package net.krotscheck.kangaroo.authz.common.authenticator.oauth2;

import java.net.URI;
import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.ProcessingException;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.Invocation;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import junit.framework.TestCase;
import net.krotscheck.kangaroo.authz.common.authenticator.AuthenticatorType;
import net.krotscheck.kangaroo.authz.common.authenticator.exception.MisconfiguredAuthenticatorException;
import net.krotscheck.kangaroo.authz.common.authenticator.exception.ThirdPartyErrorException;
import net.krotscheck.kangaroo.authz.common.database.entity.Authenticator;
import net.krotscheck.kangaroo.authz.common.database.entity.ClientType;
import net.krotscheck.kangaroo.authz.common.database.entity.UserIdentity;
import net.krotscheck.kangaroo.authz.oauth2.exception.RFC6749;
import net.krotscheck.kangaroo.authz.test.ApplicationBuilder;
import net.krotscheck.kangaroo.test.jersey.DatabaseTest;
import net.krotscheck.kangaroo.test.rule.TestDataResource;
import net.krotscheck.kangaroo.util.HttpUtil;
import org.apache.commons.lang3.RandomStringUtils;
import org.glassfish.jersey.internal.util.collection.MultivaluedStringMap;
import org.hibernate.Session;
import org.hibernate.Transaction;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.rules.TestRule;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:net/krotscheck/kangaroo/authz/common/authenticator/oauth2/AbstractOAuth2AuthenticatorTest.class */
public class AbstractOAuth2AuthenticatorTest extends DatabaseTest {
    private static ApplicationBuilder.ApplicationContext context;
    private static ApplicationBuilder.ApplicationContext mirrorContext;

    @ClassRule
    public static final TestRule TEST_DATA_RULE = new TestDataResource(HIBERNATE_RESOURCE) { // from class: net.krotscheck.kangaroo.authz.common.authenticator.oauth2.AbstractOAuth2AuthenticatorTest.1
        protected void loadTestData(Session session) {
            HashMap hashMap = new HashMap();
            hashMap.put("client_id", "id");
            hashMap.put("client_secret", "secret");
            ApplicationBuilder.ApplicationContext unused = AbstractOAuth2AuthenticatorTest.context = ApplicationBuilder.newApplication(session).client(ClientType.AuthorizationGrant).role("some_role").authenticator(AuthenticatorType.Test, hashMap).build();
            ApplicationBuilder.ApplicationContext unused2 = AbstractOAuth2AuthenticatorTest.mirrorContext = ApplicationBuilder.newApplication(session).client(ClientType.AuthorizationGrant).role("some_role").authenticator(AuthenticatorType.Test, hashMap).build();
        }
    };
    private TestOAuth2Authenticator authenticator;
    private Authenticator config;
    private URI validCallback = URI.create("http://example.com/authorize/callback?state=state");
    private Client client;
    private WebTarget webTarget;
    private Invocation.Builder builder;
    private Response postResponse;
    private Response getResponse;

    /* loaded from: input_file:net/krotscheck/kangaroo/authz/common/authenticator/oauth2/AbstractOAuth2AuthenticatorTest$TestOAuth2Authenticator.class */
    private static final class TestOAuth2Authenticator extends AbstractOAuth2Authenticator {
        private TestOAuth2Authenticator() {
        }

        protected String getAuthEndpoint() {
            return "http://example.com/authorize";
        }

        protected String getTokenEndpoint() {
            return "http://example.com/token";
        }

        protected String getScopes() {
            return "test scope";
        }

        protected OAuth2User loadUserIdentity(OAuth2IdPToken oAuth2IdPToken) {
            Response response = getClient().target("http://example.com/user").request().header("Authorization", HttpUtil.authHeaderBearer(oAuth2IdPToken.getAccessToken())).get();
            try {
                try {
                    if (!response.getStatusInfo().getFamily().equals(Response.Status.Family.SUCCESSFUL)) {
                        throw new ThirdPartyErrorException((Map) response.readEntity(MAP_TYPE));
                    }
                    OAuth2User oAuth2User = (OAuth2User) response.readEntity(OAuth2User.class);
                    response.close();
                    return oAuth2User;
                } catch (ProcessingException e) {
                    throw new ThirdPartyErrorException();
                }
            } catch (Throwable th) {
                response.close();
                throw th;
            }
        }
    }

