package org.apereo.cas;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
import java.nio.charset.StandardCharsets;
import java.time.Clock;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.DefaultAuthenticationBuilder;
import org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.credential.BasicIdentifiableCredential;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.authentication.principal.WebApplicationServiceFactory;
import org.apereo.cas.config.CasCoreAuditAutoConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationAutoConfiguration;
import org.apereo.cas.config.CasCoreAutoConfiguration;
import org.apereo.cas.config.CasCoreCookieAutoConfiguration;
import org.apereo.cas.config.CasCoreLogoutAutoConfiguration;
import org.apereo.cas.config.CasCoreMultifactorAuthenticationAutoConfiguration;
import org.apereo.cas.config.CasCoreMultifactorAuthenticationWebflowAutoConfiguration;
import org.apereo.cas.config.CasCoreNotificationsAutoConfiguration;
import org.apereo.cas.config.CasCoreServicesAutoConfiguration;
import org.apereo.cas.config.CasCoreTicketsAutoConfiguration;
import org.apereo.cas.config.CasCoreUtilAutoConfiguration;
import org.apereo.cas.config.CasCoreWebAutoConfiguration;
import org.apereo.cas.config.CasCoreWebflowAutoConfiguration;
import org.apereo.cas.config.CasOAuth20AutoConfiguration;
import org.apereo.cas.config.CasPersonDirectoryAutoConfiguration;
import org.apereo.cas.config.CasThemesAutoConfiguration;
import org.apereo.cas.config.CasThrottlingAutoConfiguration;
import org.apereo.cas.config.CasThymeleafAutoConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.mock.MockServiceTicket;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.RegisteredServicesTemplatesManager;
import org.apereo.cas.services.ReturnAllAttributeReleasePolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.ServicesManagerConfigurationContext;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.validator.OAuth20ClientSecretValidator;
import org.apereo.cas.support.oauth.web.CasOAuth20AuthenticationEventExecutionPlanTestConfiguration;
import org.apereo.cas.support.oauth.web.OAuth20RequestParameterResolver;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20DeviceUserCodeApprovalEndpointController;
import org.apereo.cas.support.oauth.web.response.OAuth20CasClientRedirectActionBuilder;
import org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20TokenGenerator;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestContext;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20AccessTokenResponseGenerator;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20AccessTokenResponseResult;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20JwtAccessTokenEncoder;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20AuthorizationResponseBuilder;
import org.apereo.cas.ticket.ExpirationPolicy;
import org.apereo.cas.ticket.ExpirationPolicyBuilder;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessTokenFactory;
import org.apereo.cas.ticket.code.OAuth20Code;
import org.apereo.cas.ticket.code.OAuth20CodeFactory;
import org.apereo.cas.ticket.device.OAuth20DeviceTokenFactory;
import org.apereo.cas.ticket.device.OAuth20DeviceUserCodeFactory;
import org.apereo.cas.ticket.expiration.AlwaysExpiresExpirationPolicy;
import org.apereo.cas.ticket.expiration.NeverExpiresExpirationPolicy;
import org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken;
import org.apereo.cas.ticket.refreshtoken.OAuth20RefreshTokenFactory;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.ticket.tracking.TicketTrackingPolicy;
import org.apereo.cas.token.JwtBuilder;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.serialization.ComponentSerializationPlan;
import org.apereo.cas.util.serialization.ComponentSerializationPlanConfigurer;
import org.junit.jupiter.api.Assertions;
import org.mockito.Mockito;
import org.pac4j.core.client.Client;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.jee.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.SpringBootConfiguration;
import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
import org.springframework.boot.autoconfigure.aop.AopAutoConfiguration;
import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpMethod;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.transaction.annotation.EnableTransactionManagement;
import org.springframework.web.context.ConfigurableWebApplicationContext;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@EnableAspectJAutoProxy(proxyTargetClass = false)
@SpringBootTest(classes = {SharedTestConfiguration.class}, properties = {"spring.main.allow-bean-definition-overriding=true", "cas.audit.engine.audit-format=JSON", "cas.audit.slf4j.use-single-line=true", "cas.authn.attribute-repository.stub.attributes.uid=cas", "cas.authn.attribute-repository.stub.attributes.givenName=apereo-cas", "cas.authn.oauth.session-replication.cookie.crypto.encryption.key=3RXtt06xYUAli7uU-Z915ZGe0MRBFw3uDjWgOEf1GT8", "cas.authn.oauth.session-replication.cookie.crypto.signing.key=jIFR-fojN0vOIUcT0hDRXHLVp07CV-YeU8GnjICsXpu65lfkJbiKP028pT74Iurkor38xDGXNcXk_Y1V4rNDqw"})
@EnableTransactionManagement(proxyTargetClass = false)
/* loaded from: input_file:org/apereo/cas/AbstractOAuth20Tests.class */
public abstract class AbstractOAuth20Tests {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractOAuth20Tests.class);
    public static final ObjectMapper MAPPER = new ObjectMapper().findAndRegisterModules().configure(SerializationFeature.WRITE_SINGLE_ELEM_ARRAYS_UNWRAPPED, true);
    public static final String CONTEXT = "/oauth2.0/";
    public static final String CLIENT_SECRET = "secret";
    public static final String WRONG_CLIENT_SECRET = "wrongSecret";
    public static final String REDIRECT_URI = "http://someurl";
    public static final String OTHER_REDIRECT_URI = "http://someotherurl";
    public static final String SERVICE_URL = "http://serviceurl";
    public static final String ID = "casuser";
    public static final String NAME = "attributeName";
    public static final String ATTRIBUTES_PARAM = "attributes";
    public static final String NAME2 = "attributeName2";
    public static final String VALUE = "attributeValue";
    public static final String USERNAME = "username";
    public static final String PASSWORD = "password";
    public static final String GOOD_USERNAME = "test";
    public static final String GOOD_PASSWORD = "test";
    public static final String CODE_CHALLENGE = "myclientcode";
    public static final String CODE_CHALLENGE_METHOD_PLAIN = "plain";
    public static final String FIRST_NAME_ATTRIBUTE = "firstName";
    public static final String FIRST_NAME = "jerome";
    public static final String LAST_NAME_ATTRIBUTE = "lastName";
    public static final String LAST_NAME = "LELEU";
    public static final String CAS_SERVER = "casserver";
    public static final String CAS_SCHEME = "https";
    public static final int CAS_PORT = 443;
    public static final int DELTA = 2;
    public static final int TIMEOUT = 7200;

