package net.krotscheck.kangaroo.authz.oauth2.resource.token;

import java.util.TimeZone;
import javax.ws.rs.core.MultivaluedHashMap;
import net.krotscheck.kangaroo.authz.common.authenticator.AuthenticatorType;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.common.database.entity.ClientConfig;
import net.krotscheck.kangaroo.authz.common.database.entity.ClientType;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthToken;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthTokenType;
import net.krotscheck.kangaroo.authz.oauth2.exception.RFC6749;
import net.krotscheck.kangaroo.authz.oauth2.resource.TokenResponseEntity;
import net.krotscheck.kangaroo.authz.test.ApplicationBuilder;
import net.krotscheck.kangaroo.common.hibernate.id.IdUtil;
import net.krotscheck.kangaroo.test.jersey.DatabaseTest;
import net.krotscheck.kangaroo.test.rule.TestDataResource;
import org.hibernate.Session;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.rules.TestRule;

/* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/resource/token/RefreshTokenGrantHandlerTest.class */
public final class RefreshTokenGrantHandlerTest extends DatabaseTest {
    private static ApplicationBuilder.ApplicationContext ownerCredsContext;
    private static ApplicationBuilder.ApplicationContext authGrantContext;
    private static ApplicationBuilder.ApplicationContext implicitContext;

    @ClassRule
    public static final TestRule TEST_DATA_RULE = new TestDataResource(HIBERNATE_RESOURCE) { // from class: net.krotscheck.kangaroo.authz.oauth2.resource.token.RefreshTokenGrantHandlerTest.1
        protected void loadTestData(Session session) {
            ApplicationBuilder.ApplicationContext unused = RefreshTokenGrantHandlerTest.authGrantContext = ApplicationBuilder.newApplication(session).client(ClientType.AuthorizationGrant, (Boolean) true).authenticator(AuthenticatorType.Test).scope("debug").scope("debug1").role("test", new String[]{"debug", "debug1"}).user().identity("remote_identity").build();
            ApplicationBuilder.ApplicationContext unused2 = RefreshTokenGrantHandlerTest.ownerCredsContext = ApplicationBuilder.newApplication(session).client(ClientType.OwnerCredentials, (Boolean) true).authenticator(AuthenticatorType.Test).scope("debug").scope("debug1").role("test", new String[]{"debug", "debug1"}).user().identity("remote_identity").build();
            ApplicationBuilder.ApplicationContext unused3 = RefreshTokenGrantHandlerTest.implicitContext = ApplicationBuilder.newApplication(session).client(ClientType.Implicit, (Boolean) true).authenticator(AuthenticatorType.Test).scope("debug").role("test", new String[]{"debug"}).build();
        }
    };
    private RefreshTokenGrantHandler handler;

    @Before
    public void initializeEnvironment() {
        TimeZone.setDefault(TimeZone.getTimeZone("UTC"));
        this.handler = new RefreshTokenGrantHandler(getSession());
    }

    @Test
    public void testValidAuthorizationGrant() {
        Client client = authGrantContext.getClient();
        OAuthToken token = authGrantContext.getBuilder().bearerToken("debug").refreshToken().build().getToken();
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("client_id", IdUtil.toString(client.getId()));
        multivaluedHashMap.putSingle("client_secret", client.getClientSecret());
        multivaluedHashMap.putSingle("scope", "debug");
        multivaluedHashMap.putSingle("grant_type", "refresh_token");
        multivaluedHashMap.putSingle("refresh_token", IdUtil.toString(token.getId()));
        TokenResponseEntity handle = this.handler.handle(client, multivaluedHashMap);
        Assert.assertEquals(OAuthTokenType.Bearer, handle.getTokenType());
        Assert.assertEquals(ClientConfig.ACCESS_TOKEN_EXPIRES_DEFAULT.intValue(), handle.getExpiresIn().longValue());
        Assert.assertNotNull(handle.getAccessToken());
        Assert.assertNotNull(handle.getRefreshToken());
        Assert.assertEquals("debug", handle.getScope());
        OAuthToken oAuthToken = (OAuthToken) getSession().get(OAuthToken.class, handle.getRefreshToken());
        Assert.assertEquals(ClientConfig.REFRESH_TOKEN_EXPIRES_DEFAULT.intValue(), oAuthToken.getExpiresIn().longValue());
        Assert.assertEquals(OAuthTokenType.Refresh, oAuthToken.getTokenType());
        Assert.assertEquals(handle.getAccessToken(), oAuthToken.getAuthToken().getId());
        Assert.assertNull(getSession().get(OAuthToken.class, token.getAuthToken().getId()));
        Assert.assertNull(getSession().get(OAuthToken.class, token.getId()));
    }

