package org.apereo.cas.oidc;

import com.github.benmanes.caffeine.cache.LoadingCache;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.config.CasCoreAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationHandlersConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationMetadataConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationPolicyConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationPrincipalConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationServiceSelectionStrategyConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationSupportConfiguration;
import org.apereo.cas.config.CasCoreConfiguration;
import org.apereo.cas.config.CasCoreHttpConfiguration;
import org.apereo.cas.config.CasCoreMultifactorAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreNotificationsConfiguration;
import org.apereo.cas.config.CasCoreServicesAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreServicesConfiguration;
import org.apereo.cas.config.CasCoreTicketCatalogConfiguration;
import org.apereo.cas.config.CasCoreTicketIdGeneratorsConfiguration;
import org.apereo.cas.config.CasCoreTicketsConfiguration;
import org.apereo.cas.config.CasCoreUtilConfiguration;
import org.apereo.cas.config.CasCoreWebConfiguration;
import org.apereo.cas.config.CasDefaultServiceTicketIdGeneratorsConfiguration;
import org.apereo.cas.config.CasOAuth20AuthenticationServiceSelectionStrategyConfiguration;
import org.apereo.cas.config.CasOAuth20Configuration;
import org.apereo.cas.config.CasOAuth20EndpointsConfiguration;
import org.apereo.cas.config.CasOAuth20ThrottleConfiguration;
import org.apereo.cas.config.CasPersonDirectoryTestConfiguration;
import org.apereo.cas.config.CasRegisteredServicesTestConfiguration;
import org.apereo.cas.config.CasThrottlingConfiguration;
import org.apereo.cas.config.CasThymeleafConfiguration;
import org.apereo.cas.config.support.CasWebApplicationServiceFactoryConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.logout.config.CasCoreLogoutConfiguration;
import org.apereo.cas.logout.slo.SingleLogoutServiceLogoutUrlBuilder;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.oidc.OidcConstants;
import org.apereo.cas.oidc.config.OidcComponentSerializationConfiguration;
import org.apereo.cas.oidc.config.OidcConfiguration;
import org.apereo.cas.oidc.config.OidcThrottleConfiguration;
import org.apereo.cas.oidc.discovery.OidcServerDiscoverySettings;
import org.apereo.cas.oidc.discovery.webfinger.OidcWebFingerDiscoveryService;
import org.apereo.cas.oidc.jwks.OidcJsonWebKeystoreGeneratorService;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.services.RegisteredServiceCipherExecutor;
import org.apereo.cas.services.RegisteredServiceLogoutType;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServiceRegistryListener;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.web.config.CasThemesConfiguration;
import org.apereo.cas.support.oauth.profile.OAuth20ProfileScopeToAttributesFilter;
import org.apereo.cas.support.oauth.profile.OAuth20UserProfileDataCreator;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.web.response.OAuth20CasClientRedirectActionBuilder;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20AccessTokenResponseGenerator;
import org.apereo.cas.support.oauth.web.response.callback.OAuth20AuthorizationResponseBuilder;
import org.apereo.cas.support.oauth.web.views.ConsentApprovalViewResolver;
import org.apereo.cas.support.oauth.web.views.OAuth20CallbackAuthorizeViewResolver;
import org.apereo.cas.support.oauth.web.views.OAuth20UserProfileViewRenderer;
import org.apereo.cas.ticket.IdTokenGeneratorService;
import org.apereo.cas.ticket.OAuth20TokenSigningAndEncryptionService;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.ticket.code.OAuth20CodeFactory;
import org.apereo.cas.ticket.device.OAuth20DeviceTokenFactory;
import org.apereo.cas.ticket.device.OAuth20DeviceUserCodeFactory;
import org.apereo.cas.ticket.expiration.NeverExpiresExpirationPolicy;
import org.apereo.cas.ticket.refreshtoken.OAuth20RefreshToken;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.token.JwtBuilder;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.web.config.CasCookieConfiguration;
import org.apereo.cas.web.flow.config.CasCoreWebflowConfiguration;
import org.apereo.cas.web.flow.config.CasMultifactorAuthenticationWebflowConfiguration;
import org.apereo.cas.web.flow.config.CasWebflowContextConfiguration;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;
import org.junit.jupiter.api.BeforeEach;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.SpringBootConfiguration;
import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Import;
import org.springframework.core.io.ResourceLoader;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.webflow.execution.Action;

@EnableConfigurationProperties({CasConfigurationProperties.class})
@SpringBootTest(classes = {SharedTestConfiguration.class}, properties = {"cas.authn.oidc.issuer=https://sso.example.org/cas/oidc", "cas.authn.oidc.jwks.jwks-file=classpath:keystore.jwks"})
@DirtiesContext
/* loaded from: input_file:org/apereo/cas/oidc/AbstractOidcTests.class */
public abstract class AbstractOidcTests {
    protected static final String TGT_ID = "TGT-0";

