package org.apereo.cas.support.oauth.validator.authorization;

import com.github.benmanes.caffeine.cache.Caffeine;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import org.apereo.cas.AbstractOAuth20Tests;
import org.apereo.cas.authentication.principal.WebApplicationServiceFactory;
import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
import org.apereo.cas.services.DefaultServicesManager;
import org.apereo.cas.services.DefaultServicesManagerRegisteredServiceLocator;
import org.apereo.cas.services.InMemoryServiceRegistry;
import org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.ServicesManagerConfigurationContext;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.util.CollectionUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.pac4j.jee.context.JEEContext;
import org.springframework.context.support.StaticApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("OAuth")
/* loaded from: input_file:org/apereo/cas/support/oauth/validator/authorization/OAuth20AuthorizationCodeResponseTypeAuthorizationRequestValidatorTests.class */
public class OAuth20AuthorizationCodeResponseTypeAuthorizationRequestValidatorTests extends AbstractOAuth20Tests {
    private static ServicesManager getServicesManager(StaticApplicationContext staticApplicationContext) {
        return new DefaultServicesManager(ServicesManagerConfigurationContext.builder().serviceRegistry(new InMemoryServiceRegistry(staticApplicationContext)).applicationContext(staticApplicationContext).environments(new HashSet(0)).servicesCache(Caffeine.newBuilder().build()).registeredServiceLocators(List.of(new DefaultServicesManagerRegisteredServiceLocator())).build());
    }

    private OAuth20AuthorizationCodeResponseTypeAuthorizationRequestValidator getValidator(ServicesManager servicesManager) {
        return new OAuth20AuthorizationCodeResponseTypeAuthorizationRequestValidator(servicesManager, new WebApplicationServiceFactory(), new RegisteredServiceAccessStrategyAuditableEnforcer(this.applicationContext), this.oauthRequestParameterResolver);
    }

    private static OAuthRegisteredService buildRegisteredService(ServicesManager servicesManager) {
        OAuthRegisteredService oAuthRegisteredService = new OAuthRegisteredService();
        oAuthRegisteredService.setId(1000L);
        oAuthRegisteredService.setName("OAuth");
        oAuthRegisteredService.setClientId("client");
        oAuthRegisteredService.setClientSecret("secret");
        oAuthRegisteredService.setServiceId("https://.+");
        servicesManager.save(oAuthRegisteredService);
        return oAuthRegisteredService;
    }

    @Test
    public void verifyUnsignedRequestParameter() throws Exception {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        ServicesManager servicesManager = getServicesManager(staticApplicationContext);
        buildRegisteredService(servicesManager);
        OAuth20AuthorizationCodeResponseTypeAuthorizationRequestValidator validator = getValidator(servicesManager);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        mockHttpServletRequest.setParameter("request", "eyJhbGciOiJub25lIn0.eyJzY29wZSI6Im9wZW5pZCIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6XC9cL3N0YWdpbmcuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9DQVNcL2NhbGxiYWNrIiwic3RhdGUiOiJ2SU4xYjBZNENrIiwibm9uY2UiOiIxTjltcVBPOWZ0IiwiY2xpZW50X2lkIjoiY2xpZW50In0.");
        Assertions.assertTrue(validator.supports(jEEContext));
        Assertions.assertTrue(validator.validate(jEEContext));
    }

