        mockHttpServletRequest.setSession(new MockHttpSession());
        SessionStore sessionStore = this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getSessionStore();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, mockHttpServletResponse);
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(AbstractOAuth20Tests.ID);
        this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getTicketRegistry().addTicket(mockTicketGrantingTicket);
        sessionStore.set(jEEContext, "ticketGrantingTicketId", mockTicketGrantingTicket.getId());
        sessionStore.set(jEEContext, "pac4jUserProfiles", CollectionUtils.wrapLinkedHashMap(casProfile.getClientName(), casProfile));
        Assertions.assertEquals("error/casServiceErrorView", this.oAuth20AuthorizeEndpointController.handleRequest(mockHttpServletRequest, mockHttpServletResponse).getViewName());
    }

    @Test
    public void verifyCodeRedirectToClient() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.CODE.name().toLowerCase());
        mockHttpServletRequest.setServerName(AbstractOAuth20Tests.CAS_SERVER);
        mockHttpServletRequest.setServerPort(AbstractOAuth20Tests.CAS_PORT);
        mockHttpServletRequest.setScheme(AbstractOAuth20Tests.CAS_SCHEME);
        mockHttpServletRequest.setContextPath("");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        CasConfigurationProperties casProperties = this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getCasProperties();
        casProperties.getSessionReplication().getCookie().setAutoConfigureCookiePath(true);
        casProperties.getAuthn().getOauth().setReplicateSessions(true);
        this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getOauthDistributedSessionCookieGenerator().setCookiePath("");
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(true);
        this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getServicesManager().save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(AbstractOAuth20Tests.ID);
        HashMap hashMap = new HashMap();
        hashMap.put(AbstractOAuth20Tests.FIRST_NAME_ATTRIBUTE, AbstractOAuth20Tests.FIRST_NAME);
        hashMap.put(AbstractOAuth20Tests.LAST_NAME_ATTRIBUTE, AbstractOAuth20Tests.LAST_NAME);
        casProfile.addAttributes(hashMap);
        mockHttpServletRequest.setSession(new MockHttpSession());
        SessionStore sessionStore = this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getSessionStore();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, mockHttpServletResponse);
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(AbstractOAuth20Tests.ID);
        this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getTicketRegistry().addTicket(mockTicketGrantingTicket);
        sessionStore.set(jEEContext, "ticketGrantingTicketId", mockTicketGrantingTicket.getId());
        sessionStore.set(jEEContext, "pac4jUserProfiles", CollectionUtils.wrapLinkedHashMap(casProfile.getClientName(), casProfile));
        ModelAndView handleRequest = this.oAuth20AuthorizeEndpointController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        RedirectView view = handleRequest.getView();
        Assertions.assertTrue(view instanceof RedirectView);
        String url = view.getUrl();
        Assertions.assertNotNull(url);
        Assertions.assertEquals(url, AbstractOAuth20Tests.REDIRECT_URI);
        Assertions.assertEquals("/", this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getOauthDistributedSessionCookieGenerator().getCookiePath());
        OAuth20Code ticket = this.ticketRegistry.getTicket(String.valueOf(handleRequest.getModelMap().get("code")));
        Assertions.assertNotNull(ticket);
        Principal principal = ticket.getAuthentication().getPrincipal();
        Assertions.assertEquals(AbstractOAuth20Tests.ID, principal.getId());
        Map attributes = principal.getAttributes();
        Assertions.assertEquals(hashMap.size(), attributes.size());
        Assertions.assertEquals(AbstractOAuth20Tests.FIRST_NAME, ((List) attributes.get(AbstractOAuth20Tests.FIRST_NAME_ATTRIBUTE)).get(0));
    }

