package net.krotscheck.kangaroo.authz.oauth2.authn.filter;

import javax.ws.rs.container.ContainerRequestContext;
import net.krotscheck.kangaroo.authz.common.database.DatabaseFeature;
import net.krotscheck.kangaroo.authz.common.database.entity.Application;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.common.database.entity.ClientType;
import net.krotscheck.kangaroo.authz.oauth2.authn.annotation.OAuthFilterChain;
import net.krotscheck.kangaroo.authz.oauth2.authn.factory.CredentialsFactory;
import net.krotscheck.kangaroo.authz.oauth2.exception.RFC6749;
import net.krotscheck.kangaroo.common.config.ConfigurationFeature;
import net.krotscheck.kangaroo.common.hibernate.HibernateFeature;
import net.krotscheck.kangaroo.common.hibernate.id.IdUtil;
import net.krotscheck.kangaroo.test.jersey.ContainerTest;
import org.glassfish.jersey.server.ResourceConfig;
import org.hibernate.Session;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/authn/filter/ClientAuthorizationFilterTest.class */
public final class ClientAuthorizationFilterTest extends ContainerTest {
    private Application application;
    private Client privateClient;
    private Client publicClient;
    private Session session;

    protected ResourceConfig createApplication() {
        ResourceConfig resourceConfig = new ResourceConfig();
        resourceConfig.register(ConfigurationFeature.class);
        resourceConfig.register(DatabaseFeature.class);
        resourceConfig.register(HibernateFeature.class);
        return resourceConfig;
    }

    @Before
    public void setup() {
        this.session = getSession();
        this.application = new Application();
        this.application.setName("Test Application");
        this.privateClient = new Client();
        this.privateClient.setApplication(this.application);
        this.privateClient.setName("Private");
        this.privateClient.setType(ClientType.AuthorizationGrant);
        this.privateClient.setClientSecret("valid_secret");
        this.publicClient = new Client();
        this.publicClient.setApplication(this.application);
        this.publicClient.setName("Public");
        this.publicClient.setType(ClientType.AuthorizationGrant);
        this.session.getTransaction().begin();
        this.session.save(this.application);
        this.session.save(this.privateClient);
        this.session.save(this.publicClient);
        this.session.getTransaction().commit();
    }

    @After
    public void teardown() {
        this.session.getTransaction().begin();
        this.session.delete(this.privateClient);
        this.session.delete(this.publicClient);
        this.session.delete(this.application);
        this.session.getTransaction().commit();
        this.privateClient = null;
        this.publicClient = null;
        this.application = null;
        this.session = null;
    }

    @Test
    public void testPartOfOAuthChain() {
        Assert.assertNotNull(ClientAuthorizationFilter.class.getAnnotation(OAuthFilterChain.class));
    }

    @Test
    public void testValidPublicCredentials() throws Exception {
        CredentialsFactory.Credentials credentials = new CredentialsFactory.Credentials(IdUtil.toString(this.publicClient.getId()), (String) null);
        new ClientAuthorizationFilter(() -> {
            return credentials;
        }, () -> {
            return this.session;
        }).filter((ContainerRequestContext) Mockito.mock(ContainerRequestContext.class));
    }

    @Test
    public void testValidPrivateCredentials() throws Exception {
        CredentialsFactory.Credentials credentials = new CredentialsFactory.Credentials(IdUtil.toString(this.privateClient.getId()), this.privateClient.getClientSecret());
        new ClientAuthorizationFilter(() -> {
            return credentials;
        }, () -> {
            return this.session;
        }).filter((ContainerRequestContext) Mockito.mock(ContainerRequestContext.class));
    }

    @Test(expected = RFC6749.AccessDeniedException.class)
    public void testInvalidCredentials() throws Exception {
        CredentialsFactory.Credentials credentials = new CredentialsFactory.Credentials(IdUtil.toString(this.privateClient.getId()), "invalid");
        new ClientAuthorizationFilter(() -> {
            return credentials;
        }, () -> {
            return this.session;
        }).filter((ContainerRequestContext) Mockito.mock(ContainerRequestContext.class));
    }

    @Test(expected = RFC6749.InvalidClientException.class)
    public void testCredentialsNoClient() throws Exception {
        CredentialsFactory.Credentials credentials = new CredentialsFactory.Credentials(IdUtil.toString(IdUtil.next()), "invalid");
        new ClientAuthorizationFilter(() -> {
            return credentials;
        }, () -> {
            return this.session;
        }).filter((ContainerRequestContext) Mockito.mock(ContainerRequestContext.class));
    }

    @Test(expected = RFC6749.AccessDeniedException.class)
    public void testPrivateClientNoPassword() throws Exception {
        CredentialsFactory.Credentials credentials = new CredentialsFactory.Credentials(IdUtil.toString(this.privateClient.getId()), (String) null);
        new ClientAuthorizationFilter(() -> {
            return credentials;
        }, () -> {
            return this.session;
        }).filter((ContainerRequestContext) Mockito.mock(ContainerRequestContext.class));
    }

    @Test(expected = RFC6749.AccessDeniedException.class)
    public void testPrivateClientBadPassword() throws Exception {
        CredentialsFactory.Credentials credentials = new CredentialsFactory.Credentials(IdUtil.toString(this.privateClient.getId()), "badPassword");
        new ClientAuthorizationFilter(() -> {
            return credentials;
        }, () -> {
            return this.session;
        }).filter((ContainerRequestContext) Mockito.mock(ContainerRequestContext.class));
    }

    @Test(expected = RFC6749.AccessDeniedException.class)
    public void testPrivateClientEmptyPassword() throws Exception {
        CredentialsFactory.Credentials credentials = new CredentialsFactory.Credentials(IdUtil.toString(this.privateClient.getId()), "");
        new ClientAuthorizationFilter(() -> {
            return credentials;
        }, () -> {
            return this.session;
        }).filter((ContainerRequestContext) Mockito.mock(ContainerRequestContext.class));
    }

    @Test(expected = RFC6749.AccessDeniedException.class)
    public void testPublicClientPassword() throws Exception {
        CredentialsFactory.Credentials credentials = new CredentialsFactory.Credentials(IdUtil.toString(this.publicClient.getId()), "badPassword");
        new ClientAuthorizationFilter(() -> {
            return credentials;
        }, () -> {
            return this.session;
        }).filter((ContainerRequestContext) Mockito.mock(ContainerRequestContext.class));
    }

    @Test(expected = RFC6749.InvalidClientException.class)
    public void testEmptyCredentials() throws Exception {
        CredentialsFactory.Credentials credentials = new CredentialsFactory.Credentials();
        new ClientAuthorizationFilter(() -> {
            return credentials;
        }, () -> {
            return this.session;
        }).filter((ContainerRequestContext) Mockito.mock(ContainerRequestContext.class));
    }
}