    @Before
    public void setup() {
        this.authenticator = new TestOAuth2Authenticator();
    }

    @Before
    public void bootstrap() {
        getSession().beginTransaction();
        this.config = context.getAuthenticator();
        this.client = (Client) Mockito.mock(Client.class);
        this.webTarget = (WebTarget) Mockito.mock(WebTarget.class);
        this.builder = (Invocation.Builder) Mockito.mock(Invocation.Builder.class);
        this.getResponse = (Response) Mockito.mock(Response.class);
        this.postResponse = (Response) Mockito.mock(Response.class);
        ((Client) Mockito.doReturn(this.webTarget).when(this.client)).target(ArgumentMatchers.anyString());
        ((WebTarget) Mockito.doReturn(this.builder).when(this.webTarget)).request();
        ((Invocation.Builder) Mockito.doReturn(this.builder).when(this.builder)).header((String) ArgumentMatchers.any(), ArgumentMatchers.any());
        ((Invocation.Builder) Mockito.doReturn(this.getResponse).when(this.builder)).get();
        ((Invocation.Builder) Mockito.doReturn(this.postResponse).when(this.builder)).post((Entity) ArgumentMatchers.any());
        ((Response) Mockito.doReturn(Response.Status.OK).when(this.getResponse)).getStatusInfo();
        ((Response) Mockito.doReturn(Response.Status.OK).when(this.postResponse)).getStatusInfo();
        this.authenticator = new TestOAuth2Authenticator();
        this.authenticator.setClient(this.client);
        this.authenticator.setSession(getSession());
    }

    @After
    public void cleanup() {
        Transaction transaction = getSession().getTransaction();
        if (transaction.isActive()) {
            transaction.commit();
        }
    }

    @Test
    public void testGetSetSession() {
        Assert.assertNotNull(this.authenticator.getSession());
        this.authenticator.setSession(null);
        TestCase.assertNull(this.authenticator.getSession());
        this.authenticator.setSession(getSession());
        Assert.assertNotNull(this.authenticator.getSession());
    }

    @Test
    public void testGetSetClient() {
        Assert.assertNotNull(this.authenticator.getClient());
        this.authenticator.setClient(null);
        TestCase.assertNull(this.authenticator.getClient());
        this.authenticator.setClient(this.client);
        Assert.assertNotNull(this.authenticator.getClient());
    }

    @Test
    public void testDelegate() {
        Response delegate = this.authenticator.delegate(this.config, this.validCallback);
        Assert.assertEquals(302L, delegate.getStatus());
        URI create = URI.create(delegate.getHeaderString("Location"));
        Assert.assertEquals("example.com", create.getHost());
        Assert.assertEquals("/authorize", create.getPath());
        Assert.assertEquals("http", create.getScheme());
        MultivaluedMap parseQueryParams = HttpUtil.parseQueryParams(create);
        Assert.assertEquals("id", parseQueryParams.getFirst("client_id"));
        Assert.assertEquals("test scope", parseQueryParams.getFirst("scope"));
        Assert.assertEquals("code", parseQueryParams.getFirst("response_type"));
        Assert.assertEquals("http://example.com/authorize/callback", parseQueryParams.getFirst("redirect_uri"));
        Assert.assertEquals("state", parseQueryParams.getFirst("state"));
    }

    @Test(expected = MisconfiguredAuthenticatorException.class)
    public void testDelegateInvalidConfiguration() {
        this.authenticator.delegate(new Authenticator(), this.validCallback);
    }

    @Test(expected = RFC6749.ServerErrorException.class)
    public void testDelegateNoCallback() {
        this.authenticator.delegate(this.config, null);
    }

    @Test(expected = RFC6749.ServerErrorException.class)
    public void testDelegateNoCallbackState() {
        this.authenticator.delegate(this.config, URI.create("http://example.com/authorize/callback"));
    }