    @Autowired
    @Qualifier("registeredServicesTemplatesManager")
    protected RegisteredServicesTemplatesManager registeredServicesTemplatesManager;

    @Autowired
    @Qualifier("oauthSecConfig")
    protected Config oauthSecConfig;

    @Autowired
    @Qualifier("oauthCasClient")
    protected Client oauthCasClient;

    @Autowired
    @Qualifier("oauthCasClientRedirectActionBuilder")
    protected OAuth20CasClientRedirectActionBuilder oauthCasClientRedirectActionBuilder;

    @Autowired
    @Qualifier("webApplicationServiceFactory")
    protected ServiceFactory<WebApplicationService> serviceFactory;

    @Autowired
    @Qualifier("oauthHandlerInterceptorAdapter")
    protected HandlerInterceptor oauthHandlerInterceptorAdapter;

    @Autowired
    @Qualifier("servicesManagerConfigurationContext")
    protected ServicesManagerConfigurationContext servicesManagerConfigurationContext;

    @Autowired
    @Qualifier("accessTokenController")
    protected OAuth20AccessTokenEndpointController accessTokenController;

    @Autowired
    @Qualifier("oauthDistributedSessionStore")
    protected SessionStore oauthDistributedSessionStore;

    @Autowired
    @Qualifier("oauthAuthorizationCodeResponseBuilder")
    protected OAuth20AuthorizationResponseBuilder oauthAuthorizationCodeResponseBuilder;

    @Autowired
    @Qualifier("oauthTokenResponseBuilder")
    protected OAuth20AuthorizationResponseBuilder oauthTokenResponseBuilder;