    @Autowired
    @Qualifier("singleLogoutServiceLogoutUrlBuilder")
    protected SingleLogoutServiceLogoutUrlBuilder singleLogoutServiceLogoutUrlBuilder;

    @Autowired
    protected ConfigurableApplicationContext applicationContext;

    @Autowired
    protected ResourceLoader resourceLoader;

    @Autowired
    @Qualifier("oauthInterceptor")
    protected HandlerInterceptorAdapter oauthInterceptor;

    @Autowired
    @Qualifier("oidcWebFingerDiscoveryService")
    protected OidcWebFingerDiscoveryService oidcWebFingerDiscoveryService;

    @Autowired
    @Qualifier("oidcImplicitIdTokenAndTokenCallbackUrlBuilder")
    protected OAuth20AuthorizationResponseBuilder oidcImplicitIdTokenAndTokenCallbackUrlBuilder;

    @Autowired
    @Qualifier("oidcImplicitIdTokenCallbackUrlBuilder")
    protected OAuth20AuthorizationResponseBuilder oidcImplicitIdTokenCallbackUrlBuilder;

    @Autowired
    @Qualifier("oauthRegisteredServiceJwtAccessTokenCipherExecutor")
    protected RegisteredServiceCipherExecutor oauthRegisteredServiceJwtAccessTokenCipherExecutor;

    @Autowired
    @Qualifier("oidcUserProfileViewRenderer")
    protected OAuth20UserProfileViewRenderer oidcUserProfileViewRenderer;

    @Autowired
    @Qualifier("defaultDeviceTokenFactory")
    protected OAuth20DeviceTokenFactory deviceTokenFactory;

    @Autowired
    @Qualifier("defaultDeviceUserCodeFactory")
    protected OAuth20DeviceUserCodeFactory deviceUserCodeFactory;

    @Autowired
    @Qualifier("oidcUserProfileDataCreator")
    protected OAuth20UserProfileDataCreator oidcUserProfileDataCreator;

    @Autowired
    @Qualifier("oauthCasClientRedirectActionBuilder")
    protected OAuth20CasClientRedirectActionBuilder oauthCasClientRedirectActionBuilder;

    @Autowired
    @Qualifier("profileScopeToAttributesFilter")
    protected OAuth20ProfileScopeToAttributesFilter profileScopeToAttributesFilter;

    @Autowired
    @Qualifier("oidcUserProfileSigningAndEncryptionService")
    protected OAuth20TokenSigningAndEncryptionService oidcUserProfileSigningAndEncryptionService;

    @Autowired
    @Qualifier("oidcServiceRegistryListener")
    protected ServiceRegistryListener oidcServiceRegistryListener;

    @Autowired
    @Qualifier("defaultOAuthCodeFactory")
    protected OAuth20CodeFactory defaultOAuthCodeFactory;

    @Autowired
    @Qualifier("webApplicationServiceFactory")
    protected ServiceFactory<WebApplicationService> webApplicationServiceFactory;

    @Autowired
    @Qualifier("callbackAuthorizeViewResolver")
    protected OAuth20CallbackAuthorizeViewResolver callbackAuthorizeViewResolver;

    @Autowired
    protected CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("oidcDefaultJsonWebKeystoreCache")
    protected LoadingCache<String, Optional<PublicJsonWebKey>> oidcDefaultJsonWebKeystoreCache;

    @Autowired
    @Qualifier("oidcTokenSigningAndEncryptionService")
    protected OAuth20TokenSigningAndEncryptionService oidcTokenSigningAndEncryptionService;

    @Autowired
    @Qualifier("oidcServiceJsonWebKeystoreCache")
    protected LoadingCache<OAuthRegisteredService, Optional<PublicJsonWebKey>> oidcServiceJsonWebKeystoreCache;

    @Autowired
    @Qualifier("oidcJsonWebKeystoreGeneratorService")
    protected OidcJsonWebKeystoreGeneratorService oidcJsonWebKeystoreGeneratorService;

    @Autowired
    @Qualifier("registeredServiceAccessStrategyEnforcer")
    protected AuditableExecution registeredServiceAccessStrategyEnforcer;

    @Autowired
    @Qualifier("oidcRegisteredServiceUIAction")
    protected Action oidcRegisteredServiceUIAction;

    @Autowired
    @Qualifier("oidcServerDiscoverySettingsFactory")
    protected OidcServerDiscoverySettings oidcServerDiscoverySettings;

