package org.apereo.cas.support.oauth.web.endpoints;

import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apereo.cas.AbstractOAuth20Tests;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20JwtAccessTokenCipherExecutor;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20RegisteredServiceJwtAccessTokenCipherExecutor;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessTokenFactory;
import org.apereo.cas.ticket.accesstoken.OAuth20DefaultAccessToken;
import org.apereo.cas.ticket.accesstoken.OAuth20DefaultAccessTokenFactory;
import org.apereo.cas.ticket.code.OAuth20Code;
import org.apereo.cas.token.JwtBuilder;
import org.apereo.cas.web.CasWebSecurityConfigurer;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.context.TestPropertySource;

@Tag("OAuthWeb")
@TestPropertySource(properties = {"cas.ticket.track-descendant-tickets=false"})
/* loaded from: input_file:org/apereo/cas/support/oauth/web/endpoints/OAuth20UserProfileEndpointControllerTests.class */
class OAuth20UserProfileEndpointControllerTests extends AbstractOAuth20Tests {

    @Autowired
    @Qualifier("oauth20ProtocolEndpointConfigurer")
    private CasWebSecurityConfigurer<Void> oauth20ProtocolEndpointConfigurer;

    @Autowired
    @Qualifier("defaultAccessTokenFactory")
    private OAuth20AccessTokenFactory accessTokenFactory;

    @Autowired
    @Qualifier("oauthProfileController")
    private OAuth20UserProfileEndpointController oAuth20ProfileController;

    OAuth20UserProfileEndpointControllerTests() {
    }

    @Test
    void verifyNoGivenAccessToken() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/profile");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        ResponseEntity handlePostRequest = this.oAuth20ProfileController.handlePostRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.UNAUTHORIZED, handlePostRequest.getStatusCode());
        Assertions.assertEquals("application/json", mockHttpServletResponse.getContentType());
        Assertions.assertNotNull(handlePostRequest.getBody());
        Assertions.assertTrue(handlePostRequest.getBody().toString().contains("missing_accessToken"));
    }

    @Test
    void verifyNoExistingAccessToken() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/profile");
        mockHttpServletRequest.setParameter("access_token", "DOES NOT EXIST");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        ResponseEntity handleGetRequest = this.oAuth20ProfileController.handleGetRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.UNAUTHORIZED, handleGetRequest.getStatusCode());
        Assertions.assertEquals("application/json", mockHttpServletResponse.getContentType());
        Assertions.assertNotNull(handleGetRequest.getBody());
        Assertions.assertTrue(handleGetRequest.getBody().toString().contains("expired_accessToken"));
    }

    @Test
    void verifyExpiredAccessToken() throws Throwable {
        Principal principal = CoreAuthenticationTestUtils.getPrincipal(AbstractOAuth20Tests.ID, new HashMap());
        Authentication authentication = getAuthentication(principal);
        OAuth20DefaultAccessTokenFactory oAuth20DefaultAccessTokenFactory = new OAuth20DefaultAccessTokenFactory(alwaysExpiresExpirationPolicyBuilder(), new JwtBuilder(new OAuth20JwtAccessTokenCipherExecutor(), this.servicesManager, new OAuth20RegisteredServiceJwtAccessTokenCipherExecutor(), this.casProperties), this.servicesManager, this.descendantTicketsTrackingPolicy);
        OAuth20Code addCode = addCode(principal, addRegisteredService());
        OAuth20AccessToken create = oAuth20DefaultAccessTokenFactory.create(RegisteredServiceTestUtils.getService(), authentication, new MockTicketGrantingTicket(AbstractOAuth20Tests.ID), new ArrayList(), addCode.getId(), addCode.getClientId(), new HashMap(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE);
        this.ticketRegistry.addTicket(create);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/profile");
        mockHttpServletRequest.setParameter("access_token", create.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        ResponseEntity handleGetRequest = this.oAuth20ProfileController.handleGetRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.UNAUTHORIZED, handleGetRequest.getStatusCode());
        Assertions.assertEquals("application/json", mockHttpServletResponse.getContentType());
        Assertions.assertNotNull(handleGetRequest.getBody());
        Assertions.assertTrue(handleGetRequest.getBody().toString().contains("expired_accessToken"));
    }

