package org.apereo.cas.support.oauth.web.response.accesstoken;

import java.util.LinkedHashSet;
import java.util.UUID;
import org.apereo.cas.AbstractOAuth20Tests;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.validator.token.device.InvalidOAuth20DeviceTokenException;
import org.apereo.cas.support.oauth.validator.token.device.ThrottledOAuth20DeviceUserCodeApprovalException;
import org.apereo.cas.support.oauth.validator.token.device.UnapprovedOAuth20DeviceUserCodeException;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestContext;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.ticket.device.OAuth20DeviceToken;
import org.apereo.cas.ticket.device.OAuth20DeviceUserCode;
import org.jose4j.jwt.JwtClaims;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.pac4j.jee.context.JEEContext;
import org.springframework.http.HttpMethod;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.context.TestPropertySource;
import org.springframework.web.servlet.ModelAndView;

@Tag("OAuthToken")
@TestPropertySource(properties = {"cas.authn.oauth.access-token.crypto.encryption.key=AZ5y4I9qzKPYUVNL2Td4RMbpg6Z-ldui8VEFg8hsj1M", "cas.authn.oauth.access-token.crypto.signing.key=cAPyoHMrOMWrwydOXzBA-ufZQM-TilnLjbRgMQWlUlwFmy07bOtAgCIdNBma3c5P4ae_JV6n1OpOAYqSh2NkmQ", "cas.authn.oauth.access-token.crypto.enabled=true", "cas.authn.oauth.device-token.refresh-interval=PT1S"})
/* loaded from: input_file:org/apereo/cas/support/oauth/web/response/accesstoken/OAuth20DefaultTokenGeneratorTests.class */
class OAuth20DefaultTokenGeneratorTests extends AbstractOAuth20Tests {
    OAuth20DefaultTokenGeneratorTests() {
    }

    @BeforeEach
    public void initialize() {
        clearAllServices();
    }

    @Test
    void verifyRequestedClaims() throws Throwable {
        OAuthRegisteredService registeredService = getRegisteredService(UUID.randomUUID().toString(), "secret", new LinkedHashSet());
        this.servicesManager.save(registeredService);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.addParameter("claims", "\"userinfo\": {\"given_name\": {\"essential\": true}}");
        ModelAndView generateAccessTokenResponseAndGetModelAndView = generateAccessTokenResponseAndGetModelAndView(registeredService, RegisteredServiceTestUtils.getAuthentication(AbstractOAuth20Tests.ID), OAuth20GrantTypes.AUTHORIZATION_CODE, mockHttpServletRequest);
        Assertions.assertNotNull(generateAccessTokenResponseAndGetModelAndView);
        Assertions.assertTrue(this.ticketRegistry.getTicket(generateAccessTokenResponseAndGetModelAndView.getModel().get("access_token").toString(), OAuth20AccessToken.class).getAuthentication().getAttributes().containsKey("given_name"));
    }

    @Test
    void verifyAccessTokenAsJwt() throws Throwable {
        OAuthRegisteredService registeredService = getRegisteredService(UUID.randomUUID().toString(), "secret", new LinkedHashSet());
        registeredService.setJwtAccessToken(true);
        this.servicesManager.save(registeredService);
        ModelAndView generateAccessTokenResponseAndGetModelAndView = generateAccessTokenResponseAndGetModelAndView(registeredService);
        Assertions.assertTrue(generateAccessTokenResponseAndGetModelAndView.getModel().containsKey("access_token"));
        String obj = this.oauthAccessTokenJwtCipherExecutor.decode(generateAccessTokenResponseAndGetModelAndView.getModel().get("access_token").toString()).toString();
        Assertions.assertNotNull(obj);
        JwtClaims parse = JwtClaims.parse(obj);
        Assertions.assertNotNull(parse);
        String jwtId = parse.getJwtId();
        Assertions.assertNotNull(jwtId);
        Assertions.assertNotNull(this.ticketRegistry.getTicket(jwtId, OAuth20AccessToken.class));
    }

