package com.openexchange.ajax.oauth.provider;

import com.openexchange.admin.rmi.dataobjects.Credentials;
import com.openexchange.ajax.framework.AJAXClient;
import com.openexchange.ajax.oauth.provider.actions.RevokeRequest;
import com.openexchange.ajax.oauth.provider.protocol.GETRequest;
import com.openexchange.ajax.oauth.provider.protocol.HttpTools;
import com.openexchange.ajax.oauth.provider.protocol.OAuthParams;
import com.openexchange.ajax.oauth.provider.protocol.Protocol;
import com.openexchange.configuration.AJAXConfig;
import com.openexchange.groupware.importexport.SizedInputStreamTest;
import com.openexchange.oauth.provider.rmi.client.ClientDto;
import com.openexchange.oauth.provider.rmi.client.RemoteClientManagement;
import java.io.InputStreamReader;
import java.rmi.Naming;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.concurrent.locks.LockSupport;
import org.apache.http.HttpResponse;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.json.JSONObject;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/openexchange/ajax/oauth/provider/ProtocolFlowTest.class */
public class ProtocolFlowTest extends EndpointTest {
    @Test
    public void testFlow() throws Exception {
        Map<String, String> extractQueryParams = HttpTools.extractQueryParams(new GETRequest().setHostname(hostname).setClientId(getClientId()).setRedirectURI(getRedirectURI()).setState(this.csrfState).execute(this.client).preparePOSTRequest().setLogin(login).setPassword(password).submit(this.client).followRedirect(this.client).preparePOSTRequest().submit(this.client).getRedirectLocation());
        Assert.assertNull(extractQueryParams.get("error"));
        Assert.assertNotNull(extractQueryParams.get("code"));
        Assert.assertEquals(this.csrfState, extractQueryParams.get("state"));
    }

    @Test
    public void testRedeemRefreshToken() throws Exception {
        OAuthClient oAuthClient = new OAuthClient(getClientId(), getClientSecret(), getRedirectURI(), getScope());
        oAuthClient.assertAccess();
        OAuthSession oAuthSession = (OAuthSession) oAuthClient.getSession();
        String accessToken = oAuthSession.getAccessToken();
        String refreshToken = oAuthSession.getRefreshToken();
        LinkedList linkedList = new LinkedList();
        linkedList.add(new BasicNameValuePair("client_id", getClientId()));
        linkedList.add(new BasicNameValuePair("client_secret", getClientSecret()));
        linkedList.add(new BasicNameValuePair("grant_type", "refresh_token"));
        linkedList.add(new BasicNameValuePair("redirect_uri", getRedirectURI()));
        linkedList.add(new BasicNameValuePair("refresh_token", refreshToken));
        HttpPost httpPost = new HttpPost(new URIBuilder().setScheme("https").setHost(hostname).setPath(EndpointTest.TOKEN_ENDPOINT).build());
        httpPost.setEntity(new UrlEncodedFormEntity(linkedList));
        HttpResponse execute = this.client.execute(httpPost);
        Assert.assertEquals(200L, execute.getStatusLine().getStatusCode());
        JSONObject object = JSONObject.parse(new InputStreamReader(execute.getEntity().getContent(), execute.getEntity().getContentEncoding() == null ? SizedInputStreamTest.ENCODING : execute.getEntity().getContentEncoding().getValue())).toObject();
        Assert.assertTrue("bearer".equalsIgnoreCase(object.getString("token_type")));
        Assert.assertNotNull(object.get("access_token"));
        Assert.assertNotNull(object.get("refresh_token"));
        Assert.assertNotNull(object.get("scope"));
        Assert.assertNotNull(object.get("expires_in"));
        Assert.assertFalse(object.getString("access_token").equals(accessToken));
        Assert.assertFalse(object.getString("refresh_token").equals(refreshToken));
        boolean z = false;
        try {
            oAuthClient.assertAccess();
        } catch (AssertionError e) {
            z = true;
        }
        Assert.assertTrue(z);
    }