    @Test
    public void testAuthenticate() {
        OAuth2IdPToken oAuth2IdPToken = new OAuth2IdPToken();
        oAuth2IdPToken.setAccessToken("facebook_access_token");
        ((Response) Mockito.doReturn(oAuth2IdPToken).when(this.postResponse)).readEntity(OAuth2IdPToken.class);
        OAuth2User oAuth2User = new OAuth2User();
        oAuth2User.setId(RandomStringUtils.randomAlphanumeric(10));
        oAuth2User.getClaims().put("name", "Some Random Name");
        oAuth2User.getClaims().put("email", "lol@example.com");
        ((Response) Mockito.doReturn(oAuth2User).when(this.getResponse)).readEntity(OAuth2User.class);
        MultivaluedMap multivaluedStringMap = new MultivaluedStringMap();
        multivaluedStringMap.putSingle("code", "valid_code");
        Assert.assertEquals(oAuth2User.getId(), this.authenticator.authenticate(this.config, multivaluedStringMap, this.validCallback).getRemoteId());
        Assert.assertEquals("Some Random Name", oAuth2User.getClaims().get("name"));
        Assert.assertEquals("lol@example.com", oAuth2User.getClaims().get("email"));
    }

    @Test(expected = ThirdPartyErrorException.class)
    public void testAuthenticateWithRemoteError() {
        MultivaluedMap multivaluedStringMap = new MultivaluedStringMap();
        multivaluedStringMap.putSingle("error", "test");
        multivaluedStringMap.putSingle("error_description", "description");
        this.authenticator.authenticate(this.config, multivaluedStringMap, this.validCallback);
    }

    @Test(expected = RFC6749.InvalidRequestException.class)
    public void testAuthenticateWithNoAuthCode() {
        this.authenticator.authenticate(this.config, new MultivaluedStringMap(), this.validCallback);
    }

    @Test(expected = ThirdPartyErrorException.class)
    public void testAuthenticateWithTokenError() {
        HashMap hashMap = new HashMap();
        hashMap.put("error", "test");
        hashMap.put("error_description", "description");
        ((Response) Mockito.doReturn(Response.Status.BAD_REQUEST).when(this.postResponse)).getStatusInfo();
        ((Response) Mockito.doReturn(hashMap).when(this.postResponse)).readEntity(AbstractOAuth2Authenticator.MAP_TYPE);
        MultivaluedMap multivaluedStringMap = new MultivaluedStringMap();
        multivaluedStringMap.putSingle("code", "valid_code");
        this.authenticator.authenticate(this.config, multivaluedStringMap, this.validCallback);
    }

    @Test(expected = ThirdPartyErrorException.class)
    public void testAuthenticateWithUnparseableToken() {
        ((Response) Mockito.doThrow(ProcessingException.class).when(this.postResponse)).readEntity(OAuth2IdPToken.class);
        MultivaluedMap multivaluedStringMap = new MultivaluedStringMap();
        multivaluedStringMap.putSingle("code", "valid_code");
        this.authenticator.authenticate(this.config, multivaluedStringMap, this.validCallback);
    }

    @Test(expected = ThirdPartyErrorException.class)
    public void testAuthenticateWithNoTokenResponse() {
        ((Response) Mockito.doReturn(new OAuth2IdPToken()).when(this.postResponse)).readEntity(OAuth2IdPToken.class);
        MultivaluedMap multivaluedStringMap = new MultivaluedStringMap();
        multivaluedStringMap.putSingle("code", "valid_code");
        this.authenticator.authenticate(this.config, multivaluedStringMap, this.validCallback);
    }

    @Test(expected = Exception.class)
    public void testAuthenticateErrorOnTokenClose() {
        OAuth2IdPToken oAuth2IdPToken = new OAuth2IdPToken();
        oAuth2IdPToken.setAccessToken("facebook_access_token");
        ((Response) Mockito.doReturn(oAuth2IdPToken).when(this.postResponse)).readEntity(OAuth2IdPToken.class);
        ((Response) Mockito.doThrow(Exception.class).when(this.postResponse)).close();
        MultivaluedMap multivaluedStringMap = new MultivaluedStringMap();
        multivaluedStringMap.putSingle("code", "valid_code");
        this.authenticator.authenticate(this.config, multivaluedStringMap, this.validCallback);
    }