    @Test
    public void verifyTokenRedirectToClient() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.TOKEN.name().toLowerCase());
        mockHttpServletRequest.setServerName(AbstractOAuth20Tests.CAS_SERVER);
        mockHttpServletRequest.setServerPort(AbstractOAuth20Tests.CAS_PORT);
        mockHttpServletRequest.setScheme(AbstractOAuth20Tests.CAS_SCHEME);
        mockHttpServletRequest.setContextPath("");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuth20ConfigurationContext oAuthConfigurationContext = this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext();
        oAuthConfigurationContext.getCasProperties().getSessionReplication().getCookie().setAutoConfigureCookiePath(false);
        oAuthConfigurationContext.getOauthDistributedSessionCookieGenerator().setCookiePath("");
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(true);
        this.servicesManager.save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(AbstractOAuth20Tests.ID);
        HashMap hashMap = new HashMap();
        hashMap.put(AbstractOAuth20Tests.FIRST_NAME_ATTRIBUTE, AbstractOAuth20Tests.FIRST_NAME);
        hashMap.put(AbstractOAuth20Tests.LAST_NAME_ATTRIBUTE, AbstractOAuth20Tests.LAST_NAME);
        casProfile.addAttributes(hashMap);
        SessionStore sessionStore = this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getSessionStore();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, mockHttpServletResponse);
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(AbstractOAuth20Tests.ID);
        this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getTicketRegistry().addTicket(mockTicketGrantingTicket);
        sessionStore.set(jEEContext, "ticketGrantingTicketId", mockTicketGrantingTicket.getId());
        sessionStore.set(jEEContext, "pac4jUserProfiles", CollectionUtils.wrapLinkedHashMap(casProfile.getClientName(), casProfile));
        RedirectView view = this.oAuth20AuthorizeEndpointController.handleRequest(mockHttpServletRequest, mockHttpServletResponse).getView();
        Assertions.assertTrue(view instanceof RedirectView);
        String url = view.getUrl();
        Assertions.assertNotNull(url);
        Assertions.assertTrue(url.startsWith("http://someurl#access_token="));
        Assertions.assertEquals("", this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getOauthDistributedSessionCookieGenerator().getCookiePath());
        OAuth20AccessToken ticket = this.ticketRegistry.getTicket(StringUtils.substringBetween(url, "#access_token=", "&token_type=bearer"));
        Assertions.assertNotNull(ticket);
        Principal principal = ticket.getAuthentication().getPrincipal();
        Assertions.assertEquals(AbstractOAuth20Tests.ID, principal.getId());
        Map attributes = principal.getAttributes();
        Assertions.assertEquals(hashMap.size(), attributes.size());
        Assertions.assertEquals(AbstractOAuth20Tests.FIRST_NAME, ((List) attributes.get(AbstractOAuth20Tests.FIRST_NAME_ATTRIBUTE)).get(0));
        Assertions.assertEquals(getDefaultAccessTokenExpiration(), Long.parseLong(StringUtils.substringAfter(url, "&expires_in=")));
    }

    @Test
    public void verifyPerServiceExpiration() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.TOKEN.name().toLowerCase());
        mockHttpServletRequest.setServerName(AbstractOAuth20Tests.CAS_SERVER);
        mockHttpServletRequest.setServerPort(AbstractOAuth20Tests.CAS_PORT);
        mockHttpServletRequest.setScheme(AbstractOAuth20Tests.CAS_SCHEME);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(true);
        DefaultRegisteredServiceOAuthAccessTokenExpirationPolicy defaultRegisteredServiceOAuthAccessTokenExpirationPolicy = new DefaultRegisteredServiceOAuthAccessTokenExpirationPolicy();
        defaultRegisteredServiceOAuthAccessTokenExpirationPolicy.setMaxTimeToLive("5005");
        defaultRegisteredServiceOAuthAccessTokenExpirationPolicy.setTimeToKill("1001");
        registeredService.setAccessTokenExpirationPolicy(defaultRegisteredServiceOAuthAccessTokenExpirationPolicy);
        registeredService.setJwtAccessToken(true);
        this.servicesManager.save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(AbstractOAuth20Tests.ID);
        HashMap hashMap = new HashMap();
        hashMap.put(AbstractOAuth20Tests.FIRST_NAME_ATTRIBUTE, AbstractOAuth20Tests.FIRST_NAME);
        hashMap.put(AbstractOAuth20Tests.LAST_NAME_ATTRIBUTE, AbstractOAuth20Tests.LAST_NAME);
        casProfile.addAttributes(hashMap);
        SessionStore sessionStore = this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getSessionStore();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, mockHttpServletResponse);
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(AbstractOAuth20Tests.ID);
        this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getTicketRegistry().addTicket(mockTicketGrantingTicket);
        sessionStore.set(jEEContext, "ticketGrantingTicketId", mockTicketGrantingTicket.getId());
        sessionStore.set(jEEContext, "pac4jUserProfiles", CollectionUtils.wrapLinkedHashMap(casProfile.getClientName(), casProfile));
        RedirectView view = this.oAuth20AuthorizeEndpointController.handleRequest(mockHttpServletRequest, mockHttpServletResponse).getView();
        Assertions.assertTrue(view instanceof RedirectView);
        String url = view.getUrl();
        Assertions.assertNotNull(url);
        Assertions.assertTrue(url.startsWith("http://someurl#access_token="));
        String obj = this.oauthAccessTokenJwtCipherExecutor.decode(StringUtils.substringBetween(url, "#access_token=", "&token_type=bearer")).toString();
        Assertions.assertNotNull(obj);
        JwtClaims parse = JwtClaims.parse(obj);
        Assertions.assertNotNull(parse);
        Assertions.assertNotNull(parse.getExpirationTime());
        Assertions.assertNotNull(parse.getIssuedAt());
        assertEqualsWithDelta(Long.parseLong(defaultRegisteredServiceOAuthAccessTokenExpirationPolicy.getMaxTimeToLive()), parse.getExpirationTime().getValue() - parse.getIssuedAt().getValue(), 2L);
        Assertions.assertEquals(defaultRegisteredServiceOAuthAccessTokenExpirationPolicy.getMaxTimeToLive(), StringUtils.substringAfter(url, "&expires_in="));
    }

