package com.mulesoft.modules.oauth2.provider;

import com.google.common.reflect.TypeToken;
import com.google.gson.Gson;
import com.mulesoft.modules.oauth2.provider.api.Constants;
import com.mulesoft.modules.oauth2.provider.api.client.ClientType;
import java.net.URI;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import net.smartam.leeloo.client.request.OAuthClientRequest;
import net.smartam.leeloo.common.message.types.GrantType;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.PutMethod;
import org.apache.commons.lang3.RandomStringUtils;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.hamcrest.core.AllOf;
import org.junit.Test;
import org.mule.runtime.api.metadata.MediaType;
import org.mule.runtime.api.metadata.TypedValue;
import org.mule.runtime.http.api.HttpConstants;
import org.mule.runtime.http.api.HttpHeaders;

/* loaded from: input_file:com/mulesoft/modules/oauth2/provider/OAuth2ProviderModuleCoreTestCase.class */
public class OAuth2ProviderModuleCoreTestCase extends AbstractOAuth2ProviderModuleTestCase {
    private static final String CLIENT_RESTRICTED_RESOURCE_PATH = "/client_only";

    @Override // com.mulesoft.modules.oauth2.provider.AbstractOAuth2ProviderModuleTestCase
    protected String doGetConfigFile() {
        return "oauth2-core-tests-http-config.xml";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.mulesoft.modules.oauth2.provider.AbstractOAuth2ProviderModuleTestCase
    public String buildURL(String str) {
        return getProtocol() + "://localhost:" + this.port.getNumber() + str;
    }

    @Test
    public void accessLoginPageBadMethod() throws Exception {
        executeHttpMethodExpectingStatus(new PutMethod(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).buildQueryMessage().getLocationUri()), 405);
    }

    @Test
    public void accessLoginPageEmptyRequest() throws Exception {
        GetMethod getMethod = new GetMethod(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).buildQueryMessage().getLocationUri());
        executeHttpMethodExpectingStatus(getMethod, 400);
        Map<String, List<String>> decodeParameters = decodeParameters(getMethod.getResponseBodyAsString());
        MatcherAssert.assertThat(decodeParameters.get("error").get(0), Matchers.is(Matchers.equalTo("unsupported_response_type")));
        MatcherAssert.assertThat(decodeParameters.get("error_description").get(0), Matchers.is(Matchers.equalTo("Missing mandatory parameter: response_type")));
    }

    @Test
    public void accessLoginPageBadResponseType() throws Exception {
        GetMethod getMethod = new GetMethod(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("_bad_").buildQueryMessage().getLocationUri());
        executeHttpMethodExpectingStatus(getMethod, 400);
        Map<String, List<String>> decodeParameters = decodeParameters(getMethod.getResponseBodyAsString());
        MatcherAssert.assertThat(decodeParameters.get("error").get(0), Matchers.is(Matchers.equalTo("unsupported_response_type")));
        MatcherAssert.assertThat(decodeParameters.get("error_description").get(0), Matchers.is(Matchers.equalTo("Response type '_bad_' is not supported")));
    }

    @Test
    public void accessLoginPageBadClientId() throws Exception {
        GetMethod getMethod = new GetMethod(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("code").setClientId("_bad_").buildQueryMessage().getLocationUri());
        executeHttpMethodExpectingStatus(getMethod, 400);
        MatcherAssert.assertThat(decodeParameters(getMethod.getResponseBodyAsString()).get("error").get(0), Matchers.is(Matchers.equalTo("unauthorized_client")));
    }

    @Test
    public void accessLoginPageBadRedirectUri() throws Exception {
        GetMethod getMethod = new GetMethod(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("code").setClientId("clientId1").setRedirectURI("_bad_").buildQueryMessage().getLocationUri());
        executeHttpMethodExpectingStatus(getMethod, 400);
        MatcherAssert.assertThat(decodeParameters(getMethod.getResponseBodyAsString()).get("error").get(0), Matchers.is(Matchers.equalTo("invalid_redirection_uri")));
    }

