package org.apache.cxf.systest.jaxrs.security.oauth2.grants;

import java.net.URL;
import java.util.Arrays;
import java.util.Collection;
import javax.ws.rs.core.Form;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.TokenIntrospection;
import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
import org.apache.cxf.testutil.common.TestUtil;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest.class */
public class IntrospectionServiceTest extends AbstractBusClientServerTestBase {
    public static final String PORT = TestUtil.getPortNumber("jaxrs-oauth2-introspection");
    public static final String PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-introspection2");
    public static final String JWT_PORT = TestUtil.getPortNumber("jaxrs-oauth2-introspection-jwt");
    public static final String JWT_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-introspection2-jwt");
    public static final String JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-introspection-jcache");
    public static final String JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-introspection2-jcache");
    public static final String JWT_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-introspection-jcache-jwt");
    public static final String JWT_JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-introspection2-jcache-jwt");
    public static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-oauth2-introspection-jpa");
    public static final String JPA_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-introspection2-jpa");
    public static final String JWT_NON_PERSIST_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-oauth2-introspection-jcache-jwt-non-persist");
    public static final String JWT_NON_PERSIST_JCACHE_PORT2 = TestUtil.getPortNumber("jaxrs-oauth2-introspection2-jcache-jwt-non-persist");
    final String port;

    /* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest$BookServerOAuth2Introspection.class */
    public static class BookServerOAuth2Introspection extends AbstractBusTestServerBase {
        private static final URL SERVER_CONFIG_FILE = BookServerOAuth2Introspection.class.getResource("introspection-server.xml");

        protected void run() {
            Bus createBus = new SpringBusFactory().createBus(SERVER_CONFIG_FILE);
            BusFactory.setDefaultBus(createBus);
            setBus(createBus);
            try {
                new BookServerOAuth2Introspection();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    /* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest$BookServerOAuth2IntrospectionJCache.class */
    public static class BookServerOAuth2IntrospectionJCache extends AbstractBusTestServerBase {
        private static final URL SERVER_CONFIG_FILE = BookServerOAuth2Introspection.class.getResource("introspection-server-jcache.xml");

        protected void run() {
            Bus createBus = new SpringBusFactory().createBus(SERVER_CONFIG_FILE);
            BusFactory.setDefaultBus(createBus);
            setBus(createBus);
            try {
                new BookServerOAuth2IntrospectionJCache();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    /* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest$BookServerOAuth2IntrospectionJCacheJWT.class */
    public static class BookServerOAuth2IntrospectionJCacheJWT extends AbstractBusTestServerBase {
        private static final URL SERVER_CONFIG_FILE = BookServerOAuth2IntrospectionJWT.class.getResource("introspection-server-jcache-jwt.xml");

        protected void run() {
            Bus createBus = new SpringBusFactory().createBus(SERVER_CONFIG_FILE);
            BusFactory.setDefaultBus(createBus);
            setBus(createBus);
            try {
                new BookServerOAuth2IntrospectionJCacheJWT();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    /* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest$BookServerOAuth2IntrospectionJCacheJWTNonPersist.class */
    public static class BookServerOAuth2IntrospectionJCacheJWTNonPersist extends AbstractBusTestServerBase {
        private static final URL SERVER_CONFIG_FILE = BookServerOAuth2IntrospectionJWT.class.getResource("introspection-server-jcache-jwt-non-persist.xml");

        protected void run() {
            Bus createBus = new SpringBusFactory().createBus(SERVER_CONFIG_FILE);
            BusFactory.setDefaultBus(createBus);
            setBus(createBus);
            try {
                new BookServerOAuth2IntrospectionJCacheJWTNonPersist();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    /* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest$BookServerOAuth2IntrospectionJPA.class */
    public static class BookServerOAuth2IntrospectionJPA extends AbstractBusTestServerBase {
        private static final URL SERVER_CONFIG_FILE = BookServerOAuth2Introspection.class.getResource("introspection-server-jpa.xml");

