package org.apache.cxf.systest.jaxrs.security.oidc;

import java.net.URL;
import java.util.Collections;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.services.ClientRegistration;
import org.apache.cxf.rs.security.oauth2.services.ClientRegistrationResponse;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oidc/OIDCDynamicRegistrationTest.class */
public class OIDCDynamicRegistrationTest extends AbstractBusClientServerTestBase {
    public static final String PORT = OIDCDynRegistrationServer.PORT;

    @BeforeClass
    public static void startServers() throws Exception {
        assertTrue("server did not launch correctly", launchServer(OIDCDynRegistrationServer.class, true));
    }

    @Test
    public void testGetClientRegNotAvail() throws Exception {
        assertEquals(401L, WebClient.create("https://localhost:" + PORT + "/services/dynamic/register", Collections.singletonList(new JsonMapObjectProvider()), OIDCDynamicRegistrationTest.class.getResource("client.xml").toString()).accept(new String[]{"application/json"}).path("some-client-id").get().getStatus());
    }

    @Test
    public void testRegisterClientNoInitialAccessToken() throws Exception {
        WebClient.create("https://localhost:" + PORT + "/services/dynamic/register", Collections.singletonList(new JsonMapObjectProvider()), OIDCDynamicRegistrationTest.class.getResource("client.xml").toString()).accept(new String[]{"application/json"}).type("application/json");
        assertEquals(401L, r0.post(newClientRegistrationCodeGrant()).getStatus());
    }

    @Test
    public void testRegisterClientInitialAccessTokenCodeGrant() throws Exception {
        URL resource = OIDCDynamicRegistrationTest.class.getResource("client.xml");
        String str = "https://localhost:" + PORT + "/services/dynamicWithAt/register";
        WebClient create = WebClient.create(str, Collections.singletonList(new JsonMapObjectProvider()), resource.toString());
        create.accept(new String[]{"application/json"}).type("application/json");
        ClientRegistration newClientRegistrationCodeGrant = newClientRegistrationCodeGrant();
        assertEquals(401L, create.post(newClientRegistrationCodeGrant).getStatus());
        create.authorization(new ClientAccessToken("Bearer", "123456789"));
        ClientRegistrationResponse clientRegistrationResponse = (ClientRegistrationResponse) create.post(newClientRegistrationCodeGrant, ClientRegistrationResponse.class);
        assertNotNull(clientRegistrationResponse.getClientId());
        assertNotNull(clientRegistrationResponse.getClientSecret());
        assertEquals(str + "/" + clientRegistrationResponse.getClientId(), clientRegistrationResponse.getRegistrationClientUri());
        String registrationAccessToken = clientRegistrationResponse.getRegistrationAccessToken();
        assertNotNull(registrationAccessToken);
        create.reset();
        create.path(clientRegistrationResponse.getClientId());
        assertEquals(401L, create.get().getStatus());
        create.authorization(new ClientAccessToken("Bearer", registrationAccessToken));
        ClientRegistration clientRegistration = (ClientRegistration) create.get(ClientRegistration.class);
        testCommonRegCodeGrantProperties(clientRegistration);
        assertNull(clientRegistration.getTokenEndpointAuthMethod());
        assertEquals(200L, create.delete().getStatus());
    }

    @Test
    public void testRegisterClientPasswordGrant() throws Exception {
        URL resource = OIDCDynamicRegistrationTest.class.getResource("client.xml");
        String str = "https://localhost:" + PORT + "/services/dynamicWithAt/register";
        WebClient create = WebClient.create(str, Collections.singletonList(new JsonMapObjectProvider()), resource.toString());
        create.accept(new String[]{"application/json"}).type("application/json");
        ClientRegistration clientRegistration = new ClientRegistration();
        clientRegistration.setClientName("dynamic_client");
        clientRegistration.setGrantTypes(Collections.singletonList("password"));
        create.authorization(new ClientAccessToken("Bearer", "123456789"));
        ClientRegistrationResponse clientRegistrationResponse = (ClientRegistrationResponse) create.post(clientRegistration, ClientRegistrationResponse.class);
        assertNotNull(clientRegistrationResponse.getClientId());
        assertNotNull(clientRegistrationResponse.getClientSecret());
        assertEquals(str + "/" + clientRegistrationResponse.getClientId(), clientRegistrationResponse.getRegistrationClientUri());
        String registrationAccessToken = clientRegistrationResponse.getRegistrationAccessToken();
        assertNotNull(registrationAccessToken);
        create.reset();
        create.path(clientRegistrationResponse.getClientId());
        create.authorization(new ClientAccessToken("Bearer", registrationAccessToken));
        ClientRegistration clientRegistration2 = (ClientRegistration) create.get(ClientRegistration.class);
        assertEquals("web", clientRegistration2.getApplicationType());
        assertEquals("dynamic_client", clientRegistration2.getClientName());
        assertEquals(Collections.singletonList("password"), clientRegistration2.getGrantTypes());
        assertNull(clientRegistration2.getTokenEndpointAuthMethod());
        assertNull(clientRegistration2.getScope());
        assertNull(clientRegistration2.getRedirectUris());
        assertEquals(200L, create.delete().getStatus());
    }

