package com.mulesoft.modules.oauth2.provider;

import net.smartam.leeloo.client.request.OAuthClientRequest;
import net.smartam.leeloo.common.message.types.GrantType;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.methods.GetMethod;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Test;

/* loaded from: input_file:com/mulesoft/modules/oauth2/provider/DifferentTokenSecurityProvidersTestCase.class */
public class DifferentTokenSecurityProvidersTestCase extends AbstractOAuth2ProviderModuleTestCase {
    private static final String PROTECTED_RESOURCE_PATH = "/protected";
    private static final String PROTECTED_RESOURCE_PATH_2 = "/protected2";

    @Override // com.mulesoft.modules.oauth2.provider.AbstractOAuth2ProviderModuleTestCase
    protected String doGetConfigFile() {
        return "oauth2-different-token-security-provider-config.xml";
    }

    @Test
    public void TokenGrantedByOneProviderDoesNotWorkWithOther() throws Exception {
        String str = (String) validateSuccessfulTokenResponseNoScopeNoRefresh(getContentAsMap((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setCode(validateSuccessfulLoginResponse((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("code").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).setParameter("username", "rousr").setParameter("password", "ropwd+%").buildBodyMessage(), 302), "code").get("code").get(0)).setClientId("clientId1").setClientSecret("clientSecret1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).buildBodyMessage(), 200))).get("access_token");
        GetMethod getMethod = new GetMethod(getProtectedResourceURL(PROTECTED_RESOURCE_PATH) + "?access_token=" + str);
        executeHttpMethodExpectingStatus(getMethod, 200);
        MatcherAssert.assertThat(getMethod.getResponseBodyAsString(), Matchers.is(Matchers.equalTo("accessing::protected_resource")));
        GetMethod getMethod2 = new GetMethod(getProtectedResourceURL(PROTECTED_RESOURCE_PATH_2) + "?access_token=" + str);
        executeHttpMethodExpectingStatus(getMethod2, 401);
        MatcherAssert.assertThat(getMethod2.getResponseBodyAsString(), Matchers.is(Matchers.equalTo("token not in security provider")));
    }
}