    @Test
    public void accessLoginPageWithScopeFailureAuthorizationCodeGrant() throws Exception {
        GetMethod getMethod = new GetMethod(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("code").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).setScope("test_scope").buildQueryMessage().getLocationUri());
        getMethod.setFollowRedirects(false);
        executeHttpMethodExpectingStatus(getMethod, 302);
        String value = getMethod.getResponseHeader("Location").getValue();
        MatcherAssert.assertThat(value, Matchers.is(Matchers.not(Matchers.nullValue())));
        MatcherAssert.assertThat("authorization code grant type location has query", new URI(value).getQuery(), Matchers.is(Matchers.not(Matchers.nullValue())));
        MatcherAssert.assertThat(decodeParameters(value).get("error").get(0), Matchers.is(Matchers.equalTo("invalid_scope")));
    }

    @Test
    public void accessLoginPageWithScopeFailureImplicitGrant() throws Exception {
        GetMethod getMethod = new GetMethod(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("token").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).setScope("test_scope").buildQueryMessage().getLocationUri());
        getMethod.setFollowRedirects(false);
        executeHttpMethodExpectingStatus(getMethod, 302);
        String value = getMethod.getResponseHeader("Location").getValue();
        MatcherAssert.assertThat(value, Matchers.is(Matchers.not(Matchers.nullValue())));
        URI uri = new URI(value);
        MatcherAssert.assertThat("token grant type location has no query", uri.getQuery(), Matchers.is(Matchers.nullValue()));
        MatcherAssert.assertThat("token grant type location has fragment", uri.getFragment(), Matchers.is(Matchers.not(Matchers.nullValue())));
        MatcherAssert.assertThat(decodeParameters(value).get("error").get(0), Matchers.is(Matchers.equalTo("invalid_scope")));
    }

    @Test
    public void accessLoginPageSuccess() throws Exception {
        GetMethod getMethod = new GetMethod(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("code").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).buildQueryMessage().getLocationUri());
        executeHttpMethodExpectingStatus(getMethod, 200);
        MatcherAssert.assertThat(getMethod.getResponseHeader("Content-Type").getValue(), Matchers.is(Matchers.equalTo(MediaType.HTML.toRfcString())));
        String responseBodyAsString = getMethod.getResponseBodyAsString();
        MatcherAssert.assertThat(responseBodyAsString, CoreMatchers.containsString("<html>"));
        assertHasFormFieldContaining(responseBodyAsString, "code");
        assertHasFormFieldContaining(responseBodyAsString, "clientId1");
        assertHasFormFieldContaining(responseBodyAsString, AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI);
    }

    @Test
    public void validateCredentialsNoParamProvided() throws Exception {
        PostMethod postOAuthClientRequestExpectingStatus = postOAuthClientRequestExpectingStatus(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).buildBodyMessage(), 400);
        MatcherAssert.assertThat(postOAuthClientRequestExpectingStatus.getResponseHeader("Location"), Matchers.is(Matchers.nullValue()));
        Map<String, List<String>> decodeParameters = decodeParameters(postOAuthClientRequestExpectingStatus.getResponseBodyAsString());
        MatcherAssert.assertThat(decodeParameters.get("error").get(0), Matchers.is(Matchers.equalTo("unsupported_response_type")));
        MatcherAssert.assertThat(decodeParameters.get("error_description").get(0), Matchers.is(Matchers.equalTo("Missing mandatory parameter: response_type")));
    }

