package org.apache.cxf.systest.jaxrs.security.oauth2.tls;

import java.util.Collections;
import java.util.Map;
import javax.ws.rs.core.MultivaluedMap;
import net.sf.ehcache.CacheManager;
import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
import org.apache.cxf.rs.security.jose.jwt.JwtUtils;
import org.apache.cxf.rs.security.oauth2.client.Consumer;
import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.services.ClientRegistration;
import org.apache.cxf.rs.security.oauth2.services.ClientRegistrationResponse;
import org.apache.cxf.rs.security.oauth2.utils.EHCacheUtil;
import org.apache.cxf.systest.jaxrs.security.Book;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest.class */
public class JAXRSOAuth2TlsTest extends AbstractBusClientServerTestBase {
    public static final String PORT = BookServerOAuth2Tls.PORT;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oauth2/tls/JAXRSOAuth2TlsTest$CustomGrant.class */
    public static class CustomGrant implements AccessTokenGrant {
        private static final long serialVersionUID = -4007538779198315873L;

        private CustomGrant() {
        }

        public String getType() {
            return "custom_grant";
        }

        public MultivaluedMap<String, String> toMap() {
            MetadataMap metadataMap = new MetadataMap();
            metadataMap.putSingle("grant_type", "custom_grant");
            return metadataMap;
        }
    }

    @BeforeClass
    public static void startServers() throws Exception {
        CacheManager createCacheManager = EHCacheUtil.createCacheManager("cxf-oauth2-ehcache.xml", (Bus) null);
        if (createCacheManager != null) {
            createCacheManager.clearAll();
        }
        assertTrue("server did not launch correctly", launchServer(BookServerOAuth2Tls.class, true));
    }

    @Test
    public void testTwoWayTLSClientIdIsSubjectDn() throws Exception {
        ClientAccessToken accessToken = OAuthClientUtils.getAccessToken(createOAuth2WebClient("https://localhost:" + PORT + "/oauth2/token"), new CustomGrant());
        assertNotNull(accessToken.getTokenKey());
        assertEquals(123L, ((Book) createRsWebClient("https://localhost:" + PORT + "/rs/bookstore/books/123", accessToken, "client.xml").get(Book.class)).getId());
        assertEquals(123L, ((Book) createRsWebClient("https://localhost:" + PORT + "/rs2/bookstore/books/123", accessToken, "client.xml").get(Book.class)).getId());
        assertEquals(123L, ((Book) createRsWebClient("https://localhost:" + PORT + "/rsUnprotected/bookstore/books/123", accessToken, "client2.xml").get(Book.class)).getId());
        assertEquals(401L, createRsWebClient(r0, accessToken, "client2.xml").get().getStatus());
        assertEquals(401L, createRsWebClient(r0, accessToken, "client2.xml").get().getStatus());
    }

    @Test
    public void testTwoWayTLSClientIdBound() throws Exception {
        assertNotNull(OAuthClientUtils.getAccessToken(createOAuth2WebClient("https://localhost:" + PORT + "/oauth2/token"), new Consumer("bound"), new CustomGrant()).getTokenKey());
    }

    @Test
    public void testTwoWayTLSClientIdBoundJwt() throws Exception {
        doTestTwoWayTLSClientIdBoundJwt("boundJwt");
    }

    @Test
    public void testRegisterClientTwoWayTLSClientIdBoundDynReg() throws Exception {
        WebClient createDynRegWebClient = createDynRegWebClient("https://localhost:" + PORT + "/oauth2Jwt/register");
        createDynRegWebClient.accept(new String[]{"application/json"}).type("application/json");
        ClientRegistration newClientRegistration = newClientRegistration();
        createDynRegWebClient.authorization(new ClientAccessToken("Bearer", "123456789"));
        ClientRegistrationResponse clientRegistrationResponse = (ClientRegistrationResponse) createDynRegWebClient.post(newClientRegistration, ClientRegistrationResponse.class);
        doTestTwoWayTLSClientIdBoundJwt(clientRegistrationResponse.getClientId());
        String registrationAccessToken = clientRegistrationResponse.getRegistrationAccessToken();
        assertNotNull(registrationAccessToken);
        createDynRegWebClient.path(clientRegistrationResponse.getClientId());
        createDynRegWebClient.authorization(new ClientAccessToken("Bearer", registrationAccessToken));
        assertEquals(200L, createDynRegWebClient.delete().getStatus());
        assertNotNull(registrationAccessToken);
    }