    @Autowired
    @Qualifier("oauth20ClientSecretValidator")
    protected OAuth20ClientSecretValidator oauth20ClientSecretValidator;

    @Autowired
    @Qualifier("accessTokenResponseGenerator")
    protected OAuth20AccessTokenResponseGenerator accessTokenResponseGenerator;

    @Autowired
    @Qualifier("accessTokenJwtBuilder")
    protected JwtBuilder accessTokenJwtBuilder;

    @Autowired
    @Qualifier("deviceUserCodeApprovalEndpointController")
    protected OAuth20DeviceUserCodeApprovalEndpointController deviceController;

    @Autowired
    @Qualifier("oauthResourceOwnerCredentialsResponseBuilder")
    protected OAuth20AuthorizationResponseBuilder oauthResourceOwnerCredentialsResponseBuilder;

    @Autowired
    @Qualifier("servicesManager")
    protected ServicesManager servicesManager;

    @Autowired
    @Qualifier("defaultPrincipalResolver")
    protected PrincipalResolver principalResolver;

    @Autowired
    @Qualifier("centralAuthenticationService")
    protected CentralAuthenticationService centralAuthenticationService;

    @Autowired
    @Qualifier("requiresAuthenticationAccessTokenInterceptor")
    protected HandlerInterceptor requiresAuthenticationInterceptor;

    @Autowired
    protected ConfigurableWebApplicationContext applicationContext;

    @Autowired
    @Qualifier("defaultOAuthCodeFactory")
    protected OAuth20CodeFactory oAuthCodeFactory;

    @Autowired
    @Qualifier("defaultDeviceTokenFactory")
    protected OAuth20DeviceTokenFactory defaultDeviceTokenFactory;

    @Autowired
    @Qualifier("oauthRequestParameterResolver")
    protected OAuth20RequestParameterResolver oauthRequestParameterResolver;

    @Autowired
    @Qualifier("defaultDeviceUserCodeFactory")
    protected OAuth20DeviceUserCodeFactory defaultDeviceUserCodeFactory;

    @Autowired
    @Qualifier("defaultRefreshTokenFactory")
    protected OAuth20RefreshTokenFactory defaultRefreshTokenFactory;

    @Autowired
    @Qualifier("defaultOAuthCodeFactory")
    protected OAuth20CodeFactory defaultOAuthCodeFactory;

    @Autowired
    @Qualifier("ticketRegistry")
    protected TicketRegistry ticketRegistry;

    @Autowired
    @Qualifier("oauthAccessTokenJwtCipherExecutor")
    protected CipherExecutor oauthAccessTokenJwtCipherExecutor;

    @Autowired
    @Qualifier("defaultAccessTokenFactory")
    protected OAuth20AccessTokenFactory defaultAccessTokenFactory;

    @Autowired
    @Qualifier("oauthTokenGenerator")
    protected OAuth20TokenGenerator oauthTokenGenerator;

    @Autowired
    @Qualifier("deviceTokenExpirationPolicy")
    protected ExpirationPolicyBuilder deviceTokenExpirationPolicy;

    @Autowired
    @Qualifier("descendantTicketsTrackingPolicy")
    protected TicketTrackingPolicy descendantTicketsTrackingPolicy;

    @Autowired
    protected CasConfigurationProperties casProperties;

    @TestConfiguration(value = "OAuth20TestConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/AbstractOAuth20Tests$OAuth20TestConfiguration.class */
    static class OAuth20TestConfiguration implements ComponentSerializationPlanConfigurer {

        @Autowired
        protected ApplicationContext applicationContext;