    @Test
    public void validateCredentialsNoCredentialsProvided() throws Exception {
        PostMethod postOAuthClientRequestExpectingStatus = postOAuthClientRequestExpectingStatus(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("code").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).buildBodyMessage(), 302);
        String value = postOAuthClientRequestExpectingStatus.getResponseHeader("Location").getValue();
        MatcherAssert.assertThat(value, Matchers.is(Matchers.not(Matchers.nullValue())));
        Map<String, List<String>> decodeParameters = decodeParameters(value);
        MatcherAssert.assertThat(decodeParameters.get("error").get(0), Matchers.is(Matchers.equalTo("invalid_request")));
        MatcherAssert.assertThat(decodeParameters.get("error_description").get(0), Matchers.is(Matchers.equalTo("Missing mandatory parameter: username")));
        MatcherAssert.assertThat(postOAuthClientRequestExpectingStatus.getResponseBodyAsString(), Matchers.isEmptyString());
    }

    @Test
    public void validateCredentialsInvalidCredentialsAuthorizationCodeGrant() throws Exception {
        doValidateCredentialsInvalidCredentials("code");
    }

    @Test
    public void validateCredentialsInvalidCredentialsImplicitGrant() throws Exception {
        doValidateCredentialsInvalidCredentials("token");
    }

    @Test
    public void validateCredentialsValidCredentials() throws Exception {
        validateSuccessfulLoginResponse((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("code").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).setParameter("username", "rousr").setParameter("password", "ropwd+%").buildBodyMessage(), 302), "code");
    }

    @Test
    public void validateCredentialsValidCredentialsWithState() throws Exception {
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(10);
        MatcherAssert.assertThat(validateSuccessfulLoginResponse((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("code").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).setParameter("username", "rousr").setParameter("password", "ropwd+%").setState(randomAlphanumeric).buildBodyMessage(), 302), "code").get("state").get(0), Matchers.is(Matchers.equalTo(randomAlphanumeric)));
    }

    @Test
    public void tokenExchangeEmptyRequest() throws Exception {
        PostMethod postMethod = new PostMethod(getTokenEndpointURL());
        postMethod.setRequestHeader("Content-Type", HttpHeaders.Values.APPLICATION_X_WWW_FORM_URLENCODED.toRfcString());
        executeHttpMethodExpectingStatus(postMethod, 400);
        assertEqualJsonObj("{\"error\":\"invalid_request\",\"error_description\":\"Missing mandatory parameter: grant_type\"}", postMethod);
    }

    @Test
    public void tokenExchangeUnsupportedGrantType() throws Exception {
        assertEqualJsonObj("{\"error\":\"unsupported_grant_type\",\"error_description\":\"Grant type 'none' is not supported\"}", postOAuthClientRequestExpectingStatus(OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.NONE).buildBodyMessage(), 400));
    }

    @Test
    public void tokenExchangeNoCredentials() throws Exception {
        assertEqualJsonObj("{\"error\":\"invalid_client\",\"error_description\":\"Invalid credentials\"}", postOAuthClientRequestExpectingStatus(OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setClientId("clientId1").buildBodyMessage(), 400));
    }

    @Test
    public void tokenExchangeBrokenAuthorization() throws Exception {
        OAuthClientRequest buildBodyMessage = OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setClientId("clientId1").buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", "_broken_"));
        assertEqualJsonObj("{\"error\":\"invalid_request\",\"error_description\":\"Invalid 'Authorization' header\"}", postOAuthClientRequestExpectingStatus(buildBodyMessage, 400));
    }

    @Test
    public void tokenExchangeBadAuthorization() throws Exception {
        OAuthClientRequest buildBodyMessage = OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setClientId("clientId1").buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", getValidBasicAuthHeaderValue("_bad_", "_bad_")));
        MatcherAssert.assertThat(postOAuthClientRequestExpectingStatus(buildBodyMessage, 401).getResponseBodyAsString(), CoreMatchers.containsString("\"error\":\"invalid_client\""));
    }

    @Test
    public void tokenExchangeInvalidRequestUri() throws Exception {
        OAuthClientRequest buildBodyMessage = OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setClientId("clientId1").setCode("_ignored_").buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", getValidBasicAuthHeaderValue("clientId1", "clpwd+%")));
        assertEqualJsonObj("{\"error\":\"invalid_redirection_uri\",\"error_description\":\"Missing mandatory parameter: redirect_uri\"}", postOAuthClientRequestExpectingStatus(buildBodyMessage, 400));
    }

