package org.apereo.cas.support.oauth.web.endpoints;

import java.nio.charset.StandardCharsets;
import java.util.UUID;
import org.apereo.cas.AbstractOAuth20Tests;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.web.response.introspection.BaseOAuth20IntrospectionAccessTokenResponse;
import org.apereo.cas.support.oauth.web.response.introspection.OAuth20IntrospectionAccessTokenResponse;
import org.apereo.cas.util.EncodingUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("OAuthWeb")
/* loaded from: input_file:org/apereo/cas/support/oauth/web/endpoints/OAuth20IntrospectionEndpointControllerTests.class */
class OAuth20IntrospectionEndpointControllerTests extends AbstractOAuth20Tests {
    private static final String CLIENT_ID2 = "2";

    @Autowired
    @Qualifier("introspectionEndpointController")
    private OAuth20IntrospectionEndpointController<OAuth20ConfigurationContext> introspectionEndpoint;

    OAuth20IntrospectionEndpointControllerTests() {
    }

    @Test
    void verifyBadCredentialsOperation() throws Throwable {
        Assertions.assertNotNull(internalVerifyOperation("---", addRegisteredService()).getError());
    }

    @Test
    void verifyOperation() throws Throwable {
        OAuthRegisteredService addRegisteredService = addRegisteredService();
        OAuth20IntrospectionAccessTokenResponse internalVerifyOperation = internalVerifyOperation(addRegisteredService.getClientId() + ":secret", addRegisteredService);
        Assertions.assertNotNull(internalVerifyOperation);
        Assertions.assertEquals(addRegisteredService.getClientId(), internalVerifyOperation.getClientId());
        Assertions.assertEquals(AbstractOAuth20Tests.SERVICE_URL, internalVerifyOperation.getAud());
    }

    @Test
    void verifyBadSecret() throws Throwable {
        OAuthRegisteredService addRegisteredService = addRegisteredService(AbstractOAuth20Tests.SERVICE_URL, UUID.randomUUID().toString());
        Assertions.assertNotNull(internalVerifyOperation(addRegisteredService.getClientId() + ":secret", addRegisteredService).getError());
    }

    @Test
    void verifyOperationFromOtherClient() throws Throwable {
        this.servicesManager.save(getRegisteredService(AbstractOAuth20Tests.REDIRECT_URI, CLIENT_ID2, "secret"));
        OAuthRegisteredService addRegisteredService = addRegisteredService();
        OAuth20IntrospectionAccessTokenResponse internalVerifyOperation = internalVerifyOperation("2:secret", addRegisteredService);
        Assertions.assertNotNull(internalVerifyOperation);
        Assertions.assertEquals(addRegisteredService.getClientId(), internalVerifyOperation.getClientId());
        Assertions.assertEquals(AbstractOAuth20Tests.SERVICE_URL, internalVerifyOperation.getAud());
    }

    @Test
    void verifyNoService() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        String uuid = UUID.randomUUID().toString();
        mockHttpServletRequest.addHeader("Authorization", "Basic " + EncodingUtils.encodeBase64((uuid + ":secret").getBytes(StandardCharsets.UTF_8)));
        mockHttpServletRequest.addParameter("access_token", generateAccessTokenResponseAndGetModelAndView(getRegisteredService(uuid, uuid)).getModel().get("access_token").toString());
        Assertions.assertEquals(HttpStatus.UNAUTHORIZED, this.introspectionEndpoint.handleRequest(mockHttpServletRequest, mockHttpServletResponse).getStatusCode());
    }

    @Test
    void verifyUnauthzOperation() throws Throwable {
        Assertions.assertEquals(HttpStatus.UNAUTHORIZED, this.introspectionEndpoint.handleRequest(new MockHttpServletRequest(), new MockHttpServletResponse()).getStatusCode());
    }

    @Test
    void verifyBadOperation() throws Throwable {
        OAuthRegisteredService addRegisteredService = addRegisteredService();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.addHeader("Authorization", "Basic " + EncodingUtils.encodeBase64((addRegisteredService.getClientId() + ":secret").getBytes(StandardCharsets.UTF_8)));
        Assertions.assertEquals(HttpStatus.BAD_REQUEST, this.introspectionEndpoint.handleRequest(mockHttpServletRequest, mockHttpServletResponse).getStatusCode());
    }

    protected BaseOAuth20IntrospectionAccessTokenResponse internalVerifyOperation(String str, OAuthRegisteredService oAuthRegisteredService) throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.addHeader("Authorization", "Basic " + EncodingUtils.encodeBase64(str.getBytes(StandardCharsets.UTF_8)));
        mockHttpServletRequest.addParameter("token", generateAccessTokenResponseAndGetModelAndView(oAuthRegisteredService).getModel().get("access_token").toString());
        return (BaseOAuth20IntrospectionAccessTokenResponse) this.introspectionEndpoint.handleRequest(mockHttpServletRequest, mockHttpServletResponse).getBody();
    }
}
