package net.krotscheck.kangaroo.authz.oauth2.rfc7662;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import net.krotscheck.kangaroo.authz.common.authenticator.AuthenticatorType;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.common.database.entity.ClientType;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthToken;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthTokenType;
import net.krotscheck.kangaroo.authz.oauth2.OAuthAPI;
import net.krotscheck.kangaroo.authz.oauth2.resource.IntrospectionResponseEntity;
import net.krotscheck.kangaroo.authz.test.ApplicationBuilder;
import net.krotscheck.kangaroo.common.hibernate.id.IdUtil;
import net.krotscheck.kangaroo.test.jersey.ContainerTest;
import net.krotscheck.kangaroo.test.jersey.SingletonTestContainerFactory;
import net.krotscheck.kangaroo.test.rule.TestDataResource;
import net.krotscheck.kangaroo.util.HttpUtil;
import net.krotscheck.kangaroo.util.StringUtil;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.test.spi.TestContainerException;
import org.glassfish.jersey.test.spi.TestContainerFactory;
import org.hibernate.Session;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.rules.TestRule;

/* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/rfc7662/TokenIntrospectionTest.class */
public final class TokenIntrospectionTest extends ContainerTest {
    private static ApplicationBuilder.ApplicationContext context;
    private static String contextAuthHeader;
    private static ApplicationBuilder.ApplicationContext otherContext;
    private static String otherContextAuthHeader;

    @ClassRule
    public static final TestRule TEST_DATA_RULE = new TestDataResource(HIBERNATE_RESOURCE) { // from class: net.krotscheck.kangaroo.authz.oauth2.rfc7662.TokenIntrospectionTest.1
        protected void loadTestData(Session session) {
            ApplicationBuilder.ApplicationContext unused = TokenIntrospectionTest.context = ApplicationBuilder.newApplication(session).scope("debug").scope("debug1").role("test", new String[]{"debug"}).client(ClientType.AuthorizationGrant, (Boolean) true).authenticator(AuthenticatorType.Test).redirect("http://www.example.com/").user().identity().claim("one", "claim").claim("two", "claim").build();
            ApplicationBuilder.ApplicationContext unused2 = TokenIntrospectionTest.otherContext = ApplicationBuilder.newApplication(session).scope("debug").scope("debug1").role("test", new String[]{"debug"}).client(ClientType.AuthorizationGrant, (Boolean) true).authenticator(AuthenticatorType.Test).redirect("http://www.example.com/").user().identity().claim("red", "claim").claim("blue", "claim").build();
            Client client = TokenIntrospectionTest.context.getClient();
            String unused3 = TokenIntrospectionTest.contextAuthHeader = HttpUtil.authHeaderBasic(client.getId(), client.getClientSecret());
            Client client2 = TokenIntrospectionTest.otherContext.getClient();
            String unused4 = TokenIntrospectionTest.otherContextAuthHeader = HttpUtil.authHeaderBasic(client2.getId(), client2.getClientSecret());
        }
    };
    private SingletonTestContainerFactory testContainerFactory;
    private ResourceConfig testApplication;

    protected TestContainerFactory getTestContainerFactory() throws TestContainerException {
        if (this.testContainerFactory == null) {
            this.testContainerFactory = new SingletonTestContainerFactory(super.getTestContainerFactory(), getClass());
        }
        return this.testContainerFactory;
    }

    protected ResourceConfig createApplication() {
        if (this.testApplication == null) {
            this.testApplication = new OAuthAPI();
        }
        return this.testApplication;
    }

    private Entity buildEntity(Map<String, String> map) {
        Form form = new Form();
        form.getClass();
        map.forEach(form::param);
        return Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE);
    }

    private void assertInactiveIntrospectionResponse(Response response) {
        Assert.assertEquals(200L, response.getStatus());
        Assert.assertEquals("application/json", response.getMediaType().toString());
        IntrospectionResponseEntity introspectionResponseEntity = (IntrospectionResponseEntity) response.readEntity(IntrospectionResponseEntity.class);
        Assert.assertNotNull(introspectionResponseEntity);
        Assert.assertFalse(introspectionResponseEntity.isActive());
        Assert.assertNull(introspectionResponseEntity.getClientId());
        Assert.assertNull(introspectionResponseEntity.getTokenType());
        Assert.assertNull(introspectionResponseEntity.getIat());
        Assert.assertNull(introspectionResponseEntity.getJti());
        Assert.assertNull(introspectionResponseEntity.getNbf());
        Assert.assertNull(introspectionResponseEntity.getAud());
        Assert.assertNull(introspectionResponseEntity.getIss());
        Assert.assertNull(introspectionResponseEntity.getScope());
        Assert.assertNull(introspectionResponseEntity.getSub());
    }

