package io.jans.as.server.token.ws.rs;

import io.jans.as.common.model.common.User;
import io.jans.as.common.model.registration.Client;
import io.jans.as.common.model.session.SessionId;
import io.jans.as.common.model.session.SessionIdState;
import io.jans.as.model.common.GrantType;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.crypto.AbstractCryptoProvider;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.server.audit.ApplicationAuditLogger;
import io.jans.as.server.model.audit.Action;
import io.jans.as.server.model.audit.OAuth2AuditLog;
import io.jans.as.server.model.common.AuthorizationCodeGrant;
import io.jans.as.server.model.common.AuthorizationGrant;
import io.jans.as.server.model.common.AuthorizationGrantType;
import io.jans.as.server.model.common.DeviceAuthorizationCacheControl;
import io.jans.as.server.model.common.RefreshToken;
import io.jans.as.server.util.TestUtil;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.Response;
import java.util.Date;
import org.junit.Assert;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.testng.MockitoTestNGListener;
import org.slf4j.Logger;
import org.testng.AssertJUnit;
import org.testng.annotations.Listeners;
import org.testng.annotations.Test;

@Listeners({MockitoTestNGListener.class})
/* loaded from: input_file:io/jans/as/server/token/ws/rs/TokenRestWebServiceValidatorTest.class */
public class TokenRestWebServiceValidatorTest {
    public static final OAuth2AuditLog AUDIT_LOG = new OAuth2AuditLog("", (Action) null);

    @Mock
    private Logger log;

    @Mock
    private AppConfiguration appConfiguration;

    @Mock
    private ApplicationAuditLogger applicationAuditLogger;

    @Mock
    private ErrorResponseFactory errorResponseFactory;

    @Mock
    private AbstractCryptoProvider cryptoProvider;

    @InjectMocks
    private TokenRestWebServiceValidator validator;

    @Test
    public void validatePKCE_whenCodeVerifierIsValid_shouldPass() {
        AuthorizationCodeGrant authorizationCodeGrant = new AuthorizationCodeGrant();
        authorizationCodeGrant.setCodeChallenge("E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM");
        authorizationCodeGrant.setCodeChallengeMethod("s256");
        this.validator.validatePKCE(authorizationCodeGrant, "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk", AUDIT_LOG);
    }

    @Test(expectedExceptions = {WebApplicationException.class})
    public void validatePKCE_whenCodeVerifierIsNotValid_shouldFail() {
        AuthorizationCodeGrant authorizationCodeGrant = new AuthorizationCodeGrant();
        authorizationCodeGrant.setCodeChallenge("E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM");
        authorizationCodeGrant.setCodeChallengeMethod("s256");
        this.validator.validatePKCE(authorizationCodeGrant, "invalid_verifier", AUDIT_LOG);
    }

    @Test
    public void validateSessionForTokenExchange_whenSessionIsNull_shouldThrowError() {
        try {
            this.validator.validateSessionForTokenExchange((SessionId) null, "test_device_secret", AUDIT_LOG);
            Assert.fail("No error for invalid session.");
        } catch (WebApplicationException e) {
            TestUtil.assertBadRequest(e.getResponse());
        }
    }

    @Test
    public void validateSessionForTokenExchange_whenSessionIsNotAuthenticated_shouldThrowError() {
        try {
            SessionId sessionId = new SessionId();
            sessionId.setState(SessionIdState.UNAUTHENTICATED);
            this.validator.validateSessionForTokenExchange(sessionId, "test_device_secret", AUDIT_LOG);
            Assert.fail("No error for unauthenticated session.");
        } catch (WebApplicationException e) {
            TestUtil.assertBadRequest(e.getResponse());
        }
    }

    @Test
    public void validateSessionForTokenExchange_whenSessionIsAuthenticated_shouldPassSuccessfully() {
        SessionId sessionId = new SessionId();
        sessionId.setState(SessionIdState.AUTHENTICATED);
        this.validator.validateSessionForTokenExchange(sessionId, "test_device_secret", AUDIT_LOG);
    }

    @Test
    public void validateActorToken_withEmptyActorToken_shouldThrowError() {
        try {
            this.validator.validateActorToken((String) null, AUDIT_LOG);
            Assert.fail("No error for invalid actor token.");
        } catch (WebApplicationException e) {
            TestUtil.assertBadRequest(e.getResponse());
        }
    }

    @Test
    public void validateActorToken_withNotBlankActorToken_shouldPassSuccessfully() {
        this.validator.validateActorToken("not_blank_actor_token", AUDIT_LOG);
    }

