package org.apereo.cas.oidc.web;

import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.PlainJWT;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import org.apereo.cas.oidc.AbstractOidcTests;
import org.apereo.cas.oidc.jwks.OidcJsonWebKeyCacheKey;
import org.apereo.cas.oidc.jwks.OidcJsonWebKeyUsage;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.util.jwt.JsonWebTokenSigner;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jwt.JwtClaims;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.pac4j.jee.context.JEEContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("OAuth")
/* loaded from: input_file:org/apereo/cas/oidc/web/DefaultOAuth20RequestParameterResolverTests.class */
class DefaultOAuth20RequestParameterResolverTests extends AbstractOidcTests {
    DefaultOAuth20RequestParameterResolverTests() {
    }

    private static MockHttpServletRequest getJwtRequest() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        String serialize = new PlainJWT(new JWTClaimsSet.Builder().subject("cas").claim("scope", new String[]{"openid", "profile"}).claim("response", "code").claim("client_id", List.of("client1", "client2")).build()).serialize();
        mockHttpServletRequest.removeAllParameters();
        mockHttpServletRequest.addParameter("request", serialize);
        return mockHttpServletRequest;
    }

    @Test
    void verifyPlainJwtWithoutClientId() throws Throwable {
        Optional resolveRequestParameter = this.oauthRequestParameterResolver.resolveRequestParameter(new JEEContext(getJwtRequest(), new MockHttpServletResponse()), "scope", List.class);
        Assertions.assertFalse(resolveRequestParameter.isEmpty());
        Assertions.assertTrue(((List) resolveRequestParameter.get()).contains("openid"));
        Assertions.assertTrue(((List) resolveRequestParameter.get()).contains("profile"));
    }

    @Test
    void verifyPlainJwtWithClientId() throws Throwable {
        MockHttpServletRequest jwtRequest = getJwtRequest();
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService(UUID.randomUUID().toString());
        this.servicesManager.save(oidcRegisteredService);
        jwtRequest.addParameter("client_id", oidcRegisteredService.getClientId());
        Optional resolveRequestParameter = this.oauthRequestParameterResolver.resolveRequestParameter(new JEEContext(jwtRequest, new MockHttpServletResponse()), "client_id", List.class);
        Assertions.assertFalse(resolveRequestParameter.isEmpty());
        Assertions.assertTrue(((List) resolveRequestParameter.get()).contains("client1"));
        Assertions.assertTrue(((List) resolveRequestParameter.get()).contains("client2"));
    }

    @Test
    void verifyParameterIsOnQueryString() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setQueryString("client_id=myid&client_secret=mysecret");
        mockHttpServletRequest.setParameter("client_id", "myid");
        mockHttpServletRequest.setParameter("client_secret", "mysecret");
        Assertions.assertTrue(this.oauthRequestParameterResolver.isParameterOnQueryString(new JEEContext(mockHttpServletRequest, new MockHttpServletResponse()), "client_secret"));
    }

    @Test
    void verifyQueryParameterAsNumber() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setParameter("expiration", "10");
        mockHttpServletRequest.setParameter("rate", "12.4365");
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        Assertions.assertTrue(this.oauthRequestParameterResolver.resolveRequestParameter(jEEContext, "expiration", Integer.class).isPresent());
        Assertions.assertTrue(this.oauthRequestParameterResolver.resolveRequestParameter(jEEContext, "expiration", Long.class).isPresent());
        Assertions.assertTrue(this.oauthRequestParameterResolver.resolveRequestParameter(jEEContext, "rate", Double.class).isPresent());
    }

    @Test
    void verifyScopesCanBeExtracted() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setParameter("scope", "openid profile email");
        mockHttpServletRequest.setParameter("keyword", "hello world");
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        Assertions.assertEquals(3, this.oauthRequestParameterResolver.resolveRequestScopes(jEEContext).size());
        Assertions.assertEquals(2, this.oauthRequestParameterResolver.resolveRequestParameters(jEEContext, "keyword").size());
    }

    @Test
    void verifyParameterIsNotOnQueryString() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setQueryString("client_id=myid");
        mockHttpServletRequest.setParameter("client_id", "myid");
        mockHttpServletRequest.setParameter("client_secret", "mysecret");
        Assertions.assertFalse(this.oauthRequestParameterResolver.isParameterOnQueryString(new JEEContext(mockHttpServletRequest, new MockHttpServletResponse()), "client_secret"));
    }

    @Test
    void verifyRequestAsSignedJwt() throws Exception {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService("whatever");
        PublicJsonWebKey publicJsonWebKey = (PublicJsonWebKey) ((JsonWebKeySet) ((Optional) this.oidcServiceJsonWebKeystoreCache.get(new OidcJsonWebKeyCacheKey(oidcRegisteredService, OidcJsonWebKeyUsage.SIGNING))).get()).getJsonWebKeys().getFirst();
        JWTClaimsSet build = new JWTClaimsSet.Builder().subject("cas").claim("scope", new String[]{"openid", "profile"}).claim("aud", "https://server.example.com").claim("client_notification_token", UUID.randomUUID().toString()).claim("client_id", List.of(oidcRegisteredService.getClientId())).build();
        this.servicesManager.save(oidcRegisteredService);
        String sign = JsonWebTokenSigner.builder().key(publicJsonWebKey.getPrivateKey()).algorithm(publicJsonWebKey.getAlgorithm()).build().sign(JwtClaims.parse(build.toString()));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("request", sign);
        mockHttpServletRequest.addParameter("client_id", oidcRegisteredService.getClientId());
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        Assertions.assertEquals(2, ((List) Objects.requireNonNull((List) this.oauthRequestParameterResolver.resolveRequestParameter(jEEContext, "scope", List.class).orElseThrow())).size());
        Assertions.assertEquals(1, ((List) Objects.requireNonNull((List) this.oauthRequestParameterResolver.resolveRequestParameter(jEEContext, "aud", List.class).orElseThrow())).size());
    }
}
