package org.apereo.cas.support.oauth.validator.token;

import java.util.Objects;
import java.util.UUID;
import org.apereo.cas.AbstractOAuth20Tests;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.HttpUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.pac4j.jee.context.JEEContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpHeaders;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("OAuth")
/* loaded from: input_file:org/apereo/cas/support/oauth/validator/token/OAuth20RevocationRequestValidatorTests.class */
public class OAuth20RevocationRequestValidatorTests extends AbstractOAuth20Tests {
    private static final String SUPPORTING_SERVICE_TICKET = "RT-SUPPORTING";

    @Autowired
    @Qualifier("oauthRevocationRequestValidator")
    private OAuth20TokenRequestValidator validator;
    private OAuthRegisteredService supportingService;

    @BeforeEach
    public void before() throws Exception {
        this.servicesManager.deleteAll();
        this.supportingService = RequestValidatorTestUtils.getService("https://google.com", UUID.randomUUID().toString(), UUID.randomUUID().toString(), "secret", CollectionUtils.wrapSet(OAuth20GrantTypes.REFRESH_TOKEN));
        this.servicesManager.save(this.supportingService);
        registerTicket(SUPPORTING_SERVICE_TICKET);
    }

    @Test
    public void verifyOperationClientSecretPost() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.setParameter("client_id", this.supportingService.getClientId());
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("token", SUPPORTING_SERVICE_TICKET);
        Assertions.assertTrue(this.validator.validate(new JEEContext(mockHttpServletRequest, mockHttpServletResponse)));
        mockHttpServletRequest.removeAllParameters();
        mockHttpServletRequest.setParameter("client_id", this.supportingService.getClientId());
        mockHttpServletRequest.setParameter("client_secret", "secret");
        Assertions.assertFalse(this.validator.supports(new JEEContext(mockHttpServletRequest, mockHttpServletResponse)));
        mockHttpServletRequest.removeAllParameters();
        mockHttpServletRequest.setParameter("client_id", "unknown");
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("token", SUPPORTING_SERVICE_TICKET);
        Assertions.assertFalse(this.validator.validate(new JEEContext(mockHttpServletRequest, mockHttpServletResponse)));
    }

    @Test
    public void verifyOperationClientSecretBasic() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        HttpHeaders createBasicAuthHeaders = HttpUtils.createBasicAuthHeaders(this.supportingService.getClientId(), "secret");
        Objects.requireNonNull(mockHttpServletRequest);
        createBasicAuthHeaders.forEach((v1, v2) -> {
            r1.addHeader(v1, v2);
        });
        mockHttpServletRequest.setParameter("token", SUPPORTING_SERVICE_TICKET);
        Assertions.assertTrue(this.validator.validate(new JEEContext(mockHttpServletRequest, mockHttpServletResponse)));
        mockHttpServletRequest.removeHeader("Authorization");
        mockHttpServletRequest.removeAllParameters();
        HttpHeaders createBasicAuthHeaders2 = HttpUtils.createBasicAuthHeaders(this.supportingService.getClientId(), "secret");
        Objects.requireNonNull(mockHttpServletRequest);
        createBasicAuthHeaders2.forEach((v1, v2) -> {
            r1.addHeader(v1, v2);
        });
        Assertions.assertFalse(this.validator.supports(new JEEContext(mockHttpServletRequest, mockHttpServletResponse)));
        mockHttpServletRequest.removeHeader("Authorization");
        mockHttpServletRequest.removeAllParameters();
        HttpHeaders createBasicAuthHeaders3 = HttpUtils.createBasicAuthHeaders("unknown", "secret");
        Objects.requireNonNull(mockHttpServletRequest);
        createBasicAuthHeaders3.forEach((v1, v2) -> {
            r1.addHeader(v1, v2);
        });
        mockHttpServletRequest.setParameter("token", SUPPORTING_SERVICE_TICKET);
        Assertions.assertFalse(this.validator.validate(new JEEContext(mockHttpServletRequest, mockHttpServletResponse)));
    }

    private void registerTicket(String str) throws Exception {
        OAuth20RefreshToken oAuth20RefreshToken = (OAuth20RefreshToken) Mockito.mock(OAuth20RefreshToken.class);
        Mockito.when(oAuth20RefreshToken.getId()).thenReturn(str);
        Mockito.when(Boolean.valueOf(oAuth20RefreshToken.isExpired())).thenReturn(false);
        Mockito.when(oAuth20RefreshToken.getAuthentication()).thenReturn(RegisteredServiceTestUtils.getAuthentication());
        this.ticketRegistry.addTicket(oAuth20RefreshToken);
    }
}