    @Test
    public void verifyCodeRedirectToClientWithState() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.CODE.name().toLowerCase());
        mockHttpServletRequest.setServerName(AbstractOAuth20Tests.CAS_SERVER);
        mockHttpServletRequest.setServerPort(AbstractOAuth20Tests.CAS_PORT);
        mockHttpServletRequest.setScheme(AbstractOAuth20Tests.CAS_SCHEME);
        mockHttpServletRequest.setParameter(STATE, STATE);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(true);
        this.servicesManager.save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(AbstractOAuth20Tests.ID);
        HashMap hashMap = new HashMap();
        hashMap.put(AbstractOAuth20Tests.FIRST_NAME_ATTRIBUTE, AbstractOAuth20Tests.FIRST_NAME);
        hashMap.put(AbstractOAuth20Tests.LAST_NAME_ATTRIBUTE, AbstractOAuth20Tests.LAST_NAME);
        casProfile.addAttributes(hashMap);
        mockHttpServletRequest.setSession(new MockHttpSession());
        SessionStore sessionStore = this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getSessionStore();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, mockHttpServletResponse);
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(AbstractOAuth20Tests.ID);
        this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getTicketRegistry().addTicket(mockTicketGrantingTicket);
        sessionStore.set(jEEContext, "ticketGrantingTicketId", mockTicketGrantingTicket.getId());
        sessionStore.set(jEEContext, "pac4jUserProfiles", CollectionUtils.wrapLinkedHashMap(casProfile.getClientName(), casProfile));
        ModelAndView handleRequest = this.oAuth20AuthorizeEndpointController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        RedirectView view = handleRequest.getView();
        Assertions.assertTrue(view instanceof RedirectView);
        String url = view.getUrl();
        Assertions.assertNotNull(url);
        Assertions.assertEquals(url, AbstractOAuth20Tests.REDIRECT_URI);
        OAuth20Code ticket = this.ticketRegistry.getTicket(String.valueOf(handleRequest.getModelMap().getAttribute("code")));
        Assertions.assertNotNull(ticket);
        Principal principal = ticket.getAuthentication().getPrincipal();
        Assertions.assertEquals(AbstractOAuth20Tests.ID, principal.getId());
        Map attributes = principal.getAttributes();
        Assertions.assertEquals(hashMap.size(), attributes.size());
        Assertions.assertEquals(AbstractOAuth20Tests.FIRST_NAME, ((List) attributes.get(AbstractOAuth20Tests.FIRST_NAME_ATTRIBUTE)).get(0));
    }