    @Autowired
    @Qualifier("oidcAccessTokenResponseGenerator")
    protected OAuth20AccessTokenResponseGenerator oidcAccessTokenResponseGenerator;

    @Autowired
    @Qualifier("ticketRegistry")
    protected TicketRegistry ticketRegistry;

    @Autowired
    @Qualifier("servicesManager")
    protected ServicesManager servicesManager;

    @Autowired
    @Qualifier("oidcIdTokenGenerator")
    protected IdTokenGeneratorService oidcIdTokenGenerator;

    @Autowired
    @Qualifier("consentApprovalViewResolver")
    protected ConsentApprovalViewResolver consentApprovalViewResolver;

    @Autowired
    @Qualifier("oidcAccessTokenJwtBuilder")
    protected JwtBuilder oidcAccessTokenJwtBuilder;

    @SpringBootConfiguration
    @ImportAutoConfiguration({RefreshAutoConfiguration.class, SecurityAutoConfiguration.class, WebMvcAutoConfiguration.class})
    @Import({OidcConfiguration.class, OidcThrottleConfiguration.class, OidcComponentSerializationConfiguration.class, CasCoreNotificationsConfiguration.class, CasCoreServicesConfiguration.class, CasCoreUtilConfiguration.class, CasCoreWebflowConfiguration.class, CasCoreWebConfiguration.class, CasCoreConfiguration.class, CasCoreTicketsConfiguration.class, CasCoreTicketCatalogConfiguration.class, CasCoreTicketIdGeneratorsConfiguration.class, CasDefaultServiceTicketIdGeneratorsConfiguration.class, CasCoreHttpConfiguration.class, CasCoreLogoutConfiguration.class, CasWebflowContextConfiguration.class, CasCoreAuthenticationPrincipalConfiguration.class, CasPersonDirectoryTestConfiguration.class, CasRegisteredServicesTestConfiguration.class, CasCoreAuthenticationConfiguration.class, CasCookieConfiguration.class, CasThemesConfiguration.class, CasThymeleafConfiguration.class, CasWebApplicationServiceFactoryConfiguration.class, CasCoreAuthenticationHandlersConfiguration.class, CasCoreAuthenticationMetadataConfiguration.class, CasCoreAuthenticationPolicyConfiguration.class, CasCoreAuthenticationSupportConfiguration.class, CasCoreServicesAuthenticationConfiguration.class, CasOAuth20Configuration.class, CasOAuth20EndpointsConfiguration.class, CasThrottlingConfiguration.class, CasOAuth20ThrottleConfiguration.class, CasMultifactorAuthenticationWebflowConfiguration.class, CasCoreMultifactorAuthenticationConfiguration.class, CasOAuth20AuthenticationServiceSelectionStrategyConfiguration.class, CasCoreAuthenticationServiceSelectionStrategyConfiguration.class})
    /* loaded from: input_file:org/apereo/cas/oidc/AbstractOidcTests$SharedTestConfiguration.class */
    public static class SharedTestConfiguration {
    }