    @Test
    public void testValidOwnerCredentials() {
        Client client = ownerCredsContext.getClient();
        OAuthToken token = ownerCredsContext.getBuilder().bearerToken("debug").refreshToken().build().getToken();
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("client_id", IdUtil.toString(client.getId()));
        multivaluedHashMap.putSingle("client_secret", client.getClientSecret());
        multivaluedHashMap.putSingle("scope", "debug");
        multivaluedHashMap.putSingle("grant_type", "refresh_token");
        multivaluedHashMap.putSingle("refresh_token", IdUtil.toString(token.getId()));
        TokenResponseEntity handle = this.handler.handle(client, multivaluedHashMap);
        Assert.assertEquals(OAuthTokenType.Bearer, handle.getTokenType());
        Assert.assertEquals(ClientConfig.ACCESS_TOKEN_EXPIRES_DEFAULT.intValue(), handle.getExpiresIn().longValue());
        Assert.assertNotNull(handle.getAccessToken());
        Assert.assertNotNull(handle.getRefreshToken());
        Assert.assertEquals("debug", handle.getScope());
        OAuthToken oAuthToken = (OAuthToken) getSession().get(OAuthToken.class, handle.getRefreshToken());
        Assert.assertEquals(ClientConfig.REFRESH_TOKEN_EXPIRES_DEFAULT.intValue(), oAuthToken.getExpiresIn().longValue());
        Assert.assertEquals(OAuthTokenType.Refresh, oAuthToken.getTokenType());
        Assert.assertEquals(handle.getAccessToken(), oAuthToken.getAuthToken().getId());
        Assert.assertNull(getSession().get(OAuthToken.class, token.getAuthToken().getId()));
        Assert.assertNull(getSession().get(OAuthToken.class, token.getId()));
    }

    @Test(expected = RFC6749.InvalidGrantException.class)
    public void testInvalidClientType() {
        Client client = implicitContext.getClient();
        OAuthToken token = implicitContext.getBuilder().bearerToken("debug").refreshToken().build().getToken();
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("client_id", IdUtil.toString(client.getId()));
        multivaluedHashMap.putSingle("client_secret", client.getClientSecret());
        multivaluedHashMap.putSingle("scope", "debug");
        multivaluedHashMap.putSingle("grant_type", "refresh_token");
        multivaluedHashMap.putSingle("refresh_token", IdUtil.toString(token.getId()));
        this.handler.handle(client, multivaluedHashMap);
    }

    @Test(expected = RFC6749.InvalidGrantException.class)
    public void testMalformedRefreshToken() {
        Client client = authGrantContext.getClient();
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("client_id", IdUtil.toString(client.getId()));
        multivaluedHashMap.putSingle("client_secret", client.getClientSecret());
        multivaluedHashMap.putSingle("scope", "debug");
        multivaluedHashMap.putSingle("grant_type", "refresh_token");
        multivaluedHashMap.putSingle("refresh_token", "not_a_BigInteger");
        this.handler.handle(client, multivaluedHashMap);
    }

    @Test(expected = RFC6749.InvalidGrantException.class)
    public void testInvalidRefreshToken() {
        Client client = authGrantContext.getClient();
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("client_id", IdUtil.toString(client.getId()));
        multivaluedHashMap.putSingle("client_secret", client.getClientSecret());
        multivaluedHashMap.putSingle("scope", "debug");
        multivaluedHashMap.putSingle("grant_type", "refresh_token");
        multivaluedHashMap.putSingle("refresh_token", IdUtil.toString(IdUtil.next()));
        this.handler.handle(client, multivaluedHashMap);
    }

    @Test(expected = RFC6749.InvalidGrantException.class)
    public void testNullRefreshToken() {
        Client client = authGrantContext.getClient();
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("client_id", IdUtil.toString(client.getId()));
        multivaluedHashMap.putSingle("client_secret", client.getClientSecret());
        multivaluedHashMap.putSingle("scope", "debug");
        multivaluedHashMap.putSingle("grant_type", "refresh_token");
        this.handler.handle(client, multivaluedHashMap);
    }

    @Test(expected = RFC6749.InvalidGrantException.class)
    public void testNotARefreshToken() {
        Client client = authGrantContext.getClient();
        OAuthToken token = authGrantContext.getBuilder().bearerToken().build().getToken();
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("client_id", IdUtil.toString(client.getId()));
        multivaluedHashMap.putSingle("client_secret", client.getClientSecret());
        multivaluedHashMap.putSingle("scope", "debug");
        multivaluedHashMap.putSingle("grant_type", "refresh_token");
        multivaluedHashMap.putSingle("refresh_token", IdUtil.toString(token.getId()));
        this.handler.handle(client, multivaluedHashMap);
    }

    @Test(expected = RFC6749.InvalidGrantException.class)
    public void testExpiredToken() {
        Client client = ownerCredsContext.getClient();
        OAuthToken token = ownerCredsContext.getBuilder().bearerToken().token(OAuthTokenType.Refresh, true, "debug", null, null).build().getToken();
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("client_id", IdUtil.toString(client.getId()));
        multivaluedHashMap.putSingle("client_secret", client.getClientSecret());
        multivaluedHashMap.putSingle("scope", "debug");
        multivaluedHashMap.putSingle("grant_type", "refresh_token");
        multivaluedHashMap.putSingle("refresh_token", IdUtil.toString(token.getId()));
        this.handler.handle(client, multivaluedHashMap);
    }