    @Test
    public void verifyTokenRedirectToClientWithState() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.TOKEN.name().toLowerCase());
        mockHttpServletRequest.setServerName(AbstractOAuth20Tests.CAS_SERVER);
        mockHttpServletRequest.setServerPort(AbstractOAuth20Tests.CAS_PORT);
        mockHttpServletRequest.setScheme(AbstractOAuth20Tests.CAS_SCHEME);
        mockHttpServletRequest.setParameter(STATE, STATE);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(true);
        this.servicesManager.save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(AbstractOAuth20Tests.ID);
        HashMap hashMap = new HashMap();
        hashMap.put(AbstractOAuth20Tests.FIRST_NAME_ATTRIBUTE, AbstractOAuth20Tests.FIRST_NAME);
        hashMap.put(AbstractOAuth20Tests.LAST_NAME_ATTRIBUTE, AbstractOAuth20Tests.LAST_NAME);
        casProfile.addAttributes(hashMap);
        mockHttpServletRequest.setSession(new MockHttpSession());
        SessionStore sessionStore = this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getSessionStore();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, mockHttpServletResponse);
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(AbstractOAuth20Tests.ID);
        this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getTicketRegistry().addTicket(mockTicketGrantingTicket);
        sessionStore.set(jEEContext, "ticketGrantingTicketId", mockTicketGrantingTicket.getId());
        sessionStore.set(jEEContext, "pac4jUserProfiles", CollectionUtils.wrapLinkedHashMap(casProfile.getClientName(), casProfile));
        RedirectView view = this.oAuth20AuthorizeEndpointController.handleRequest(mockHttpServletRequest, mockHttpServletResponse).getView();
        Assertions.assertTrue(view instanceof RedirectView);
        String url = view.getUrl();
        Assertions.assertNotNull(url);
        String str = url + "&";
        Assertions.assertTrue(str.startsWith("http://someurl#access_token="));
        String substringBetween = StringUtils.substringBetween(str, "#access_token=", "&");
        String substringBetween2 = StringUtils.substringBetween(str, "state=", "&");
        OAuth20AccessToken ticket = this.ticketRegistry.getTicket(substringBetween);
        Assertions.assertNotNull(ticket);
        Assertions.assertEquals(substringBetween2, STATE);
        Principal principal = ticket.getAuthentication().getPrincipal();
        Assertions.assertEquals(AbstractOAuth20Tests.ID, principal.getId());
        Map attributes = principal.getAttributes();
        Assertions.assertEquals(hashMap.size(), attributes.size());
        Assertions.assertEquals(AbstractOAuth20Tests.FIRST_NAME, ((List) attributes.get(AbstractOAuth20Tests.FIRST_NAME_ATTRIBUTE)).get(0));
    }

    @Test
    public void verifyCodeRedirectToClientApproved() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.CODE.name().toLowerCase());
        mockHttpServletRequest.setServerName(AbstractOAuth20Tests.CAS_SERVER);
        mockHttpServletRequest.setServerPort(AbstractOAuth20Tests.CAS_PORT);
        mockHttpServletRequest.setScheme(AbstractOAuth20Tests.CAS_SCHEME);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(false);
        this.servicesManager.save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(AbstractOAuth20Tests.ID);
        HashMap hashMap = new HashMap();
        hashMap.put(AbstractOAuth20Tests.FIRST_NAME_ATTRIBUTE, AbstractOAuth20Tests.FIRST_NAME);
        hashMap.put(AbstractOAuth20Tests.LAST_NAME_ATTRIBUTE, AbstractOAuth20Tests.LAST_NAME);
        casProfile.addAttributes(hashMap);
        mockHttpServletRequest.setSession(new MockHttpSession());
        SessionStore sessionStore = this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getSessionStore();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, mockHttpServletResponse);
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(AbstractOAuth20Tests.ID);
        this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getTicketRegistry().addTicket(mockTicketGrantingTicket);
        sessionStore.set(jEEContext, "ticketGrantingTicketId", mockTicketGrantingTicket.getId());
        sessionStore.set(jEEContext, "pac4jUserProfiles", CollectionUtils.wrapLinkedHashMap(casProfile.getClientName(), casProfile));
        sessionStore.set(jEEContext, "bypass_approval_prompt", "true");
        ModelAndView handleRequest = this.oAuth20AuthorizeEndpointController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        RedirectView view = handleRequest.getView();
        Assertions.assertTrue(view instanceof RedirectView);
        String url = view.getUrl();
        Assertions.assertNotNull(url);
        Assertions.assertEquals(url, AbstractOAuth20Tests.REDIRECT_URI);
        OAuth20Code ticket = this.ticketRegistry.getTicket(String.valueOf(handleRequest.getModelMap().get("code")));
        Assertions.assertNotNull(ticket);
        Principal principal = ticket.getAuthentication().getPrincipal();
        Assertions.assertEquals(AbstractOAuth20Tests.ID, principal.getId());
        Map attributes = principal.getAttributes();
        Assertions.assertEquals(hashMap.size(), attributes.size());
        Assertions.assertEquals(AbstractOAuth20Tests.FIRST_NAME, ((List) attributes.get(AbstractOAuth20Tests.FIRST_NAME_ATTRIBUTE)).get(0));
    }