    @Test
    void verifyEndpoints() throws Throwable {
        Assertions.assertFalse(this.oauth20ProtocolEndpointConfigurer.getIgnoredEndpoints().isEmpty());
    }

    @Test
    void verifyBadJWTAccessToken() throws Throwable {
        Principal principal = CoreAuthenticationTestUtils.getPrincipal(AbstractOAuth20Tests.ID);
        Authentication authentication = getAuthentication(principal);
        OAuth20Code addCode = addCode(principal, addRegisteredService());
        OAuth20DefaultAccessToken create = this.accessTokenFactory.create(RegisteredServiceTestUtils.getService(), authentication, new MockTicketGrantingTicket(AbstractOAuth20Tests.ID), new ArrayList(), addCode.getId(), addCode.getClientId(), new HashMap(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE);
        create.setId("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.xxxx.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c");
        this.ticketRegistry.addTicket(create);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/profile");
        mockHttpServletRequest.setParameter("access_token", create.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        ResponseEntity handleGetRequest = this.oAuth20ProfileController.handleGetRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.UNAUTHORIZED, handleGetRequest.getStatusCode());
        Assertions.assertEquals("application/json", mockHttpServletResponse.getContentType());
        Assertions.assertNotNull(handleGetRequest.getBody());
        Assertions.assertTrue(handleGetRequest.getBody().toString().contains("invalid_request"));
    }

    @Test
    void verifyOK() throws Throwable {
        HashMap hashMap = new HashMap();
        hashMap.put(AbstractOAuth20Tests.NAME, List.of(AbstractOAuth20Tests.VALUE));
        List of = List.of(AbstractOAuth20Tests.VALUE, AbstractOAuth20Tests.VALUE);
        hashMap.put(AbstractOAuth20Tests.NAME2, of);
        Principal principal = CoreAuthenticationTestUtils.getPrincipal(AbstractOAuth20Tests.ID, hashMap);
        Authentication authentication = getAuthentication(principal);
        OAuth20Code addCode = addCode(principal, addRegisteredService());
        OAuth20AccessToken create = this.accessTokenFactory.create(RegisteredServiceTestUtils.getService(), authentication, new MockTicketGrantingTicket(AbstractOAuth20Tests.ID), new ArrayList(), addCode.getId(), addCode.getClientId(), new HashMap(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE);
        this.ticketRegistry.addTicket(create);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/profile");
        mockHttpServletRequest.setParameter("access_token", create.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        ResponseEntity handleGetRequest = this.oAuth20ProfileController.handleGetRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.OK, handleGetRequest.getStatusCode());
        Assertions.assertEquals("application/json", mockHttpServletResponse.getContentType());
        Map map = (Map) handleGetRequest.getBody();
        Assertions.assertEquals(AbstractOAuth20Tests.ID, map.get("id"));
        Map map2 = (Map) map.get(AbstractOAuth20Tests.ATTRIBUTES_PARAM);
        Assertions.assertEquals(AbstractOAuth20Tests.VALUE, ((List) map2.get(AbstractOAuth20Tests.NAME)).get(0));
        Assertions.assertEquals(of, map2.get(AbstractOAuth20Tests.NAME2));
    }