        protected void run() {
            Bus createBus = new SpringBusFactory().createBus(SERVER_CONFIG_FILE);
            BusFactory.setDefaultBus(createBus);
            setBus(createBus);
            try {
                new BookServerOAuth2IntrospectionJPA();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    /* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oauth2/grants/IntrospectionServiceTest$BookServerOAuth2IntrospectionJWT.class */
    public static class BookServerOAuth2IntrospectionJWT extends AbstractBusTestServerBase {
        private static final URL SERVER_CONFIG_FILE = BookServerOAuth2IntrospectionJWT.class.getResource("introspection-server-jwt.xml");

        protected void run() {
            Bus createBus = new SpringBusFactory().createBus(SERVER_CONFIG_FILE);
            BusFactory.setDefaultBus(createBus);
            setBus(createBus);
            try {
                new BookServerOAuth2IntrospectionJWT();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    public IntrospectionServiceTest(String str) {
        this.port = str;
    }

    @BeforeClass
    public static void startServers() throws Exception {
        assertTrue("server did not launch correctly", launchServer(BookServerOAuth2Introspection.class, true));
        assertTrue("server did not launch correctly", launchServer(BookServerOAuth2IntrospectionJWT.class, true));
        assertTrue("server did not launch correctly", launchServer(BookServerOAuth2IntrospectionJCache.class, true));
        assertTrue("server did not launch correctly", launchServer(BookServerOAuth2IntrospectionJCacheJWT.class, true));
        assertTrue("server did not launch correctly", launchServer(BookServerOAuth2IntrospectionJPA.class, true));
        assertTrue("server did not launch correctly", launchServer(BookServerOAuth2IntrospectionJCacheJWTNonPersist.class, true));
    }

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
    }

    @Parameterized.Parameters(name = "{0}")
    public static Collection<String> data() {
        return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JWT_JCACHE_PORT, JPA_PORT, JWT_NON_PERSIST_JCACHE_PORT);
    }

    @Test
    public void testTokenIntrospection() throws Exception {
        URL resource = IntrospectionServiceTest.class.getResource("client.xml");
        String str = "https://localhost:" + this.port + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create);
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        WebClient create3 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        create3.accept(new String[]{"application/json"}).type("application/x-www-form-urlencoded");
        Form form = new Form();
        form.param("token", accessTokenWithAuthorizationCode.getTokenKey());
        create3.path("introspect/");
        TokenIntrospection tokenIntrospection = (TokenIntrospection) create3.post(form).readEntity(TokenIntrospection.class);
        assertEquals(Boolean.valueOf(tokenIntrospection.isActive()), true);
        assertEquals(tokenIntrospection.getUsername(), "alice");
        assertEquals(tokenIntrospection.getClientId(), "consumer-id");
        assertEquals(tokenIntrospection.getScope(), accessTokenWithAuthorizationCode.getApprovedScope());
        assertTrue(Long.valueOf(tokenIntrospection.getExp().longValue() - tokenIntrospection.getIat().longValue()).longValue() == accessTokenWithAuthorizationCode.getExpiresIn());
    }

    @Test
    public void testTokenIntrospectionWithAudience() throws Exception {
        URL resource = AuthorizationGrantTest.class.getResource("client.xml");
        String str = "https://localhost:" + this.port + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, null, "consumer-id-aud");
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id-aud", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String str2 = PORT2;
        if (JWT_PORT.equals(this.port)) {
            str2 = JWT_PORT2;
        } else if (JCACHE_PORT.equals(this.port)) {
            str2 = JCACHE_PORT2;
        } else if (JWT_JCACHE_PORT.equals(this.port)) {
            str2 = JWT_JCACHE_PORT2;
        } else if (JPA_PORT.equals(this.port)) {
            str2 = JPA_PORT2;
        } else if (JWT_NON_PERSIST_JCACHE_PORT.equals(this.port)) {
            str2 = JWT_NON_PERSIST_JCACHE_PORT2;
        }
        String str3 = "https://localhost:" + str2 + "/secured/bookstore/books";
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode, "consumer-id-aud", str3);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        WebClient create3 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        create3.accept(new String[]{"application/json"}).type("application/x-www-form-urlencoded");
        Form form = new Form();
        form.param("token", accessTokenWithAuthorizationCode.getTokenKey());
        create3.path("introspect/");
        TokenIntrospection tokenIntrospection = (TokenIntrospection) create3.post(form).readEntity(TokenIntrospection.class);
        assertEquals(Boolean.valueOf(tokenIntrospection.isActive()), true);
        assertEquals(tokenIntrospection.getUsername(), "alice");
        assertEquals(tokenIntrospection.getClientId(), "consumer-id-aud");
        assertEquals(tokenIntrospection.getScope(), accessTokenWithAuthorizationCode.getApprovedScope());
        assertTrue(Long.valueOf(tokenIntrospection.getExp().longValue() - tokenIntrospection.getIat().longValue()).longValue() == accessTokenWithAuthorizationCode.getExpiresIn());
        assertEquals(tokenIntrospection.getAud().get(0), str3);
    }

