package org.keycloak.testsuite.oauth;

import java.io.UnsupportedEncodingException;
import java.security.Security;
import java.util.LinkedList;
import java.util.List;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.jose.jws.JWSHeader;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.saml.AbstractSamlTest;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.RealmManager;
import org.keycloak.testsuite.util.TokenSignatureUtil;
import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.testsuite.util.UserManager;

/* loaded from: input_file:org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.class */
public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakTest {
    private static String userId;
    private static String userId2;
    private static String userIdMultipleOTPs;
    private final TimeBasedOTP totp = new TimeBasedOTP();

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void beforeAbstractKeycloakTest() throws Exception {
        super.beforeAbstractKeycloakTest();
        if (Security.getProvider("BC") == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        RealmBuilder testEventListener = RealmBuilder.create().name("test").privateKey(AbstractSamlTest.REALM_PRIVATE_KEY).publicKey(AbstractSamlTest.REALM_PUBLIC_KEY).testEventListener();
        testEventListener.client(ClientBuilder.create().id(KeycloakModelUtils.generateId()).clientId("resource-owner").directAccessGrants().secret("secret").build());
        testEventListener.client(ClientBuilder.create().id(KeycloakModelUtils.generateId()).clientId("resource-owner-public").directAccessGrants().publicClient().build());
        ClientRepresentation build = ClientBuilder.create().id(KeycloakModelUtils.generateId()).clientId("resource-owner-refresh").directAccessGrants().secret("secret").build();
        OIDCAdvancedConfigWrapper.fromClientRepresentation(build).setUseRefreshToken(false);
        testEventListener.client(build);
        testEventListener.user(UserBuilder.create().id(KeycloakModelUtils.generateId()).username(AssertEvents.DEFAULT_USERNAME).password("password"));
        userId = KeycloakModelUtils.generateId();
        testEventListener.user(UserBuilder.create().id(userId).username("direct-login").email("direct-login@localhost").password("password").build());
        userId2 = KeycloakModelUtils.generateId();
        testEventListener.user(UserBuilder.create().id(userId2).username("direct-login-otp").password("password").totpSecret("totpSecret").build());
        userIdMultipleOTPs = KeycloakModelUtils.generateId();
        UserBuilder userBuilder = UserBuilder.create().id(userIdMultipleOTPs).username("direct-login-multiple-otps").password("password").totpSecret("firstOTPIsPreferredCredential");
        for (int i = 2; i <= 10; i++) {
            userBuilder.totpSecret(String.format("%s-th OTP authenticator", Integer.valueOf(i)));
        }
        testEventListener.user(userBuilder.build());
        list.add(testEventListener.build());
    }

    @Test
    public void grantAccessTokenUsername() throws Exception {
        int authenticationSessionsCount = getAuthenticationSessionsCount();
        grantAccessToken("direct-login", "resource-owner");
        Assert.assertEquals(authenticationSessionsCount, getAuthenticationSessionsCount());
    }

    @Test
    public void grantAccessTokenEmail() throws Exception {
        grantAccessToken("direct-login@localhost", "resource-owner");
    }

    @Test
    public void grantAccessTokenPublic() throws Exception {
        grantAccessToken("direct-login", "resource-owner-public");
    }

    @Test
    public void grantAccessTokenWithTotp() throws Exception {
        grantAccessToken(userId2, "direct-login-otp", "resource-owner", this.totp.generateTOTP("totpSecret"));
    }

    @Test
    public void grantAccessTokenWithMultipleTotp() throws Exception {
        grantAccessToken(userIdMultipleOTPs, "direct-login-multiple-otps", "resource-owner", this.totp.generateTOTP("firstOTPIsPreferredCredential"));
        this.oauth.clientId("resource-owner");
        for (int i = 2; i <= 10; i++) {
            org.junit.Assert.assertEquals(401L, this.oauth.doGrantAccessTokenRequest("secret", "direct-login-multiple-otps", "password", this.totp.generateTOTP(String.format("%s-th OTP authenticator", Integer.valueOf(i)))).getStatusCode());
        }
    }