    private void assertSuccessfulIntrospectionResponse(Response response, OAuthToken oAuthToken) {
        Assert.assertEquals(200L, response.getStatus());
        Assert.assertEquals("application/json", response.getMediaType().toString());
        IntrospectionResponseEntity introspectionResponseEntity = (IntrospectionResponseEntity) response.readEntity(IntrospectionResponseEntity.class);
        Assert.assertNotNull(introspectionResponseEntity);
        Calendar calendar = (Calendar) oAuthToken.getCreatedDate().clone();
        calendar.set(14, 0);
        Assert.assertEquals(oAuthToken.getClient().getId(), introspectionResponseEntity.getClientId());
        Assert.assertEquals(oAuthToken.getTokenType(), introspectionResponseEntity.getTokenType());
        Assert.assertEquals(calendar, introspectionResponseEntity.getIat());
        Assert.assertEquals(Boolean.valueOf(!oAuthToken.isExpired()), Boolean.valueOf(introspectionResponseEntity.isActive()));
        Assert.assertEquals(oAuthToken.getId(), introspectionResponseEntity.getJti());
        Assert.assertEquals(calendar, introspectionResponseEntity.getNbf());
        Assert.assertEquals(oAuthToken.getClient().getApplication().getId(), introspectionResponseEntity.getAud());
        Calendar calendar2 = (Calendar) calendar.clone();
        calendar2.add(13, oAuthToken.getExpiresIn().intValue());
        Assert.assertEquals(calendar2, introspectionResponseEntity.getExp());
        Assert.assertEquals("localhost", introspectionResponseEntity.getIss());
        Assert.assertEquals(Arrays.asList(StringUtil.sameOrDefault(introspectionResponseEntity.getScope(), "").split(" ")), new ArrayList(oAuthToken.getScopes().keySet()));
        if (oAuthToken.getClient().getType().equals(ClientType.ClientCredentials)) {
            Assert.assertNull(oAuthToken.getIdentity());
            Assert.assertEquals(oAuthToken.getClient().getId(), introspectionResponseEntity.getSub());
        } else {
            Assert.assertNotNull(oAuthToken.getIdentity());
            Assert.assertEquals(oAuthToken.getIdentity().getRemoteId(), introspectionResponseEntity.getUsername());
            Assert.assertEquals(oAuthToken.getIdentity().getUser().getId(), introspectionResponseEntity.getSub());
        }
    }

    @Test
    public void testTokenIntrospectSelf() {
        OAuthToken token = context.getBuilder().bearerToken("debug").build().getToken();
        String authHeaderBearer = HttpUtil.authHeaderBearer(token.getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertSuccessfulIntrospectionResponse(target("/introspect").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testTokenIntrospectByOtherToken() {
        OAuthToken token = context.getBuilder().bearerToken("debug").build().getToken();
        String authHeaderBearer = HttpUtil.authHeaderBearer(context.getBuilder().bearerToken().build().getToken().getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertInactiveIntrospectionResponse(target("/introspect").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)));
    }

    @Test
    public void testAuthCodeIntrospect() {
        OAuthToken token = context.getBuilder().bearerToken("debug").build().getToken();
        OAuthToken token2 = context.getBuilder().authToken().build().getToken();
        String authHeaderBearer = HttpUtil.authHeaderBearer(token.getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token2.getId()));
        assertInactiveIntrospectionResponse(target("/introspect").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)));
    }

    @Test
    public void testAuthCodeIntrospectSelf() {
        OAuthToken token = context.getBuilder().authToken().build().getToken();
        String authHeaderBearer = HttpUtil.authHeaderBearer(token.getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertErrorResponse(target("/introspect").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), Response.Status.UNAUTHORIZED, "access_denied");
    }

    @Test
    public void testRefreshTokenIntrospect() {
        OAuthToken token = context.getBuilder().bearerToken("debug").build().getToken();
        OAuthToken token2 = context.getBuilder().refreshToken().build().getToken();
        String authHeaderBearer = HttpUtil.authHeaderBearer(token.getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token2.getId()));
        assertInactiveIntrospectionResponse(target("/introspect").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)));
    }

    @Test
    public void testRefreshTokenIntrospectSelf() {
        OAuthToken token = context.getBuilder().bearerToken("debug").refreshToken().build().getToken();
        String authHeaderBearer = HttpUtil.authHeaderBearer(token.getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertErrorResponse(target("/introspect").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), Response.Status.UNAUTHORIZED, "access_denied");
    }

    @Test
    public void testExpiredBearerTokenIntrospect() {
        OAuthToken token = context.getBuilder().client(ClientType.ClientCredentials, (Boolean) true).token(OAuthTokenType.Bearer, true, "debug", null, null).build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertInactiveIntrospectionResponse(target("/introspect").request().header("Authorization", contextAuthHeader).post(buildEntity(hashMap)));
    }