    @BeforeEach
    public void initialize() {
        this.servicesManager.save(getOidcRegisteredService());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OidcRegisteredService getOidcRegisteredService() {
        return getOidcRegisteredService(true, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OidcRegisteredService getOidcRegisteredService(boolean z, boolean z2) {
        return getOidcRegisteredService("clientid", "https://oauth\\.example\\.org.*", z, z2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OidcRegisteredService getOidcRegisteredService(String str) {
        return getOidcRegisteredService(str, "https://oauth\\.example\\.org.*", true, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OidcRegisteredService getOidcRegisteredService(String str, String str2, boolean z, boolean z2) {
        OidcRegisteredService oidcRegisteredService = new OidcRegisteredService();
        oidcRegisteredService.setClientId(str);
        oidcRegisteredService.setName("oauth");
        oidcRegisteredService.setDescription("description");
        oidcRegisteredService.setClientSecret("secret");
        oidcRegisteredService.setServiceId(str2);
        oidcRegisteredService.setSignIdToken(z);
        oidcRegisteredService.setEncryptIdToken(z2);
        oidcRegisteredService.setIdTokenEncryptionAlg("RSA-OAEP-256");
        oidcRegisteredService.setIdTokenEncryptionEncoding("A128CBC-HS256");
        oidcRegisteredService.setInformationUrl("info");
        oidcRegisteredService.setPrivacyUrl("privacy");
        oidcRegisteredService.setJwks("classpath:keystore.jwks");
        oidcRegisteredService.setLogoutUrl("https://oauth.example.org/logout,https://logout");
        oidcRegisteredService.setLogoutType(RegisteredServiceLogoutType.BACK_CHANNEL);
        oidcRegisteredService.setScopes(CollectionUtils.wrapSet(new String[]{OidcConstants.StandardScopes.EMAIL.getScope(), OidcConstants.StandardScopes.PROFILE.getScope()}));
        return oidcRegisteredService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OAuthRegisteredService getOAuthRegisteredService(String str, String str2) {
        OAuthRegisteredService oAuthRegisteredService = new OAuthRegisteredService();
        oAuthRegisteredService.setClientId(str);
        oAuthRegisteredService.setName("oauth");
        oAuthRegisteredService.setDescription("description");
        oAuthRegisteredService.setClientSecret("secret");
        oAuthRegisteredService.setServiceId(str2);
        oAuthRegisteredService.setInformationUrl("info");
        oAuthRegisteredService.setPrivacyUrl("privacy");
        return oAuthRegisteredService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JwtClaims getClaims() {
        String clientId = getOidcRegisteredService().getClientId();
        return getClaims("casuser", this.casProperties.getAuthn().getOidc().getIssuer(), clientId, clientId);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static JwtClaims getClaims(String str, String str2, String str3, String str4) {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setJwtId(RandomUtils.randomAlphanumeric(16));
        jwtClaims.setIssuer(str2);
        jwtClaims.setAudience(str4);
        NumericDate now = NumericDate.now();
        now.addSeconds(120L);
        jwtClaims.setExpirationTime(now);
        jwtClaims.setIssuedAtToNow();
        jwtClaims.setNotBeforeMinutesInThePast(1.0f);
        jwtClaims.setSubject(str);
        jwtClaims.setStringClaim("client_id", str3);
        return jwtClaims;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OAuth20AccessToken getAccessToken() {
        return getAccessToken("", "clientId");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OAuth20AccessToken getAccessToken(String str) {
        return getAccessToken("", str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OAuth20AccessToken getAccessToken(String str, String str2) {
        Principal principal = RegisteredServiceTestUtils.getPrincipal("casuser", CollectionUtils.wrap("email", List.of("casuser@example.org")));
        OAuth20AccessToken oAuth20AccessToken = (OAuth20AccessToken) Mockito.mock(OAuth20AccessToken.class);
        Mockito.when(oAuth20AccessToken.getAuthentication()).thenReturn(RegisteredServiceTestUtils.getAuthentication(principal));
        Mockito.when(oAuth20AccessToken.getService()).thenReturn(RegisteredServiceTestUtils.getService("https://oauth.example.org"));
        Mockito.when(oAuth20AccessToken.getId()).thenReturn("AT-123456");
        Mockito.when(oAuth20AccessToken.getExpirationPolicy()).thenReturn(NeverExpiresExpirationPolicy.INSTANCE);
        Mockito.when(oAuth20AccessToken.getTicketGrantingTicket()).thenReturn(new MockTicketGrantingTicket("casuser"));
        Mockito.when(oAuth20AccessToken.getClientId()).thenReturn(str2);
        Mockito.when(oAuth20AccessToken.getCreationTime()).thenReturn(ZonedDateTime.now(ZoneOffset.UTC));
        Mockito.when(oAuth20AccessToken.getScopes()).thenReturn(Set.of(OidcConstants.StandardScopes.EMAIL.getScope(), OidcConstants.StandardScopes.PROFILE.getScope(), OidcConstants.StandardScopes.OPENID.getScope()));
        Mockito.when(oAuth20AccessToken.getIdToken()).thenReturn(str);
        return oAuth20AccessToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OAuth20RefreshToken getRefreshToken() {
        Principal principal = RegisteredServiceTestUtils.getPrincipal("casuser", CollectionUtils.wrap("email", List.of("casuser@example.org")));
        OAuth20RefreshToken oAuth20RefreshToken = (OAuth20RefreshToken) Mockito.mock(OAuth20RefreshToken.class);
        Mockito.when(oAuth20RefreshToken.getAuthentication()).thenReturn(RegisteredServiceTestUtils.getAuthentication(principal));
        Mockito.when(oAuth20RefreshToken.getService()).thenReturn(RegisteredServiceTestUtils.getService("https://oauth.example.org"));
        Mockito.when(oAuth20RefreshToken.getId()).thenReturn("RT-123456");
        Mockito.when(oAuth20RefreshToken.getTicketGrantingTicket()).thenReturn(new MockTicketGrantingTicket("casuser"));
        Mockito.when(oAuth20RefreshToken.getScopes()).thenReturn(Set.of(OidcConstants.StandardScopes.EMAIL.getScope(), OidcConstants.StandardScopes.PROFILE.getScope(), OidcConstants.StandardScopes.OPENID.getScope()));
        Mockito.when(oAuth20RefreshToken.getExpirationPolicy()).thenReturn(NeverExpiresExpirationPolicy.INSTANCE);
        return oAuth20RefreshToken;
    }
}
