package org.apache.cxf.systest.jaxrs.security.oauth2.filters;

import java.net.URL;
import java.util.UUID;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
import org.apache.cxf.systest.jaxrs.security.Book;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2FiltersTest.class */
public class OAuth2FiltersTest extends AbstractBusClientServerTestBase {
    public static final String PORT = BookServerOAuth2Filters.PORT;
    public static final String OAUTH_PORT = BookServerOAuth2Service.PORT;
    public static final String PARTNER_PORT = PartnerServer.PORT;

    @BeforeClass
    public static void startServers() throws Exception {
        assertTrue("server did not launch correctly", launchServer(BookServerOAuth2Filters.class, true));
        assertTrue("server did not launch correctly", launchServer(BookServerOAuth2Service.class, true));
        assertTrue("server did not launch correctly", launchServer(PartnerServer.class, true));
    }

    @Test
    public void testServiceWithToken() throws Exception {
        URL resource = OAuth2FiltersTest.class.getResource("client.xml");
        String str = "https://localhost:" + OAUTH_PORT + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create);
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        WebClient create3 = WebClient.create("https://localhost:" + PORT + "/secured/bookstore/books", OAuth2TestUtils.setupProviders(), resource.toString());
        create3.header("Authorization", new Object[]{"Bearer " + accessTokenWithAuthorizationCode.getTokenKey()});
        Response post = create3.type("application/xml").post(new Book("book", 123L));
        assertEquals(post.getStatus(), 200L);
        Book book = (Book) post.readEntity(Book.class);
        assertEquals(book.getName(), "book");
        assertEquals(book.getId(), 123L);
    }

    @Test
    public void testServiceWithFakeToken() throws Exception {
        WebClient.create("https://localhost:" + PORT + "/secured/bookstore/books", OAuth2TestUtils.setupProviders(), OAuth2FiltersTest.class.getResource("client.xml").toString()).header("Authorization", new Object[]{"Bearer " + UUID.randomUUID().toString()});
        assertNotEquals(r0.post(new Book("book", 123L)).getStatus(), 200L);
    }

    @Test
    public void testServiceWithNoToken() throws Exception {
        assertNotEquals(WebClient.create("https://localhost:" + PORT + "/secured/bookstore/books", OAuth2TestUtils.setupProviders(), OAuth2FiltersTest.class.getResource("client.xml").toString()).post(new Book("book", 123L)).getStatus(), 200L);
    }

    @Test
    public void testServiceWithEmptyToken() throws Exception {
        WebClient.create("https://localhost:" + PORT + "/secured/bookstore/books", OAuth2TestUtils.setupProviders(), OAuth2FiltersTest.class.getResource("client.xml").toString()).header("Authorization", new Object[]{"Bearer "});
        assertNotEquals(r0.post(new Book("book", 123L)).getStatus(), 200L);
    }

    @Test
    public void testServiceWithTokenAndScope() throws Exception {
        URL resource = OAuth2FiltersTest.class.getResource("client.xml");
        String str = "https://localhost:" + OAUTH_PORT + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, "create_book");
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        WebClient create3 = WebClient.create("https://localhost:" + PORT + "/secured/bookstore/books", OAuth2TestUtils.setupProviders(), resource.toString());
        create3.header("Authorization", new Object[]{"Bearer " + accessTokenWithAuthorizationCode.getTokenKey()});
        Response post = create3.type("application/xml").post(new Book("book", 123L));
        assertEquals(post.getStatus(), 200L);
        Book book = (Book) post.readEntity(Book.class);
        assertEquals(book.getName(), "book");
        assertEquals(book.getId(), 123L);
    }

    @Test
    public void testServiceWithTokenAndIncorrectScopeVerb() throws Exception {
        URL resource = OAuth2FiltersTest.class.getResource("client.xml");
        String str = "https://localhost:" + OAUTH_PORT + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, "read_book");
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        WebClient.create("https://localhost:" + PORT + "/secured/bookstore/books", OAuth2TestUtils.setupProviders(), resource.toString()).header("Authorization", new Object[]{"Bearer " + accessTokenWithAuthorizationCode.getTokenKey()});
        assertNotEquals(r0.post(new Book("book", 123L)).getStatus(), 200L);
    }

    @Test
    public void testServiceWithTokenAndIncorrectScopeURI() throws Exception {
        URL resource = OAuth2FiltersTest.class.getResource("client.xml");
        String str = "https://localhost:" + OAUTH_PORT + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, "create_image");
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        WebClient.create("https://localhost:" + PORT + "/secured/bookstore/books", OAuth2TestUtils.setupProviders(), resource.toString()).header("Authorization", new Object[]{"Bearer " + accessTokenWithAuthorizationCode.getTokenKey()});
        assertNotEquals(r0.post(new Book("book", 123L)).getStatus(), 200L);
    }

