package org.apereo.cas.oidc.web.controllers.dynareg;

import org.apereo.cas.oidc.AbstractOidcTests;
import org.apereo.cas.util.EncodingUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.context.TestPropertySource;
import org.springframework.web.servlet.ModelAndView;

@Tag("OIDC")
/* loaded from: input_file:org/apereo/cas/oidc/web/controllers/dynareg/OidcInitialAccessTokenControllerTests.class */
class OidcInitialAccessTokenControllerTests {

    @TestPropertySource(properties = {"cas.authn.oidc.registration.dynamic-client-registration-mode=OPEN"})
    @Nested
    /* loaded from: input_file:org/apereo/cas/oidc/web/controllers/dynareg/OidcInitialAccessTokenControllerTests$OpenRegistrationTests.class */
    class OpenRegistrationTests extends AbstractOidcTests {

        @Autowired
        @Qualifier("oidcInitialAccessTokenController")
        protected OidcInitialAccessTokenController controller;

        OpenRegistrationTests(OidcInitialAccessTokenControllerTests oidcInitialAccessTokenControllerTests) {
        }

        @Test
        void verifyNotAllowed() throws Throwable {
            Assertions.assertEquals(HttpStatus.NOT_ACCEPTABLE, this.controller.handleRequestInternal(getHttpRequestForEndpoint("initToken"), new MockHttpServletResponse()).getStatus());
        }
    }

    @TestPropertySource(properties = {"cas.authn.oidc.registration.dynamic-client-registration-mode=PROTECTED", "cas.authn.oidc.registration.initial-access-token-user=casuser", "cas.authn.oidc.registration.initial-access-token-password=Mellon"})
    @Nested
    /* loaded from: input_file:org/apereo/cas/oidc/web/controllers/dynareg/OidcInitialAccessTokenControllerTests$ProtectedRegistrationTests.class */
    class ProtectedRegistrationTests extends AbstractOidcTests {

        @Autowired
        @Qualifier("oidcInitialAccessTokenController")
        protected OidcInitialAccessTokenController controller;

        ProtectedRegistrationTests(OidcInitialAccessTokenControllerTests oidcInitialAccessTokenControllerTests) {
        }

        @Test
        void verifyMismatchedEndpoint() throws Throwable {
            MockHttpServletRequest httpRequestForEndpoint = getHttpRequestForEndpoint("unknown/issuer");
            httpRequestForEndpoint.setRequestURI("unknown/issuer");
            MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
            httpRequestForEndpoint.addHeader("Authorization", "Basic " + EncodingUtils.encodeBase64("casuser:Mellon"));
            Assertions.assertEquals(HttpStatus.BAD_REQUEST, this.controller.handleRequestInternal(httpRequestForEndpoint, mockHttpServletResponse).getStatus());
        }

        @Test
        void verifyPasses() throws Throwable {
            MockHttpServletRequest httpRequestForEndpoint = getHttpRequestForEndpoint("initToken");
            MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
            httpRequestForEndpoint.addHeader("Authorization", "Basic " + EncodingUtils.encodeBase64("casuser:Mellon"));
            ModelAndView handleRequestInternal = this.controller.handleRequestInternal(httpRequestForEndpoint, mockHttpServletResponse);
            Assertions.assertEquals(HttpStatus.OK, handleRequestInternal.getStatus());
            Assertions.assertTrue(handleRequestInternal.getModel().containsKey("access_token"));
        }

        @Test
        void verifyAuthFails() throws Throwable {
            MockHttpServletRequest httpRequestForEndpoint = getHttpRequestForEndpoint("initToken");
            MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
            httpRequestForEndpoint.addHeader("Authorization", "Basic " + EncodingUtils.encodeBase64("casuser:unknown"));
            Assertions.assertEquals(HttpStatus.UNAUTHORIZED, this.controller.handleRequestInternal(httpRequestForEndpoint, mockHttpServletResponse).getStatus());
        }

        @Test
        void verifyAuthMissing() throws Throwable {
            Assertions.assertEquals(HttpStatus.UNAUTHORIZED, this.controller.handleRequestInternal(getHttpRequestForEndpoint("initToken"), new MockHttpServletResponse()).getStatus());
        }
    }

    OidcInitialAccessTokenControllerTests() {
    }
}