    private void doTestTwoWayTLSClientIdBoundJwt(String str) throws Exception {
        ClientAccessToken accessToken = OAuthClientUtils.getAccessToken(createOAuth2WebClient("https://localhost:" + PORT + "/oauth2Jwt/token"), new Consumer(str), new CustomGrant());
        assertNotNull(accessToken.getTokenKey());
        Map mapProperty = JwtUtils.jsonToClaims(new JwsJwtCompactConsumer(accessToken.getTokenKey()).getDecodedJwsPayload()).getMapProperty("cnf");
        assertNotNull(mapProperty);
        assertNotNull(mapProperty.get("x5t#S256"));
        assertEquals(123L, ((Book) createRsWebClient("https://localhost:" + PORT + "/rsJwt/bookstore/books/123", accessToken, "client.xml").get(Book.class)).getId());
        assertEquals(123L, ((Book) createRsWebClient("https://localhost:" + PORT + "/rsJwt2/bookstore/books/123", accessToken, "client.xml").get(Book.class)).getId());
        assertEquals(123L, ((Book) createRsWebClient("https://localhost:" + PORT + "/rsUnprotected/bookstore/books/123", accessToken, "client2.xml").get(Book.class)).getId());
        assertEquals(401L, createRsWebClient(r0, accessToken, "client2.xml").get().getStatus());
        assertEquals(401L, createRsWebClient(r0, accessToken, "client2.xml").get().getStatus());
    }

    private ClientRegistration newClientRegistration() {
        ClientRegistration clientRegistration = new ClientRegistration();
        clientRegistration.setApplicationType("web");
        clientRegistration.setScope("openid");
        clientRegistration.setClientName("dynamic_client");
        clientRegistration.setGrantTypes(Collections.singletonList("custom_grant"));
        clientRegistration.setRedirectUris(Collections.singletonList("https://a/b/c"));
        clientRegistration.setTokenEndpointAuthMethod("tls_client_auth");
        clientRegistration.setProperty("tls_client_auth_subject_dn", "CN=whateverhost.com,OU=Morpit,O=ApacheTest,L=Syracuse,C=US");
        return clientRegistration;
    }

    @Test
    public void testTwoWayTLSClientUnbound() throws Exception {
        try {
            OAuthClientUtils.getAccessToken(createOAuth2WebClient("https://localhost:" + PORT + "/oauth2/token"), new Consumer("unbound"), new CustomGrant());
            fail("exception_expected");
        } catch (OAuthServiceException e) {
            assertEquals("invalid_client", e.getError().getError());
        }
    }

    private WebClient createOAuth2WebClient(String str) {
        JAXRSClientFactoryBean jAXRSClientFactoryBean = new JAXRSClientFactoryBean();
        jAXRSClientFactoryBean.setAddress(str);
        jAXRSClientFactoryBean.setBus(new SpringBusFactory().createBus(JAXRSOAuth2TlsTest.class.getResource("client.xml").toString()));
        WebClient createWebClient = jAXRSClientFactoryBean.createWebClient();
        createWebClient.type("application/x-www-form-urlencoded").accept(new String[]{"application/json"});
        return createWebClient;
    }

    private WebClient createDynRegWebClient(String str) {
        JAXRSClientFactoryBean jAXRSClientFactoryBean = new JAXRSClientFactoryBean();
        jAXRSClientFactoryBean.setAddress(str);
        jAXRSClientFactoryBean.setProvider(new JsonMapObjectProvider());
        jAXRSClientFactoryBean.setBus(new SpringBusFactory().createBus(JAXRSOAuth2TlsTest.class.getResource("client.xml").toString()));
        WebClient createWebClient = jAXRSClientFactoryBean.createWebClient();
        createWebClient.type("application/json").accept(new String[]{"application/json"});
        return createWebClient;
    }

    private WebClient createRsWebClient(String str, ClientAccessToken clientAccessToken, String str2) {
        JAXRSClientFactoryBean jAXRSClientFactoryBean = new JAXRSClientFactoryBean();
        jAXRSClientFactoryBean.setAddress(str);
        jAXRSClientFactoryBean.setBus(new SpringBusFactory().createBus(JAXRSOAuth2TlsTest.class.getResource(str2).toString()));
        WebClient createWebClient = jAXRSClientFactoryBean.createWebClient();
        createWebClient.accept(new String[]{"application/xml"});
        createWebClient.authorization(clientAccessToken);
        return createWebClient;
    }
}