    @Test
    public void grantAccessTokenMissingTotp() throws Exception {
        this.oauth.clientId("resource-owner");
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("secret", "direct-login-otp", "password");
        org.junit.Assert.assertEquals(401L, doGrantAccessTokenRequest.getStatusCode());
        org.junit.Assert.assertEquals("invalid_grant", doGrantAccessTokenRequest.getError());
        this.events.expectLogin().client("resource-owner").session((String) null).clearDetails().error("invalid_user_credentials").user(userId2).assertEvent();
    }

    @Test
    public void grantAccessTokenInvalidTotp() throws Exception {
        int authenticationSessionsCount = getAuthenticationSessionsCount();
        this.oauth.clientId("resource-owner");
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("secret", "direct-login-otp", "password", this.totp.generateTOTP("totpSecret2"));
        org.junit.Assert.assertEquals(401L, doGrantAccessTokenRequest.getStatusCode());
        org.junit.Assert.assertEquals("invalid_grant", doGrantAccessTokenRequest.getError());
        this.events.expectLogin().client("resource-owner").session((String) null).clearDetails().error("invalid_user_credentials").user(userId2).assertEvent();
        Assert.assertEquals(authenticationSessionsCount, getAuthenticationSessionsCount());
    }

    private void grantAccessToken(String str, String str2) throws Exception {
        grantAccessToken(userId, str, str2, null);
    }

    private void grantAccessToken(String str, String str2, String str3, String str4) throws Exception {
        this.oauth.clientId(str3);
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("secret", str2, "password", str4);
        org.junit.Assert.assertEquals(200L, doGrantAccessTokenRequest.getStatusCode());
        AccessToken verifyToken = this.oauth.verifyToken(doGrantAccessTokenRequest.getAccessToken());
        RefreshToken parseRefreshToken = this.oauth.parseRefreshToken(doGrantAccessTokenRequest.getRefreshToken());
        this.events.expectLogin().client(str3).user(str).session(verifyToken.getSessionState()).detail("grant_type", "password").detail("token_id", verifyToken.getId()).detail("refresh_token_id", parseRefreshToken.getId()).detail("username", str2).removeDetail("code_id").removeDetail("redirect_uri").removeDetail("consent").assertEvent();
        Assert.assertTrue(str2.equals(verifyToken.getPreferredUsername()) || str2.equals(verifyToken.getEmail()));
        org.junit.Assert.assertEquals(verifyToken.getSessionState(), parseRefreshToken.getSessionState());
        OAuthClient.AccessTokenResponse doRefreshTokenRequest = this.oauth.doRefreshTokenRequest(doGrantAccessTokenRequest.getRefreshToken(), "secret");
        AccessToken verifyToken2 = this.oauth.verifyToken(doRefreshTokenRequest.getAccessToken());
        RefreshToken parseRefreshToken2 = this.oauth.parseRefreshToken(doRefreshTokenRequest.getRefreshToken());
        org.junit.Assert.assertEquals(verifyToken.getSessionState(), verifyToken2.getSessionState());
        org.junit.Assert.assertEquals(verifyToken.getSessionState(), parseRefreshToken2.getSessionState());
        this.events.expectRefresh(parseRefreshToken.getId(), parseRefreshToken.getSessionState()).user(str).client(str3).assertEvent();
    }

    @Test
    public void grantRequest_ClientES256_RealmPS256() throws Exception {
        conductGrantRequest("HS256", "ES256", "PS256");
    }

