package org.apereo.cas.support.oauth.web.endpoints;

import java.util.HashSet;
import org.apereo.cas.AbstractOAuth20Tests;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.ticket.code.OAuth20Code;
import org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.web.servlet.ModelAndView;

@Tag("OAuthWeb")
/* loaded from: input_file:org/apereo/cas/support/oauth/web/endpoints/OAuth20RevocationEndpointControllerTests.class */
public class OAuth20RevocationEndpointControllerTests extends AbstractOAuth20Tests {
    private static final String PUBLIC_CLIENT_ID = "clientWithoutSecret";

    @Autowired
    @Qualifier("oauthRevocationController")
    private OAuth20RevocationEndpointController oAuth20RevocationController;

    @BeforeEach
    public void initialize() {
        clearAllServices();
    }

    @Test
    public void verifyNoGivenToken() throws Exception {
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, "secret", new HashSet());
        this.servicesManager.save(registeredService);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.POST.name(), "/oauth2.0/revoke");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.setParameter("client_id", registeredService.getClientId());
        mockHttpServletRequest.setParameter("client_secret", "secret");
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.oAuth20RevocationController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.BAD_REQUEST.value(), mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyGivenInvalidClientId() throws Exception {
        this.servicesManager.save(getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, "secret", new HashSet()));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.POST.name(), "/oauth2.0/revoke");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.setParameter("client_id", "InvalidClientId");
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("token", "AT-1234");
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.oAuth20RevocationController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.UNAUTHORIZED.value(), mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyGivenInvalidClientSecret() throws Exception {
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, "secret", new HashSet());
        this.servicesManager.save(registeredService);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.POST.name(), "/oauth2.0/revoke");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.setParameter("client_id", registeredService.getClientId());
        mockHttpServletRequest.setParameter("client_secret", AbstractOAuth20Tests.WRONG_CLIENT_SECRET);
        mockHttpServletRequest.setParameter("token", "AT-1234");
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.oAuth20RevocationController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.UNAUTHORIZED.value(), mockHttpServletResponse.getStatus());
        Assertions.assertEquals("access_denied", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyGivenTokenNotInRegistry() throws Exception {
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, "secret", new HashSet());
        this.servicesManager.save(registeredService);
        this.servicesManager.save(getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, PUBLIC_CLIENT_ID, "", new HashSet()));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.POST.name(), "/oauth2.0/revoke");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.setParameter("client_id", registeredService.getClientId());
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("token", "AT-1234");
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20RevocationController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.OK.value(), mockHttpServletResponse.getStatus());
        mockHttpServletRequest.removeAllParameters();
        mockHttpServletRequest.setParameter("client_id", PUBLIC_CLIENT_ID);
        mockHttpServletRequest.setParameter("token", "AT-1234");
        this.oAuth20RevocationController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.OK.value(), mockHttpServletResponse.getStatus());
    }