        OAuth20TestConfiguration() {
        }

        @Bean
        public List inMemoryRegisteredServices() {
            OAuthRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService("^(https?|imaps?)://.*", OAuthRegisteredService.class);
            registeredService.setClientId(UUID.randomUUID().toString());
            registeredService.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
            OAuthRegisteredService registeredService2 = RegisteredServiceTestUtils.getRegisteredService("https://example.org/jwt-access-token", OAuthRegisteredService.class);
            registeredService2.setClientId(UUID.randomUUID().toString());
            registeredService2.setJwtAccessToken(true);
            return CollectionUtils.wrapList(new OAuthRegisteredService[]{registeredService, registeredService2});
        }

        public void configureComponentSerializationPlan(ComponentSerializationPlan componentSerializationPlan) {
            componentSerializationPlan.registerSerializableClass(MockTicketGrantingTicket.class);
            componentSerializationPlan.registerSerializableClass(MockServiceTicket.class);
        }
    }

    @SpringBootConfiguration
    @ImportAutoConfiguration({RefreshAutoConfiguration.class, WebMvcAutoConfiguration.class, SecurityAutoConfiguration.class, AopAutoConfiguration.class})
    @Import({CasCoreServicesAutoConfiguration.class, CasCoreAuthenticationAutoConfiguration.class, CasOAuth20AuthenticationEventExecutionPlanTestConfiguration.class, CasCoreNotificationsAutoConfiguration.class, CasCoreAuditAutoConfiguration.class, CasCoreAutoConfiguration.class, CasCoreCookieAutoConfiguration.class, CasThrottlingAutoConfiguration.class, CasCoreTicketsAutoConfiguration.class, CasPersonDirectoryAutoConfiguration.class, OAuth20TestConfiguration.class, CasThymeleafAutoConfiguration.class, CasThemesAutoConfiguration.class, CasCoreLogoutAutoConfiguration.class, CasCoreUtilAutoConfiguration.class, CasCoreWebAutoConfiguration.class, CasCoreWebflowAutoConfiguration.class, CasCoreMultifactorAuthenticationAutoConfiguration.class, CasCoreMultifactorAuthenticationWebflowAutoConfiguration.class, CasOAuth20AutoConfiguration.class})
    /* loaded from: input_file:org/apereo/cas/AbstractOAuth20Tests$SharedTestConfiguration.class */
    public static class SharedTestConfiguration {
    }

    public static ExpirationPolicyBuilder alwaysExpiresExpirationPolicyBuilder() {
        return new ExpirationPolicyBuilder() { // from class: org.apereo.cas.AbstractOAuth20Tests.1
            private static final long serialVersionUID = -9043565995104313970L;

            public ExpirationPolicy buildTicketExpirationPolicy() {
                return AlwaysExpiresExpirationPolicy.INSTANCE;
            }
        };
    }

    protected static OAuth20RefreshToken getRefreshToken(String str, String str2) {
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(str2);
        OAuth20RefreshToken oAuth20RefreshToken = (OAuth20RefreshToken) Mockito.mock(OAuth20RefreshToken.class);
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(str);
        Mockito.when(oAuth20RefreshToken.getService()).thenReturn(service);
        service.getAttributes().put("client_id", List.of(str2));
        Mockito.when(oAuth20RefreshToken.getCreationTime()).thenReturn(ZonedDateTime.now(Clock.systemUTC()));
        String str3 = "RT" + "-%s".formatted(UUID.randomUUID().toString());
        Mockito.when(oAuth20RefreshToken.getId()).thenReturn(str3);
        Mockito.when(oAuth20RefreshToken.getTicketGrantingTicket()).thenReturn(mockTicketGrantingTicket);
        Mockito.when(oAuth20RefreshToken.getAuthentication()).thenReturn(mockTicketGrantingTicket.getAuthentication());
        Mockito.when(oAuth20RefreshToken.getClientId()).thenReturn(str2);
        Mockito.when(oAuth20RefreshToken.getExpirationPolicy()).thenReturn(NeverExpiresExpirationPolicy.INSTANCE);
        Mockito.when(oAuth20RefreshToken.toString()).thenReturn(str3);
        return oAuth20RefreshToken;
    }