    @Test(expected = RFC6749.InvalidScopeException.class)
    public void testInvalidScope() {
        Client client = authGrantContext.getClient();
        OAuthToken token = authGrantContext.getBuilder().bearerToken().refreshToken().build().getToken();
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("client_id", IdUtil.toString(client.getId()));
        multivaluedHashMap.putSingle("client_secret", client.getClientSecret());
        multivaluedHashMap.putSingle("scope", "debug invalid");
        multivaluedHashMap.putSingle("grant_type", "refresh_token");
        multivaluedHashMap.putSingle("refresh_token", IdUtil.toString(token.getId()));
        this.handler.handle(client, multivaluedHashMap);
    }

    @Test(expected = RFC6749.InvalidScopeException.class)
    public void testEscalateScope() {
        Client client = authGrantContext.getClient();
        OAuthToken token = authGrantContext.getBuilder().bearerToken("debug").refreshToken().build().getToken();
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("client_id", IdUtil.toString(client.getId()));
        multivaluedHashMap.putSingle("client_secret", client.getClientSecret());
        multivaluedHashMap.putSingle("scope", "debug debug1");
        multivaluedHashMap.putSingle("grant_type", "refresh_token");
        multivaluedHashMap.putSingle("refresh_token", IdUtil.toString(token.getId()));
        this.handler.handle(client, multivaluedHashMap);
    }

    @Test
    public void testDeescalateScope() {
        Client client = authGrantContext.getClient();
        OAuthToken token = authGrantContext.getBuilder().bearerToken("debug").refreshToken().build().getToken();
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("client_id", IdUtil.toString(client.getId()));
        multivaluedHashMap.putSingle("client_secret", client.getClientSecret());
        multivaluedHashMap.putSingle("scope", "");
        multivaluedHashMap.putSingle("grant_type", "refresh_token");
        multivaluedHashMap.putSingle("refresh_token", IdUtil.toString(token.getId()));
        TokenResponseEntity handle = this.handler.handle(client, multivaluedHashMap);
        Assert.assertEquals(OAuthTokenType.Bearer, handle.getTokenType());
        Assert.assertEquals(ClientConfig.ACCESS_TOKEN_EXPIRES_DEFAULT.intValue(), handle.getExpiresIn().longValue());
        Assert.assertNotNull(handle.getAccessToken());
        Assert.assertNotNull(handle.getRefreshToken());
        Assert.assertNull(handle.getScope());
        OAuthToken oAuthToken = (OAuthToken) getSession().get(OAuthToken.class, handle.getRefreshToken());
        Assert.assertEquals(ClientConfig.REFRESH_TOKEN_EXPIRES_DEFAULT.intValue(), oAuthToken.getExpiresIn().longValue());
        Assert.assertEquals(OAuthTokenType.Refresh, oAuthToken.getTokenType());
        Assert.assertEquals(handle.getAccessToken(), oAuthToken.getAuthToken().getId());
        Assert.assertNull(getSession().get(OAuthToken.class, token.getAuthToken().getId()));
        Assert.assertNull(getSession().get(OAuthToken.class, token.getId()));
    }

    @Test
    public void testZombieRefresh() {
        Client client = authGrantContext.getClient();
        OAuthToken token = authGrantContext.getBuilder().token(OAuthTokenType.Refresh, false, "debug", null, null).build().getToken();
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("client_id", IdUtil.toString(client.getId()));
        multivaluedHashMap.putSingle("client_secret", client.getClientSecret());
        multivaluedHashMap.putSingle("scope", "");
        multivaluedHashMap.putSingle("grant_type", "refresh_token");
        multivaluedHashMap.putSingle("refresh_token", IdUtil.toString(token.getId()));
        TokenResponseEntity handle = this.handler.handle(client, multivaluedHashMap);
        Assert.assertEquals(OAuthTokenType.Bearer, handle.getTokenType());
        Assert.assertEquals(ClientConfig.ACCESS_TOKEN_EXPIRES_DEFAULT.intValue(), handle.getExpiresIn().longValue());
        Assert.assertNotNull(handle.getAccessToken());
        Assert.assertNotNull(handle.getRefreshToken());
        Assert.assertNull(handle.getScope());
        OAuthToken oAuthToken = (OAuthToken) getSession().get(OAuthToken.class, handle.getRefreshToken());
        Assert.assertEquals(ClientConfig.REFRESH_TOKEN_EXPIRES_DEFAULT.intValue(), oAuthToken.getExpiresIn().longValue());
        Assert.assertEquals(OAuthTokenType.Refresh, oAuthToken.getTokenType());
        Assert.assertEquals(handle.getAccessToken(), oAuthToken.getAuthToken().getId());
        Assert.assertNull(getSession().get(OAuthToken.class, token.getId()));
    }
}
