package net.krotscheck.kangaroo.authz.oauth2.rfc7009;

import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import net.krotscheck.kangaroo.authz.common.authenticator.AuthenticatorType;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.common.database.entity.ClientType;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthToken;
import net.krotscheck.kangaroo.authz.oauth2.OAuthAPI;
import net.krotscheck.kangaroo.authz.test.ApplicationBuilder;
import net.krotscheck.kangaroo.common.hibernate.id.IdUtil;
import net.krotscheck.kangaroo.common.hibernate.id.MalformedIdException;
import net.krotscheck.kangaroo.test.jersey.ContainerTest;
import net.krotscheck.kangaroo.test.jersey.SingletonTestContainerFactory;
import net.krotscheck.kangaroo.test.rule.TestDataResource;
import net.krotscheck.kangaroo.test.runner.SingleInstanceTestRunner;
import net.krotscheck.kangaroo.util.HttpUtil;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.test.spi.TestContainerException;
import org.glassfish.jersey.test.spi.TestContainerFactory;
import org.hibernate.Session;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.rules.TestRule;
import org.junit.runner.RunWith;

@RunWith(SingleInstanceTestRunner.class)
/* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/rfc7009/TokenRevocationTest.class */
public class TokenRevocationTest extends ContainerTest {
    private static ApplicationBuilder.ApplicationContext context;
    private static ApplicationBuilder.ApplicationContext otherContext;

    @ClassRule
    public static final TestRule TEST_DATA_RULE = new TestDataResource(HIBERNATE_RESOURCE) { // from class: net.krotscheck.kangaroo.authz.oauth2.rfc7009.TokenRevocationTest.1
        protected void loadTestData(Session session) {
            ApplicationBuilder.ApplicationContext unused = TokenRevocationTest.context = ApplicationBuilder.newApplication(session).scope("debug").scope("debug1").role("test", new String[]{"debug"}).client(ClientType.ClientCredentials, (Boolean) true).authenticator(AuthenticatorType.Test).redirect("http://www.example.com/").user().identity().claim("one", "claim").claim("two", "claim").bearerToken().build();
            ApplicationBuilder.ApplicationContext unused2 = TokenRevocationTest.otherContext = ApplicationBuilder.newApplication(session).scope("debug").scope("debug1").role("test", new String[]{"debug"}).client(ClientType.AuthorizationGrant, (Boolean) true).authenticator(AuthenticatorType.Test).redirect("http://www.example.com/").user().identity().claim("red", "claim").claim("blue", "claim").build();
        }
    };
    private SingletonTestContainerFactory testContainerFactory;
    private ResourceConfig testApplication;

    protected TestContainerFactory getTestContainerFactory() throws TestContainerException {
        if (this.testContainerFactory == null) {
            this.testContainerFactory = new SingletonTestContainerFactory(super.getTestContainerFactory(), getClass());
        }
        return this.testContainerFactory;
    }

    protected ResourceConfig createApplication() {
        if (this.testApplication == null) {
            this.testApplication = new OAuthAPI();
        }
        return this.testApplication;
    }

    private Entity buildEntity(Map<String, String> map) {
        Form form = new Form();
        form.getClass();
        map.forEach(form::param);
        return Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE);
    }

    private void assertValidRevocation(Response response, OAuthToken oAuthToken) {
        Assert.assertEquals(205L, response.getStatus());
        Session session = getSession();
        session.evict(oAuthToken);
        session.beginTransaction();
        OAuthToken oAuthToken2 = (OAuthToken) session.get(OAuthToken.class, oAuthToken.getId());
        session.getTransaction().commit();
        Assert.assertNull(oAuthToken2);
    }

    @Test
    public void testRevokeSelf() {
        OAuthToken token = otherContext.getBuilder().bearerToken("debug").build().getToken();
        String authHeaderBearer = HttpUtil.authHeaderBearer(token.getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testRevokeOtherBearerSameUser() {
        OAuthToken token = otherContext.getBuilder().bearerToken("debug").build().getToken();
        OAuthToken token2 = otherContext.getBuilder().bearerToken("debug").build().getToken();
        String authHeaderBearer = HttpUtil.authHeaderBearer(token.getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token2.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), token2);
    }

    @Test
    public void testRevokeOtherBearerDifferentUser() {
        OAuthToken token = otherContext.getBuilder().bearerToken("debug").build().getToken();
        OAuthToken token2 = otherContext.getBuilder().user().identity().bearerToken("debug").build().getToken();
        String authHeaderBearer = HttpUtil.authHeaderBearer(token.getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token2.getId()));
        assertErrorResponse(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), new NotFoundException());
    }

    @Test
    public void testRevokeMalformed() {
        String authHeaderBearer = HttpUtil.authHeaderBearer(otherContext.getBuilder().bearerToken("debug").build().getToken().getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", "malformed_token");
        assertErrorResponse(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), new MalformedIdException());
    }

