package org.apereo.cas.support.oauth.web.response.accesstoken.ext;

import java.util.Set;
import java.util.UUID;
import org.apereo.cas.AbstractOAuth20Tests;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.ticket.OAuth20UnauthorizedScopeRequestException;
import org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.pac4j.jee.context.JEEContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("OAuth")
/* loaded from: input_file:org/apereo/cas/support/oauth/web/response/accesstoken/ext/AccessTokenRefreshTokenGrantRequestExtractorTests.class */
class AccessTokenRefreshTokenGrantRequestExtractorTests extends AbstractOAuth20Tests {

    @Autowired
    @Qualifier("accessTokenRefreshTokenGrantRequestExtractor")
    private AccessTokenGrantRequestExtractor extractor;

    AccessTokenRefreshTokenGrantRequestExtractorTests() {
    }

    @Test
    void verifyNoService() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        OAuthRegisteredService registeredService = getRegisteredService(UUID.randomUUID().toString(), UUID.randomUUID().toString(), "secret");
        mockHttpServletRequest.addParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.getType());
        mockHttpServletRequest.addParameter("client_id", registeredService.getClientId());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Assertions.assertEquals(OAuth20ResponseTypes.NONE, this.extractor.getResponseType());
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, mockHttpServletResponse);
        Assertions.assertTrue(this.extractor.supports(jEEContext));
        Assertions.assertThrows(UnauthorizedServiceException.class, () -> {
            this.extractor.extract(jEEContext);
        });
    }

    @Test
    void verifyScopeExtraction() throws Throwable {
        OAuthRegisteredService registeredService = getRegisteredService(UUID.randomUUID().toString(), UUID.randomUUID().toString(), "secret");
        registeredService.setScopes(Set.of("openid", "email", "profile"));
        this.servicesManager.save(registeredService);
        OAuth20RefreshToken refreshToken = getRefreshToken(registeredService.getServiceId(), registeredService.getClientId());
        Mockito.when(refreshToken.getScopes()).thenReturn(Set.of("openid", "email"));
        Mockito.when(refreshToken.getId()).thenReturn("RT-1");
        this.ticketRegistry.addTicket(refreshToken);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("grant_type", OAuth20GrantTypes.REFRESH_TOKEN.getType());
        mockHttpServletRequest.addParameter("client_id", registeredService.getClientId());
        mockHttpServletRequest.addParameter("client_secret", "secret");
        mockHttpServletRequest.addParameter("refresh_token", "RT-1");
        mockHttpServletRequest.addParameter("scope", "email");
        Assertions.assertEquals(Set.of("email"), this.extractor.extract(new JEEContext(mockHttpServletRequest, new MockHttpServletResponse())).getScopes());
        mockHttpServletRequest.setParameter("scope", "");
        Assertions.assertEquals(Set.of("openid", "email"), this.extractor.extract(new JEEContext(mockHttpServletRequest, new MockHttpServletResponse())).getScopes());
        mockHttpServletRequest.setParameter("scope", "openid email");
        Assertions.assertEquals(Set.of("openid", "email"), this.extractor.extract(new JEEContext(mockHttpServletRequest, new MockHttpServletResponse())).getScopes());
        mockHttpServletRequest.setParameter("scope", "email profile");
        Assertions.assertThrows(OAuth20UnauthorizedScopeRequestException.class, () -> {
            this.extractor.extract(new JEEContext(mockHttpServletRequest, new MockHttpServletResponse()));
        });
    }
}
