package io.jans.as.server.authorize.ws.rs;

import io.jans.as.common.model.registration.Client;
import io.jans.as.common.model.session.SessionId;
import io.jans.as.common.util.RedirectUri;
import io.jans.as.model.common.GrantType;
import io.jans.as.model.config.WebKeysConfiguration;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.crypto.AbstractCryptoProvider;
import io.jans.as.model.error.ErrorResponseFactory;
import io.jans.as.server.model.authorize.ScopeChecker;
import io.jans.as.server.par.ws.rs.ParService;
import io.jans.as.server.service.ClientService;
import io.jans.as.server.service.RedirectUriResponse;
import io.jans.as.server.service.RedirectionUriService;
import io.jans.as.server.service.RequestParameterService;
import io.jans.as.server.service.external.ExternalAuthenticationService;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.WebApplicationException;
import java.util.Collections;
import java.util.HashMap;
import org.apache.commons.lang.StringUtils;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.testng.MockitoTestNGListener;
import org.slf4j.Logger;
import org.testng.Assert;
import org.testng.annotations.Listeners;
import org.testng.annotations.Test;

@Listeners({MockitoTestNGListener.class})
/* loaded from: input_file:io/jans/as/server/authorize/ws/rs/AuthzRequestServiceTest.class */
public class AuthzRequestServiceTest {

    @InjectMocks
    private AuthzRequestService authzRequestService;

    @Mock
    private Logger log;

    @Mock
    private AppConfiguration appConfiguration;

    @Mock
    private ErrorResponseFactory errorResponseFactory;

    @Mock
    private AuthorizeRestWebServiceValidator authorizeRestWebServiceValidator;

    @Mock
    private ParService parService;

    @Mock
    private AbstractCryptoProvider cryptoProvider;

    @Mock
    private ScopeChecker scopeChecker;

    @Mock
    private RequestParameterService requestParameterService;

    @Mock
    private WebKeysConfiguration webKeysConfiguration;

    @Mock
    private ClientService clientService;

    @Mock
    private RedirectionUriService redirectionUriService;

    @Mock
    private ExternalAuthenticationService externalAuthenticationService;

    @Test
    public void setAcrsIfNeeded_whenAcrsAreNotSetButDefaultAcrsAreConfigured_shouldSetDefaultAcrs() {
        Client client = new Client();
        client.setDefaultAcrValues(new String[]{"passkey"});
        AuthzRequest authzRequest = new AuthzRequest();
        authzRequest.setClient(client);
        this.authzRequestService.setAcrsIfNeeded(authzRequest);
        Assert.assertEquals(authzRequest.getAcrValues(), "passkey");
    }

    @Test
    public void setAcrsIfNeeded_whenAcrsHasEnoughLevel_shouldRaiseNoError() {
        Mockito.when(this.externalAuthenticationService.acrToLevelMapping()).thenReturn(new HashMap<String, Integer>() { // from class: io.jans.as.server.authorize.ws.rs.AuthzRequestServiceTest.1
            {
                put("basic", 1);
                put("otp", 5);
                put("u2f", 10);
                put("super_gluu", 11);
                put("passkey", 20);
                put("usb_fido_key", 30);
            }
        });
        Client client = new Client();
        client.getAttributes().setMinimumAcrLevel(14);
        AuthzRequest authzRequest = new AuthzRequest();
        authzRequest.setAcrValues("passkey");
        authzRequest.setClient(client);
        this.authzRequestService.setAcrsIfNeeded(authzRequest);
        Assert.assertEquals(authzRequest.getAcrValues(), "passkey");
    }

    @Test
    public void setAcrsIfNeeded_whenAcrsHasNoEnoughLevel_shouldRaiseError() {
        Mockito.when(this.externalAuthenticationService.acrToLevelMapping()).thenReturn(new HashMap<String, Integer>() { // from class: io.jans.as.server.authorize.ws.rs.AuthzRequestServiceTest.2
            {
                put("basic", 1);
                put("otp", 5);
                put("u2f", 10);
                put("super_gluu", 11);
                put("passkey", 20);
                put("usb_fido_key", 30);
            }
        });
        Client client = new Client();
        client.getAttributes().setMinimumAcrLevel(14);
        AuthzRequest authzRequest = new AuthzRequest();
        authzRequest.setAcrValues("super_gluu");
        authzRequest.setClient(client);
        try {
            this.authzRequestService.setAcrsIfNeeded(authzRequest);
            org.junit.Assert.fail("Failed to throw error.");
        } catch (WebApplicationException e) {
        }
    }

