package org.apereo.cas.support.oauth.authenticator;

import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junitpioneer.jupiter.RetryingTest;
import org.pac4j.core.credentials.UsernamePasswordCredentials;
import org.pac4j.core.exception.CredentialsException;
import org.pac4j.jee.context.JEEContext;
import org.pac4j.jee.context.session.JEESessionStore;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("OAuth")
/* loaded from: input_file:org/apereo/cas/support/oauth/authenticator/OAuth20RefreshTokenAuthenticatorTests.class */
public class OAuth20RefreshTokenAuthenticatorTests extends BaseOAuth20AuthenticatorTests {
    protected OAuth20RefreshTokenAuthenticator authenticator;

    @BeforeEach
    public void init() {
        this.authenticator = new OAuth20RefreshTokenAuthenticator(this.servicesManager, this.serviceFactory, new RegisteredServiceAccessStrategyAuditableEnforcer(new CasConfigurationProperties()), this.ticketRegistry, this.defaultPrincipalResolver, this.oauthRequestParameterResolver, this.oauth20ClientSecretValidator);
    }

    @RetryingTest(3)
    public void verifyAuthentication() throws Exception {
        OAuth20RefreshToken refreshToken = getRefreshToken(this.serviceWithoutSecret);
        this.ticketRegistry.addTicket(refreshToken);
        UsernamePasswordCredentials usernamePasswordCredentials = new UsernamePasswordCredentials("clientWithoutSecret", refreshToken.getId());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name());
        mockHttpServletRequest.addParameter("refresh_token", refreshToken.getId());
        mockHttpServletRequest.addParameter("client_id", "clientWithoutSecret");
        this.authenticator.validate(usernamePasswordCredentials, new JEEContext(mockHttpServletRequest, new MockHttpServletResponse()), JEESessionStore.INSTANCE);
        Assertions.assertNotNull(usernamePasswordCredentials.getUserProfile());
        Assertions.assertEquals("clientWithoutSecret", usernamePasswordCredentials.getUserProfile().getId());
        UsernamePasswordCredentials usernamePasswordCredentials2 = new UsernamePasswordCredentials("clientWithoutSecret", "badRefreshToken");
        MockHttpServletRequest mockHttpServletRequest2 = new MockHttpServletRequest();
        mockHttpServletRequest2.addParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name());
        mockHttpServletRequest2.addParameter("refresh_token", "badRefreshToken");
        mockHttpServletRequest2.addParameter("client_id", "clientWithoutSecret");
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest2, new MockHttpServletResponse());
        Assertions.assertThrows(CredentialsException.class, () -> {
            this.authenticator.validate(usernamePasswordCredentials2, jEEContext, JEESessionStore.INSTANCE);
        });
        UsernamePasswordCredentials usernamePasswordCredentials3 = new UsernamePasswordCredentials("clientWithoutSecret2", refreshToken.getId());
        MockHttpServletRequest mockHttpServletRequest3 = new MockHttpServletRequest();
        mockHttpServletRequest3.addParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name());
        mockHttpServletRequest3.addParameter("refresh_token", refreshToken.getId());
        mockHttpServletRequest3.addParameter("client_id", "clientWithoutSecret2");
        JEEContext jEEContext2 = new JEEContext(mockHttpServletRequest3, new MockHttpServletResponse());
        Assertions.assertThrows(CredentialsException.class, () -> {
            this.authenticator.validate(usernamePasswordCredentials3, jEEContext2, JEESessionStore.INSTANCE);
        });
        OAuth20RefreshToken refreshToken2 = getRefreshToken(this.service);
        this.ticketRegistry.addTicket(refreshToken2);
        UsernamePasswordCredentials usernamePasswordCredentials4 = new UsernamePasswordCredentials("client", refreshToken.getId());
        MockHttpServletRequest mockHttpServletRequest4 = new MockHttpServletRequest();
        mockHttpServletRequest4.addParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name());
        mockHttpServletRequest4.addParameter("refresh_token", refreshToken2.getId());
        mockHttpServletRequest4.addParameter("client_id", "client");
        this.authenticator.validate(usernamePasswordCredentials4, new JEEContext(mockHttpServletRequest4, new MockHttpServletResponse()), JEESessionStore.INSTANCE);
        Assertions.assertNull(usernamePasswordCredentials4.getUserProfile());
        UsernamePasswordCredentials usernamePasswordCredentials5 = new UsernamePasswordCredentials("unknownclient", refreshToken.getId());
        MockHttpServletRequest mockHttpServletRequest5 = new MockHttpServletRequest();
        mockHttpServletRequest5.addParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name());
        mockHttpServletRequest5.addParameter("refresh_token", refreshToken2.getId());
        mockHttpServletRequest5.addParameter("client_id", "unknownclient");
        this.authenticator.validate(usernamePasswordCredentials5, new JEEContext(mockHttpServletRequest5, new MockHttpServletResponse()), JEESessionStore.INSTANCE);
        Assertions.assertNull(usernamePasswordCredentials5.getUserProfile());
    }
}