    @Test
    public void testRevokeNonexistent() {
        String authHeaderBearer = HttpUtil.authHeaderBearer(otherContext.getBuilder().bearerToken("debug").build().getToken().getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(IdUtil.next()));
        assertErrorResponse(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), new NotFoundException());
    }

    @Test
    public void testRevokeOwnRefresh() {
        ApplicationBuilder.ApplicationContext build = otherContext.getBuilder().bearerToken("debug").build();
        OAuthToken token = build.getToken();
        OAuthToken token2 = build.getBuilder().refreshToken().build().getToken();
        String authHeaderBearer = HttpUtil.authHeaderBearer(token.getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token2.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), token2);
    }

    @Test
    public void testRevokeOtherRefreshSameUser() {
        OAuthToken token = otherContext.getBuilder().bearerToken("debug").build().getToken();
        OAuthToken token2 = otherContext.getBuilder().bearerToken("debug").refreshToken().build().getToken();
        String authHeaderBearer = HttpUtil.authHeaderBearer(token.getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token2.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), token2);
    }

    @Test
    public void testRevokeOtherRefreshDifferentUser() {
        OAuthToken token = otherContext.getBuilder().bearerToken("debug").build().getToken();
        OAuthToken token2 = otherContext.getBuilder().user().identity().bearerToken("debug").refreshToken().build().getToken();
        String authHeaderBearer = HttpUtil.authHeaderBearer(token.getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token2.getId()));
        assertErrorResponse(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), new NotFoundException());
    }

    @Test
    public void testRevokeOtherAuthorizationCodeSameUser() {
        OAuthToken token = otherContext.getBuilder().bearerToken("debug").build().getToken();
        OAuthToken token2 = otherContext.getBuilder().authToken().build().getToken();
        String authHeaderBearer = HttpUtil.authHeaderBearer(token.getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token2.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), token2);
    }

    @Test
    public void testRevokeOtherAuthorizationCodeDifferentUser() {
        OAuthToken token = otherContext.getBuilder().bearerToken("debug").build().getToken();
        OAuthToken token2 = otherContext.getBuilder().user().identity().authToken().build().getToken();
        String authHeaderBearer = HttpUtil.authHeaderBearer(token.getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token2.getId()));
        assertErrorResponse(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), new NotFoundException());
    }

    @Test
    public void testRevokeBearerBySameClient() {
        Client client = context.getClient();
        String authHeaderBasic = HttpUtil.authHeaderBasic(client.getId(), client.getClientSecret());
        OAuthToken token = context.getBuilder().bearerToken("debug").build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBasic).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testRevokeMalformedByClient() {
        Client client = context.getClient();
        String authHeaderBasic = HttpUtil.authHeaderBasic(client.getId(), client.getClientSecret());
        HashMap hashMap = new HashMap();
        hashMap.put("token", "malformed_token");
        assertErrorResponse(target("/revoke").request().header("Authorization", authHeaderBasic).post(buildEntity(hashMap)), new MalformedIdException());
    }

    @Test
    public void testRevokeInvalidByClient() {
        Client client = context.getClient();
        String authHeaderBasic = HttpUtil.authHeaderBasic(client.getId(), client.getClientSecret());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(IdUtil.next()));
        assertErrorResponse(target("/revoke").request().header("Authorization", authHeaderBasic).post(buildEntity(hashMap)), new NotFoundException());
    }

    @Test
    public void testRevokeBearerByOtherClient() {
        Client client = context.getClient();
        String authHeaderBasic = HttpUtil.authHeaderBasic(client.getId(), client.getClientSecret());
        OAuthToken token = context.getBuilder().client(ClientType.Implicit).bearerToken("debug").build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBasic).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testRevokeRefreshBySameClient() {
        Client client = context.getClient();
        String authHeaderBasic = HttpUtil.authHeaderBasic(client.getId(), client.getClientSecret());
        OAuthToken token = context.getBuilder().bearerToken("debug").refreshToken().build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBasic).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testRevokeRefreshByOtherClient() {
        Client client = context.getClient();
        String authHeaderBasic = HttpUtil.authHeaderBasic(client.getId(), client.getClientSecret());
        OAuthToken token = context.getBuilder().client(ClientType.Implicit).bearerToken("debug").refreshToken().build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBasic).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testRevokeAuthCodeBySameClient() {
        Client client = context.getClient();
        String authHeaderBasic = HttpUtil.authHeaderBasic(client.getId(), client.getClientSecret());
        OAuthToken token = context.getBuilder().authToken().build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBasic).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testRevokeAuthCodeByOtherClient() {
        Client client = context.getClient();
        String authHeaderBasic = HttpUtil.authHeaderBasic(client.getId(), client.getClientSecret());
        OAuthToken token = context.getBuilder().client(ClientType.Implicit).authToken().build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBasic).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testRevokeBearerBySamePrivateClient() {
        ApplicationBuilder.ApplicationContext build = context.getBuilder().client(ClientType.AuthorizationGrant, (Boolean) true).bearerToken("debug").build();
        Client client = build.getClient();
        String authHeaderBasic = HttpUtil.authHeaderBasic(client.getId(), client.getClientSecret());
        OAuthToken token = build.getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBasic).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testRevokeMalformedByPrivateClient() {
        Client client = context.getBuilder().client(ClientType.AuthorizationGrant, (Boolean) true).build().getClient();
        String authHeaderBasic = HttpUtil.authHeaderBasic(client.getId(), client.getClientSecret());
        HashMap hashMap = new HashMap();
        hashMap.put("token", "malformed_token");
        assertErrorResponse(target("/revoke").request().header("Authorization", authHeaderBasic).post(buildEntity(hashMap)), new MalformedIdException());
    }

