package org.apereo.cas.oidc.token;

import java.util.Set;
import java.util.UUID;
import org.apereo.cas.oidc.AbstractOidcTests;
import org.apereo.cas.oidc.OidcConstants;
import org.apereo.cas.oidc.ticket.OidcCibaRequest;
import org.apereo.cas.services.OidcBackchannelTokenDeliveryModes;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.support.oauth.OAuth20GrantTypes;
import org.apereo.cas.support.oauth.OAuth20ResponseTypes;
import org.apereo.cas.support.oauth.web.response.accesstoken.OAuth20TokenGeneratedResult;
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestContext;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.ticket.idtoken.IdTokenGenerationContext;
import org.apereo.cas.ticket.idtoken.OidcIdToken;
import org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.pac4j.core.profile.CommonProfile;

@Tag("OIDC")
/* loaded from: input_file:org/apereo/cas/oidc/token/OidcDefaultTokenGeneratorTests.class */
class OidcDefaultTokenGeneratorTests extends AbstractOidcTests {
    OidcDefaultTokenGeneratorTests() {
    }

    @Test
    void verifyCibaAuthRequestClaim() throws Throwable {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService(UUID.randomUUID().toString());
        oidcRegisteredService.setBackchannelTokenDeliveryMode(OidcBackchannelTokenDeliveryModes.PUSH.getMode());
        oidcRegisteredService.setSupportedGrantTypes(Set.of(OAuth20GrantTypes.CIBA.getType()));
        oidcRegisteredService.setBackchannelClientNotificationEndpoint("https://localhost:1234");
        this.servicesManager.save(oidcRegisteredService);
        OidcCibaRequest newCibaRequest = newCibaRequest(oidcRegisteredService, RegisteredServiceTestUtils.getPrincipal(UUID.randomUUID().toString()));
        AccessTokenRequestContext build = AccessTokenRequestContext.builder().grantType(OAuth20GrantTypes.CIBA).responseType(OAuth20ResponseTypes.NONE).registeredService(oidcRegisteredService).generateRefreshToken(true).cibaRequestId(newCibaRequest.getEncodedId()).authentication(newCibaRequest.getAuthentication()).service(RegisteredServiceTestUtils.getService()).scopes(Set.of(OidcConstants.StandardScopes.OPENID.getScope())).build();
        OAuth20TokenGeneratedResult generate = this.oauthTokenGenerator.generate(build);
        Assertions.assertNotNull(generate);
        OAuth20AccessToken oAuth20AccessToken = (OAuth20AccessToken) generate.getAccessToken().orElseThrow();
        Assertions.assertEquals(newCibaRequest.getEncodedId(), oAuth20AccessToken.getAuthentication().getSingleValuedAttribute("auth_req_id").toString());
        CommonProfile commonProfile = new CommonProfile();
        commonProfile.setClientName("clientBasicAuth");
        commonProfile.setId(oidcRegisteredService.getClientId());
        commonProfile.addAttribute("client_id", oidcRegisteredService.getClientId());
        OidcIdToken generate2 = this.oidcIdTokenGenerator.generate(IdTokenGenerationContext.builder().accessToken(oAuth20AccessToken).userProfile(commonProfile).responseType(build.getResponseType()).grantType(build.getGrantType()).registeredService(oidcRegisteredService).refreshToken((OAuth20RefreshToken) generate.getRefreshToken().orElseThrow()).build());
        Assertions.assertNotNull(generate2);
        Assertions.assertEquals(newCibaRequest.getEncodedId(), generate2.claims().getStringClaimValue("urn:openid:params:jwt:claim:auth_req_id"));
        Assertions.assertTrue(generate2.claims().hasClaim("at_hash"));
        Assertions.assertTrue(generate2.claims().hasClaim("urn:openid:params:jwt:claim:rt_hash"));
    }
}