    @Test
    public void testRegisterClientPasswordGrantPublic() throws Exception {
        URL resource = OIDCDynamicRegistrationTest.class.getResource("client.xml");
        String str = "https://localhost:" + PORT + "/services/dynamicWithAt/register";
        WebClient create = WebClient.create(str, Collections.singletonList(new JsonMapObjectProvider()), resource.toString());
        create.accept(new String[]{"application/json"}).type("application/json");
        ClientRegistration clientRegistration = new ClientRegistration();
        clientRegistration.setClientName("dynamic_client");
        clientRegistration.setGrantTypes(Collections.singletonList("password"));
        clientRegistration.setTokenEndpointAuthMethod("none");
        create.authorization(new ClientAccessToken("Bearer", "123456789"));
        ClientRegistrationResponse clientRegistrationResponse = (ClientRegistrationResponse) create.post(clientRegistration, ClientRegistrationResponse.class);
        assertNotNull(clientRegistrationResponse.getClientId());
        assertNull(clientRegistrationResponse.getClientSecret());
        assertEquals(str + "/" + clientRegistrationResponse.getClientId(), clientRegistrationResponse.getRegistrationClientUri());
        String registrationAccessToken = clientRegistrationResponse.getRegistrationAccessToken();
        assertNotNull(registrationAccessToken);
        create.reset();
        create.path(clientRegistrationResponse.getClientId());
        create.authorization(new ClientAccessToken("Bearer", registrationAccessToken));
        ClientRegistration clientRegistration2 = (ClientRegistration) create.get(ClientRegistration.class);
        assertEquals("native", clientRegistration2.getApplicationType());
        assertEquals("dynamic_client", clientRegistration2.getClientName());
        assertEquals(Collections.singletonList("password"), clientRegistration2.getGrantTypes());
        assertEquals("none", clientRegistration2.getTokenEndpointAuthMethod());
        assertNull(clientRegistration2.getScope());
        assertNull(clientRegistration2.getRedirectUris());
        assertEquals(200L, create.delete().getStatus());
    }

    private void testCommonRegCodeGrantProperties(ClientRegistration clientRegistration) {
        assertNotNull(clientRegistration);
        assertEquals("web", clientRegistration.getApplicationType());
        assertEquals("dynamic_client", clientRegistration.getClientName());
        assertEquals("openid", clientRegistration.getScope());
        assertEquals(Collections.singletonList("authorization_code"), clientRegistration.getGrantTypes());
        assertEquals(Collections.singletonList("https://a/b/c"), clientRegistration.getRedirectUris());
        assertEquals(Collections.singletonList("https://rp/logout"), clientRegistration.getListStringProperty("post_logout_redirect_uris"));
    }

    @Test
    public void testRegisterClientInitialAccessTokenCodeGrantTls() throws Exception {
        URL resource = OIDCDynamicRegistrationTest.class.getResource("client.xml");
        String str = "https://localhost:" + PORT + "/services/dynamicWithAt/register";
        WebClient create = WebClient.create(str, Collections.singletonList(new JsonMapObjectProvider()), resource.toString());
        create.accept(new String[]{"application/json"}).type("application/json");
        ClientRegistration newClientRegistrationCodeGrant = newClientRegistrationCodeGrant();
        newClientRegistrationCodeGrant.setTokenEndpointAuthMethod("tls_client_auth");
        newClientRegistrationCodeGrant.setProperty("tls_client_auth_subject_dn", "CN=whateverhost.com,OU=Morpit,O=ApacheTest,L=Syracuse,C=US");
        assertEquals(401L, create.post(newClientRegistrationCodeGrant).getStatus());
        create.authorization(new ClientAccessToken("Bearer", "123456789"));
        ClientRegistrationResponse clientRegistrationResponse = (ClientRegistrationResponse) create.post(newClientRegistrationCodeGrant, ClientRegistrationResponse.class);
        assertNotNull(clientRegistrationResponse.getClientId());
        assertNull(clientRegistrationResponse.getClientSecret());
        assertEquals(str + "/" + clientRegistrationResponse.getClientId(), clientRegistrationResponse.getRegistrationClientUri());
        String registrationAccessToken = clientRegistrationResponse.getRegistrationAccessToken();
        assertNotNull(registrationAccessToken);
        create.reset();
        create.path(clientRegistrationResponse.getClientId());
        assertEquals(401L, create.get().getStatus());
        create.authorization(new ClientAccessToken("Bearer", registrationAccessToken));
        ClientRegistration clientRegistration = (ClientRegistration) create.get(ClientRegistration.class);
        testCommonRegCodeGrantProperties(clientRegistration);
        assertEquals("tls_client_auth", clientRegistration.getTokenEndpointAuthMethod());
        assertEquals("CN=whateverhost.com,OU=Morpit,O=ApacheTest,L=Syracuse,C=US", clientRegistration.getProperty("tls_client_auth_subject_dn"));
        assertEquals(200L, create.delete().getStatus());
    }

    private ClientRegistration newClientRegistrationCodeGrant() {
        ClientRegistration clientRegistration = new ClientRegistration();
        clientRegistration.setApplicationType("web");
        clientRegistration.setScope("openid");
        clientRegistration.setClientName("dynamic_client");
        clientRegistration.setGrantTypes(Collections.singletonList("authorization_code"));
        clientRegistration.setRedirectUris(Collections.singletonList("https://a/b/c"));
        clientRegistration.setProperty("post_logout_redirect_uris", Collections.singletonList("https://rp/logout"));
        return clientRegistration;
    }
}
