package com.mulesoft.modules.oauth2.provider;

import com.mulesoft.modules.oauth2.provider.api.Constants;
import com.mulesoft.modules.oauth2.provider.api.token.AccessTokenStoreHolder;
import java.io.IOException;
import java.util.Collections;
import net.smartam.leeloo.client.request.OAuthClientRequest;
import net.smartam.leeloo.common.message.types.GrantType;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.lang3.RandomStringUtils;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.hamcrest.core.AllOf;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mule.runtime.api.metadata.MediaType;
import org.mule.runtime.http.api.HttpConstants;

/* loaded from: input_file:com/mulesoft/modules/oauth2/provider/OAuth2ProviderModuleDefaultScopeTestCase.class */
public class OAuth2ProviderModuleDefaultScopeTestCase extends AbstractOAuth2ProviderModuleTestCase {

    @Rule
    public ExpectedException expectedException = ExpectedException.none();

    @Override // com.mulesoft.modules.oauth2.provider.AbstractOAuth2ProviderModuleTestCase
    protected String doGetConfigFile() {
        return "oauth2-default-scope-http-config.xml";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.mulesoft.modules.oauth2.provider.AbstractOAuth2ProviderModuleTestCase
    public void doSetUp() throws Exception {
        super.doSetUp();
        this.client.getAuthorizedGrantTypes().add(Constants.RequestGrantType.AUTHORIZATION_CODE);
        updateClientInOS();
    }

    @Test
    public void accessLoginPageWithScopeSuccess() throws Exception {
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(20);
        this.client.setClientName(randomAlphanumeric);
        updateClientInOS();
        GetMethod getMethod = new GetMethod(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("code").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).setScope("USER").buildQueryMessage().getLocationUri());
        executeHttpMethodExpectingStatus(getMethod, 200);
        MatcherAssert.assertThat(getMethod.getResponseHeader("Content-Type").getValue(), Matchers.is(Matchers.equalTo(MediaType.HTML.toRfcString())));
        String responseBodyAsString = getMethod.getResponseBodyAsString();
        MatcherAssert.assertThat(responseBodyAsString, AllOf.allOf(CoreMatchers.containsString("<html>"), CoreMatchers.containsString("<li>USER</li>"), CoreMatchers.containsString(randomAlphanumeric), CoreMatchers.containsString("TestScopedProvider")));
        assertHasFormFieldContaining(responseBodyAsString, "code");
        assertHasFormFieldContaining(responseBodyAsString, "clientId1");
        assertHasFormFieldContaining(responseBodyAsString, AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI);
        assertHasFormFieldContaining(responseBodyAsString, "USER");
    }

    @Test
    public void validateCredentialsSuccess() throws Exception {
        validateSuccessfulLoginResponse((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("code").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).setParameter("username", "rousr").setParameter("password", "ropwd+%").setScope("USER").buildBodyMessage(), HttpConstants.HttpStatus.MOVED_TEMPORARILY.getStatusCode()), "code");
    }

    @Test
    public void tokenExchangeSuccess() throws Exception {
        this.authorizationCodeStoreHolder.getAuthorizationRequest().getScopes().add("USER");
        updateAuthorizationCodeInOS();
        OAuthClientRequest buildBodyMessage = OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setCode("__valid__").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", getValidBasicAuthHeaderValue("clientId1", "clpwd+%")));
        validateSuccessfulTokenResponseNoRefresh(getContentAsMap((HttpMethod) postOAuthClientRequestExpectingStatus(buildBodyMessage, 200)), "USER");
    }

    @Test
    public void accessScopelessProtectedResourceSuccess() throws Exception {
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(20);
        addAccessTokenToStore(randomAlphanumeric);
        accessScopelessProtectedResource(randomAlphanumeric);
    }

    @Test
    public void accessScopedProtectedResourceWithBadScope() throws Exception {
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(20);
        addAccessTokenToStore(randomAlphanumeric);
        GetMethod getMethod = new GetMethod(getProtectedResourceURL("/protected/scopes") + "?access_token=" + randomAlphanumeric);
        executeHttpMethodExpectingStatus(getMethod, HttpConstants.HttpStatus.FORBIDDEN.getStatusCode());
        MatcherAssert.assertThat(getMethod.getResponseHeader("WWW-Authenticate"), Matchers.is(Matchers.not(Matchers.nullValue())));
        MatcherAssert.assertThat(getMethod.getResponseHeader("WWW-Authenticate").getValue(), Matchers.is(Matchers.equalTo("Bearer realm=\"OAuth2 Client Realm\"")));
    }

    @Test
    public void accessScopedProtectedResourceSuccess() throws Exception {
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(20);
        AccessTokenStoreHolder addAccessTokenToStore = addAccessTokenToStore(randomAlphanumeric);
        addAccessTokenToStore.getAccessToken().getScopes().add("USER");
        updateAccessTokenHolderInOS(addAccessTokenToStore);
        accessScopedProtectedResource(randomAlphanumeric);
    }

    @Test
    public void performAuthorizationCodeOAuth2DanceAndAccessProtectedResources() throws Exception {
        String str = (String) validateSuccessfulTokenResponseNoRefresh(getContentAsMap((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.AUTHORIZATION_CODE).setCode(getAuthorizationCode()).setClientId("clientId1").setClientSecret("clientSecret1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).buildBodyMessage(), 200)), "USER").get("access_token");
        accessScopelessProtectedResource(str);
        accessScopedProtectedResource(str);
        accessForbiddenScopedProtectedResource(str);
    }

    private String getAuthorizationCode(String str, String str2) throws Exception {
        return validateSuccessfulLoginResponse((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("code").setClientId(str).setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).setParameter("username", "rousr").setParameter("password", "ropwd+%").setScope(str2).buildBodyMessage(), HttpConstants.HttpStatus.MOVED_TEMPORARILY.getStatusCode()), "code").get("code").get(0);
    }

    private String getAuthorizationCode() throws Exception {
        return getAuthorizationCode("clientId1", "USER");
    }