    @Test(expected = ThirdPartyErrorException.class)
    public void testAuthenticateWithUserError() {
        OAuth2IdPToken oAuth2IdPToken = new OAuth2IdPToken();
        oAuth2IdPToken.setAccessToken("facebook_access_token");
        ((Response) Mockito.doReturn(oAuth2IdPToken).when(this.postResponse)).readEntity(OAuth2IdPToken.class);
        HashMap hashMap = new HashMap();
        hashMap.put("error", "test");
        hashMap.put("error_description", "description");
        ((Response) Mockito.doReturn(Response.Status.BAD_REQUEST).when(this.getResponse)).getStatusInfo();
        ((Response) Mockito.doReturn(hashMap).when(this.getResponse)).readEntity(AbstractOAuth2Authenticator.MAP_TYPE);
        MultivaluedMap multivaluedStringMap = new MultivaluedStringMap();
        multivaluedStringMap.putSingle("code", "valid_code");
        this.authenticator.authenticate(this.config, multivaluedStringMap, this.validCallback);
    }

    @Test(expected = ThirdPartyErrorException.class)
    public void testAuthenticateWithUnparseableUser() {
        OAuth2IdPToken oAuth2IdPToken = new OAuth2IdPToken();
        oAuth2IdPToken.setAccessToken("facebook_access_token");
        ((Response) Mockito.doReturn(oAuth2IdPToken).when(this.postResponse)).readEntity(OAuth2IdPToken.class);
        ((Response) Mockito.doThrow(ProcessingException.class).when(this.getResponse)).readEntity(OAuth2User.class);
        MultivaluedMap multivaluedStringMap = new MultivaluedStringMap();
        multivaluedStringMap.putSingle("code", "valid_code");
        this.authenticator.authenticate(this.config, multivaluedStringMap, this.validCallback);
    }

    @Test(expected = ThirdPartyErrorException.class)
    public void testAuthenticateWithNoUserResponse() {
        OAuth2IdPToken oAuth2IdPToken = new OAuth2IdPToken();
        oAuth2IdPToken.setAccessToken("facebook_access_token");
        ((Response) Mockito.doReturn(oAuth2IdPToken).when(this.postResponse)).readEntity(OAuth2IdPToken.class);
        ((Response) Mockito.doReturn(new OAuth2User()).when(this.getResponse)).readEntity(OAuth2User.class);
        MultivaluedMap multivaluedStringMap = new MultivaluedStringMap();
        multivaluedStringMap.putSingle("code", "valid_code");
        this.authenticator.authenticate(this.config, multivaluedStringMap, this.validCallback);
    }

    @Test(expected = Exception.class)
    public void testAuthenticateErrorOnClose() {
        OAuth2IdPToken oAuth2IdPToken = new OAuth2IdPToken();
        oAuth2IdPToken.setAccessToken("facebook_access_token");
        ((Response) Mockito.doReturn(oAuth2IdPToken).when(this.postResponse)).readEntity(OAuth2IdPToken.class);
        OAuth2User oAuth2User = new OAuth2User();
        oAuth2User.setId(RandomStringUtils.randomAlphanumeric(10));
        oAuth2User.getClaims().put("name", "Some Random Name");
        oAuth2User.getClaims().put("email", "lol@example.com");
        ((Response) Mockito.doReturn(oAuth2User).when(this.getResponse)).readEntity(OAuth2User.class);
        ((Response) Mockito.doThrow(Exception.class).when(this.getResponse)).close();
        MultivaluedMap multivaluedStringMap = new MultivaluedStringMap();
        multivaluedStringMap.putSingle("code", "valid_code");
        this.authenticator.authenticate(this.config, multivaluedStringMap, this.validCallback);
    }

