package org.apereo.cas.oidc.authn;

import org.apereo.cas.oidc.AbstractOidcTests;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.credentials.TokenCredentials;
import org.pac4j.core.credentials.authenticator.Authenticator;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.jee.context.JEEContext;
import org.pac4j.jee.context.session.JEESessionStore;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("OIDC")
/* loaded from: input_file:org/apereo/cas/oidc/authn/OidcAccessTokenAuthenticatorTests.class */
class OidcAccessTokenAuthenticatorTests extends AbstractOidcTests {

    @Autowired
    @Qualifier("oauthAccessTokenAuthenticator")
    private Authenticator oauthAccessTokenAuthenticator;

    @Autowired
    @Qualifier("oidcDynamicRegistrationAuthenticator")
    private Authenticator oidcDynamicRegistrationAuthenticator;

    OidcAccessTokenAuthenticatorTests() {
    }

    @Test
    void verifyOperation() throws Throwable {
        JEEContext jEEContext = new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse());
        new ProfileManager(jEEContext, new JEESessionStore()).removeProfiles();
        OAuth20AccessToken accessToken = getAccessToken(this.oidcTokenSigningAndEncryptionService.encode(getOidcRegisteredService(), getClaims()), "clientid");
        this.ticketRegistry.addTicket(accessToken);
        TokenCredentials tokenCredentials = new TokenCredentials(accessToken.getId());
        this.oauthAccessTokenAuthenticator.validate(new CallContext(jEEContext, new JEESessionStore()), tokenCredentials);
        UserProfile userProfile = tokenCredentials.getUserProfile();
        Assertions.assertNotNull(userProfile);
        Assertions.assertEquals("casuser", userProfile.getId());
        Assertions.assertTrue(userProfile.containsAttribute("client_id"));
        Assertions.assertTrue(userProfile.containsAttribute("sub"));
        Assertions.assertTrue(userProfile.containsAttribute("iss"));
        Assertions.assertTrue(userProfile.containsAttribute("exp"));
        Assertions.assertTrue(userProfile.containsAttribute("aud"));
        Assertions.assertTrue(userProfile.containsAttribute("email"));
    }

    @Test
    void verifyFailsOperation() throws Throwable {
        JEEContext jEEContext = new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse());
        new ProfileManager(jEEContext, new JEESessionStore()).removeProfiles();
        OAuth20AccessToken accessToken = getAccessToken("helloworld", "clientid");
        this.ticketRegistry.addTicket(accessToken);
        TokenCredentials tokenCredentials = new TokenCredentials(accessToken.getId());
        this.oauthAccessTokenAuthenticator.validate(new CallContext(jEEContext, new JEESessionStore()), tokenCredentials);
        Assertions.assertNull(tokenCredentials.getUserProfile());
    }

    @Test
    void verifyFailsMissingScopes() throws Throwable {
        JEEContext jEEContext = new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse());
        OAuth20AccessToken accessToken = getAccessToken(this.oidcTokenSigningAndEncryptionService.encode(getOidcRegisteredService(), getClaims()), "clientid");
        this.ticketRegistry.addTicket(accessToken);
        TokenCredentials tokenCredentials = new TokenCredentials(accessToken.getId());
        this.oidcDynamicRegistrationAuthenticator.validate(new CallContext(jEEContext, new JEESessionStore()), tokenCredentials);
        Assertions.assertNull(tokenCredentials.getUserProfile());
    }
}