    @Test
    void verifySlowDown() throws Throwable {
        OAuth20DefaultTokenGenerator oAuth20DefaultTokenGenerator = new OAuth20DefaultTokenGenerator(this.defaultAccessTokenFactory, this.defaultDeviceTokenFactory, this.defaultDeviceUserCodeFactory, this.oAuthRefreshTokenFactory, this.ticketRegistry, this.casProperties);
        OAuth20DeviceToken createDeviceCode = this.defaultDeviceTokenFactory.createDeviceCode(RegisteredServiceTestUtils.getService("https://device.oauth.org"));
        this.ticketRegistry.addTicket(createDeviceCode);
        this.ticketRegistry.addTicket(this.defaultDeviceUserCodeFactory.createDeviceUserCode(createDeviceCode));
        AccessTokenRequestContext build = AccessTokenRequestContext.builder().responseType(OAuth20ResponseTypes.DEVICE_CODE).deviceCode(createDeviceCode.getId()).authentication(RegisteredServiceTestUtils.getAuthentication()).registeredService(getRegisteredService(UUID.randomUUID().toString(), "secret")).build();
        Assertions.assertThrows(ThrottledOAuth20DeviceUserCodeApprovalException.class, () -> {
            oAuth20DefaultTokenGenerator.generate(build);
        });
    }

    @Test
    void verifyUnapproved() throws Throwable {
        OAuth20DefaultTokenGenerator oAuth20DefaultTokenGenerator = new OAuth20DefaultTokenGenerator(this.defaultAccessTokenFactory, this.defaultDeviceTokenFactory, this.defaultDeviceUserCodeFactory, this.oAuthRefreshTokenFactory, this.ticketRegistry, this.casProperties);
        OAuth20DeviceToken createDeviceCode = this.defaultDeviceTokenFactory.createDeviceCode(RegisteredServiceTestUtils.getService("https://device.oauth.org"));
        this.ticketRegistry.addTicket(createDeviceCode);
        this.ticketRegistry.addTicket(this.defaultDeviceUserCodeFactory.createDeviceUserCode(createDeviceCode));
        Thread.sleep(2000L);
        AccessTokenRequestContext build = AccessTokenRequestContext.builder().responseType(OAuth20ResponseTypes.DEVICE_CODE).deviceCode(createDeviceCode.getId()).authentication(RegisteredServiceTestUtils.getAuthentication()).registeredService(getRegisteredService(UUID.randomUUID().toString(), "secret")).build();
        Assertions.assertThrows(UnapprovedOAuth20DeviceUserCodeException.class, () -> {
            oAuth20DefaultTokenGenerator.generate(build);
        });
    }

    @Test
    void verifyExpiredUserCode() throws Throwable {
        OAuth20DefaultTokenGenerator oAuth20DefaultTokenGenerator = new OAuth20DefaultTokenGenerator(this.defaultAccessTokenFactory, this.defaultDeviceTokenFactory, this.defaultDeviceUserCodeFactory, this.oAuthRefreshTokenFactory, this.ticketRegistry, this.casProperties);
        OAuth20DeviceToken createDeviceCode = this.defaultDeviceTokenFactory.createDeviceCode(RegisteredServiceTestUtils.getService("https://device.oauth.org"));
        this.ticketRegistry.addTicket(createDeviceCode);
        OAuth20DeviceUserCode createDeviceUserCode = this.defaultDeviceUserCodeFactory.createDeviceUserCode(createDeviceCode);
        this.ticketRegistry.addTicket(createDeviceUserCode);
        Thread.sleep(2000L);
        AccessTokenRequestContext build = AccessTokenRequestContext.builder().responseType(OAuth20ResponseTypes.DEVICE_CODE).deviceCode(createDeviceCode.getId()).authentication(RegisteredServiceTestUtils.getAuthentication()).registeredService(getRegisteredService(UUID.randomUUID().toString(), "secret")).build();
        createDeviceUserCode.markTicketExpired();
        Assertions.assertThrows(InvalidOAuth20DeviceTokenException.class, () -> {
            oAuth20DefaultTokenGenerator.generate(build);
        });
    }