    protected static OAuth20RefreshToken getRefreshToken() {
        return getRefreshToken("https://google.com", UUID.randomUUID().toString());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OAuth20AccessToken getAccessToken(String str, String str2, String str3) {
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(ID);
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(str2);
        service.getAttributes().put("client_id", List.of(str3));
        OAuth20AccessToken oAuth20AccessToken = (OAuth20AccessToken) Mockito.mock(OAuth20AccessToken.class);
        String str4 = "AT" + "-%s".formatted(str);
        Mockito.when(oAuth20AccessToken.getId()).thenReturn(str4);
        Mockito.when(oAuth20AccessToken.getTicketGrantingTicket()).thenReturn(mockTicketGrantingTicket);
        Mockito.when(oAuth20AccessToken.getAuthentication()).thenReturn(mockTicketGrantingTicket.getAuthentication());
        Mockito.when(oAuth20AccessToken.getService()).thenReturn(service);
        Mockito.when(oAuth20AccessToken.getClientId()).thenReturn(str3);
        Mockito.when(oAuth20AccessToken.getExpirationPolicy()).thenReturn(NeverExpiresExpirationPolicy.INSTANCE);
        Mockito.when(oAuth20AccessToken.getCreationTime()).thenReturn(ZonedDateTime.now(Clock.systemUTC()));
        Mockito.when(oAuth20AccessToken.toString()).thenReturn(str4);
        return oAuth20AccessToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OAuth20AccessToken getAccessToken(String str, String str2) {
        return getAccessToken("123456", str, str2);
    }

    protected static OAuth20AccessToken getAccessToken(String str) {
        return getAccessToken(str, UUID.randomUUID().toString());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OAuth20AccessToken getAccessToken() {
        return getAccessToken("https://google.com", UUID.randomUUID().toString());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OAuthRegisteredService getRegisteredService(String str, OAuth20GrantTypes... oAuth20GrantTypesArr) {
        return getRegisteredService("https://oauth-%s.example.org".formatted(RandomUtils.randomAlphabetic(6)), str, UUID.randomUUID().toString(), Set.of((Object[]) oAuth20GrantTypesArr));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OAuthRegisteredService getRegisteredService(OAuth20GrantTypes... oAuth20GrantTypesArr) {
        return getRegisteredService(UUID.randomUUID().toString(), oAuth20GrantTypesArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OAuthRegisteredService getRegisteredService(String str, String str2) {
        return getRegisteredService("https://oauth.example.org", str, str2, Set.of());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OAuthRegisteredService getRegisteredService(String str, String str2, String str3) {
        return getRegisteredService(str, str2, str3, Set.of());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OAuthRegisteredService getRegisteredService(String str, String str2, Set<OAuth20GrantTypes> set) {
        return getRegisteredService(str, UUID.randomUUID().toString(), str2, set);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OAuthRegisteredService getRegisteredService(String str, String str2, String str3, Set<OAuth20GrantTypes> set) {
        OAuthRegisteredService oAuthRegisteredService = new OAuthRegisteredService();
        oAuthRegisteredService.setName("RegisteredService-" + RandomUtils.randomAlphabetic(6));
        oAuthRegisteredService.setServiceId(str);
        oAuthRegisteredService.setClientId(str2);
        oAuthRegisteredService.setClientSecret(str3);
        oAuthRegisteredService.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
        oAuthRegisteredService.setSupportedGrantTypes((Set) set.stream().map((v0) -> {
            return v0.getType();
        }).collect(Collectors.toCollection(HashSet::new)));
        return oAuthRegisteredService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Principal createPrincipal() {
        HashMap hashMap = new HashMap();
        hashMap.put(NAME, List.of(VALUE));
        hashMap.put(NAME2, List.of(VALUE, VALUE));
        return CoreAuthenticationTestUtils.getPrincipal(ID, hashMap);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Authentication getAuthentication(Principal principal) {
        BasicIdentifiableCredential basicIdentifiableCredential = new BasicIdentifiableCredential(principal.getId());
        return DefaultAuthenticationBuilder.newInstance().setPrincipal(principal).setAuthenticationDate(ZonedDateTime.now(ZoneOffset.UTC)).addCredential(basicIdentifiableCredential).addSuccess(principal.getClass().getCanonicalName(), new DefaultAuthenticationHandlerExecutionResult(principal.getClass().getCanonicalName(), basicIdentifiableCredential, principal, new ArrayList())).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthRegisteredService addRegisteredService(Set<OAuth20GrantTypes> set) {
        return addRegisteredService(false, set);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthRegisteredService addRegisteredService(boolean z, Set<OAuth20GrantTypes> set) {
        return addRegisteredService(z, set, "secret");
    }