    @Test
    public void grantRequest_ClientPS256_RealmES256() throws Exception {
        conductGrantRequest("HS256", "PS256", "ES256");
    }

    private void conductGrantRequest(String str, String str2, String str3) throws Exception {
        try {
            TokenSignatureUtil.changeRealmTokenSignatureProvider(this.adminClient, str3);
            TokenSignatureUtil.changeClientAccessTokenSignatureProvider(ApiUtil.findClientByClientId(this.adminClient.realm("test"), "resource-owner"), str2);
            grantRequest(str, str2);
            TokenSignatureUtil.changeRealmTokenSignatureProvider(this.adminClient, "RS256");
            TokenSignatureUtil.changeClientAccessTokenSignatureProvider(ApiUtil.findClientByClientId(this.adminClient.realm("test"), "resource-owner"), "RS256");
        } catch (Throwable th) {
            TokenSignatureUtil.changeRealmTokenSignatureProvider(this.adminClient, "RS256");
            TokenSignatureUtil.changeClientAccessTokenSignatureProvider(ApiUtil.findClientByClientId(this.adminClient.realm("test"), "resource-owner"), "RS256");
            throw th;
        }
    }

    private void grantRequest(String str, String str2) throws Exception {
        this.oauth.clientId("resource-owner");
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("secret", "direct-login", "password", (String) null);
        org.junit.Assert.assertEquals(200L, doGrantAccessTokenRequest.getStatusCode());
        AccessToken verifyToken = this.oauth.verifyToken(doGrantAccessTokenRequest.getAccessToken());
        RefreshToken parseRefreshToken = this.oauth.parseRefreshToken(doGrantAccessTokenRequest.getRefreshToken());
        JWSHeader header = new JWSInput(doGrantAccessTokenRequest.getAccessToken()).getHeader();
        org.junit.Assert.assertEquals(str2, header.getAlgorithm().name());
        org.junit.Assert.assertEquals("JWT", header.getType());
        org.junit.Assert.assertNull(header.getContentType());
        JWSHeader header2 = new JWSInput(doGrantAccessTokenRequest.getRefreshToken()).getHeader();
        org.junit.Assert.assertEquals(str, header2.getAlgorithm().name());
        org.junit.Assert.assertEquals("JWT", header2.getType());
        org.junit.Assert.assertNull(header2.getContentType());
        this.events.expectLogin().client("resource-owner").user(userId).session(verifyToken.getSessionState()).detail("grant_type", "password").detail("token_id", verifyToken.getId()).detail("refresh_token_id", parseRefreshToken.getId()).detail("username", "direct-login").removeDetail("code_id").removeDetail("redirect_uri").removeDetail("consent").assertEvent();
        Assert.assertTrue("direct-login".equals(verifyToken.getPreferredUsername()) || "direct-login".equals(verifyToken.getEmail()));
        org.junit.Assert.assertEquals(verifyToken.getSessionState(), parseRefreshToken.getSessionState());
        OAuthClient.AccessTokenResponse doRefreshTokenRequest = this.oauth.doRefreshTokenRequest(doGrantAccessTokenRequest.getRefreshToken(), "secret");
        AccessToken verifyToken2 = this.oauth.verifyToken(doRefreshTokenRequest.getAccessToken());
        RefreshToken parseRefreshToken2 = this.oauth.parseRefreshToken(doRefreshTokenRequest.getRefreshToken());
        org.junit.Assert.assertEquals(verifyToken.getSessionState(), verifyToken2.getSessionState());
        org.junit.Assert.assertEquals(verifyToken.getSessionState(), parseRefreshToken2.getSessionState());
        this.events.expectRefresh(parseRefreshToken.getId(), parseRefreshToken.getSessionState()).user(userId).client("resource-owner").assertEvent();
    }