    @Test
    public void testRevokeInvalidByPrivateClient() {
        Client client = context.getBuilder().client(ClientType.AuthorizationGrant, (Boolean) true).build().getClient();
        String authHeaderBasic = HttpUtil.authHeaderBasic(client.getId(), client.getClientSecret());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(IdUtil.next()));
        assertErrorResponse(target("/revoke").request().header("Authorization", authHeaderBasic).post(buildEntity(hashMap)), new NotFoundException());
    }

    @Test
    public void testRevokeBearerBySameClientToken() {
        context.getClient();
        String authHeaderBearer = HttpUtil.authHeaderBearer(context.getToken().getId());
        OAuthToken token = context.getBuilder().bearerToken("debug").build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testRevokeMalformedByClientToken() {
        String authHeaderBearer = HttpUtil.authHeaderBearer(context.getToken().getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", "malformed_token");
        assertErrorResponse(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), new MalformedIdException());
    }

    @Test
    public void testRevokeInvalidByClientToken() {
        context.getClient();
        String authHeaderBearer = HttpUtil.authHeaderBearer(context.getToken().getId());
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(IdUtil.next()));
        assertErrorResponse(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), new NotFoundException());
    }

    @Test
    public void testRevokeBearerByOtherClientToken() {
        context.getClient();
        String authHeaderBearer = HttpUtil.authHeaderBearer(context.getToken().getId());
        OAuthToken token = context.getBuilder().client(ClientType.Implicit).bearerToken("debug").build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testRevokeRefreshBySameClientToken() {
        context.getClient();
        String authHeaderBearer = HttpUtil.authHeaderBearer(context.getToken().getId());
        OAuthToken token = context.getBuilder().bearerToken("debug").refreshToken().build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testRevokeRefreshByOtherClientToken() {
        context.getClient();
        String authHeaderBearer = HttpUtil.authHeaderBearer(context.getToken().getId());
        OAuthToken token = context.getBuilder().client(ClientType.Implicit).bearerToken("debug").refreshToken().build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testRevokeAuthCodeBySameClientToken() {
        context.getClient();
        String authHeaderBearer = HttpUtil.authHeaderBearer(context.getToken().getId());
        OAuthToken token = context.getBuilder().authToken().build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testRevokeAuthCodeByOtherClientToken() {
        context.getClient();
        String authHeaderBearer = HttpUtil.authHeaderBearer(context.getToken().getId());
        OAuthToken token = context.getBuilder().client(ClientType.Implicit).authToken().build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertValidRevocation(target("/revoke").request().header("Authorization", authHeaderBearer).post(buildEntity(hashMap)), token);
    }

    @Test
    public void testRevokeRefreshByDifferentApplication() {
        Client client = context.getClient();
        String authHeaderBasic = HttpUtil.authHeaderBasic(client.getId(), client.getClientSecret());
        OAuthToken token = otherContext.getBuilder().bearerToken().refreshToken().build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertErrorResponse(target("/revoke").request().header("Authorization", authHeaderBasic).post(buildEntity(hashMap)), new NotFoundException());
    }

    @Test
    public void testRevokeBearerByDifferentApplication() {
        Client client = context.getClient();
        String authHeaderBasic = HttpUtil.authHeaderBasic(client.getId(), client.getClientSecret());
        OAuthToken token = otherContext.getBuilder().bearerToken().build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertErrorResponse(target("/revoke").request().header("Authorization", authHeaderBasic).post(buildEntity(hashMap)), new NotFoundException());
    }

    @Test
    public void testRevokeAuthCodeByDifferentApplication() {
        Client client = context.getClient();
        String authHeaderBasic = HttpUtil.authHeaderBasic(client.getId(), client.getClientSecret());
        OAuthToken token = otherContext.getBuilder().authToken().build().getToken();
        HashMap hashMap = new HashMap();
        hashMap.put("token", IdUtil.toString(token.getId()));
        assertErrorResponse(target("/revoke").request().header("Authorization", authHeaderBasic).post(buildEntity(hashMap)), new NotFoundException());
    }
}