    @Test
    public void testExpiredAuthorizationTokenIntrospect() {
        OAuthToken token = context.getBuilder().client(ClientType.ClientCredentials, (Boolean) true).token(OAuthTokenType.Authorization, true, "debug", null, null).build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertInactiveIntrospectionResponse(target("/introspect").request().header("Authorization", contextAuthHeader).post(buildEntity(hashMap)));
    }

    @Test
    public void testExpiredRefreshTokenIntrospect() {
        OAuthToken token = context.getBuilder().client(ClientType.ClientCredentials, (Boolean) true).token(OAuthTokenType.Refresh, true, "debug", null, null).build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertInactiveIntrospectionResponse(target("/introspect").request().header("Authorization", contextAuthHeader).post(buildEntity(hashMap)));
    }

    @Test
    public void testNonexistentTokenIntrospect() {
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(IdUtil.next()));
        assertInactiveIntrospectionResponse(target("/introspect").request().header("Authorization", contextAuthHeader).post(buildEntity(hashMap)));
    }

    @Test
    public void testMalformedTokenIntrospect() {
        HashMap hashMap = new HashMap();
        hashMap.put("token", "malformed_token");
        assertErrorResponse(target("/introspect").request().header("Authorization", contextAuthHeader).post(buildEntity(hashMap)), Response.Status.BAD_REQUEST);
    }

    @Test
    public void testBearerTokenIntrospectByClientInHeader() {
        OAuthToken token = context.getBuilder().bearerToken("debug").build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertSuccessfulIntrospectionResponse(target("/introspect").request().header("Authorization", contextAuthHeader).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testRefreshTokenIntrospectByClientInBody() {
        ApplicationBuilder.ApplicationContext build = context.getBuilder().bearerToken("debug").refreshToken().build();
        OAuthToken token = build.getToken();
        Client client = build.getClient();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        hashMap.put("client_id", IdUtil.toString(client.getId()));
        hashMap.put("client_secret", client.getClientSecret());
        assertSuccessfulIntrospectionResponse(target("/introspect").request().post(buildEntity(hashMap)), token);
    }

    @Test
    public void testTokenIntrospectByApplicationPeerClientInBody() {
        ApplicationBuilder.ApplicationContext build = context.getBuilder().bearerToken("debug").client(ClientType.ClientCredentials, (Boolean) true).build();
        OAuthToken token = build.getToken();
        Client client = build.getClient();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        hashMap.put("client_id", IdUtil.toString(client.getId()));
        hashMap.put("client_secret", client.getClientSecret());
        assertSuccessfulIntrospectionResponse(target("/introspect").request().post(buildEntity(hashMap)), token);
    }

    @Test
    public void testTokenIntrospectByApplicationPeerClientInHeader() {
        ApplicationBuilder.ApplicationContext build = context.getBuilder().bearerToken("debug").client(ClientType.ClientCredentials, (Boolean) true).build();
        OAuthToken token = build.getToken();
        Client client = build.getClient();
        String authHeaderBasic = HttpUtil.authHeaderBasic(client.getId(), client.getClientSecret());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertSuccessfulIntrospectionResponse(target("/introspect").request().header("Authorization", authHeaderBasic).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testTokenIntrospectFromOtherApplicationInBody() {
        OAuthToken token = context.getBuilder().bearerToken("debug").build().getToken();
        Client client = otherContext.getClient();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        hashMap.put("client_id", IdUtil.toString(client.getId()));
        hashMap.put("client_secret", client.getClientSecret());
        assertInactiveIntrospectionResponse(target("/introspect").request().post(buildEntity(hashMap)));
    }

    @Test
    public void testTokenIntrospectFromOtherApplicationInHeader() {
        OAuthToken token = context.getBuilder().bearerToken("debug").build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertInactiveIntrospectionResponse(target("/introspect").request().header("Authorization", otherContextAuthHeader).post(buildEntity(hashMap)));
    }

    @Test
    public void testDualAuthPasses() {
        ApplicationBuilder.ApplicationContext build = context.getBuilder().bearerToken("debug").build();
        OAuthToken token = build.getToken();
        Client client = build.getClient();
        String authHeaderBasic = HttpUtil.authHeaderBasic(client.getId(), client.getClientSecret());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        hashMap.put("client_id", IdUtil.toString(client.getId()));
        hashMap.put("client_secret", client.getClientSecret());
        assertSuccessfulIntrospectionResponse(target("/introspect").request().header("Authorization", authHeaderBasic).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testTokenAuthWithBodyClientAuth() {
        ApplicationBuilder.ApplicationContext build = context.getBuilder().bearerToken("debug").build();
        OAuthToken token = build.getToken();
        Client client = build.getClient();
        String authHeaderBearer = HttpUtil.authHeaderBearer(token.getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        hashMap.put("client_id", IdUtil.toString(client.getId()));
        hashMap.put("client_secret", client.getClientSecret());
        assertErrorResponse(target("/introspect").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), Response.Status.UNAUTHORIZED, "access_denied");
    }
}
