package net.krotscheck.kangaroo.authz.oauth2.authn.authn;

import java.util.HashMap;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import net.krotscheck.kangaroo.authz.admin.v1.servlet.FirstRunContainerLifecycleListener;
import net.krotscheck.kangaroo.authz.admin.v1.servlet.ServletConfigFactory;
import net.krotscheck.kangaroo.authz.admin.v1.test.rule.TestDataResource;
import net.krotscheck.kangaroo.authz.common.database.DatabaseFeature;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.common.database.entity.ClientType;
import net.krotscheck.kangaroo.authz.oauth2.authn.O2AuthDynamicFeature;
import net.krotscheck.kangaroo.authz.test.ApplicationBuilder;
import net.krotscheck.kangaroo.common.config.ConfigurationFeature;
import net.krotscheck.kangaroo.common.exception.ExceptionFeature;
import net.krotscheck.kangaroo.common.hibernate.id.IdUtil;
import net.krotscheck.kangaroo.test.jersey.ContainerTest;
import org.glassfish.jersey.server.ResourceConfig;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/authn/authn/O2ClientBodyFilterTest.class */
public final class O2ClientBodyFilterTest extends ContainerTest {

    @ClassRule
    public static final TestDataResource TEST_DATA_RESOURCE = new TestDataResource(HIBERNATE_RESOURCE);

    protected ResourceConfig createApplication() {
        ResourceConfig resourceConfig = new ResourceConfig();
        resourceConfig.register(ConfigurationFeature.class);
        resourceConfig.register(DatabaseFeature.class);
        resourceConfig.register(ExceptionFeature.class);
        resourceConfig.register(new ServletConfigFactory.Binder());
        resourceConfig.register(new FirstRunContainerLifecycleListener.Binder());
        resourceConfig.register(O2AuthDynamicFeature.class);
        resourceConfig.register(O2TestResource.class);
        return resourceConfig;
    }

    @Test
    public void testNoBody() {
        Assert.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), target("/client").request().post(Entity.entity(new Form(), MediaType.APPLICATION_FORM_URLENCODED_TYPE)).getStatus());
    }

    @Test
    public void testNoClientAuthParams() {
        Form form = new Form();
        form.param("hello", "world");
        form.param("hello", "kitty");
        Assert.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), target("/client").request().post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE)).getStatus());
    }

    @Test
    public void testInvalidBodyEncodingType() {
        Client client = TEST_DATA_RESOURCE.getAdminApplication().getClient();
        HashMap hashMap = new HashMap();
        hashMap.put("client_id", IdUtil.toString(client.getId()));
        hashMap.put("client_secret", client.getClientSecret());
        Assert.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), target("/client").request().post(Entity.entity(hashMap, MediaType.APPLICATION_JSON_TYPE)).getStatus());
    }

    @Test
    public void testMalformedClientId() {
        new Form().param("client_id", "malformed client id");
        Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), target("/client").request().post(Entity.entity(r0, MediaType.APPLICATION_FORM_URLENCODED_TYPE)).getStatus());
    }

    @Test
    public void testNonexistentClientId() {
        new Form().param("client_id", IdUtil.toString(IdUtil.next()));
        Assert.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), target("/client").request().post(Entity.entity(r0, MediaType.APPLICATION_FORM_URLENCODED_TYPE)).getStatus());
    }

    @Test
    public void testBadSecret() {
        Client client = TEST_DATA_RESOURCE.getAdminApplication().getBuilder().client(ClientType.AuthorizationGrant, (Boolean) true).build().getClient();
        Assert.assertTrue(client.isPrivate().booleanValue());
        Form form = new Form();
        form.param("client_id", IdUtil.toString(client.getId()));
        form.param("client_secret", "bad_secret");
        Assert.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), target("/client").request().post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE)).getStatus());
    }

    @Test
    public void testDuplicateClientIds() {
        ApplicationBuilder builder = TEST_DATA_RESOURCE.getAdminApplication().getBuilder();
        Client client = builder.client(ClientType.AuthorizationGrant, (Boolean) true).build().getClient();
        Client client2 = builder.client(ClientType.AuthorizationGrant, (Boolean) true).build().getClient();
        Form form = new Form();
        form.param("client_id", IdUtil.toString(client.getId()));
        form.param("client_id", IdUtil.toString(client2.getId()));
        form.param("client_secret", client.getClientSecret());
        Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), target("/client").request().post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE)).getStatus());
    }

    @Test
    public void testDuplicateClientSecrets() {
        Client client = TEST_DATA_RESOURCE.getAdminApplication().getBuilder().client(ClientType.AuthorizationGrant, (Boolean) true).build().getClient();
        Form form = new Form();
        form.param("client_id", IdUtil.toString(client.getId()));
        form.param("client_secret", client.getClientSecret());
        form.param("client_secret", client.getClientSecret());
        Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), target("/client").request().post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE)).getStatus());
    }

    @Test
    public void testPublicClient() {
        Client client = TEST_DATA_RESOURCE.getAdminApplication().getBuilder().client(ClientType.AuthorizationGrant, (Boolean) false).build().getClient();
        new Form().param("client_id", IdUtil.toString(client.getId()));
        Assert.assertEquals(Response.Status.OK.getStatusCode(), target("/client").request().post(Entity.entity(r0, MediaType.APPLICATION_FORM_URLENCODED_TYPE)).getStatus());
    }

    @Test
    public void testPublicClientNotPermitted() {
        Client client = TEST_DATA_RESOURCE.getAdminApplication().getBuilder().client(ClientType.AuthorizationGrant, (Boolean) false).build().getClient();
        new Form().param("client_id", IdUtil.toString(client.getId()));
        Assert.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), target("/client/private").request().post(Entity.entity(r0, MediaType.APPLICATION_FORM_URLENCODED_TYPE)).getStatus());
    }

    @Test
    public void testPrivateClient() {
        Client client = TEST_DATA_RESOURCE.getAdminApplication().getBuilder().client(ClientType.AuthorizationGrant, (Boolean) true).build().getClient();
        Form form = new Form();
        form.param("client_id", IdUtil.toString(client.getId()));
        form.param("client_secret", client.getClientSecret());
        Assert.assertEquals(Response.Status.OK.getStatusCode(), target("/client").request().post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE)).getStatus());
    }

    @Test
    public void testPrivateClientNotPermitted() {
        Client client = TEST_DATA_RESOURCE.getAdminApplication().getBuilder().client(ClientType.AuthorizationGrant, (Boolean) true).build().getClient();
        Form form = new Form();
        form.param("client_id", IdUtil.toString(client.getId()));
        form.param("client_secret", client.getClientSecret());
        Assert.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), target("/client/public").request().post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE)).getStatus());
    }

    @Test
    public void testPUTClient() {
        Client client = TEST_DATA_RESOURCE.getAdminApplication().getBuilder().client(ClientType.AuthorizationGrant, (Boolean) true).build().getClient();
        Form form = new Form();
        form.param("client_id", IdUtil.toString(client.getId()));
        form.param("client_secret", client.getClientSecret());
        Assert.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), target("/client").request().put(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE)).getStatus());
    }
}
