package org.apereo.cas.support.oauth.web.response.accesstoken.ext;

import java.util.UUID;
import org.apereo.cas.AbstractOAuth20Tests;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.ticket.InvalidTicketException;
import org.apereo.cas.ticket.code.OAuth20Code;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.jee.context.JEEContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("OAuth")
/* loaded from: input_file:org/apereo/cas/support/oauth/web/response/accesstoken/ext/AccessTokenAuthorizationCodeGrantRequestExtractorTests.class */
public class AccessTokenAuthorizationCodeGrantRequestExtractorTests extends AbstractOAuth20Tests {

    @Autowired
    @Qualifier("accessTokenAuthorizationCodeGrantRequestExtractor")
    private AccessTokenGrantRequestExtractor extractor;

    @Test
    public void verifyNoToken() {
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, UUID.randomUUID().toString(), "secret");
        this.servicesManager.save(registeredService);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("client_id", registeredService.getClientId());
        mockHttpServletRequest.addParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.addParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.getType());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Assertions.assertEquals(OAuth20ResponseTypes.NONE, this.extractor.getResponseType());
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertThrows(InvalidTicketException.class, () -> {
            this.extractor.extract(jEEContext);
        });
    }

    @Test
    public void verifyDPoPRequest() throws Exception {
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, UUID.randomUUID().toString(), "secret");
        registeredService.setGenerateRefreshToken(true);
        this.servicesManager.save(registeredService);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addHeader("user-agent", "MSIE");
        mockHttpServletRequest.addParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.addParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.getType());
        mockHttpServletRequest.addParameter("client_id", registeredService.getClientId());
        OAuth20Code addCode = addCode(RegisteredServiceTestUtils.getPrincipal(), registeredService);
        this.ticketRegistry.addTicket(addCode.getTicketGrantingTicket());
        mockHttpServletRequest.addParameter("code", addCode.getId());
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        ProfileManager profileManager = new ProfileManager(jEEContext, this.oauthDistributedSessionStore);
        profileManager.removeProfiles();
        CommonProfile commonProfile = new CommonProfile();
        commonProfile.setId(registeredService.getClientId());
        commonProfile.addAttribute("DPoP", "dpop-value");
        commonProfile.addAttribute("DPoPConfirmation", "dpop-confirmation-value");
        profileManager.save(true, commonProfile, false);
        AccessTokenRequestContext extract = this.extractor.extract(jEEContext);
        Assertions.assertNotNull(extract);
        Assertions.assertNotNull(extract.getDpop());
        Assertions.assertNotNull(extract.getDpopConfirmation());
    }

    @Test
    public void verifyExtraction() throws Exception {
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, UUID.randomUUID().toString(), "secret");
        registeredService.setGenerateRefreshToken(true);
        this.servicesManager.save(registeredService);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.addParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.getType());
        mockHttpServletRequest.addParameter("client_id", registeredService.getClientId());
        OAuth20Code addCode = addCode(RegisteredServiceTestUtils.getPrincipal(), registeredService);
        this.ticketRegistry.addTicket(addCode.getTicketGrantingTicket());
        mockHttpServletRequest.addParameter("code", addCode.getId());
        Assertions.assertNotNull(this.extractor.extract(new JEEContext(mockHttpServletRequest, new MockHttpServletResponse())));
    }

    @Test
    public void verifyExpiredCode() throws Exception {
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, UUID.randomUUID().toString(), "secret");
        registeredService.setGenerateRefreshToken(true);
        this.servicesManager.save(registeredService);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.addParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.getType());
        mockHttpServletRequest.addParameter("client_id", registeredService.getClientId());
        OAuth20Code addCode = addCode(RegisteredServiceTestUtils.getPrincipal(), registeredService);
        this.ticketRegistry.addTicket(addCode.getTicketGrantingTicket());
        addCode.markTicketExpired();
        mockHttpServletRequest.addParameter("code", addCode.getId());
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        Assertions.assertThrows(InvalidTicketException.class, () -> {
            this.extractor.extract(jEEContext);
        });
    }

    @Test
    public void verifyExpiredTgt() throws Exception {
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, UUID.randomUUID().toString(), "secret");
        registeredService.setGenerateRefreshToken(true);
        this.servicesManager.save(registeredService);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("redirect_uri", AbstractOAuth20Tests.REDIRECT_URI);
        mockHttpServletRequest.addParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.getType());
        mockHttpServletRequest.addParameter("client_id", registeredService.getClientId());
        OAuth20Code addCode = addCode(RegisteredServiceTestUtils.getPrincipal(), registeredService);
        addCode.getTicketGrantingTicket().markTicketExpired();
        this.ticketRegistry.updateTicket(addCode);
        mockHttpServletRequest.addParameter("code", addCode.getId());
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        Assertions.assertThrows(InvalidTicketException.class, () -> {
            this.extractor.extract(jEEContext);
        });
    }

    @Test
    public void verifyUnknownService() throws Exception {
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, UUID.randomUUID().toString(), "secret");
        this.servicesManager.save(registeredService);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("redirect_uri", "unknown.org/abc");
        mockHttpServletRequest.addParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.getType());
        mockHttpServletRequest.addParameter("client_id", "Unknown");
        OAuth20Code addCode = addCode(RegisteredServiceTestUtils.getPrincipal(), registeredService);
        this.ticketRegistry.addTicket(addCode.getTicketGrantingTicket());
        mockHttpServletRequest.addParameter("code", addCode.getId());
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        Assertions.assertThrows(UnauthorizedServiceException.class, () -> {
            this.extractor.extract(jEEContext);
        });
    }

    @Test
    public void verifyNoClientIdOrRedirectUri() throws Exception {
        OAuthRegisteredService registeredService = getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, UUID.randomUUID().toString(), "secret");
        this.servicesManager.save(registeredService);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.getType());
        OAuth20Code addCode = addCode(RegisteredServiceTestUtils.getPrincipal(), registeredService);
        this.ticketRegistry.addTicket(addCode.getTicketGrantingTicket());
        mockHttpServletRequest.addParameter("code", addCode.getId());
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        Assertions.assertThrows(UnauthorizedServiceException.class, () -> {
            this.extractor.extract(jEEContext);
        });
    }
}