    @Test
    public void validateAudience_withEmptyAudience_shouldThrowError() {
        try {
            this.validator.validateAudience((String) null, AUDIT_LOG);
            Assert.fail("No error for invalid audience.");
        } catch (WebApplicationException e) {
            TestUtil.assertBadRequest(e.getResponse());
        }
    }

    @Test
    public void validateAudience_withNotBlankAudience_shouldPassSuccessfully() {
        this.validator.validateAudience("not_blank_audience", AUDIT_LOG);
    }

    @Test
    public void validateSubjectTokenType_withInvalidTokenType_shouldThrowError() {
        try {
            this.validator.validateSubjectTokenType("urn:mytype", AUDIT_LOG);
            Assert.fail("No error for invalid subject token type.");
        } catch (WebApplicationException e) {
            TestUtil.assertBadRequest(e.getResponse());
        }
    }

    @Test
    public void validateSubjectTokenType_withValidTokenType_shouldPassSuccessfully() {
        this.validator.validateSubjectTokenType("urn:ietf:params:oauth:token-type:id_token", AUDIT_LOG);
    }

    @Test
    public void validateActorTokenType_withInvalidTokenType_shouldThrowError() {
        try {
            this.validator.validateActorTokenType("urn:mytype", AUDIT_LOG);
            Assert.fail("No error for invalid actor token type.");
        } catch (WebApplicationException e) {
            TestUtil.assertBadRequest(e.getResponse());
        }
    }

    @Test
    public void validateActorTokenType_withValidTokenType_shouldPassSuccessfully() {
        this.validator.validateActorTokenType("urn:x-oath:params:oauth:token-type:device-secret", AUDIT_LOG);
    }

    @Test
    public void validateParams_whenGrantTypeIsBlank_shouldRaiseError() {
        try {
            this.validator.validateParams("", "some_code", "refresh_token", AUDIT_LOG);
            Assert.fail("No error for blank grant type.");
        } catch (WebApplicationException e) {
            TestUtil.assertBadRequest(e.getResponse());
        }
    }

    @Test
    public void validateParams_whenGrantTypeIsAuthorizationCodeAndCodeIsBlank_shouldRaiseError() {
        try {
            this.validator.validateParams(GrantType.AUTHORIZATION_CODE.getValue(), "", "refresh_token", AUDIT_LOG);
            Assert.fail("No error for blank code for AUTHORIZATION_CODE grant type.");
        } catch (WebApplicationException e) {
            TestUtil.assertBadRequest(e.getResponse());
        }
    }

    @Test
    public void validateParams_whenGrantTypeIsRefreshTokenAndRefreshTokenIsBlank_shouldRaiseError() {
        try {
            this.validator.validateParams(GrantType.REFRESH_TOKEN.getValue(), "some_code", "", AUDIT_LOG);
            Assert.fail("No error for blank refresh_token for REFRESH_TOKEN grant type.");
        } catch (WebApplicationException e) {
            TestUtil.assertBadRequest(e.getResponse());
        }
    }

    @Test
    public void validateParams_whenGrantTypeIsAuthorizationCodeAndCodeIsNotBlank_shouldNotRaiseError() {
        try {
            this.validator.validateParams(GrantType.AUTHORIZATION_CODE.getValue(), "some_code", "", AUDIT_LOG);
        } catch (WebApplicationException e) {
            Assert.fail("Error occurs. We should not get it.");
        }
    }

    @Test
    public void validateParams_whenGrantTypeIsRefreshTokenAndRefreshTokenIsNotBlank_shouldNotRaiseError() {
        try {
            this.validator.validateParams(GrantType.REFRESH_TOKEN.getValue(), "", "refresh_token", AUDIT_LOG);
        } catch (WebApplicationException e) {
            Assert.fail("Error occurs. We should not get it.");
        }
    }

    @Test
    public void validateGrantType_whenClientDotNotHaveGrantType_shouldRaiseError() {
        try {
            this.validator.validateGrantType(GrantType.AUTHORIZATION_CODE, new Client(), AUDIT_LOG);
            Assert.fail("No error for grant_type which is not allowed by client's grant_types.");
        } catch (WebApplicationException e) {
            TestUtil.assertBadRequest(e.getResponse());
        }
    }

    @Test
    public void validateClient_whenClientIsNull_shouldRaiseError() {
        try {
            this.validator.validateClient((Client) null, AUDIT_LOG);
            Assert.fail("No error when client is null.");
        } catch (WebApplicationException e) {
            AssertJUnit.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), e.getResponse().getStatus());
        }
    }

    @Test
    public void validateClient_whenClientIsDisabled_shouldRaiseError() {
        try {
            Client client = new Client();
            client.setDisabled(true);
            this.validator.validateClient(client, AUDIT_LOG);
            Assert.fail("No error when client is null.");
        } catch (WebApplicationException e) {
            AssertJUnit.assertEquals(Response.Status.FORBIDDEN.getStatusCode(), e.getResponse().getStatus());
        }
    }