    @Test
    public void verifyTokenRedirectToClientApproved() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.TOKEN.name().toLowerCase());
        mockHttpServletRequest.setServerName(AbstractOAuth20Tests.CAS_SERVER);
        mockHttpServletRequest.setServerPort(AbstractOAuth20Tests.CAS_PORT);
        mockHttpServletRequest.setScheme(AbstractOAuth20Tests.CAS_SCHEME);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(false);
        this.servicesManager.save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(AbstractOAuth20Tests.ID);
        HashMap hashMap = new HashMap();
        hashMap.put(AbstractOAuth20Tests.FIRST_NAME_ATTRIBUTE, AbstractOAuth20Tests.FIRST_NAME);
        hashMap.put(AbstractOAuth20Tests.LAST_NAME_ATTRIBUTE, AbstractOAuth20Tests.LAST_NAME);
        casProfile.addAttributes(hashMap);
        mockHttpServletRequest.setSession(new MockHttpSession());
        SessionStore sessionStore = this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getSessionStore();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, mockHttpServletResponse);
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(AbstractOAuth20Tests.ID);
        this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getTicketRegistry().addTicket(mockTicketGrantingTicket);
        sessionStore.set(jEEContext, "ticketGrantingTicketId", mockTicketGrantingTicket.getId());
        sessionStore.set(jEEContext, "pac4jUserProfiles", CollectionUtils.wrapLinkedHashMap(casProfile.getClientName(), casProfile));
        sessionStore.set(jEEContext, "bypass_approval_prompt", "true");
        RedirectView view = this.oAuth20AuthorizeEndpointController.handleRequest(mockHttpServletRequest, mockHttpServletResponse).getView();
        Assertions.assertTrue(view instanceof RedirectView);
        String url = view.getUrl();
        Assertions.assertNotNull(url);
        Assertions.assertTrue(url.startsWith("http://someurl#access_token="));
        OAuth20AccessToken ticket = this.ticketRegistry.getTicket(StringUtils.substringBetween(url, "#access_token=", "&token_type=bearer"));
        Assertions.assertNotNull(ticket);
        Principal principal = ticket.getAuthentication().getPrincipal();
        Assertions.assertEquals(AbstractOAuth20Tests.ID, principal.getId());
        Map attributes = principal.getAttributes();
        Assertions.assertEquals(hashMap.size(), attributes.size());
        Assertions.assertEquals(AbstractOAuth20Tests.FIRST_NAME, ((List) attributes.get(AbstractOAuth20Tests.FIRST_NAME_ATTRIBUTE)).get(0));
    }

    @Test
    public void verifyRedirectToApproval() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.CODE.name().toLowerCase());
        mockHttpServletRequest.setServerName(AbstractOAuth20Tests.CAS_SERVER);
        mockHttpServletRequest.setServerPort(AbstractOAuth20Tests.CAS_PORT);
        mockHttpServletRequest.setScheme(AbstractOAuth20Tests.CAS_SCHEME);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(false);
        this.servicesManager.save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(AbstractOAuth20Tests.ID);
        HashMap hashMap = new HashMap();
        hashMap.put(AbstractOAuth20Tests.FIRST_NAME_ATTRIBUTE, AbstractOAuth20Tests.FIRST_NAME);
        hashMap.put(AbstractOAuth20Tests.LAST_NAME_ATTRIBUTE, AbstractOAuth20Tests.LAST_NAME);
        casProfile.addAttributes(hashMap);
        mockHttpServletRequest.setSession(new MockHttpSession());
        SessionStore sessionStore = this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getSessionStore();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, mockHttpServletResponse);
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(AbstractOAuth20Tests.ID);
        this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getTicketRegistry().addTicket(mockTicketGrantingTicket);
        sessionStore.set(jEEContext, "ticketGrantingTicketId", mockTicketGrantingTicket.getId());
        sessionStore.set(jEEContext, "pac4jUserProfiles", CollectionUtils.wrapLinkedHashMap(casProfile.getClientName(), casProfile));
        ModelAndView handleRequest = this.oAuth20AuthorizeEndpointController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals("oauthConfirmView", handleRequest.getViewName());
        Map model = handleRequest.getModel();
        Assertions.assertEquals("https://casserver/oauth2.0/authorize?bypass_approval_prompt=true", model.get("callbackUrl"));
        Assertions.assertEquals(SERVICE_NAME, model.get(SERVICE_NAME));
    }