    @Test
    public void setAcrsIfNeeded_whenAcrsHasNoEnoughLevelButAutoResolveIsTrue_shouldRaiseNoError() {
        Mockito.when(this.externalAuthenticationService.acrToLevelMapping()).thenReturn(new HashMap<String, Integer>() { // from class: io.jans.as.server.authorize.ws.rs.AuthzRequestServiceTest.3
            {
                put("basic", 1);
                put("otp", 5);
                put("u2f", 10);
                put("super_gluu", 11);
                put("passkey", 20);
                put("usb_fido_key", 30);
            }
        });
        Client client = new Client();
        client.getAttributes().setMinimumAcrLevel(14);
        client.getAttributes().setMinimumAcrLevelAutoresolve(true);
        AuthzRequest authzRequest = new AuthzRequest();
        authzRequest.setAcrValues("super_gluu");
        authzRequest.setClient(client);
        this.authzRequestService.setAcrsIfNeeded(authzRequest);
        Assert.assertEquals(authzRequest.getAcrValues(), "passkey");
        Assert.assertTrue(((Integer) this.externalAuthenticationService.acrToLevelMapping().get(authzRequest.getAcrValues())).intValue() > 14);
    }

    @Test
    public void setAcrsIfNeeded_whenAcrsHasNoEnoughLevelButAutoResolveIsTrueAndPriorityListSet_shouldHaveAcrFromPriorityListSet() {
        Mockito.when(this.externalAuthenticationService.acrToLevelMapping()).thenReturn(new HashMap<String, Integer>() { // from class: io.jans.as.server.authorize.ws.rs.AuthzRequestServiceTest.4
            {
                put("basic", 1);
                put("otp", 5);
                put("u2f", 10);
                put("super_gluu", 11);
                put("passkey", 20);
                put("usb_fido_key", 30);
            }
        });
        Client client = new Client();
        client.getAttributes().setMinimumAcrLevel(14);
        client.getAttributes().setMinimumAcrLevelAutoresolve(true);
        client.getAttributes().setMinimumAcrPriorityList(Collections.singletonList("usb_fido_key"));
        AuthzRequest authzRequest = new AuthzRequest();
        authzRequest.setAcrValues("super_gluu");
        authzRequest.setClient(client);
        this.authzRequestService.setAcrsIfNeeded(authzRequest);
        Assert.assertEquals(authzRequest.getAcrValues(), "usb_fido_key");
    }

    @Test
    public void setAcrsIfNeeded_whenAcrsHasNoEnoughLevelButAutoResolveIsTrueAndPriorityListSet_shouldGetErrorIfPriorityListClashWithMinimalLevel() {
        Mockito.when(this.externalAuthenticationService.acrToLevelMapping()).thenReturn(new HashMap<String, Integer>() { // from class: io.jans.as.server.authorize.ws.rs.AuthzRequestServiceTest.5
            {
                put("basic", 1);
                put("otp", 5);
                put("u2f", 10);
                put("super_gluu", 11);
                put("passkey", 20);
                put("usb_fido_key", 30);
            }
        });
        Client client = new Client();
        client.getAttributes().setMinimumAcrLevel(14);
        client.getAttributes().setMinimumAcrLevelAutoresolve(true);
        client.getAttributes().setMinimumAcrPriorityList(Collections.singletonList("u2f"));
        AuthzRequest authzRequest = new AuthzRequest();
        authzRequest.setAcrValues("super_gluu");
        authzRequest.setClient(client);
        try {
            this.authzRequestService.setAcrsIfNeeded(authzRequest);
            org.junit.Assert.fail("Must fail because priority list has acr which has level lower then minumumAcrLevel");
        } catch (WebApplicationException e) {
        }
    }