    @Test
    public void tokenExchangeInvalidGrant() throws Exception {
        OAuthClientRequest buildBodyMessage = OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setClientId("clientId1").setCode("_invalid_").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", getValidBasicAuthHeaderValue("clientId1", "clpwd+%")));
        assertEqualJsonObj("{\"error\":\"invalid_grant\",\"error_description\":\"Authorization code is invalid or expired\"}", postOAuthClientRequestExpectingStatus(buildBodyMessage, 400));
    }

    @Test
    public void tokenExchangeMultipleAuthentications() throws Exception {
        new GetMethod(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("code").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).setScope("USER").buildQueryMessage().getLocationUri());
        OAuthClientRequest buildBodyMessage = OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setCode("__valid__").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).setClientId("clientId1").setClientSecret("clientSecret1").buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", getValidBasicAuthHeaderValue("clientId1", "clpwd+%")));
        assertEqualJsonObj("{\"error\":\"invalid_request\",\"error_description\":\"Multiple client authentications found\"}", postOAuthClientRequestExpectingStatus(buildBodyMessage, 400));
    }

    @Test
    public void tokenExchangeExpiredAuthorizationCode() throws Exception {
        tokenExchangeValidUsernamePassword();
        assertEqualJsonObj("{\"error\":\"invalid_grant\",\"error_description\":\"Authorization code is invalid or expired\"}", postOAuthClientRequestExpectingStatus(OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setCode("__valid__").setClientId("clientId1").setClientSecret("clientSecret1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).buildBodyMessage(), 400));
    }

    @Test
    public void tokenExchangeClientNotFoundInSecurityProvider() throws Exception {
        this.client.setPrincipal((String) null);
        OAuthClientRequest buildBodyMessage = OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setCode("__valid__").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", getValidBasicAuthHeaderValue("clientId1", "_bad_")));
        PostMethod postOAuthClientRequestExpectingStatus = postOAuthClientRequestExpectingStatus(buildBodyMessage, 401);
        MatcherAssert.assertThat(postOAuthClientRequestExpectingStatus.getResponseHeader("WWW-Authenticate"), Matchers.is(Matchers.not(Matchers.nullValue())));
        assertEqualJsonObj("{\"error\":\"invalid_client\",\"error_description\":\"Invalid credentials\"}", postOAuthClientRequestExpectingStatus);
    }

    @Test
    public void tokenExchangeClientIdIsValidSecurityProviderPrincipal() throws Exception {
        setupClient("clusr", null);
        validateSuccessfulTokenResponseNoScopeNoRefresh(getContentAsMap((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setCode("__valid__").setClientId("clientId1").setClientSecret("clientSecret1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).buildBodyMessage(), 200)));
    }

    @Test
    public void tokenExchangeValidUsernamePassword() throws Exception {
        validateSuccessfulTokenResponseNoScopeNoRefresh(getContentAsMap((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setCode("__valid__").setClientId("clientId1").setClientSecret("clientSecret1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).buildBodyMessage(), 200)));
    }

    @Test
    public void tokenExchangeValidBasicAuth() throws Exception {
        OAuthClientRequest buildBodyMessage = OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setCode("__valid__").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", getValidBasicAuthHeaderValue("clientId1", "clpwd+%")));
        validateSuccessfulTokenResponseNoScopeNoRefresh(getContentAsMap((HttpMethod) postOAuthClientRequestExpectingStatus(buildBodyMessage, 200)));
    }

    @Test
    public void tokenExchangeValidClientSecret() throws Exception {
        validateSuccessfulTokenResponseNoScopeNoRefresh(getContentAsMap((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setCode("__valid__").setClientId("clientId1").setClientSecret("clientSecret1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).buildBodyMessage(), 200)));
    }