    protected OAuthRegisteredService addRegisteredService(boolean z, Set<OAuth20GrantTypes> set, String str) {
        OAuthRegisteredService registeredService = getRegisteredService(REDIRECT_URI, str, set);
        registeredService.setGenerateRefreshToken(z);
        this.servicesManager.save(registeredService);
        return registeredService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthRegisteredService addRegisteredService(Set<OAuth20GrantTypes> set, String str, String str2) {
        OAuthRegisteredService registeredService = getRegisteredService(str2, str, UUID.randomUUID().toString(), set);
        this.servicesManager.save(registeredService);
        return registeredService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthRegisteredService addRegisteredService(String str, String str2) {
        OAuthRegisteredService registeredService = getRegisteredService(str, str2, EnumSet.allOf(OAuth20GrantTypes.class));
        registeredService.setGenerateRefreshToken(true);
        this.servicesManager.save(registeredService);
        return registeredService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthRegisteredService addRegisteredService(Set<OAuth20GrantTypes> set, String str) {
        return addRegisteredService(false, set, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthRegisteredService addRegisteredService() {
        return addRegisteredService(false, (Set<OAuth20GrantTypes>) EnumSet.noneOf(OAuth20GrantTypes.class));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Pair<String, String> assertClientOK(OAuthRegisteredService oAuthRegisteredService, boolean z) throws Throwable {
        return assertClientOK(oAuthRegisteredService, z, null);
    }

    protected Pair<String, String> assertClientOK(OAuthRegisteredService oAuthRegisteredService, boolean z, String str) throws Throwable {
        Principal createPrincipal = createPrincipal();
        OAuth20Code addCode = addCode(createPrincipal, oAuthRegisteredService);
        LOGGER.debug("Added code [{}] for principal [{}]", addCode, createPrincipal);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("redirect_uri", REDIRECT_URI);
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase(Locale.ENGLISH));
        String str2 = "Basic " + EncodingUtils.encodeBase64((oAuthRegisteredService.getClientId() + ":" + oAuthRegisteredService.getClientSecret()).getBytes(StandardCharsets.UTF_8));
        mockHttpServletRequest.addHeader("Authorization", str2);
        LOGGER.debug("Created header [{}] for client id [{}]", str2, oAuthRegisteredService.getClientId());
        mockHttpServletRequest.setParameter("client_id", oAuthRegisteredService.getClientId());
        mockHttpServletRequest.setParameter("client_secret", "secret");
        if (StringUtils.isNotBlank(str)) {
            mockHttpServletRequest.setParameter("scope", str);
        }
        mockHttpServletRequest.setParameter("code", addCode.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        LOGGER.debug("Invoking authentication interceptor...");
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        LOGGER.debug("Submitting access token request...");
        ModelAndView handleRequest = this.accessTokenController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertNull(this.ticketRegistry.getTicket(addCode.getId()));
        Assertions.assertEquals(200, mockHttpServletResponse.getStatus());
        String str3 = "";
        Map model = handleRequest.getModel();
        Assertions.assertTrue(model.containsKey("access_token"));
        if (z) {
            Assertions.assertTrue(model.containsKey("refresh_token"));
            str3 = model.get("refresh_token").toString();
        }
        Assertions.assertTrue(model.containsKey("expires_in"));
        String extractAccessTokenFrom = extractAccessTokenFrom(model.get("access_token").toString());
        Assertions.assertEquals(createPrincipal, this.ticketRegistry.getTicket(extractAccessTokenFrom, OAuth20AccessToken.class).getAuthentication().getPrincipal());
        Assertions.assertTrue(Integer.parseInt(model.get("expires_in").toString()) >= 7188);
        return Pair.of(extractAccessTokenFrom, str3);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuth20Code addCode(Principal principal, OAuthRegisteredService oAuthRegisteredService) throws Throwable {
        return addCodeWithChallenge(principal, oAuthRegisteredService, null, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuth20Code addCodeWithChallenge(Principal principal, OAuthRegisteredService oAuthRegisteredService, String str, String str2) throws Throwable {
        Authentication authentication = getAuthentication(principal);
        WebApplicationService createService = new WebApplicationServiceFactory().createService(oAuthRegisteredService.getClientId());
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(ID);
        this.ticketRegistry.addTicket(mockTicketGrantingTicket);
        OAuth20Code create = this.oAuthCodeFactory.create(createService, authentication, mockTicketGrantingTicket, new ArrayList(), str, str2, oAuthRegisteredService.getClientId(), new HashMap(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE);
        this.ticketRegistry.addTicket(create);
        return create;
    }

