package com.mulesoft.modules.oauth2.provider.error;

import com.mulesoft.modules.oauth2.provider.AbstractOAuth2ProviderModuleTestCase;
import com.mulesoft.modules.oauth2.provider.api.Constants;
import java.util.Collections;
import net.smartam.leeloo.client.request.OAuthClientRequest;
import org.apache.commons.httpclient.methods.PostMethod;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:com/mulesoft/modules/oauth2/provider/error/OAuth2ProviderClientCredentialsErrorsTestCase.class */
public class OAuth2ProviderClientCredentialsErrorsTestCase extends AbstractOAuth2ProviderModuleTestCase {
    @Override // com.mulesoft.modules.oauth2.provider.AbstractOAuth2ProviderModuleTestCase
    protected String doGetConfigFile() {
        return "client-credentials-errors-config.xml";
    }

    @Before
    public void setupClient() {
        this.client.getAuthorizedGrantTypes().add(Constants.RequestGrantType.CLIENT_CREDENTIALS);
        updateClientInOS();
    }

    private OAuthClientRequest.TokenRequestBuilder baseRequest() {
        return OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setParameter("grant_type", "client_credentials");
    }

    private void assertErrorInRequest(OAuthClientRequest oAuthClientRequest, String str, String str2, int i) throws Exception {
        PostMethod postOAuthClientRequestExpectingStatus = postOAuthClientRequestExpectingStatus(oAuthClientRequest, i);
        MatcherAssert.assertThat(postOAuthClientRequestExpectingStatus.getResponseBodyAsString(), Matchers.containsString("\"error\":\"" + str));
        MatcherAssert.assertThat(postOAuthClientRequestExpectingStatus.getResponseBodyAsString(), Matchers.containsString("\"error_description\":\"" + str2));
    }

    private void assertErrorInRequest(OAuthClientRequest oAuthClientRequest, String str, String str2) throws Exception {
        assertErrorInRequest(oAuthClientRequest, str, str2, 400);
    }

    private void assertInvalidRequest(OAuthClientRequest oAuthClientRequest, String str) throws Exception {
        assertErrorInRequest(oAuthClientRequest, "invalid_request", str);
    }

    private void assertInvalidClient(OAuthClientRequest oAuthClientRequest, String str) throws Exception {
        assertErrorInRequest(oAuthClientRequest, "invalid_client", str);
    }

    @Test
    public void missingAuthentication() throws Exception {
        assertInvalidClient(baseRequest().buildBodyMessage(), "No client identification nor authentication found");
    }

    @Test
    public void multipleAuthenticationMethods() throws Exception {
        OAuthClientRequest buildBodyMessage = baseRequest().setClientId("clientId1").setClientSecret("clientSecret1").buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", getValidBasicAuthHeaderValue("clientId1", "clpwd+%")));
        assertInvalidRequest(buildBodyMessage, "Multiple client authentications found");
    }

    @Test
    public void unregisteredClientIdWithSecret() throws Exception {
        assertInvalidClient(baseRequest().setClientId("unregisteredClient").setClientSecret("clientSecret1").buildBodyMessage(), "Invalid credentials");
    }

    @Test
    public void unregisteredClientIdInAuthenticationHeader() throws Exception {
        OAuthClientRequest buildBodyMessage = baseRequest().buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", getValidBasicAuthHeaderValue("unregisteredClientId", "clpwd+%")));
        assertErrorInRequest(buildBodyMessage, "invalid_client", "Invalid credentials", 401);
    }

    @Test
    public void unauthorizedClientWithSecret() throws Exception {
        assertInvalidClient(baseRequest().setClientId("clientId1").setClientSecret("wrongSecret").buildBodyMessage(), "Invalid credentials");
    }

    @Test
    public void unauthorizedClientWithAuthorizationHeader() throws Exception {
        OAuthClientRequest buildBodyMessage = baseRequest().buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", getValidBasicAuthHeaderValue("clientId1", "wrongSecret")));
        assertErrorInRequest(buildBodyMessage, "invalid_client", "Invalid credentials", 401);
    }
}