    @Test
    public void tokenExchangePublicClient() throws Exception {
        this.client.setSecret((String) null);
        this.client.setType(ClientType.PUBLIC);
        updateClientInOS();
        validateSuccessfulTokenResponseNoScopeNoRefresh(getContentAsMap((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setCode("__valid__").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).buildBodyMessage(), 200)));
    }

    @Test
    public void tokenRequestBadClientAuthorization() throws Exception {
        OAuthClientRequest buildBodyMessage = OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.PASSWORD).setUsername("rousr").setPassword("ropwd+%").buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", getValidBasicAuthHeaderValue("_bad_", "_bad_")));
        MatcherAssert.assertThat(postOAuthClientRequestExpectingStatus(buildBodyMessage, 401).getResponseBodyAsString(), CoreMatchers.containsString("\"error\":\"invalid_client\""));
    }

    @Test
    public void tokenRequestBadResourceOwnerCredentials() throws Exception {
        this.client.getAuthorizedGrantTypes().add(Constants.RequestGrantType.PASSWORD);
        updateClientInOS();
        OAuthClientRequest buildBodyMessage = OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.PASSWORD).setUsername("rousr").setPassword("_bad_").buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", getValidBasicAuthHeaderValue("clientId1", "clpwd+%")));
        MatcherAssert.assertThat(postOAuthClientRequestExpectingStatus(buildBodyMessage, 400).getResponseBodyAsString(), CoreMatchers.containsString("\"error\":\"access_denied\""));
    }

    @Test
    public void accessProtectedResourceWithoutToken() throws Exception {
        GetMethod getMethod = new GetMethod(getProtectedResourceURL("/protected"));
        executeHttpMethodExpectingStatus(getMethod, HttpConstants.HttpStatus.UNAUTHORIZED.getStatusCode());
        MatcherAssert.assertThat(Integer.valueOf(getMethod.getStatusCode()), Matchers.is(Matchers.equalTo(Integer.valueOf(HttpConstants.HttpStatus.UNAUTHORIZED.getStatusCode()))));
        MatcherAssert.assertThat(getMethod.getResponseHeader("WWW-Authenticate"), Matchers.is(Matchers.not(Matchers.nullValue())));
        MatcherAssert.assertThat(getMethod.getResponseHeader("WWW-Authenticate").getValue(), Matchers.is(Matchers.equalTo("Bearer realm=\"OAuth2 Client Realm\"")));
    }

    @Test
    public void accessProtectedResourceWithBadAccessToken() throws Exception {
        GetMethod getMethod = new GetMethod(getProtectedResourceURL("/protected") + "?access_token=_bad_");
        executeHttpMethodExpectingStatus(getMethod, 401);
        MatcherAssert.assertThat(getMethod.getResponseHeader("WWW-Authenticate"), Matchers.is(Matchers.not(Matchers.nullValue())));
        MatcherAssert.assertThat(getMethod.getResponseHeader("WWW-Authenticate").getValue(), Matchers.is(Matchers.equalTo("Bearer realm=\"OAuth2 Client Realm\"")));
    }

    @Test
    public void accessProtectedResourceWithExpiredAccessToken() throws Exception {
        GetMethod getMethod = new GetMethod(getProtectedResourceURL("/protected") + "?access_token=" + RandomStringUtils.randomAlphanumeric(20));
        executeHttpMethodExpectingStatus(getMethod, 401);
        MatcherAssert.assertThat(getMethod.getResponseHeader("WWW-Authenticate"), Matchers.is(Matchers.not(Matchers.nullValue())));
        MatcherAssert.assertThat(getMethod.getResponseHeader("WWW-Authenticate").getValue(), Matchers.is(Matchers.equalTo("Bearer realm=\"OAuth2 Client Realm\"")));
    }

    @Test
    public void accessProtectedResourceWithAccessTokenQueryParam() throws Exception {
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(20);
        addAccessTokenToStore(randomAlphanumeric);
        accessProtectedResource(randomAlphanumeric);
    }