    @Test
    public void verifyValidator() throws Exception {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        ServicesManager servicesManager = getServicesManager(staticApplicationContext);
        OAuthRegisteredService buildRegisteredService = buildRegisteredService(servicesManager);
        OAuth20AuthorizationCodeResponseTypeAuthorizationRequestValidator validator = getValidator(servicesManager);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        Assertions.assertFalse(validator.supports(jEEContext));
        Assertions.assertTrue(jEEContext.getRequestAttribute("error").isPresent());
        Assertions.assertEquals("invalid_request", jEEContext.getRequestAttribute("error").get().toString());
        mockHttpServletRequest.removeAttribute("error");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.getType());
        Assertions.assertFalse(validator.supports(jEEContext));
        mockHttpServletRequest.removeAttribute("error");
        mockHttpServletRequest.setParameter("client_id", "client");
        Assertions.assertFalse(validator.supports(jEEContext));
        Assertions.assertTrue(jEEContext.getRequestAttribute("error").isPresent());
        Assertions.assertEquals("invalid_request", jEEContext.getRequestAttribute("error").get().toString());
        mockHttpServletRequest.removeAttribute("error");
        mockHttpServletRequest.setParameter("redirect_uri", buildRegisteredService.getServiceId());
        Assertions.assertFalse(validator.supports(jEEContext));
        Assertions.assertTrue(jEEContext.getRequestAttribute("error").isPresent());
        Assertions.assertEquals("unsupported_response_type", jEEContext.getRequestAttribute("error").get().toString());
        mockHttpServletRequest.removeAttribute("error");
        mockHttpServletRequest.setParameter("response_type", "unknown");
        Assertions.assertFalse(validator.supports(jEEContext));
        Assertions.assertTrue(jEEContext.getRequestAttribute("error").isPresent());
        Assertions.assertEquals("unsupported_response_type", jEEContext.getRequestAttribute("error").get().toString());
        mockHttpServletRequest.removeAttribute("error");
        mockHttpServletRequest.setParameter("response_type", OAuth20ResponseTypes.CODE.getType());
        mockHttpServletRequest.setParameter("code_verifier", "abcd");
        buildRegisteredService.setSupportedResponseTypes(new LinkedHashSet());
        Assertions.assertTrue(validator.supports(jEEContext));
        Assertions.assertTrue(validator.validate(jEEContext));
        mockHttpServletRequest.removeAttribute("error");
        Assertions.assertTrue(validator.supports(jEEContext));
        Assertions.assertTrue(validator.validate(jEEContext));
        Assertions.assertFalse(jEEContext.getRequestAttribute("error").isPresent());
        mockHttpServletRequest.removeAttribute("error");
        buildRegisteredService.setSupportedResponseTypes(CollectionUtils.wrapHashSet(new String[]{OAuth20ResponseTypes.CODE.getType()}));
        Assertions.assertTrue(validator.supports(jEEContext));
        Assertions.assertTrue(validator.validate(jEEContext));
        Assertions.assertFalse(jEEContext.getRequestAttribute("error").isPresent());
        mockHttpServletRequest.removeAttribute("error");
        buildRegisteredService.setSupportedResponseTypes(CollectionUtils.wrapHashSet(new String[]{OAuth20ResponseTypes.TOKEN.getType()}));
        Assertions.assertTrue(validator.supports(jEEContext));
        Assertions.assertFalse(validator.validate(jEEContext));
        Assertions.assertTrue(jEEContext.getRequestAttribute("error").isPresent());
        mockHttpServletRequest.removeAttribute("error");
        mockHttpServletRequest.setParameter("redirect_uri", "unknown-uri");
        Assertions.assertFalse(validator.supports(jEEContext));
        Assertions.assertTrue(jEEContext.getRequestAttribute("error").isPresent());
        Assertions.assertEquals("invalid_request", jEEContext.getRequestAttribute("error").get().toString());
        mockHttpServletRequest.removeAttribute("error");
        mockHttpServletRequest.setParameter("redirect_uri", buildRegisteredService.getServiceId());
        buildRegisteredService.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy().setEnabled(false));
        Assertions.assertFalse(validator.supports(jEEContext));
        Assertions.assertTrue(jEEContext.getRequestAttribute("error").isPresent());
        Assertions.assertEquals("invalid_request", jEEContext.getRequestAttribute("error").get().toString());
        Assertions.assertEquals(Integer.MAX_VALUE, validator.getOrder());
        Assertions.assertNotNull(validator.getRegisteredServiceAccessStrategyEnforcer());
        Assertions.assertEquals(OAuth20ResponseTypes.CODE, validator.getResponseType());
        Assertions.assertNotNull(validator.getServicesManager());
        Assertions.assertNotNull(validator.getWebApplicationServiceServiceFactory());
    }
}