    @Test
    public void testAuthenticateCreateNewUser() {
        OAuth2IdPToken oAuth2IdPToken = new OAuth2IdPToken();
        oAuth2IdPToken.setAccessToken("facebook_access_token");
        ((Response) Mockito.doReturn(oAuth2IdPToken).when(this.postResponse)).readEntity(OAuth2IdPToken.class);
        OAuth2User oAuth2User = new OAuth2User();
        oAuth2User.setId(RandomStringUtils.randomAlphanumeric(10));
        oAuth2User.getClaims().put("name", "Some Random Name");
        oAuth2User.getClaims().put("email", "lol@example.com");
        ((Response) Mockito.doReturn(oAuth2User).when(this.getResponse)).readEntity(OAuth2User.class);
        MultivaluedMap multivaluedStringMap = new MultivaluedStringMap();
        multivaluedStringMap.putSingle("code", "valid_code");
        UserIdentity authenticate = this.authenticator.authenticate(this.config, multivaluedStringMap, this.validCallback);
        getSession().getTransaction().commit();
        getSession().refresh(authenticate.getUser());
        Assert.assertEquals(1L, authenticate.getUser().getIdentities().size());
        Assert.assertEquals("lol@example.com", authenticate.getClaims().get("email"));
        Assert.assertEquals("Some Random Name", authenticate.getClaims().get("name"));
    }

    @Test
    public void testAuthenticateUpdateExistingUser() {
        ApplicationBuilder.ApplicationContext build = context.getBuilder().user().identity("remote_identity").build();
        Assert.assertEquals(0L, build.getUserIdentity().getClaims().size());
        OAuth2IdPToken oAuth2IdPToken = new OAuth2IdPToken();
        oAuth2IdPToken.setAccessToken("facebook_access_token");
        ((Response) Mockito.doReturn(oAuth2IdPToken).when(this.postResponse)).readEntity(OAuth2IdPToken.class);
        OAuth2User oAuth2User = new OAuth2User();
        oAuth2User.setId("remote_identity");
        oAuth2User.getClaims().put("name", "Some Random Name");
        oAuth2User.getClaims().put("email", "lol@example.com");
        ((Response) Mockito.doReturn(oAuth2User).when(this.getResponse)).readEntity(OAuth2User.class);
        MultivaluedMap multivaluedStringMap = new MultivaluedStringMap();
        multivaluedStringMap.putSingle("code", "valid_code");
        UserIdentity authenticate = this.authenticator.authenticate(this.config, multivaluedStringMap, this.validCallback);
        Assert.assertEquals(authenticate, build.getUserIdentity());
        Assert.assertEquals("lol@example.com", authenticate.getClaims().get("email"));
        Assert.assertEquals("Some Random Name", authenticate.getClaims().get("name"));
    }

    @Test
    public void testAuthenticateNewUserNoConflict() {
        String randomAlphabetic = RandomStringUtils.randomAlphabetic(10);
        ApplicationBuilder.ApplicationContext build = mirrorContext.getBuilder().user().identity(randomAlphabetic).claim("email", "email@example.com").build();
        OAuth2IdPToken oAuth2IdPToken = new OAuth2IdPToken();
        oAuth2IdPToken.setAccessToken("facebook_access_token");
        ((Response) Mockito.doReturn(oAuth2IdPToken).when(this.postResponse)).readEntity(OAuth2IdPToken.class);
        OAuth2User oAuth2User = new OAuth2User();
        oAuth2User.setId(randomAlphabetic);
        oAuth2User.getClaims().put("name", "Some Random Name");
        oAuth2User.getClaims().put("email", "lol@example.com");
        ((Response) Mockito.doReturn(oAuth2User).when(this.getResponse)).readEntity(OAuth2User.class);
        MultivaluedMap multivaluedStringMap = new MultivaluedStringMap();
        multivaluedStringMap.putSingle("code", "valid_code");
        UserIdentity authenticate = this.authenticator.authenticate(this.config, multivaluedStringMap, this.validCallback);
        getSession().getTransaction().commit();
        getSession().refresh(authenticate.getUser());
        Assert.assertEquals(randomAlphabetic, authenticate.getRemoteId());
        Assert.assertEquals("lol@example.com", authenticate.getClaims().get("email"));
        Assert.assertEquals("Some Random Name", authenticate.getClaims().get("name"));
        Assert.assertNotEquals(authenticate, build.getUserIdentity());
        getSession().refresh(build.getUserIdentity());
        getSession().refresh(authenticate);
        Assert.assertNotEquals(build.getUserIdentity().getClaims().get("email"), authenticate.getClaims().get("email"));
    }

