package org.apereo.cas.support.oauth.web.response.callback;

import java.util.AbstractMap;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.AbstractOAuth20Tests;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestDataHolder;
import org.jasig.cas.client.util.URIBuilder;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.pac4j.core.context.JEEContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.view.RedirectView;

@Tag("OAuth")
/* loaded from: input_file:org/apereo/cas/support/oauth/web/response/callback/OAuth20TokenAuthorizationResponseBuilderTests.class */
public class OAuth20TokenAuthorizationResponseBuilderTests extends AbstractOAuth20Tests {
    private static final String STATE = "%123=";
    private static final String NONCE = "%123=";

    private static void verifyParam(Map<String, List<String>> map, String str, String str2) {
        Assertions.assertTrue(map.containsKey(str), () -> {
            return "Expected " + str + "  param in redirect URL";
        });
        Assertions.assertEquals(1, map.get(str).size(), () -> {
            return "Expected one value for " + str + " param";
        });
        Assertions.assertEquals(str2, map.get(str).get(0), () -> {
            return "Expected unchanged " + str + "  param";
        });
    }

    private static Map<String, List<String>> splitQuery(String str) {
        return StringUtils.isBlank(str) ? new HashMap(0) : (Map) Arrays.stream(str.split("&")).map(OAuth20TokenAuthorizationResponseBuilderTests::splitQueryParameter).collect(Collectors.groupingBy((v0) -> {
            return v0.getKey();
        }, LinkedHashMap::new, Collectors.mapping((v0) -> {
            return v0.getValue();
        }, Collectors.toList())));
    }

    private static AbstractMap.SimpleImmutableEntry<String, String> splitQueryParameter(String str) {
        int indexOf = str.indexOf(61);
        return new AbstractMap.SimpleImmutableEntry<>(indexOf > 0 ? str.substring(0, indexOf) : str, (indexOf <= 0 || str.length() <= indexOf + 1) ? null : str.substring(indexOf + 1));
    }

    @Test
    public void verifyUnchangedStateAndNonceParameter() throws Exception {
        Assertions.assertTrue(this.oauthTokenResponseBuilder.isSingleSignOnSessionRequired());
        Assertions.assertEquals(Integer.MAX_VALUE, this.oauthAuthorizationCodeResponseBuilder.getOrder());
        OAuthRegisteredService registeredService = getRegisteredService("example", "secret", new LinkedHashSet());
        registeredService.setJwtAccessToken(true);
        this.servicesManager.save(registeredService);
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService("example");
        HashMap hashMap = new HashMap();
        hashMap.put("state", Collections.singletonList("%123="));
        hashMap.put("nonce", Collections.singletonList("%123="));
        AccessTokenRequestDataHolder build = AccessTokenRequestDataHolder.builder().clientId(registeredService.getClientId()).service(service).authentication(RegisteredServiceTestUtils.getAuthentication(RegisteredServiceTestUtils.getPrincipal(AbstractOAuth20Tests.ID), hashMap)).registeredService(registeredService).grantType(OAuth20GrantTypes.NONE).responseType(OAuth20ResponseTypes.TOKEN).ticketGrantingTicket(new MockTicketGrantingTicket(AbstractOAuth20Tests.ID)).generateRefreshToken(true).build();
        ModelAndView build2 = this.oauthTokenResponseBuilder.build(new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse()), AbstractOAuth20Tests.CLIENT_ID, build);
        Assertions.assertTrue(build2.getView() instanceof RedirectView, "Expected RedirectView");
        Assertions.assertTrue(build2.getModel().isEmpty());
        Map<String, List<String>> splitQuery = splitQuery(new URIBuilder(build2.getView().getUrl()).getFragment());
        verifyParam(splitQuery, "state", "%123=");
        verifyParam(splitQuery, "nonce", "%123=");
    }
}
