package org.apereo.cas.support.oauth.util;

import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.PlainJWT;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import org.apereo.cas.AbstractOAuth20Tests;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.services.FullRegexRegisteredServiceMatchingStrategy;
import org.apereo.cas.services.RegisteredServiceMatchingStrategy;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseModeTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.web.OAuth20RequestParameterResolver;
import org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20TokenGeneratedResult;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20ResponseModeFactory;
import org.apereo.cas.ticket.OAuth20Token;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.validation.Assertion;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.pac4j.core.profile.BasicUserProfile;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.jee.context.JEEContext;
import org.pac4j.jee.context.session.JEESessionStore;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("OAuth")
/* loaded from: input_file:org/apereo/cas/support/oauth/util/OAuth20UtilsTests.class */
class OAuth20UtilsTests extends AbstractOAuth20Tests {
    OAuth20UtilsTests() {
    }

    @Test
    void verifyRequestHeaderBad() throws Throwable {
        Assertions.assertNull(OAuth20Utils.getClientIdFromAuthenticatedProfile(new CommonProfile()));
    }

    @Test
    void verifyUnauthzView() throws Throwable {
        Assertions.assertEquals(HttpStatus.UNAUTHORIZED, OAuth20Utils.produceUnauthorizedErrorView().getStatus());
    }

    @Test
    void verifyNoClientId() throws Throwable {
        Assertions.assertNull(OAuth20Utils.getRegisteredOAuthServiceByClientId((ServicesManager) Mockito.mock(ServicesManager.class), (String) null));
    }

    @Test
    void verifyRequestParams() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        mockHttpServletRequest.addParameter("attr1", "value1");
        mockHttpServletRequest.addParameter("attr2", new String[]{"value2", "value3"});
        Assertions.assertFalse(this.oauthRequestParameterResolver.resolveRequestParameters(List.of("attr1", "attr2"), jEEContext).isEmpty());
    }

    @Test
    void verifyRequestParam() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        mockHttpServletRequest.addParameter("attr1", "value1");
        mockHttpServletRequest.addParameter("attr2", new String[]{"value2", "value3"});
        Assertions.assertFalse(this.oauthRequestParameterResolver.resolveRequestParameter(jEEContext, "attr1", String.class).isEmpty());
        Assertions.assertFalse(this.oauthRequestParameterResolver.resolveRequestParameter(jEEContext, "attr2", List.class).isEmpty());
        Assertions.assertFalse(this.oauthRequestParameterResolver.resolveRequestParameter(jEEContext, "attr2", String[].class).isEmpty());
    }

    @Test
    void verifyRequestParamJwt() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        String serialize = new PlainJWT(new JWTClaimsSet.Builder().subject("cas").claim("scope", new String[]{"openid", "profile"}).claim("response", "code").claim("client_id", List.of("client1", "client2")).build()).serialize();
        mockHttpServletRequest.removeAllParameters();
        mockHttpServletRequest.addParameter("request", serialize);
        Assertions.assertFalse(this.oauthRequestParameterResolver.resolveRequestParameter(jEEContext, "response", String.class).isEmpty());
        Assertions.assertFalse(this.oauthRequestParameterResolver.resolveRequestParameter(jEEContext, "client_id", List.class).isEmpty());
        Assertions.assertFalse(this.oauthRequestParameterResolver.resolveRequestParameter(jEEContext, "scope", String[].class).isEmpty());
    }

    @Test
    void verifyScopes() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, mockHttpServletResponse);
        mockHttpServletRequest.addParameter("scope", new String[]{"openid", "profile"});
        Assertions.assertFalse(this.oauthRequestParameterResolver.resolveRequestedScopes(jEEContext).isEmpty());
        Assertions.assertTrue(this.oauthRequestParameterResolver.resolveRequestedScopes(new JEEContext(new MockHttpServletRequest(), mockHttpServletResponse)).isEmpty());
    }

    @Test
    void verifyPostResponse() throws Throwable {
        OAuthRegisteredService oAuthRegisteredService = new OAuthRegisteredService();
        oAuthRegisteredService.setClientId("clientid");
        oAuthRegisteredService.setResponseMode("post");
        Assertions.assertTrue(OAuth20ResponseModeFactory.isResponseModeTypeFormPost(oAuthRegisteredService, OAuth20ResponseModeTypes.NONE));
        Assertions.assertTrue(OAuth20Utils.isResponseModeType("form_post", OAuth20ResponseModeTypes.FORM_POST));
    }

    @Test
    void verifyGrants() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        mockHttpServletRequest.addParameter("grant_type", OAuth20GrantTypes.CLIENT_CREDENTIALS.getType());
        OAuthRegisteredService oAuthRegisteredService = new OAuthRegisteredService();
        oAuthRegisteredService.setClientId("clientid");
        oAuthRegisteredService.setSupportedGrantTypes(CollectionUtils.wrapHashSet(new String[]{OAuth20GrantTypes.CLIENT_CREDENTIALS.getType()}));
        Assertions.assertTrue(this.oauthRequestParameterResolver.isAuthorizedGrantTypeForService(jEEContext, oAuthRegisteredService));
        Assertions.assertTrue(OAuth20RequestParameterResolver.isAuthorizedGrantTypeForService(OAuth20GrantTypes.PASSWORD.getType(), new OAuthRegisteredService()));
    }