    @Test
    void verifyOKWithExpiredTicketGrantingTicket() throws Throwable {
        HashMap hashMap = new HashMap();
        hashMap.put(AbstractOAuth20Tests.NAME, List.of(AbstractOAuth20Tests.VALUE));
        List of = List.of(AbstractOAuth20Tests.VALUE, AbstractOAuth20Tests.VALUE);
        hashMap.put(AbstractOAuth20Tests.NAME2, of);
        Principal principal = CoreAuthenticationTestUtils.getPrincipal(AbstractOAuth20Tests.ID, hashMap);
        Authentication authentication = getAuthentication(principal);
        OAuth20Code addCode = addCode(principal, addRegisteredService());
        OAuth20AccessToken create = this.accessTokenFactory.create(RegisteredServiceTestUtils.getService(), authentication, new MockTicketGrantingTicket(AbstractOAuth20Tests.ID), new ArrayList(), addCode.getId(), addCode.getClientId(), new HashMap(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE);
        create.getTicketGrantingTicket().markTicketExpired();
        this.ticketRegistry.addTicket(create);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/profile");
        mockHttpServletRequest.setParameter("access_token", create.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        ResponseEntity handleGetRequest = this.oAuth20ProfileController.handleGetRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.OK, handleGetRequest.getStatusCode());
        Assertions.assertEquals("application/json", mockHttpServletResponse.getContentType());
        ObjectNode createObjectNode = MAPPER.createObjectNode();
        ObjectNode createObjectNode2 = MAPPER.createObjectNode();
        createObjectNode2.put(AbstractOAuth20Tests.NAME, AbstractOAuth20Tests.VALUE);
        ArrayNode createArrayNode = MAPPER.createArrayNode();
        createArrayNode.add(AbstractOAuth20Tests.VALUE);
        createArrayNode.add(AbstractOAuth20Tests.VALUE);
        createObjectNode2.put(AbstractOAuth20Tests.NAME2, createArrayNode);
        createObjectNode.put("id", AbstractOAuth20Tests.ID);
        createObjectNode.put(AbstractOAuth20Tests.ATTRIBUTES_PARAM, createObjectNode2);
        Map map = (Map) handleGetRequest.getBody();
        Assertions.assertEquals(AbstractOAuth20Tests.ID, map.get("id"));
        Map map2 = (Map) map.get(AbstractOAuth20Tests.ATTRIBUTES_PARAM);
        Assertions.assertEquals(AbstractOAuth20Tests.VALUE, ((List) map2.get(AbstractOAuth20Tests.NAME)).get(0));
        Assertions.assertEquals(of, map2.get(AbstractOAuth20Tests.NAME2));
    }

    @Test
    void verifyOKWithAuthorizationHeader() throws Throwable {
        HashMap hashMap = new HashMap();
        hashMap.put(AbstractOAuth20Tests.NAME, List.of(AbstractOAuth20Tests.VALUE));
        List of = List.of(AbstractOAuth20Tests.VALUE, AbstractOAuth20Tests.VALUE);
        hashMap.put(AbstractOAuth20Tests.NAME2, of);
        Principal principal = CoreAuthenticationTestUtils.getPrincipal(AbstractOAuth20Tests.ID, hashMap);
        Authentication authentication = getAuthentication(principal);
        OAuth20Code addCode = addCode(principal, addRegisteredService());
        OAuth20AccessToken create = this.accessTokenFactory.create(RegisteredServiceTestUtils.getService(), authentication, new MockTicketGrantingTicket(AbstractOAuth20Tests.ID), new ArrayList(), addCode.getId(), addCode.getClientId(), new HashMap(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE);
        this.ticketRegistry.addTicket(create);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/profile");
        mockHttpServletRequest.addHeader("Authorization", "Bearer " + create.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        ResponseEntity handleGetRequest = this.oAuth20ProfileController.handleGetRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(HttpStatus.OK, handleGetRequest.getStatusCode());
        Assertions.assertEquals("application/json", mockHttpServletResponse.getContentType());
        Map map = (Map) handleGetRequest.getBody();
        Assertions.assertEquals(AbstractOAuth20Tests.ID, map.get("id"));
        Map map2 = (Map) map.get(AbstractOAuth20Tests.ATTRIBUTES_PARAM);
        Assertions.assertEquals(AbstractOAuth20Tests.VALUE, ((List) map2.get(AbstractOAuth20Tests.NAME)).get(0));
        Assertions.assertEquals(of, map2.get(AbstractOAuth20Tests.NAME2));
    }
}