    @Test
    public void grantAccessTokenLogout() throws Exception {
        this.oauth.clientId("resource-owner");
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("secret", AssertEvents.DEFAULT_USERNAME, "password");
        org.junit.Assert.assertEquals(200L, doGrantAccessTokenRequest.getStatusCode());
        AccessToken verifyToken = this.oauth.verifyToken(doGrantAccessTokenRequest.getAccessToken());
        RefreshToken parseRefreshToken = this.oauth.parseRefreshToken(doGrantAccessTokenRequest.getRefreshToken());
        this.events.expectLogin().client("resource-owner").session(verifyToken.getSessionState()).detail("grant_type", "password").detail("token_id", verifyToken.getId()).detail("refresh_token_id", parseRefreshToken.getId()).removeDetail("code_id").removeDetail("redirect_uri").removeDetail("consent").detail("client_auth_method", "client-secret").assertEvent();
        org.junit.Assert.assertEquals(204L, this.oauth.doLogout(doGrantAccessTokenRequest.getRefreshToken(), "secret").getStatusLine().getStatusCode());
        this.events.expectLogout(verifyToken.getSessionState()).client("resource-owner").removeDetail("redirect_uri").assertEvent();
        OAuthClient.AccessTokenResponse doRefreshTokenRequest = this.oauth.doRefreshTokenRequest(doGrantAccessTokenRequest.getRefreshToken(), "secret");
        org.junit.Assert.assertEquals(400L, doRefreshTokenRequest.getStatusCode());
        org.junit.Assert.assertEquals("invalid_grant", doRefreshTokenRequest.getError());
        this.events.expectRefresh(parseRefreshToken.getId(), parseRefreshToken.getSessionState()).client("resource-owner").removeDetail("token_id").removeDetail("updated_refresh_token_id").error("invalid_token").assertEvent();
    }

    @Test
    public void grantAccessTokenInvalidClientCredentials() throws Exception {
        this.oauth.clientId("resource-owner");
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("invalid", AssertEvents.DEFAULT_USERNAME, "password");
        org.junit.Assert.assertEquals(401L, doGrantAccessTokenRequest.getStatusCode());
        org.junit.Assert.assertEquals("unauthorized_client", doGrantAccessTokenRequest.getError());
        this.events.expectLogin().client("resource-owner").session((String) null).clearDetails().error("invalid_client_credentials").user((String) null).assertEvent();
    }

    @Test
    public void grantAccessTokenMissingClientCredentials() throws Exception {
        this.oauth.clientId("resource-owner");
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest((String) null, AssertEvents.DEFAULT_USERNAME, "password");
        org.junit.Assert.assertEquals(401L, doGrantAccessTokenRequest.getStatusCode());
        org.junit.Assert.assertEquals("unauthorized_client", doGrantAccessTokenRequest.getError());
        this.events.expectLogin().client("resource-owner").session((String) null).clearDetails().error("invalid_client_credentials").user((String) null).assertEvent();
    }

    @Test
    public void grantAccessTokenClientNotAllowed() throws Exception {
        ClientManager.realm(this.adminClient.realm("test")).clientId("resource-owner").directAccessGrant(false);
        this.oauth.clientId("resource-owner");
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("secret", AssertEvents.DEFAULT_USERNAME, "password");
        org.junit.Assert.assertEquals(400L, doGrantAccessTokenRequest.getStatusCode());
        org.junit.Assert.assertEquals("unauthorized_client", doGrantAccessTokenRequest.getError());
        this.events.expectLogin().client("resource-owner").session((String) null).clearDetails().error("not_allowed").user((String) null).assertEvent();
        ClientManager.realm(this.adminClient.realm("test")).clientId("resource-owner").directAccessGrant(true);
    }

    @Test
    public void grantAccessTokenVerifyEmail() throws Exception {
        int authenticationSessionsCount = getAuthenticationSessionsCount();
        RealmResource realm = this.adminClient.realm("test");
        RealmManager.realm(realm).verifyEmail(true);
        this.oauth.clientId("resource-owner");
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("secret", AssertEvents.DEFAULT_USERNAME, "password");
        org.junit.Assert.assertEquals(400L, doGrantAccessTokenRequest.getStatusCode());
        org.junit.Assert.assertEquals("invalid_grant", doGrantAccessTokenRequest.getError());
        org.junit.Assert.assertEquals("Account is not fully set up", doGrantAccessTokenRequest.getErrorDescription());
        this.events.expectLogin().client("resource-owner").session((String) null).clearDetails().error("resolve_required_actions").user((String) null).assertEvent();
        RealmManager.realm(realm).verifyEmail(false);
        UserManager.realm(realm).username(AssertEvents.DEFAULT_USERNAME).removeRequiredAction(UserModel.RequiredAction.VERIFY_EMAIL.toString());
        Assert.assertEquals(authenticationSessionsCount, getAuthenticationSessionsCount());
    }