    @Test
    public void accessProtectedResourceWithBearerHeader() throws Exception {
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(20);
        addAccessTokenToStore(randomAlphanumeric);
        GetMethod getMethod = new GetMethod(getProtectedResourceURL("/protected-with-bearer"));
        getMethod.addRequestHeader("Authorization", "Bearer " + randomAlphanumeric);
        executeHttpMethodExpectingStatus(getMethod, 200);
        MatcherAssert.assertThat(getMethod.getResponseBodyAsString(), Matchers.is(Matchers.equalTo("accessing::protected_resource")));
        MatcherAssert.assertThat(getMethod.getResponseHeader("WWW-Authenticate"), Matchers.is(Matchers.nullValue()));
    }

    @Test
    public void performAuthorizationCodeOAuth2DanceAndAccessProtectedResource() throws Exception {
        accessProtectedResource((String) validateSuccessfulTokenResponseNoScopeNoRefresh(getContentAsMap((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setCode(validateSuccessfulLoginResponse((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("code").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).setParameter("username", "rousr").setParameter("password", "ropwd+%").buildBodyMessage(), 302), "code").get("code").get(0)).setClientId("clientId1").setClientSecret("clientSecret1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).buildBodyMessage(), 200))).get("access_token"));
    }

    @Test
    public void performImplicitGrantOAuth2DanceAndAccessProtectedResource() throws Exception {
        accessProtectedResource(validateSuccessfulLoginResponse((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("token").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).setParameter("username", "rousr").setParameter("password", "ropwd+%").buildBodyMessage(), 302), "access_token").get("access_token").get(0));
    }

    @Test
    public void performResourceOwnerPasswordCredentialsGrantOAuth2DanceAndAccessProtectedResource() throws Exception {
        this.client.getAuthorizedGrantTypes().add(Constants.RequestGrantType.PASSWORD);
        updateClientInOS();
        OAuthClientRequest buildBodyMessage = OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.PASSWORD).setParameter("username", "rousr").setParameter("password", "ropwd+%").buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", getValidBasicAuthHeaderValue("clientId1", "clpwd+%")));
        accessProtectedResource((String) validateSuccessfulTokenResponseNoScopeNoRefresh(getContentAsMap((HttpMethod) postOAuthClientRequestExpectingStatus(buildBodyMessage, 200))).get("access_token"));
    }

    @Test
    public void performClientCredentialsGrantOAuth2DanceAndAccessProtectedResourceWithClientPassword() throws Exception {
        this.client.getAuthorizedGrantTypes().add(Constants.RequestGrantType.CLIENT_CREDENTIALS);
        updateClientInOS();
        OAuthClientRequest buildBodyMessage = OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setParameter("grant_type", "client_credentials").buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", getValidBasicAuthHeaderValue("clientId1", "clpwd+%")));
        accessProtectedResource((String) validateSuccessfulTokenResponseNoScopeNoRefresh(getContentAsMap((HttpMethod) postOAuthClientRequestExpectingStatus(buildBodyMessage, 200))).get("access_token"));
    }

    @Test
    public void performClientCredentialsGrantOAuth2DanceAndAccessProtectedResourceWithClientSecret() throws Exception {
        this.client.getAuthorizedGrantTypes().add(Constants.RequestGrantType.CLIENT_CREDENTIALS);
        updateClientInOS();
        OAuthClientRequest buildBodyMessage = OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setParameter("grant_type", "client_credentials").buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", getValidBasicAuthHeaderValue("clientId1", "clientSecret1")));
        accessProtectedResource((String) validateSuccessfulTokenResponseNoScopeNoRefresh(getContentAsMap((HttpMethod) postOAuthClientRequestExpectingStatus(buildBodyMessage, 200))).get("access_token"));
    }

