package net.krotscheck.kangaroo.authz.oauth2.rfc6749;

import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.common.database.entity.ClientType;
import net.krotscheck.kangaroo.authz.oauth2.resource.TokenResponseEntity;
import net.krotscheck.kangaroo.authz.test.ApplicationBuilder;
import net.krotscheck.kangaroo.common.exception.ErrorResponseBuilder;
import net.krotscheck.kangaroo.common.hibernate.id.IdUtil;
import net.krotscheck.kangaroo.test.rule.TestDataResource;
import net.krotscheck.kangaroo.util.HttpUtil;
import org.hibernate.Session;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.rules.TestRule;

/* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/rfc6749/Section440ClientCredentialsTest.class */
public final class Section440ClientCredentialsTest extends AbstractRFC6749Test {
    private static ApplicationBuilder.ApplicationContext context;
    private static ApplicationBuilder.ApplicationContext authContext;
    private static String authHeader;

    @ClassRule
    public static final TestRule TEST_DATA_RULE = new TestDataResource(HIBERNATE_RESOURCE) { // from class: net.krotscheck.kangaroo.authz.oauth2.rfc6749.Section440ClientCredentialsTest.1
        protected void loadTestData(Session session) {
            ApplicationBuilder.ApplicationContext unused = Section440ClientCredentialsTest.context = ApplicationBuilder.newApplication(session).scope("debug").client(ClientType.ClientCredentials, (Boolean) false).build();
            ApplicationBuilder.ApplicationContext unused2 = Section440ClientCredentialsTest.authContext = ApplicationBuilder.newApplication(session).scope("debug").client(ClientType.ClientCredentials, (Boolean) true).build();
            String unused3 = Section440ClientCredentialsTest.authHeader = HttpUtil.authHeaderBasic(Section440ClientCredentialsTest.authContext.getClient().getId(), Section440ClientCredentialsTest.authContext.getClient().getClientSecret());
        }
    };

    @Test
    public void testTokenSimpleRequest() {
        Client client = authContext.getClient();
        Form form = new Form();
        form.param("client_id", IdUtil.toString(client.getId()));
        form.param("client_secret", client.getClientSecret());
        form.param("grant_type", "client_credentials");
        Response post = target("/token").request().post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE));
        Assert.assertEquals(Response.Status.OK.getStatusCode(), post.getStatus());
        Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, post.getMediaType());
        TokenResponseEntity tokenResponseEntity = (TokenResponseEntity) post.readEntity(TokenResponseEntity.class);
        assertValidBearerToken(tokenResponseEntity, false);
        Assert.assertNull(tokenResponseEntity.getScope());
    }

    @Test
    public void testBadPassword() {
        Client client = authContext.getClient();
        Form form = new Form();
        form.param("client_id", IdUtil.toString(client.getId()));
        form.param("client_secret", "invalid_secret");
        form.param("grant_type", "client_credentials");
        Response post = target("/token").request().post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE));
        Assert.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), post.getStatus());
        Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, post.getMediaType());
        ErrorResponseBuilder.ErrorResponse errorResponse = (ErrorResponseBuilder.ErrorResponse) post.readEntity(ErrorResponseBuilder.ErrorResponse.class);
        Assert.assertEquals("access_denied", errorResponse.getError());
        Assert.assertNotNull(errorResponse.getErrorDescription());
    }

    @Test
    public void testTokenNoClientId() {
        Form form = new Form();
        form.param("grant_type", "client_credentials");
        Response post = target("/token").request().post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE));
        Assert.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), post.getStatus());
        Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, post.getMediaType());
        ErrorResponseBuilder.ErrorResponse errorResponse = (ErrorResponseBuilder.ErrorResponse) post.readEntity(ErrorResponseBuilder.ErrorResponse.class);
        Assert.assertEquals("access_denied", errorResponse.getError());
        Assert.assertNotNull(errorResponse.getErrorDescription());
    }

    @Test
    public void testTokenNoGrant() {
        Client client = authContext.getClient();
        Form form = new Form();
        form.param("client_id", IdUtil.toString(client.getId()));
        form.param("client_secret", client.getClientSecret());
        Response post = target("/token").request().post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE));
        Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), post.getStatus());
        Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, post.getMediaType());
        ErrorResponseBuilder.ErrorResponse errorResponse = (ErrorResponseBuilder.ErrorResponse) post.readEntity(ErrorResponseBuilder.ErrorResponse.class);
        Assert.assertEquals("invalid_grant", errorResponse.getError());
        Assert.assertNotNull(errorResponse.getErrorDescription());
    }

    @Test
    public void testTokenAuthHeaderValid() {
        authContext.getClient();
        Form form = new Form();
        form.param("grant_type", "client_credentials");
        form.param("scope", "debug");
        Response post = target("/token").request().header("Authorization", authHeader).post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE));
        Assert.assertEquals(Response.Status.OK.getStatusCode(), post.getStatus());
        Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, post.getMediaType());
        TokenResponseEntity tokenResponseEntity = (TokenResponseEntity) post.readEntity(TokenResponseEntity.class);
        assertValidBearerToken(tokenResponseEntity, false);
        Assert.assertEquals("debug", tokenResponseEntity.getScope());
    }