    @Test
    public void grantAccessTokenVerifyEmailInvalidPassword() throws Exception {
        RealmResource realm = this.adminClient.realm("test");
        RealmManager.realm(realm).verifyEmail(true);
        this.oauth.clientId("resource-owner");
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("secret", AssertEvents.DEFAULT_USERNAME, "bad-password");
        org.junit.Assert.assertEquals(401L, doGrantAccessTokenRequest.getStatusCode());
        org.junit.Assert.assertEquals("invalid_grant", doGrantAccessTokenRequest.getError());
        org.junit.Assert.assertEquals("Invalid user credentials", doGrantAccessTokenRequest.getErrorDescription());
        this.events.expectLogin().client("resource-owner").session((String) null).detail("grant_type", "password").removeDetail("code_id").removeDetail("redirect_uri").removeDetail("consent").error("invalid_user_credentials").assertEvent();
        RealmManager.realm(realm).verifyEmail(false);
        UserManager.realm(realm).username(AssertEvents.DEFAULT_USERNAME).removeRequiredAction(UserModel.RequiredAction.VERIFY_EMAIL.toString());
    }

    @Test
    public void grantAccessTokenExpiredPassword() throws Exception {
        RealmResource realm = this.adminClient.realm("test");
        RealmManager.realm(realm).passwordPolicy("forceExpiredPasswordChange(1)");
        try {
            setTimeOffset(172800);
            this.oauth.clientId("resource-owner");
            OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("secret", AssertEvents.DEFAULT_USERNAME, "password");
            org.junit.Assert.assertEquals(400L, doGrantAccessTokenRequest.getStatusCode());
            org.junit.Assert.assertEquals("invalid_grant", doGrantAccessTokenRequest.getError());
            org.junit.Assert.assertEquals("Account is not fully set up", doGrantAccessTokenRequest.getErrorDescription());
            setTimeOffset(0);
            this.events.expectLogin().client("resource-owner").session((String) null).clearDetails().error("resolve_required_actions").user((String) null).assertEvent();
        } finally {
            RealmManager.realm(realm).passwordPolicy("");
            UserManager.realm(realm).username(AssertEvents.DEFAULT_USERNAME).removeRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString());
        }
    }

    @Test
    public void grantAccessTokenExpiredPasswordInvalidPassword() throws Exception {
        RealmResource realm = this.adminClient.realm("test");
        RealmManager.realm(realm).passwordPolicy("forceExpiredPasswordChange(1)");
        try {
            setTimeOffset(172800);
            this.oauth.clientId("resource-owner");
            OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("secret", AssertEvents.DEFAULT_USERNAME, "bad-password");
            org.junit.Assert.assertEquals(401L, doGrantAccessTokenRequest.getStatusCode());
            org.junit.Assert.assertEquals("invalid_grant", doGrantAccessTokenRequest.getError());
            org.junit.Assert.assertEquals("Invalid user credentials", doGrantAccessTokenRequest.getErrorDescription());
            this.events.expectLogin().client("resource-owner").session((String) null).detail("grant_type", "password").removeDetail("code_id").removeDetail("redirect_uri").removeDetail("consent").error("invalid_user_credentials").assertEvent();
        } finally {
            RealmManager.realm(realm).passwordPolicy("");
            UserManager.realm(realm).username(AssertEvents.DEFAULT_USERNAME).removeRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString());
        }
    }