    @Test
    public void multipleInvalidCredentialsAreRejected() throws Exception {
        doValidateCredentialsInvalidCredentials("code");
        doValidateCredentialsInvalidCredentials("code");
        postOAuthClientRequestExpectingStatus(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("code").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).setParameter("username", "rousr").setParameter("password", "__BAD__").buildBodyMessage(), HttpConstants.HttpStatus.TOO_MANY_REQUESTS.getStatusCode());
    }

    @Test
    public void getAccessTokenWithGETAndFail() throws Exception {
        getOAuthClientRequestExpectingStatus(OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setParameter("grant_type", GrantType.AUTHORIZATION_CODE.toString()).setParameter("code", "useless_authentication_code").setParameter("client_id", "clientId1").setParameter("client_secret", "clientSecret1").setParameter("redirect_uri", AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).buildQueryMessage(), 405);
    }

    @Test
    public void tokenAttributesHaveCorrectValues() throws Exception {
        String str = (String) validateSuccessfulTokenResponseNoScopeNoRefresh(getContentAsMap((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setCode(validateSuccessfulLoginResponse((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("code").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).setParameter("username", "rousr").setParameter("password", "ropwd+%").buildBodyMessage(), 302), "code").get("code").get(0)).setClientId("clientId1").setClientSecret("clientSecret1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).buildBodyMessage(), 200))).get("access_token");
        Long l = (Long) ((TypedValue) flowRunner("testAttributes").withVariable("ACCESS_TOKEN", str).run().getVariables().get("tokenTtl")).getValue();
        MatcherAssert.assertThat(l, Matchers.is(Matchers.both(Matchers.greaterThan(5000000000L)).and(Matchers.lessThan(10000000000L))));
        MatcherAssert.assertThat((Long) ((TypedValue) flowRunner("testAttributes").withVariable("ACCESS_TOKEN", str).run().getVariables().get("tokenTtl")).getValue(), Matchers.is(Matchers.lessThan(l)));
    }

    /* JADX WARN: Type inference failed for: r2v7, types: [com.mulesoft.modules.oauth2.provider.OAuth2ProviderModuleCoreTestCase$1] */
    @Test
    public void payloadIsCorrectlyGenerated() throws Exception {
        MatcherAssert.assertThat((Map) new Gson().fromJson(flowRunner("validateToken").withVariable("ACCESS_TOKEN", (String) validateSuccessfulTokenResponseNoScopeNoRefresh(getContentAsMap((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setCode(validateSuccessfulLoginResponse((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("code").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).setParameter("username", "rousr").setParameter("password", "ropwd+%").buildBodyMessage(), 302), "code").get("code").get(0)).setClientId("clientId1").setClientSecret("clientSecret1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).buildBodyMessage(), 200))).get("access_token")).run().getMessage().getPayload().getValue().toString(), new TypeToken<Map<String, String>>() { // from class: com.mulesoft.modules.oauth2.provider.OAuth2ProviderModuleCoreTestCase.1
        }.getType()), AllOf.allOf(Matchers.hasKey("expires_in"), Matchers.hasEntry("client_id", "clientId1"), Matchers.hasEntry("username", "rousr"), Matchers.hasEntry("scope", "")));
    }

    private void doValidateCredentialsInvalidCredentials(String str) throws Exception {
        PostMethod postOAuthClientRequestExpectingStatus = postOAuthClientRequestExpectingStatus(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType(str).setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).setParameter("username", "rousr").setParameter("password", "__BAD__").buildBodyMessage(), 302);
        String value = postOAuthClientRequestExpectingStatus.getResponseHeader("Location").getValue();
        MatcherAssert.assertThat(value, Matchers.is(Matchers.not(Matchers.nullValue())));
        MatcherAssert.assertThat(decodeParameters(value).get("error").get(0), Matchers.is(Matchers.equalTo("access_denied")));
        MatcherAssert.assertThat(postOAuthClientRequestExpectingStatus.getResponseBodyAsString(), Matchers.isEmptyString());
    }
}