    @Test
    public void performImplicitGrantOAuth2DanceAndAccessProtectedResource() throws Exception {
        String str = validateSuccessfulLoginResponse((HttpMethod) postOAuthClientRequestExpectingStatus(OAuthClientRequest.authorizationLocation(getAuthorizationEndpointUrl()).setResponseType("token").setClientId("clientId1").setRedirectURI(AbstractOAuth2ProviderModuleTestCase.TEST_REDIRECT_URI).setParameter("username", "rousr").setParameter("password", "ropwd+%").setScope("USER").buildBodyMessage(), HttpConstants.HttpStatus.MOVED_TEMPORARILY.getStatusCode()), "access_token").get("access_token").get(0);
        accessScopelessProtectedResource(str);
        accessScopedProtectedResource(str);
        accessForbiddenScopedProtectedResource(str);
    }

    @Test
    public void performResourceOwnerPasswordCredentialsGrantOAuth2DanceAndAccessProtectedResource() throws Exception {
        this.client.getAuthorizedGrantTypes().add(Constants.RequestGrantType.PASSWORD);
        updateClientInOS();
        OAuthClientRequest buildBodyMessage = OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setGrantType(GrantType.PASSWORD).setParameter("username", "rousr").setParameter("password", "ropwd+%").setScope("USER").buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", getValidBasicAuthHeaderValue("clientId1", "clpwd+%")));
        String str = (String) validateSuccessfulTokenResponseNoRefresh(getContentAsMap((HttpMethod) postOAuthClientRequestExpectingStatus(buildBodyMessage, 200)), "USER").get("access_token");
        accessScopelessProtectedResource(str);
        accessScopedProtectedResource(str);
        accessForbiddenScopedProtectedResource(str);
    }

    @Test
    public void performClientCredentialsGrantOAuth2DanceAndAccessProtectedResource() throws Exception {
        this.client.getAuthorizedGrantTypes().add(Constants.RequestGrantType.CLIENT_CREDENTIALS);
        updateClientInOS();
        OAuthClientRequest buildBodyMessage = OAuthClientRequest.tokenLocation(getTokenEndpointURL()).setParameter("grant_type", "client_credentials").setScope("USER").buildBodyMessage();
        buildBodyMessage.setHeaders(Collections.singletonMap("Authorization", getValidBasicAuthHeaderValue("clientId1", "clpwd+%")));
        String str = (String) validateSuccessfulTokenResponseNoRefresh(getContentAsMap((HttpMethod) postOAuthClientRequestExpectingStatus(buildBodyMessage, 200)), "USER").get("access_token");
        accessScopelessProtectedResource(str);
        accessScopedProtectedResource(str);
        accessForbiddenScopedProtectedResource(str);
        accessForbiddenScopedProtectedResourceSuccess(str);
    }

    @Test
    public void getAuthorizationCodeWithDefaultScopeOnCreatedClient() throws Exception {
        getAuthorizationCode("customClient", "USER");
        this.expectedException.expect(AssertionError.class);
        getAuthorizationCode("customClient", "ADMIN");
    }

    private void accessScopelessProtectedResource(String str) throws IOException {
        GetMethod getMethod = new GetMethod(getProtectedResourceURL("/protected/no-scope") + "?access_token=" + str);
        executeHttpMethodExpectingStatus(getMethod, 200);
        MatcherAssert.assertThat(getMethod.getResponseBodyAsString(), Matchers.is(Matchers.equalTo("accessing::protected_resource")));
    }

    private void accessScopedProtectedResource(String str) throws IOException {
        GetMethod getMethod = new GetMethod(getProtectedResourceURL("/protected/scopes") + "?access_token=" + str);
        executeHttpMethodExpectingStatus(getMethod, 200);
        MatcherAssert.assertThat(getMethod.getResponseBodyAsString(), Matchers.is(Matchers.equalTo("accessing::protected_resource")));
    }

    private void accessForbiddenScopedProtectedResource(String str) throws IOException {
        GetMethod getMethod = new GetMethod(getProtectedResourceURL("/protected/forbidden-scope") + "?access_token=" + str);
        executeHttpMethodExpectingStatus(getMethod, HttpConstants.HttpStatus.FORBIDDEN.getStatusCode());
        MatcherAssert.assertThat(getMethod.getResponseHeader("WWW-Authenticate"), Matchers.is(Matchers.not(Matchers.nullValue())));
        MatcherAssert.assertThat(getMethod.getResponseHeader("WWW-Authenticate").getValue(), Matchers.is(Matchers.equalTo("Bearer realm=\"OAuth2 Client Realm\"")));
    }

    private void accessForbiddenScopedProtectedResourceSuccess(String str) throws IOException {
        this.client.getScopes().add("ADMIN");
        updateClientInOS();
        GetMethod getMethod = new GetMethod(getProtectedResourceURL("/protected/scopes") + "?access_token=" + str);
        executeHttpMethodExpectingStatus(getMethod, 200);
        MatcherAssert.assertThat(getMethod.getResponseBodyAsString(), Matchers.is(Matchers.equalTo("accessing::protected_resource")));
    }
}