    @Test
    public void testServiceWithTokenAndMultipleScopes() throws Exception {
        URL resource = OAuth2FiltersTest.class.getResource("client.xml");
        String str = "https://localhost:" + OAUTH_PORT + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, "read_book create_image create_book");
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        WebClient create3 = WebClient.create("https://localhost:" + PORT + "/secured/bookstore/books", OAuth2TestUtils.setupProviders(), resource.toString());
        create3.header("Authorization", new Object[]{"Bearer " + accessTokenWithAuthorizationCode.getTokenKey()});
        Response post = create3.type("application/xml").post(new Book("book", 123L));
        assertEquals(post.getStatus(), 200L);
        Book book = (Book) post.readEntity(Book.class);
        assertEquals(book.getName(), "book");
        assertEquals(book.getId(), 123L);
    }

    @Test
    public void testServiceWithTokenUsingAudience() throws Exception {
        URL resource = OAuth2FiltersTest.class.getResource("client.xml");
        String str = "https://localhost:" + OAUTH_PORT + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, null, "consumer-id-aud");
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id-aud", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String str2 = "https://localhost:" + PORT + "/secured/bookstore/books";
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode, "consumer-id-aud", str2);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        WebClient create3 = WebClient.create(str2, OAuth2TestUtils.setupProviders(), resource.toString());
        create3.header("Authorization", new Object[]{"Bearer " + accessTokenWithAuthorizationCode.getTokenKey()});
        Response post = create3.type("application/xml").post(new Book("book", 123L));
        assertEquals(post.getStatus(), 200L);
        Book book = (Book) post.readEntity(Book.class);
        assertEquals(book.getName(), "book");
        assertEquals(book.getId(), 123L);
    }

    @Test
    public void testServiceWithTokenUsingIncorrectAudience() throws Exception {
        URL resource = OAuth2FiltersTest.class.getResource("client.xml");
        String str = "https://localhost:" + OAUTH_PORT + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, null, "consumer-id-aud2");
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id-aud2", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String str2 = "https://localhost:" + PORT + "/securedxyz/bookstore/books";
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode, "consumer-id-aud2", str2);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        WebClient.create(str2, OAuth2TestUtils.setupProviders(), resource.toString()).header("Authorization", new Object[]{"Bearer " + accessTokenWithAuthorizationCode.getTokenKey()});
        assertNotEquals(r0.post(new Book("book", 123L)).getStatus(), 200L);
    }

    @Test
    public void testPartnerServiceUsingClientCodeRequestFilter() throws Exception {
        URL resource = OAuth2FiltersTest.class.getResource("client.xml");
        WebClient create = WebClient.create("https://localhost:" + PARTNER_PORT + "/partnerservice/bookstore/books", OAuth2TestUtils.setupProviders(), "bob", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        WebClient create2 = WebClient.create(create.type("application/xml").post(new Book("book", 123L)).getHeaderString("Location"), OAuth2TestUtils.setupProviders(), "bob", "security", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String locationUsingAuthorizationCodeGrant = getLocationUsingAuthorizationCodeGrant(create2);
        assertNotNull(locationUsingAuthorizationCodeGrant);
        String substring = getSubstring(locationUsingAuthorizationCodeGrant, "code");
        String substring2 = getSubstring(locationUsingAuthorizationCodeGrant, "state");
        create.header("Referer", new Object[]{"https://localhost:" + OAUTH_PORT + "/services/authorize"});
        create.query("code", new Object[]{substring});
        create.query("state", new Object[]{substring2});
        Response post = create.accept(new String[]{"application/xml"}).post(new Book("book", 123L));
        assertEquals(post.getStatus(), 200L);
        Book book = (Book) post.readEntity(Book.class);
        assertEquals(book.getName(), "book");
        assertEquals(book.getId(), 123L);
    }

    private String getLocationUsingAuthorizationCodeGrant(WebClient webClient) {
        webClient.type("application/json").accept(new String[]{"application/json"});
        OAuthAuthorizationData oAuthAuthorizationData = (OAuthAuthorizationData) webClient.get().readEntity(OAuthAuthorizationData.class);
        webClient.path("decision");
        webClient.type("application/x-www-form-urlencoded");
        Form form = new Form();
        form.param("session_authenticity_token", oAuthAuthorizationData.getAuthenticityToken());
        form.param("client_id", oAuthAuthorizationData.getClientId());
        form.param("redirect_uri", oAuthAuthorizationData.getRedirectUri());
        if (oAuthAuthorizationData.getProposedScope() != null) {
            form.param("scope", oAuthAuthorizationData.getProposedScope());
        }
        form.param("state", oAuthAuthorizationData.getState());
        form.param("oauthDecision", "allow");
        return webClient.post(form).getHeaderString("Location");
    }

    private String getSubstring(String str, String str2) {
        String substring = str.substring(str.indexOf(str2 + "=") + (str2 + "=").length());
        int indexOf = substring.indexOf(38);
        if (indexOf < 1) {
            indexOf = substring.length();
        }
        return substring.substring(0, indexOf);
    }
}
