package org.apereo.cas.support.oauth.web.response.accesstoken.ext;

import java.util.Date;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import org.apereo.cas.AbstractOAuth20Tests;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.OAuth20TokenExchangeTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.token.JwtBuilder;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.jee.context.JEEContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("OAuth")
/* loaded from: input_file:org/apereo/cas/support/oauth/web/response/accesstoken/ext/AccessTokenTokenExchangeGrantRequestExtractorTests.class */
class AccessTokenTokenExchangeGrantRequestExtractorTests extends AbstractOAuth20Tests {

    @Autowired
    @Qualifier("accessTokenTokenExchangeGrantRequestExtractor")
    private AccessTokenGrantRequestExtractor extractor;

    AccessTokenTokenExchangeGrantRequestExtractorTests() {
    }

    @Test
    void verifyExtractionWithJwtType() throws Throwable {
        OAuthRegisteredService addRegisteredService = addRegisteredService(Set.of(OAuth20GrantTypes.TOKEN_EXCHANGE));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        String build = this.accessTokenJwtBuilder.build(JwtBuilder.JwtRequest.builder().registeredService(Optional.of(addRegisteredService)).serviceAudience(Set.of(UUID.randomUUID().toString())).issuer(addRegisteredService.getClientId()).jwtId(UUID.randomUUID().toString()).subject(UUID.randomUUID().toString()).issueDate(new Date()).build());
        OAuth20AccessToken accessToken = getAccessToken(addRegisteredService.getServiceId(), addRegisteredService.getClientId());
        this.ticketRegistry.addTicket(accessToken);
        mockHttpServletRequest.addParameter("subject_token", accessToken.getId());
        mockHttpServletRequest.addParameter("subject_token_type", OAuth20TokenExchangeTypes.ACCESS_TOKEN.getType());
        mockHttpServletRequest.addParameter("actor_token", build);
        mockHttpServletRequest.addParameter("actor_token_type", OAuth20TokenExchangeTypes.JWT.getType());
        mockHttpServletRequest.addParameter("grant_type", OAuth20GrantTypes.TOKEN_EXCHANGE.getType());
        mockHttpServletRequest.addParameter("audience", addRegisteredService.getClientId());
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        CommonProfile commonProfile = new CommonProfile();
        commonProfile.setId(AbstractOAuth20Tests.ID);
        commonProfile.addAttributes(RegisteredServiceTestUtils.getTestAttributes());
        new ProfileManager(jEEContext, this.oauthDistributedSessionStore).save(true, commonProfile, false);
        Assertions.assertNotNull(this.extractor.extract(jEEContext));
    }

    @Test
    void verifyExtractionWithAccessTokenType() throws Throwable {
        OAuthRegisteredService addRegisteredService = addRegisteredService(Set.of(OAuth20GrantTypes.TOKEN_EXCHANGE));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        OAuth20AccessToken accessToken = getAccessToken(addRegisteredService.getServiceId(), addRegisteredService.getClientId());
        this.ticketRegistry.addTicket(accessToken);
        OAuth20AccessToken accessToken2 = getAccessToken(randomServiceUrl(), UUID.randomUUID().toString());
        this.ticketRegistry.addTicket(accessToken2);
        mockHttpServletRequest.addParameter("subject_token", accessToken.getId());
        mockHttpServletRequest.addParameter("subject_token_type", OAuth20TokenExchangeTypes.ACCESS_TOKEN.getType());
        mockHttpServletRequest.addParameter("actor_token", accessToken2.getId());
        mockHttpServletRequest.addParameter("actor_token_type", OAuth20TokenExchangeTypes.ACCESS_TOKEN.getType());
        mockHttpServletRequest.addParameter("grant_type", OAuth20GrantTypes.TOKEN_EXCHANGE.getType());
        mockHttpServletRequest.addParameter("audience", addRegisteredService.getClientId());
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        Assertions.assertEquals(OAuth20ResponseTypes.NONE, this.extractor.getResponseType());
        Assertions.assertTrue(this.extractor.supports(jEEContext));
        AccessTokenRequestContext extract = this.extractor.extract(jEEContext);
        Assertions.assertNotNull(extract);
        Assertions.assertNotNull(extract.getSubjectToken());
        Assertions.assertFalse(extract.getTokenExchangeAudience().isEmpty());
        Assertions.assertNull(extract.getTokenExchangeResource());
        Assertions.assertEquals(OAuth20TokenExchangeTypes.ACCESS_TOKEN, extract.getSubjectTokenType());
        Assertions.assertEquals(OAuth20TokenExchangeTypes.ACCESS_TOKEN, extract.getRequestedTokenType());
        Assertions.assertNotNull(extract.getActorToken());
    }
}