    @Test
    public void grantAccessTokenInvalidUserCredentials() throws Exception {
        this.oauth.clientId("resource-owner");
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("secret", AssertEvents.DEFAULT_USERNAME, "invalid");
        org.junit.Assert.assertEquals(401L, doGrantAccessTokenRequest.getStatusCode());
        org.junit.Assert.assertEquals("invalid_grant", doGrantAccessTokenRequest.getError());
        org.junit.Assert.assertEquals("Invalid user credentials", doGrantAccessTokenRequest.getErrorDescription());
        this.events.expectLogin().client("resource-owner").session((String) null).detail("grant_type", "password").removeDetail("code_id").removeDetail("redirect_uri").removeDetail("consent").error("invalid_user_credentials").assertEvent();
    }

    @Test
    public void grantAccessTokenUserNotFound() throws Exception {
        this.oauth.clientId("resource-owner");
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("secret", "invalid", "invalid");
        org.junit.Assert.assertEquals(401L, doGrantAccessTokenRequest.getStatusCode());
        org.junit.Assert.assertEquals("invalid_grant", doGrantAccessTokenRequest.getError());
        this.events.expectLogin().client("resource-owner").user((String) null).session((String) null).detail("grant_type", "password").detail("username", "invalid").removeDetail("code_id").removeDetail("redirect_uri").removeDetail("consent").error("user_not_found").assertEvent();
    }

    @Test
    public void grantAccessTokenMissingGrantType() throws Exception {
        this.oauth.clientId("resource-owner");
        CloseableHttpClient build = HttpClientBuilder.create().build();
        Throwable th = null;
        try {
            HttpPost httpPost = new HttpPost(this.oauth.getResourceOwnerPasswordCredentialGrantUrl());
            httpPost.addHeader("Content-Type", "application/x-www-form-urlencoded");
            OAuthClient.AccessTokenResponse accessTokenResponse = new OAuthClient.AccessTokenResponse(build.execute(httpPost));
            org.junit.Assert.assertEquals(400L, accessTokenResponse.getStatusCode());
            org.junit.Assert.assertEquals("invalid_request", accessTokenResponse.getError());
            org.junit.Assert.assertEquals("Missing form parameter: grant_type", accessTokenResponse.getErrorDescription());
            if (build != null) {
                if (0 == 0) {
                    build.close();
                    return;
                }
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    build.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void grantAccessTokenUnsupportedGrantType() throws Exception {
        this.oauth.clientId("resource-owner");
        CloseableHttpClient build = HttpClientBuilder.create().build();
        Throwable th = null;
        try {
            HttpPost httpPost = new HttpPost(this.oauth.getResourceOwnerPasswordCredentialGrantUrl());
            LinkedList linkedList = new LinkedList();
            linkedList.add(new BasicNameValuePair("grant_type", "unsupported_grant_type"));
            try {
                httpPost.setEntity(new UrlEncodedFormEntity(linkedList, "UTF-8"));
                OAuthClient.AccessTokenResponse accessTokenResponse = new OAuthClient.AccessTokenResponse(build.execute(httpPost));
                org.junit.Assert.assertEquals(400L, accessTokenResponse.getStatusCode());
                org.junit.Assert.assertEquals("unsupported_grant_type", accessTokenResponse.getError());
                org.junit.Assert.assertEquals("Unsupported grant_type", accessTokenResponse.getErrorDescription());
                if (build != null) {
                    if (0 == 0) {
                        build.close();
                        return;
                    }
                    try {
                        build.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException(e);
            }
        } catch (Throwable th3) {
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    build.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void grantAccessTokenNoRefreshToken() throws Exception {
        this.oauth.clientId("resource-owner-refresh");
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("secret", "direct-login", "password", (String) null);
        org.junit.Assert.assertEquals(200L, doGrantAccessTokenRequest.getStatusCode());
        org.junit.Assert.assertNotNull(doGrantAccessTokenRequest.getAccessToken());
        org.junit.Assert.assertNull(doGrantAccessTokenRequest.getRefreshToken());
    }

    private int getAuthenticationSessionsCount() {
        return this.testingClient.testing().cache("authenticationSessions").size();
    }
}