    @Test
    public void validateDeviceAuthorizationCacheControl_whenDeviceAuthzIsNull_shouldRaiseError() {
        try {
            Client client = new Client();
            client.setClientId("testId");
            this.validator.validateDeviceAuthorization(client, "code", (DeviceAuthorizationCacheControl) null, AUDIT_LOG);
            Assert.fail("No error when client is null.");
        } catch (WebApplicationException e) {
            TestUtil.assertBadRequest(e.getResponse());
        }
    }

    @Test
    public void validateDeviceAuthorizationCacheControl_whenDeviceAuthzDoesNotBelongToClient_shouldRaiseError() {
        try {
            Client client = new Client();
            client.setClientId("testId");
            DeviceAuthorizationCacheControl deviceAuthorizationCacheControl = new DeviceAuthorizationCacheControl();
            deviceAuthorizationCacheControl.setClient(client);
            this.validator.validateDeviceAuthorization(new Client(), "code", deviceAuthorizationCacheControl, AUDIT_LOG);
            Assert.fail("No error when client is null.");
        } catch (WebApplicationException e) {
            TestUtil.assertBadRequest(e.getResponse());
        }
    }

    @Test
    public void validateGrant_whenGrantIsNull_shouldRaiseError() {
        try {
            Client client = new Client();
            client.setClientId("testId");
            this.validator.validateGrant((AuthorizationGrant) null, client, "code", AUDIT_LOG);
            Assert.fail("No error when grant is null.");
        } catch (WebApplicationException e) {
            TestUtil.assertBadRequest(e.getResponse());
        }
    }

    @Test
    public void validateGrant_whenGrantDoesNotBelongToGivenClient_shouldRaiseError() {
        try {
            Client client = new Client();
            client.setClientId("testId");
            AuthorizationGrant authorizationGrant = new AuthorizationGrant() { // from class: io.jans.as.server.token.ws.rs.TokenRestWebServiceValidatorTest.1
                public GrantType getGrantType() {
                    return GrantType.AUTHORIZATION_CODE;
                }
            };
            authorizationGrant.init(new User(), AuthorizationGrantType.AUTHORIZATION_CODE, new Client(), new Date());
            this.validator.validateGrant(authorizationGrant, client, "code", AUDIT_LOG);
            Assert.fail("No error when grant and client is not matched.");
        } catch (WebApplicationException e) {
            TestUtil.assertBadRequest(e.getResponse());
        }
    }

    @Test
    public void validateGrant_whenGrantMatchesToClient_shouldNotRaiseError() {
        Client client = new Client();
        client.setClientId("testId");
        AuthorizationGrant authorizationGrant = new AuthorizationGrant() { // from class: io.jans.as.server.token.ws.rs.TokenRestWebServiceValidatorTest.2
            public GrantType getGrantType() {
                return GrantType.AUTHORIZATION_CODE;
            }
        };
        authorizationGrant.init(new User(), AuthorizationGrantType.AUTHORIZATION_CODE, client, new Date());
        this.validator.validateGrant(authorizationGrant, client, "code", AUDIT_LOG);
    }

    @Test
    public void validateRefreshToken_whenRefreshTokenIsNull_shouldRaiseError() {
        try {
            this.validator.validateRefreshToken((RefreshToken) null, AUDIT_LOG);
            Assert.fail("No error when refreshToken is null.");
        } catch (WebApplicationException e) {
            TestUtil.assertBadRequest(e.getResponse());
        }
    }

    @Test
    public void validateRefreshToken_whenRefreshTokenIsExpired_shouldRaiseError() {
        try {
            this.validator.validateRefreshToken(new RefreshToken("code", new Date(), new Date(0L)), AUDIT_LOG);
            Assert.fail("No error when refreshToken is expired.");
        } catch (WebApplicationException e) {
            TestUtil.assertBadRequest(e.getResponse());
        }
    }

    @Test
    public void validateUser_whenUserIsNull_shouldRaiseError() {
        try {
            this.validator.validateUser((User) null, AUDIT_LOG);
            Assert.fail("No error when user is null.");
        } catch (WebApplicationException e) {
            AssertJUnit.assertEquals(e.getResponse().getStatus(), 401);
        }
    }

    @Test
    public void validateUser_whenUserIsValid_shouldNotRaiseError() {
        try {
            User user = new User();
            user.setUserId("test_user");
            user.setCreatedAt(new Date());
            this.validator.validateUser(user, AUDIT_LOG);
        } catch (WebApplicationException e) {
            Assert.fail("Error for valid user is raised.");
        }
    }
}