    @Test
    public void testInvalidToken() throws Exception {
        URL resource = IntrospectionServiceTest.class.getResource("client.xml");
        String str = "https://localhost:" + this.port + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create);
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        WebClient create3 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        create3.accept(new String[]{"application/json"}).type("application/x-www-form-urlencoded");
        Form form = new Form();
        form.param("token", accessTokenWithAuthorizationCode.getTokenKey() + "-xyz");
        create3.path("introspect/");
        assertEquals(Boolean.valueOf(((TokenIntrospection) create3.post(form).readEntity(TokenIntrospection.class)).isActive()), false);
    }

    @Test
    public void testRefreshedToken() throws Exception {
        URL resource = AuthorizationGrantTest.class.getResource("client.xml");
        String str = "https://localhost:" + this.port + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create);
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        assertNotNull(accessTokenWithAuthorizationCode.getRefreshToken());
        String tokenKey = accessTokenWithAuthorizationCode.getTokenKey();
        create2.type("application/x-www-form-urlencoded").accept(new String[]{"application/json"});
        Form form = new Form();
        form.param("grant_type", "refresh_token");
        form.param("refresh_token", accessTokenWithAuthorizationCode.getRefreshToken());
        form.param("client_id", "consumer-id");
        ClientAccessToken clientAccessToken = (ClientAccessToken) create2.post(form).readEntity(ClientAccessToken.class);
        assertNotNull(clientAccessToken.getTokenKey());
        assertNotNull(clientAccessToken.getRefreshToken());
        WebClient create3 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        create3.accept(new String[]{"application/json"}).type("application/x-www-form-urlencoded");
        Form form2 = new Form();
        form2.param("token", clientAccessToken.getTokenKey());
        create3.path("introspect/");
        assertEquals(Boolean.valueOf(((TokenIntrospection) create3.post(form2).readEntity(TokenIntrospection.class)).isActive()), true);
        Form form3 = new Form();
        form3.param("token", tokenKey);
        assertEquals(Boolean.valueOf(((TokenIntrospection) create3.post(form3).readEntity(TokenIntrospection.class)).isActive()), false);
    }

    @Test
    public void testTokenIntrospectionWithScope() throws Exception {
        URL resource = IntrospectionServiceTest.class.getResource("client.xml");
        String str = "https://localhost:" + this.port + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, "read_balance");
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        assertTrue(accessTokenWithAuthorizationCode.getApprovedScope().contains("read_balance"));
        WebClient create3 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        create3.accept(new String[]{"application/json"}).type("application/x-www-form-urlencoded");
        Form form = new Form();
        form.param("token", accessTokenWithAuthorizationCode.getTokenKey());
        create3.path("introspect/");
        TokenIntrospection tokenIntrospection = (TokenIntrospection) create3.post(form).readEntity(TokenIntrospection.class);
        assertEquals(Boolean.valueOf(tokenIntrospection.isActive()), true);
        assertEquals(tokenIntrospection.getUsername(), "alice");
        assertEquals(tokenIntrospection.getClientId(), "consumer-id");
        assertEquals(tokenIntrospection.getScope(), accessTokenWithAuthorizationCode.getApprovedScope());
        assertTrue(Long.valueOf(tokenIntrospection.getExp().longValue() - tokenIntrospection.getIat().longValue()).longValue() == accessTokenWithAuthorizationCode.getExpiresIn());
    }
}