    @Test
    void verifyCheckCallbackValid() throws Throwable {
        OAuthRegisteredService oAuthRegisteredService = new OAuthRegisteredService();
        oAuthRegisteredService.setServiceId("http://test.org/.*");
        oAuthRegisteredService.setMatchingStrategy((RegisteredServiceMatchingStrategy) null);
        Assertions.assertFalse(OAuth20Utils.checkCallbackValid(oAuthRegisteredService, "http://test.org/cas"));
        oAuthRegisteredService.setMatchingStrategy(new FullRegexRegisteredServiceMatchingStrategy());
        Assertions.assertTrue(OAuth20Utils.checkCallbackValid(oAuthRegisteredService, "http://test.org/cas"));
        Assertions.assertFalse(OAuth20Utils.checkCallbackValid(oAuthRegisteredService, "http://test2.org/cas"));
    }

    @Test
    void verifyServiceHeader() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        mockHttpServletRequest.addHeader("X-".concat("service"), "https://google.com");
        Assertions.assertNotNull(OAuth20Utils.getServiceRequestHeaderIfAny(jEEContext));
    }

    @Test
    void verifyUserInfoClaims() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        mockHttpServletRequest.addParameter("claims", "\"userinfo\": {\"given_name\": {\"essential\": true}}");
        Assertions.assertFalse(this.oauthRequestParameterResolver.resolveRequestClaims(jEEContext).isEmpty());
        OAuth20Token oAuth20Token = (OAuth20Token) Mockito.mock(OAuth20Token.class);
        Mockito.when(oAuth20Token.getClaims()).thenReturn(Map.of("userinfo", Map.of("givenName", "CAS")));
        Assertions.assertFalse(OAuth20Utils.parseUserInfoRequestClaims(oAuth20Token).isEmpty());
    }

    @Test
    void verifyIsAuthorizedResponseTypeForService() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("response_type", OAuth20ResponseTypes.ID_TOKEN.getType());
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        OAuthRegisteredService oAuthRegisteredService = new OAuthRegisteredService();
        HashSet hashSet = new HashSet();
        oAuthRegisteredService.setSupportedResponseTypes(hashSet);
        Assertions.assertTrue(this.oauthRequestParameterResolver.isAuthorizedResponseTypeForService(jEEContext, oAuthRegisteredService));
        hashSet.add(OAuth20ResponseTypes.IDTOKEN_TOKEN.getType());
        oAuthRegisteredService.setSupportedResponseTypes(hashSet);
        Assertions.assertFalse(this.oauthRequestParameterResolver.isAuthorizedResponseTypeForService(jEEContext, oAuthRegisteredService));
        hashSet.add(OAuth20ResponseTypes.ID_TOKEN.getType());
        oAuthRegisteredService.setSupportedResponseTypes(hashSet);
        Assertions.assertTrue(this.oauthRequestParameterResolver.isAuthorizedResponseTypeForService(jEEContext, oAuthRegisteredService));
    }

    @Test
    void verifyFindStatelessRequest() throws Throwable {
        JEEContext jEEContext = new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse());
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(Boolean.valueOf(assertion.isStateless())).thenReturn(Boolean.TRUE);
        Mockito.when(assertion.getPrimaryAuthentication()).thenReturn(RegisteredServiceTestUtils.getAuthentication());
        BasicUserProfile basicUserProfile = new BasicUserProfile();
        basicUserProfile.addAttribute(Principal.class.getName(), RegisteredServiceTestUtils.getPrincipal(AbstractOAuth20Tests.ID));
        basicUserProfile.addAttribute("stateless", Boolean.TRUE);
        ProfileManager profileManager = new ProfileManager(jEEContext, new JEESessionStore());
        profileManager.save(true, basicUserProfile, false);
        Assertions.assertTrue(OAuth20Utils.isStatelessAuthentication(profileManager).booleanValue());
    }

    @Test
    void verifyAccessTokenTimeout() throws Throwable {
        OAuth20AccessToken accessToken = getAccessToken();
        Mockito.when(Long.valueOf(accessToken.getExpiresIn())).thenReturn(60L);
        Assertions.assertEquals(accessToken.getExpiresIn(), OAuth20Utils.getAccessTokenTimeout(OAuth20TokenGeneratedResult.builder().accessToken(accessToken).build()));
    }

    @Test
    void verifyStatelessAccessTokenTimeout() throws Throwable {
        OAuth20AccessToken accessToken = getAccessToken();
        Mockito.when(Long.valueOf(accessToken.getExpiresIn())).thenReturn(60L);
        Mockito.when(Boolean.valueOf(accessToken.isStateless())).thenReturn(Boolean.TRUE);
        Long accessTokenTimeout = OAuth20Utils.getAccessTokenTimeout(OAuth20TokenGeneratedResult.builder().accessToken(accessToken).build());
        Assertions.assertTrue(accessTokenTimeout.longValue() > 0);
        Assertions.assertNotEquals(accessToken.getExpiresIn(), accessTokenTimeout);
    }
}