    protected String extractAccessTokenFrom(String str) {
        return (String) OAuth20JwtAccessTokenEncoder.toDecodableCipher(this.accessTokenJwtBuilder).decode(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuth20RefreshToken addRefreshToken(Principal principal, OAuthRegisteredService oAuthRegisteredService) throws Throwable {
        Authentication authentication = getAuthentication(principal);
        OAuth20RefreshToken create = this.defaultRefreshTokenFactory.create(new WebApplicationServiceFactory().createService(oAuthRegisteredService.getServiceId()), authentication, new MockTicketGrantingTicket(ID), new ArrayList(), oAuthRegisteredService.getClientId(), "", new HashMap(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE);
        this.ticketRegistry.addTicket(create);
        return create;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuth20RefreshToken addRefreshToken(Principal principal, OAuthRegisteredService oAuthRegisteredService, OAuth20AccessToken oAuth20AccessToken) throws Throwable {
        Authentication authentication = getAuthentication(principal);
        OAuth20RefreshToken create = this.defaultRefreshTokenFactory.create(new WebApplicationServiceFactory().createService(oAuthRegisteredService.getServiceId()), authentication, new MockTicketGrantingTicket(ID), new ArrayList(), oAuthRegisteredService.getClientId(), oAuth20AccessToken.getId(), new HashMap(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE);
        this.ticketRegistry.addTicket(create);
        return create;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuth20AccessToken addAccessToken(Principal principal, OAuthRegisteredService oAuthRegisteredService) throws Throwable {
        return addAccessToken(principal, oAuthRegisteredService, addCode(principal, oAuthRegisteredService).getId());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuth20AccessToken addAccessToken(Principal principal, OAuthRegisteredService oAuthRegisteredService, String str) throws Throwable {
        Authentication authentication = getAuthentication(principal);
        OAuth20AccessToken create = this.defaultAccessTokenFactory.create(new WebApplicationServiceFactory().createService(oAuthRegisteredService.getServiceId()), authentication, new MockTicketGrantingTicket(ID), new ArrayList(), str, oAuthRegisteredService.getClientId(), new HashMap(), OAuth20ResponseTypes.CODE, OAuth20GrantTypes.AUTHORIZATION_CODE);
        this.ticketRegistry.addTicket(create);
        return create;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Pair<OAuth20AccessToken, OAuth20RefreshToken> assertRefreshTokenOk(OAuthRegisteredService oAuthRegisteredService) throws Throwable {
        Principal createPrincipal = createPrincipal();
        return assertRefreshTokenOk(oAuthRegisteredService, addRefreshToken(createPrincipal, oAuthRegisteredService), createPrincipal);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Pair<OAuth20AccessToken, OAuth20RefreshToken> assertRefreshTokenOk(OAuthRegisteredService oAuthRegisteredService, OAuth20RefreshToken oAuth20RefreshToken, Principal principal) throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken");
        mockHttpServletRequest.setParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.name().toLowerCase(Locale.ENGLISH));
        mockHttpServletRequest.setParameter("client_id", oAuthRegisteredService.getClientId());
        mockHttpServletRequest.setParameter("client_secret", "secret");
        mockHttpServletRequest.setParameter("refresh_token", oAuth20RefreshToken.getId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.requiresAuthenticationInterceptor.preHandle(mockHttpServletRequest, mockHttpServletResponse, (Object) null);