    @Test
    public void testTokenAuthHeaderMismatchClientId() {
        Form form = new Form();
        form.param("client_id", IdUtil.toString(context.getClient().getId()));
        form.param("grant_type", "client_credentials");
        Response post = target("/token").request().header("Authorization", authHeader).post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE));
        Assert.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), post.getStatus());
        Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, post.getMediaType());
        ErrorResponseBuilder.ErrorResponse errorResponse = (ErrorResponseBuilder.ErrorResponse) post.readEntity(ErrorResponseBuilder.ErrorResponse.class);
        Assert.assertEquals("access_denied", errorResponse.getError());
        Assert.assertNotNull(errorResponse.getErrorDescription());
    }

    @Test
    public void testTokenAuthHeaderValidNoExplicitClientId() {
        Form form = new Form();
        form.param("grant_type", "client_credentials");
        Response post = target("/token").request().header("Authorization", authHeader).post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE));
        Assert.assertEquals(Response.Status.OK.getStatusCode(), post.getStatus());
        Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, post.getMediaType());
        assertValidBearerToken((TokenResponseEntity) post.readEntity(TokenResponseEntity.class), false);
    }

    @Test
    public void testTokenAuthHeaderInvalid() {
        Client client = authContext.getClient();
        String authHeaderBasic = HttpUtil.authHeaderBasic(client.getId(), "badsecret");
        Form form = new Form();
        form.param("client_id", IdUtil.toString(client.getId()));
        form.param("grant_type", "client_credentials");
        Response post = target("/token").request().header("Authorization", authHeaderBasic).post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE));
        Assert.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), post.getStatus());
        Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, post.getMediaType());
        ErrorResponseBuilder.ErrorResponse errorResponse = (ErrorResponseBuilder.ErrorResponse) post.readEntity(ErrorResponseBuilder.ErrorResponse.class);
        Assert.assertEquals("access_denied", errorResponse.getError());
        Assert.assertNotNull(errorResponse.getErrorDescription());
    }

    @Test
    public void testTokenAuthBothMethods() {
        Client client = authContext.getClient();
        Form form = new Form();
        form.param("client_id", IdUtil.toString(client.getId()));
        form.param("client_secret", client.getClientSecret());
        form.param("grant_type", "client_credentials");
        Response post = target("/token").request().header("Authorization", authHeader).post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE));
        Assert.assertEquals(Response.Status.OK.getStatusCode(), post.getStatus());
        Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, post.getMediaType());
        assertValidBearerToken((TokenResponseEntity) post.readEntity(TokenResponseEntity.class), false);
    }

    @Test
    public void testTokenInvalidGrantTypePassword() {
        Client client = authContext.getClient();
        Form form = new Form();
        form.param("client_id", IdUtil.toString(client.getId()));
        form.param("client_secret", client.getClientSecret());
        form.param("grant_type", "password");
        Response post = target("/token").request().post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE));
        Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), post.getStatus());
        Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, post.getMediaType());
        ErrorResponseBuilder.ErrorResponse errorResponse = (ErrorResponseBuilder.ErrorResponse) post.readEntity(ErrorResponseBuilder.ErrorResponse.class);
        Assert.assertEquals("invalid_grant", errorResponse.getError());
        Assert.assertNotNull(errorResponse.getErrorDescription());
    }

    @Test
    public void testTokenInvalidGrantTypeRefreshToken() {
        Client client = authContext.getClient();
        Form form = new Form();
        form.param("client_id", IdUtil.toString(client.getId()));
        form.param("client_secret", client.getClientSecret());
        form.param("grant_type", "refresh_token");
        Response post = target("/token").request().post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE));
        Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), post.getStatus());
        Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, post.getMediaType());
        ErrorResponseBuilder.ErrorResponse errorResponse = (ErrorResponseBuilder.ErrorResponse) post.readEntity(ErrorResponseBuilder.ErrorResponse.class);
        Assert.assertEquals("invalid_grant", errorResponse.getError());
        Assert.assertNotNull(errorResponse.getErrorDescription());
    }

    @Test
    public void testTokenUnknownGrantType() {
        Client client = authContext.getClient();
        Form form = new Form();
        form.param("client_id", IdUtil.toString(client.getId()));
        form.param("client_secret", client.getClientSecret());
        form.param("grant_type", "unknown_grant_type");
        Response post = target("/token").request().post(Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE));
        Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), post.getStatus());
        Assert.assertEquals(MediaType.APPLICATION_JSON_TYPE, post.getMediaType());
        ErrorResponseBuilder.ErrorResponse errorResponse = (ErrorResponseBuilder.ErrorResponse) post.readEntity(ErrorResponseBuilder.ErrorResponse.class);
        Assert.assertEquals("invalid_grant", errorResponse.getError());
        Assert.assertNotNull(errorResponse.getErrorDescription());
    }
}