    @Test
    void verifyDeviceCodeExpired() throws Throwable {
        OAuth20DefaultTokenGenerator oAuth20DefaultTokenGenerator = new OAuth20DefaultTokenGenerator(this.defaultAccessTokenFactory, this.defaultDeviceTokenFactory, this.defaultDeviceUserCodeFactory, this.oAuthRefreshTokenFactory, this.ticketRegistry, this.casProperties);
        OAuth20DeviceToken createDeviceCode = this.defaultDeviceTokenFactory.createDeviceCode(RegisteredServiceTestUtils.getService("https://device.oauth.org"));
        this.ticketRegistry.addTicket(createDeviceCode);
        this.ticketRegistry.addTicket(this.defaultDeviceUserCodeFactory.createDeviceUserCode(createDeviceCode));
        Thread.sleep(2000L);
        AccessTokenRequestContext build = AccessTokenRequestContext.builder().responseType(OAuth20ResponseTypes.DEVICE_CODE).deviceCode(createDeviceCode.getId()).authentication(RegisteredServiceTestUtils.getAuthentication()).registeredService(getRegisteredService(UUID.randomUUID().toString(), "secret")).build();
        createDeviceCode.markTicketExpired();
        Assertions.assertThrows(InvalidOAuth20DeviceTokenException.class, () -> {
            oAuth20DefaultTokenGenerator.generate(build);
        });
    }

    @Test
    void verifyAccessTokenIsRefreshed() throws Throwable {
        OAuthRegisteredService registeredService = getRegisteredService(UUID.randomUUID().toString(), "secret", new LinkedHashSet());
        registeredService.setJwtAccessToken(true);
        this.servicesManager.save(registeredService);
        Authentication authentication = RegisteredServiceTestUtils.getAuthentication(AbstractOAuth20Tests.ID);
        ModelAndView generateAccessTokenResponseAndGetModelAndView = generateAccessTokenResponseAndGetModelAndView(registeredService, authentication, OAuth20GrantTypes.AUTHORIZATION_CODE);
        Assertions.assertTrue(generateAccessTokenResponseAndGetModelAndView.getModel().containsKey("access_token"));
        String obj = this.oauthAccessTokenJwtCipherExecutor.decode(generateAccessTokenResponseAndGetModelAndView.getModel().get("access_token").toString()).toString();
        Assertions.assertNotNull(obj);
        JwtClaims parse = JwtClaims.parse(obj);
        Assertions.assertNotNull(parse);
        Assertions.assertNotNull(parse.getIssuedAt());
        Assertions.assertNotEquals(authentication.getAuthenticationDate().toInstant().toEpochMilli(), parse.getIssuedAt().getValueInMillis());
        Assertions.assertNotNull(parse.getExpirationTime());
        Thread.sleep(2000L);
        ModelAndView generateAccessTokenResponseAndGetModelAndView2 = generateAccessTokenResponseAndGetModelAndView(registeredService, authentication, OAuth20GrantTypes.REFRESH_TOKEN);
        Assertions.assertTrue(generateAccessTokenResponseAndGetModelAndView2.getModel().containsKey("access_token"));
        String obj2 = this.oauthAccessTokenJwtCipherExecutor.decode(generateAccessTokenResponseAndGetModelAndView2.getModel().get("access_token").toString()).toString();
        Assertions.assertNotNull(obj2);
        JwtClaims parse2 = JwtClaims.parse(obj2);
        Assertions.assertNotNull(parse2);
        Assertions.assertNotNull(parse2.getIssuedAt());
        Assertions.assertNotEquals(authentication.getAuthenticationDate().toInstant().toEpochMilli(), parse2.getIssuedAt().getValueInMillis());
        Assertions.assertNotNull(parse2.getExpirationTime());
        Assertions.assertNotEquals(parse.getExpirationTime().getValue(), parse2.getExpirationTime().getValue());
    }

    @Test
    void verifyCustomizedRTWithNullAuthentication() throws Throwable {
        OAuthRegisteredService registeredService = getRegisteredService(UUID.randomUUID().toString(), "secret", new LinkedHashSet());
        this.servicesManager.save(registeredService);
        Assertions.assertNotNull(this.oauthTokenGenerator.generateAccessTokenOAuthGrantTypes(AccessTokenRequestContext.builder().clientId(registeredService.getClientId()).service(RegisteredServiceTestUtils.getService(AbstractOAuth20Tests.SERVICE_URL)).authentication((Authentication) null).registeredService(registeredService).grantType(OAuth20GrantTypes.AUTHORIZATION_CODE).responseType(OAuth20ResponseTypes.CODE).ticketGrantingTicket(new MockTicketGrantingTicket(AbstractOAuth20Tests.ID)).claims(this.oauthRequestParameterResolver.resolveRequestClaims(new JEEContext(new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken"), new MockHttpServletResponse()))).build()));
    }
}