        ModelAndView handleRequest = this.accessTokenController.handleRequest(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertEquals(200, mockHttpServletResponse.getStatus());
        Assertions.assertTrue(handleRequest.getModel().containsKey("access_token"));
        if (oAuthRegisteredService.isGenerateRefreshToken()) {
            Assertions.assertTrue(handleRequest.getModel().containsKey("refresh_token"));
            if (oAuthRegisteredService.isRenewRefreshToken()) {
                Assertions.assertNull(this.ticketRegistry.getTicket(oAuth20RefreshToken.getId()));
            }
        }
        OAuth20RefreshToken oAuth20RefreshToken2 = oAuthRegisteredService.isRenewRefreshToken() ? (OAuth20RefreshToken) this.ticketRegistry.getTicket(handleRequest.getModel().get("refresh_token").toString(), OAuth20RefreshToken.class) : oAuth20RefreshToken;
        Assertions.assertTrue(handleRequest.getModel().containsKey("expires_in"));
        OAuth20AccessToken ticket = this.ticketRegistry.getTicket(handleRequest.getModel().get("access_token").toString(), OAuth20AccessToken.class);
        Assertions.assertEquals(principal, ticket.getAuthentication().getPrincipal());
        Assertions.assertTrue(Integer.parseInt(handleRequest.getModel().get("expires_in").toString()) >= 7188);
        return Pair.of(ticket, oAuth20RefreshToken2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ModelAndView generateAccessTokenResponseAndGetModelAndView(OAuthRegisteredService oAuthRegisteredService) throws Throwable {
        return generateAccessTokenResponseAndGetModelAndView(oAuthRegisteredService, RegisteredServiceTestUtils.getAuthentication(ID), OAuth20GrantTypes.AUTHORIZATION_CODE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ModelAndView generateAccessTokenResponseAndGetModelAndView(OAuthRegisteredService oAuthRegisteredService, Authentication authentication, OAuth20GrantTypes oAuth20GrantTypes) throws Throwable {
        return generateAccessTokenResponseAndGetModelAndView(oAuthRegisteredService, authentication, oAuth20GrantTypes, new MockHttpServletRequest(HttpMethod.GET.name(), "/oauth2.0/accessToken"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ModelAndView generateAccessTokenResponseAndGetModelAndView(OAuthRegisteredService oAuthRegisteredService, Authentication authentication, OAuth20GrantTypes oAuth20GrantTypes, HttpServletRequest httpServletRequest) throws Throwable {
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(SERVICE_URL);
        return this.accessTokenResponseGenerator.generate(OAuth20AccessTokenResponseResult.builder().registeredService(oAuthRegisteredService).responseType(OAuth20ResponseTypes.CODE).service(service).generatedToken(this.oauthTokenGenerator.generate(AccessTokenRequestContext.builder().clientId(oAuthRegisteredService.getClientId()).service(service).authentication(authentication).registeredService(oAuthRegisteredService).grantType(oAuth20GrantTypes).responseType(OAuth20ResponseTypes.CODE).ticketGrantingTicket(new MockTicketGrantingTicket(ID)).claims(this.oauthRequestParameterResolver.resolveRequestClaims(new JEEContext(httpServletRequest, mockHttpServletResponse))).build())).build());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public long getDefaultAccessTokenExpiration() {
        return Beans.newDuration(this.casProperties.getAuthn().getOauth().getAccessToken().getMaxTimeToLiveInSeconds()).getSeconds();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpSession storeProfileIntoSession(HttpServletRequest httpServletRequest, CommonProfile commonProfile) {
        HttpSession session = httpServletRequest.getSession(true);
        Assertions.assertNotNull(session);
        session.setAttribute("OauthOidcServerSupportpac4jUserProfiles", CollectionUtils.wrapLinkedHashMap(commonProfile.getClientName(), commonProfile));
        return session;
    }
}