    @Test
    public void verifyTokenRedirectToClientApprovedWithJwtToken() throws Exception {
        clearAllServices();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/authorize");
        mockHttpServletRequest.setParameter("client_id", AbstractOAuth20Tests.CLIENT_ID);
        mockHttpServletRequest.setParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.TOKEN.name().toLowerCase());
        mockHttpServletRequest.setServerName(AbstractOAuth20Tests.CAS_SERVER);
        mockHttpServletRequest.setServerPort(AbstractOAuth20Tests.CAS_PORT);
        mockHttpServletRequest.setScheme(AbstractOAuth20Tests.CAS_SCHEME);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, SERVICE_NAME);
        registeredService.setBypassApprovalPrompt(true);
        registeredService.setJwtAccessToken(true);
        this.servicesManager.save(registeredService);
        CasProfile casProfile = new CasProfile();
        casProfile.setId(AbstractOAuth20Tests.ID);
        HashMap hashMap = new HashMap();
        hashMap.put(AbstractOAuth20Tests.FIRST_NAME_ATTRIBUTE, AbstractOAuth20Tests.FIRST_NAME);
        hashMap.put(AbstractOAuth20Tests.LAST_NAME_ATTRIBUTE, AbstractOAuth20Tests.LAST_NAME);
        casProfile.addAttributes(hashMap);
        mockHttpServletRequest.setSession(new MockHttpSession());
        SessionStore sessionStore = this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getSessionStore();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, mockHttpServletResponse);
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(AbstractOAuth20Tests.ID);
        this.oAuth20AuthorizeEndpointController.getOAuthConfigurationContext().getTicketRegistry().addTicket(mockTicketGrantingTicket);
        sessionStore.set(jEEContext, "ticketGrantingTicketId", mockTicketGrantingTicket.getId());
        sessionStore.set(jEEContext, "pac4jUserProfiles", CollectionUtils.wrapLinkedHashMap(casProfile.getClientName(), casProfile));
        sessionStore.set(jEEContext, "bypass_approval_prompt", "true");
        RedirectView view = this.oAuth20AuthorizeEndpointController.handleRequest(mockHttpServletRequest, mockHttpServletResponse).getView();
        Assertions.assertTrue(view instanceof RedirectView);
        String url = view.getUrl();
        Assertions.assertNotNull(url);
        Assertions.assertTrue(url.startsWith("http://someurl#access_token="));
        String substringBetween = StringUtils.substringBetween(url, "#access_token=", "&token_type=bearer");
        Assertions.assertNull(this.ticketRegistry.getTicket(substringBetween));
        String obj = this.oauthAccessTokenJwtCipherExecutor.decode(substringBetween).toString();
        Assertions.assertNotNull(obj);
        JwtClaims parse = JwtClaims.parse(obj);
        Assertions.assertNotNull(parse);
        OAuth20AccessToken ticket = this.ticketRegistry.getTicket(parse.getJwtId(), OAuth20AccessToken.class);
        Assertions.assertNotNull(ticket);
        Principal principal = ticket.getAuthentication().getPrincipal();
        Assertions.assertEquals(AbstractOAuth20Tests.ID, principal.getId());
        Map attributes = principal.getAttributes();
        Assertions.assertEquals(hashMap.size(), attributes.size());
        Assertions.assertEquals(AbstractOAuth20Tests.FIRST_NAME, ((List) attributes.get(AbstractOAuth20Tests.FIRST_NAME_ATTRIBUTE)).get(0));
    }

    protected static OAuthRegisteredService getRegisteredService(String str, String str2) {
        OAuthRegisteredService oAuthRegisteredService = new OAuthRegisteredService();
        oAuthRegisteredService.setName(str2);
        oAuthRegisteredService.setServiceId(str);
        oAuthRegisteredService.setClientId(AbstractOAuth20Tests.CLIENT_ID);
        oAuthRegisteredService.setAttributeReleasePolicy(new ReturnAllowedAttributeReleasePolicy(List.of(AbstractOAuth20Tests.FIRST_NAME_ATTRIBUTE)));
        return oAuthRegisteredService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apereo.cas.AbstractOAuth20Tests
    public void clearAllServices() {
        this.servicesManager.getAllServices().forEach(registeredService -> {
            this.servicesManager.delete(registeredService.getId());
        });
    }

    private static void assertEqualsWithDelta(long j, long j2, long j3) {
        Assertions.assertTrue(Math.abs(j - j2) <= j3);
    }
}
