package org.apache.cxf.systest.jaxrs.security.oidc.filters;

import java.net.URL;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
import org.apache.cxf.systest.jaxrs.security.Book;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oidc/filters/OIDCFiltersTest.class */
public class OIDCFiltersTest extends AbstractBusClientServerTestBase {
    public static final String PORT = BookServerOIDCFilters.PORT;
    public static final String OIDC_PORT = BookServerOIDCService.PORT;

    @BeforeClass
    public static void startServers() throws Exception {
        assertTrue("server did not launch correctly", launchServer(BookServerOIDCFilters.class, true));
        assertTrue("server did not launch correctly", launchServer(BookServerOIDCService.class, true));
    }

    @Test
    public void testClientCodeRequestFilter() throws Exception {
        URL resource = OIDCFiltersTest.class.getResource("client.xml");
        WebClient create = WebClient.create("https://localhost:" + PORT + "/secured/bookstore/books", OAuth2TestUtils.setupProviders(), resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        WebClient create2 = WebClient.create(create.get().getHeaderString("Location"), OAuth2TestUtils.setupProviders(), "bob", "security", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String makeAuthorizationCodeInvocation = makeAuthorizationCodeInvocation(create2);
        String substring = getSubstring(makeAuthorizationCodeInvocation, "state");
        assertNotNull(substring);
        String substring2 = getSubstring(makeAuthorizationCodeInvocation, "code");
        assertNotNull(substring2);
        create.header("Referer", new Object[]{"https://localhost:" + OIDC_PORT + "/services/authorize"});
        create.query("code", new Object[]{substring2});
        create.query("state", new Object[]{substring});
        Response post = create.type("application/xml").post(new Book("book", 123L));
        assertEquals(post.getStatus(), 200L);
        Book book = (Book) post.readEntity(Book.class);
        assertEquals(book.getName(), "book");
        assertEquals(book.getId(), 123L);
    }

    private String makeAuthorizationCodeInvocation(WebClient webClient) {
        webClient.type("application/json").accept(new String[]{"application/json"});
        OAuthAuthorizationData oAuthAuthorizationData = (OAuthAuthorizationData) webClient.get().readEntity(OAuthAuthorizationData.class);
        webClient.path("decision");
        webClient.type("application/x-www-form-urlencoded");
        Form form = new Form();
        form.param("session_authenticity_token", oAuthAuthorizationData.getAuthenticityToken());
        form.param("client_id", oAuthAuthorizationData.getClientId());
        form.param("redirect_uri", oAuthAuthorizationData.getRedirectUri());
        if (oAuthAuthorizationData.getProposedScope() != null) {
            form.param("scope", oAuthAuthorizationData.getProposedScope());
        }
        form.param("state", oAuthAuthorizationData.getState());
        form.param("oauthDecision", "allow");
        return webClient.post(form).getHeaderString("Location");
    }

    private String getSubstring(String str, String str2) {
        String substring = str.substring(str.indexOf(str2 + "=") + (str2 + "=").length());
        int indexOf = substring.indexOf(38);
        if (indexOf < 1) {
            indexOf = substring.length();
        }
        return substring.substring(0, indexOf);
    }
}