    @Test
    public void testAuthenticateUpdateUserNoConflict() {
        String randomAlphabetic = RandomStringUtils.randomAlphabetic(10);
        ApplicationBuilder.ApplicationContext build = context.getBuilder().user().identity(randomAlphabetic).claim("email", "email@example.com").build();
        ApplicationBuilder.ApplicationContext build2 = mirrorContext.getBuilder().user().identity(randomAlphabetic).claim("email", "email@example.com").build();
        OAuth2IdPToken oAuth2IdPToken = new OAuth2IdPToken();
        oAuth2IdPToken.setAccessToken("facebook_access_token");
        ((Response) Mockito.doReturn(oAuth2IdPToken).when(this.postResponse)).readEntity(OAuth2IdPToken.class);
        OAuth2User oAuth2User = new OAuth2User();
        oAuth2User.setId(randomAlphabetic);
        oAuth2User.getClaims().put("name", "Some Random Name");
        oAuth2User.getClaims().put("email", "lol@example.com");
        ((Response) Mockito.doReturn(oAuth2User).when(this.getResponse)).readEntity(OAuth2User.class);
        MultivaluedMap multivaluedStringMap = new MultivaluedStringMap();
        multivaluedStringMap.putSingle("code", "valid_code");
        UserIdentity authenticate = this.authenticator.authenticate(this.config, multivaluedStringMap, this.validCallback);
        getSession().getTransaction().commit();
        getSession().refresh(authenticate.getUser());
        getSession().refresh(build.getUserIdentity());
        getSession().refresh(build2.getUserIdentity());
        Assert.assertEquals(randomAlphabetic, authenticate.getRemoteId());
        Assert.assertEquals("lol@example.com", authenticate.getClaims().get("email"));
        Assert.assertEquals("Some Random Name", authenticate.getClaims().get("name"));
        Assert.assertNotEquals(authenticate, build2.getUserIdentity());
        Assert.assertEquals("email@example.com", build2.getUserIdentity().getClaims().get("email"));
    }

    @Test(expected = MisconfiguredAuthenticatorException.class)
    public void testValidateNullInput() throws Exception {
        this.authenticator.validate(null);
    }

    @Test(expected = MisconfiguredAuthenticatorException.class)
    public void testValidateNullConfig() throws Exception {
        Authenticator authenticator = new Authenticator();
        authenticator.setConfiguration((Map) null);
        this.authenticator.validate(authenticator);
    }

    @Test(expected = MisconfiguredAuthenticatorException.class)
    public void testValidateEmptyConfig() throws Exception {
        this.authenticator.validate(new Authenticator());
    }

    @Test(expected = MisconfiguredAuthenticatorException.class)
    public void testValidateNoAppId() throws Exception {
        Authenticator authenticator = new Authenticator();
        authenticator.getConfiguration().put("client_secret", "foo");
        this.authenticator.validate(authenticator);
    }

    @Test(expected = MisconfiguredAuthenticatorException.class)
    public void testValidateNoAppSecret() throws Exception {
        Authenticator authenticator = new Authenticator();
        authenticator.getConfiguration().put("client_id", "foo");
        this.authenticator.validate(authenticator);
    }

    @Test
    public void testValidate() throws Exception {
        Authenticator authenticator = new Authenticator();
        authenticator.getConfiguration().put("client_id", "foo");
        authenticator.getConfiguration().put("client_secret", "bar");
        this.authenticator.validate(authenticator);
    }
}
