package org.apereo.cas.support.oauth.validator.token;

import com.nimbusds.jwt.JWTClaimsSet;
import java.time.Clock;
import java.time.ZonedDateTime;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Stream;
import org.apereo.cas.AbstractOAuth20Tests;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20TokenExchangeTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.token.JwtBuilder;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.jee.context.JEEContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("OAuth")
/* loaded from: input_file:org/apereo/cas/support/oauth/validator/token/OAuth20TokenExchangeGrantTypeTokenRequestValidatorTests.class */
public class OAuth20TokenExchangeGrantTypeTokenRequestValidatorTests extends AbstractOAuth20Tests {

    @Autowired
    @Qualifier("oauthTokenExchangeGrantTypeTokenRequestValidator")
    private OAuth20TokenRequestValidator validator;
    private JEEContext context;
    private MockHttpServletRequest request;

    @BeforeEach
    public void setup() {
        this.request = new MockHttpServletRequest();
        this.request.addHeader("user-agent", "Firefox");
        this.context = new JEEContext(this.request, new MockHttpServletResponse());
        CommonProfile commonProfile = new CommonProfile();
        commonProfile.setClientName("clientBasicAuth");
        commonProfile.setId(AbstractOAuth20Tests.ID);
        new ProfileManager(this.context, this.oauthDistributedSessionStore).save(true, commonProfile, false);
    }

    @Test
    void verifySupports() throws Throwable {
        OAuthRegisteredService addRegisteredService = addRegisteredService(Set.of(OAuth20GrantTypes.TOKEN_EXCHANGE), UUID.randomUUID().toString(), UUID.randomUUID().toString());
        this.request.addParameter("subject_token", UUID.randomUUID().toString());
        this.request.addParameter("subject_token_type", OAuth20TokenExchangeTypes.ACCESS_TOKEN.getType());
        this.request.addParameter("grant_type", OAuth20GrantTypes.TOKEN_EXCHANGE.getType());
        this.request.addParameter("client_id", addRegisteredService.getClientId());
        Assertions.assertTrue(this.validator.supports(this.context));
        Assertions.assertEquals(Integer.MAX_VALUE, this.validator.getOrder());
    }

    @Test
    void verifyWithoutSubjectToken() throws Throwable {
        OAuthRegisteredService addRegisteredService = addRegisteredService(Set.of(OAuth20GrantTypes.TOKEN_EXCHANGE), UUID.randomUUID().toString(), UUID.randomUUID().toString());
        this.request.addParameter("grant_type", OAuth20GrantTypes.TOKEN_EXCHANGE.getType());
        this.request.addParameter("client_id", addRegisteredService.getClientId());
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.validator.validate(this.context);
        });
        this.request.addParameter("subject_token_type", OAuth20TokenExchangeTypes.ACCESS_TOKEN.getType());
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.validator.validate(this.context);
        });
    }

    @MethodSource({"contextProvider"})
    @ParameterizedTest
    void verifyServicePassingWithTicket(Object obj, OAuth20TokenExchangeTypes oAuth20TokenExchangeTypes, OAuthRegisteredService oAuthRegisteredService, Boolean bool) throws Throwable {
        this.request.setParameter("subject_token", obj.toString());
        if (obj instanceof Ticket) {
            this.ticketRegistry.addTicket((Ticket) obj);
        }
        this.request.addParameter("audience", UUID.randomUUID().toString());
        this.request.addParameter("subject_token_type", oAuth20TokenExchangeTypes.getType());
        this.request.addParameter("grant_type", OAuth20GrantTypes.TOKEN_EXCHANGE.getType());
        this.servicesManager.save(oAuthRegisteredService);
        Assertions.assertEquals(bool, Boolean.valueOf(this.validator.validate(this.context)));
    }

    static Stream<Arguments> contextProvider() throws Exception {
        JWTClaimsSet parse = JWTClaimsSet.parse(Map.of("sub", UUID.randomUUID().toString(), "aud", UUID.randomUUID().toString(), "iat", Long.valueOf(ZonedDateTime.now(Clock.systemUTC()).toEpochSecond()), "nbf", Long.valueOf(ZonedDateTime.now(Clock.systemUTC()).toEpochSecond()), "exp", Long.valueOf(ZonedDateTime.now(Clock.systemUTC()).plusHours(2L).toEpochSecond()), "iss", "https://google.com"));
        OAuthRegisteredService registeredService = getRegisteredService(parse.getIssuer(), parse.getSubject(), UUID.randomUUID().toString(), Set.of(OAuth20GrantTypes.TOKEN_EXCHANGE));
        String buildPlain = JwtBuilder.buildPlain(parse, Optional.of(registeredService));
        OAuth20AccessToken accessToken = getAccessToken(UUID.randomUUID().toString(), UUID.randomUUID().toString(), UUID.randomUUID().toString());
        OAuthRegisteredService registeredService2 = getRegisteredService(accessToken.getService().getId(), accessToken.getClientId(), UUID.randomUUID().toString(), Set.of(OAuth20GrantTypes.TOKEN_EXCHANGE));
        OAuth20AccessToken accessToken2 = getAccessToken(UUID.randomUUID().toString(), UUID.randomUUID().toString(), UUID.randomUUID().toString());
        return Stream.of((Object[]) new Arguments[]{Arguments.of(new Object[]{accessToken, OAuth20TokenExchangeTypes.ACCESS_TOKEN, registeredService2, true}), Arguments.of(new Object[]{accessToken2, OAuth20TokenExchangeTypes.ACCESS_TOKEN, getRegisteredService(accessToken2.getService().getId(), accessToken2.getClientId(), UUID.randomUUID().toString(), Set.of()), false}), Arguments.of(new Object[]{buildPlain, OAuth20TokenExchangeTypes.JWT, registeredService, true})});
    }
}