    @Test
    public void verifyGivenUnsupportedToken() throws Exception {
        Principal createPrincipal = createPrincipal();
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, "secret", new HashSet());
        this.servicesManager.save(registeredService);
        OAuth20Code addCode = addCode(createPrincipal, registeredService);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.POST.name(), "/oauth2.0/revoke");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.setParameter("client_id", registeredService.getClientId());
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("token", addCode.getId());
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.oAuth20RevocationController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.BAD_REQUEST.value(), mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyGivenAccessTokenInRegistry() throws Exception {
        Principal createPrincipal = createPrincipal();
        RegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, "secret", new HashSet());
        RegisteredService registeredService2 = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, PUBLIC_CLIENT_ID, "", new HashSet());
        this.servicesManager.save(new RegisteredService[]{registeredService, registeredService2});
        OAuth20AccessToken addAccessToken = addAccessToken(createPrincipal, registeredService);
        Assertions.assertNotNull(this.ticketRegistry.getTicket(addAccessToken.getId()));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.POST.name(), "/oauth2.0/revoke");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.setParameter("client_id", registeredService.getClientId());
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("token", addAccessToken.getId());
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20RevocationController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.OK.value(), mockHttpServletResponse.getStatus());
        Assertions.assertNull(this.ticketRegistry.getTicket(addAccessToken.getId()));
        OAuth20AccessToken addAccessToken2 = addAccessToken(createPrincipal, registeredService2);
        Assertions.assertNotNull(this.ticketRegistry.getTicket(addAccessToken2.getId()));
        mockHttpServletRequest.removeAllParameters();
        mockHttpServletRequest.setParameter("client_id", PUBLIC_CLIENT_ID);
        mockHttpServletRequest.setParameter("token", addAccessToken2.getId());
        this.oAuth20RevocationController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.OK.value(), mockHttpServletResponse.getStatus());
        Assertions.assertNull(this.ticketRegistry.getTicket(addAccessToken2.getId()));
        OAuth20AccessToken addAccessToken3 = addAccessToken(createPrincipal, registeredService);
        Assertions.assertNotNull(this.ticketRegistry.getTicket(addAccessToken3.getId()));
        mockHttpServletRequest.removeAllParameters();
        mockHttpServletRequest.setParameter("client_id", PUBLIC_CLIENT_ID);
        mockHttpServletRequest.setParameter("token", addAccessToken3.getId());
        ModelAndView handleRequest = this.oAuth20RevocationController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.BAD_REQUEST.value(), mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }

    @Test
    public void verifyGivenRefreshTokenInRegistry() throws Exception {
        Principal createPrincipal = createPrincipal();
        RegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, "secret", new HashSet());
        RegisteredService registeredService2 = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, PUBLIC_CLIENT_ID, "", new HashSet());
        this.servicesManager.save(new RegisteredService[]{registeredService, registeredService2});
        OAuth20AccessToken addAccessToken = addAccessToken(createPrincipal, registeredService);
        OAuth20RefreshToken addRefreshToken = addRefreshToken(createPrincipal, registeredService, addAccessToken);
        Assertions.assertNotNull(this.ticketRegistry.getTicket(addAccessToken.getId()));
        Assertions.assertNotNull(this.ticketRegistry.getTicket(addRefreshToken.getId()));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.POST.name(), "/oauth2.0/revoke");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.setParameter("client_id", registeredService.getClientId());
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("token", addRefreshToken.getId());
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        this.oAuth20RevocationController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.OK.value(), mockHttpServletResponse.getStatus());
        Assertions.assertNull(this.ticketRegistry.getTicket(addRefreshToken.getId()));
        Assertions.assertNull(this.ticketRegistry.getTicket(addAccessToken.getId()));
        OAuth20AccessToken addAccessToken2 = addAccessToken(createPrincipal, registeredService2);
        OAuth20RefreshToken addRefreshToken2 = addRefreshToken(createPrincipal, registeredService2, addAccessToken2);
        Assertions.assertNotNull(this.ticketRegistry.getTicket(addAccessToken2.getId()));
        mockHttpServletRequest.removeAllParameters();
        mockHttpServletRequest.setParameter("client_id", PUBLIC_CLIENT_ID);
        mockHttpServletRequest.setParameter("token", addRefreshToken2.getId());
        this.oAuth20RevocationController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.OK.value(), mockHttpServletResponse.getStatus());
        Assertions.assertNull(this.ticketRegistry.getTicket(addRefreshToken2.getId()));
        Assertions.assertNull(this.ticketRegistry.getTicket(addAccessToken2.getId()));
        OAuth20RefreshToken addRefreshToken3 = addRefreshToken(createPrincipal, registeredService);
        Assertions.assertNotNull(this.ticketRegistry.getTicket(addRefreshToken3.getId()));
        mockHttpServletRequest.removeAllParameters();
        mockHttpServletRequest.setParameter("client_id", PUBLIC_CLIENT_ID);
        mockHttpServletRequest.setParameter("token", addRefreshToken3.getId());
        ModelAndView handleRequest = this.oAuth20RevocationController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.BAD_REQUEST.value(), mockHttpServletResponse.getStatus());
        Assertions.assertEquals("invalid_request", handleRequest.getModel().get("error"));
    }
}