    @Test
    public void addDeviceSecretToSession_withoutUnabledConfiguration_shouldNotGenerateDeviceSecret() {
        Mockito.when(this.appConfiguration.getReturnDeviceSecretFromAuthzEndpoint()).thenReturn(false);
        Client client = new Client();
        client.setGrantTypes(new GrantType[]{GrantType.AUTHORIZATION_CODE, GrantType.TOKEN_EXCHANGE});
        AuthzRequest authzRequest = new AuthzRequest();
        authzRequest.setScope("openid device_sso");
        authzRequest.setRedirectUriResponse(new RedirectUriResponse((RedirectUri) Mockito.mock(RedirectUri.class), "", (HttpServletRequest) Mockito.mock(HttpServletRequest.class), (ErrorResponseFactory) Mockito.mock(ErrorResponseFactory.class)));
        authzRequest.setClient(client);
        SessionId sessionId = new SessionId();
        this.authzRequestService.addDeviceSecretToSession(authzRequest, sessionId);
        Assert.assertTrue(sessionId.getDeviceSecrets().isEmpty());
    }

    @Test
    public void addDeviceSecretToSession_withoutDeviceSsoScope_shouldNotGenerateDeviceSecret() {
        Mockito.when(this.appConfiguration.getReturnDeviceSecretFromAuthzEndpoint()).thenReturn(true);
        Client client = new Client();
        client.setGrantTypes(new GrantType[]{GrantType.AUTHORIZATION_CODE, GrantType.TOKEN_EXCHANGE});
        AuthzRequest authzRequest = new AuthzRequest();
        authzRequest.setScope("openid");
        authzRequest.setRedirectUriResponse(new RedirectUriResponse((RedirectUri) Mockito.mock(RedirectUri.class), "", (HttpServletRequest) Mockito.mock(HttpServletRequest.class), (ErrorResponseFactory) Mockito.mock(ErrorResponseFactory.class)));
        authzRequest.setClient(client);
        SessionId sessionId = new SessionId();
        this.authzRequestService.addDeviceSecretToSession(authzRequest, sessionId);
        Assert.assertTrue(sessionId.getDeviceSecrets().isEmpty());
    }

    @Test
    public void addDeviceSecretToSession_withDeviceSsoScope_shouldGenerateDeviceSecret() {
        Mockito.when(this.appConfiguration.getReturnDeviceSecretFromAuthzEndpoint()).thenReturn(true);
        Client client = new Client();
        client.setGrantTypes(new GrantType[]{GrantType.AUTHORIZATION_CODE, GrantType.TOKEN_EXCHANGE});
        AuthzRequest authzRequest = new AuthzRequest();
        authzRequest.setRedirectUriResponse(new RedirectUriResponse((RedirectUri) Mockito.mock(RedirectUri.class), "", (HttpServletRequest) Mockito.mock(HttpServletRequest.class), (ErrorResponseFactory) Mockito.mock(ErrorResponseFactory.class)));
        authzRequest.setScope("openid device_sso");
        authzRequest.setClient(client);
        SessionId sessionId = new SessionId();
        Assert.assertTrue(sessionId.getDeviceSecrets().isEmpty());
        this.authzRequestService.addDeviceSecretToSession(authzRequest, sessionId);
        Assert.assertEquals(sessionId.getDeviceSecrets().size(), 1);
        Assert.assertTrue(StringUtils.isNotBlank((String) sessionId.getDeviceSecrets().get(0)));
    }

    @Test
    public void addDeviceSecretToSession_withClientWithoutTokenExchangeGrantType_shouldNotGenerateDeviceSecret() {
        Mockito.when(this.appConfiguration.getReturnDeviceSecretFromAuthzEndpoint()).thenReturn(true);
        Client client = new Client();
        client.setGrantTypes(new GrantType[]{GrantType.AUTHORIZATION_CODE});
        AuthzRequest authzRequest = new AuthzRequest();
        authzRequest.setRedirectUriResponse(new RedirectUriResponse((RedirectUri) Mockito.mock(RedirectUri.class), "", (HttpServletRequest) Mockito.mock(HttpServletRequest.class), (ErrorResponseFactory) Mockito.mock(ErrorResponseFactory.class)));
        authzRequest.setScope("openid device_sso");
        authzRequest.setClient(client);
        SessionId sessionId = new SessionId();
        Assert.assertTrue(sessionId.getDeviceSecrets().isEmpty());
        this.authzRequestService.addDeviceSecretToSession(authzRequest, sessionId);
        Assert.assertTrue(sessionId.getDeviceSecrets().isEmpty());
    }
}