    @Test
    public void testRedeemIsDeniedWhenRedirectURIChanges() throws Exception {
        OAuthParams scope = new OAuthParams().setHostname(hostname).setClientId(getClientId()).setClientSecret(getClientSecret()).setRedirectURI(getRedirectURI()).setScope(getScope().toString());
        String authorize = Protocol.authorize(this.client, scope, Protocol.login(this.client, scope, login, password));
        LinkedList linkedList = new LinkedList();
        linkedList.add(new BasicNameValuePair("client_id", getClientId()));
        linkedList.add(new BasicNameValuePair("client_secret", getClientSecret()));
        linkedList.add(new BasicNameValuePair("grant_type", "authorization_code"));
        linkedList.add(new BasicNameValuePair("redirect_uri", getSecondRedirectURI()));
        linkedList.add(new BasicNameValuePair("code", authorize));
        HttpPost httpPost = new HttpPost(new URIBuilder().setScheme("https").setHost(scope.getHostname()).setPath(EndpointTest.TOKEN_ENDPOINT).build());
        httpPost.setEntity(new UrlEncodedFormEntity(linkedList));
        HttpResponse execute = this.client.execute(httpPost);
        Assert.assertEquals(400L, execute.getStatusLine().getStatusCode());
        Assert.assertEquals("invalid_request", JSONObject.parse(new InputStreamReader(execute.getEntity().getContent(), execute.getEntity().getContentEncoding() == null ? SizedInputStreamTest.ENCODING : execute.getEntity().getContentEncoding().getValue())).toObject().get("error"));
        linkedList.clear();
        linkedList.add(new BasicNameValuePair("client_id", getClientId()));
        linkedList.add(new BasicNameValuePair("client_secret", getClientSecret()));
        linkedList.add(new BasicNameValuePair("grant_type", "authorization_code"));
        linkedList.add(new BasicNameValuePair("redirect_uri", getRedirectURI()));
        linkedList.add(new BasicNameValuePair("code", authorize));
        HttpPost httpPost2 = new HttpPost(new URIBuilder().setScheme("https").setHost(scope.getHostname()).setPath(EndpointTest.TOKEN_ENDPOINT).build());
        httpPost2.setEntity(new UrlEncodedFormEntity(linkedList));
        HttpResponse execute2 = this.client.execute(httpPost2);
        Assert.assertEquals(400L, execute2.getStatusLine().getStatusCode());
        Assert.assertEquals("invalid_request", JSONObject.parse(new InputStreamReader(execute2.getEntity().getContent(), execute2.getEntity().getContentEncoding() == null ? SizedInputStreamTest.ENCODING : execute2.getEntity().getContentEncoding().getValue())).toObject().get("error"));
    }

    @Test
    public void testAuthCodeReplay() throws Exception {
        OAuthParams scope = new OAuthParams().setHostname(hostname).setClientId(getClientId()).setClientSecret(getClientSecret()).setRedirectURI(getRedirectURI()).setScope(getScope().toString());
        String authorize = Protocol.authorize(this.client, scope, Protocol.login(this.client, scope, login, password));
        Protocol.redeemAuthCode(this.client, scope, authorize);
        LinkedList linkedList = new LinkedList();
        linkedList.add(new BasicNameValuePair("client_id", getClientId()));
        linkedList.add(new BasicNameValuePair("client_secret", getClientSecret()));
        linkedList.add(new BasicNameValuePair("grant_type", "authorization_code"));
        linkedList.add(new BasicNameValuePair("redirect_uri", getRedirectURI()));
        linkedList.add(new BasicNameValuePair("code", authorize));
        new HttpPost(new URIBuilder().setScheme("https").setHost(scope.getHostname()).setPath(EndpointTest.TOKEN_ENDPOINT).build()).setEntity(new UrlEncodedFormEntity(linkedList));
        Assert.assertEquals(400L, this.client.execute(r0).getStatusLine().getStatusCode());
    }

    @Test
    public void testMaxNumberOfDistinctGrants() throws Exception {
        Credentials masterAdminCredentials = AbstractOAuthTest.getMasterAdminCredentials();
        RemoteClientManagement lookup = Naming.lookup("rmi://" + AJAXConfig.getProperty(AJAXConfig.Property.RMI_HOST) + ":1099/" + RemoteClientManagement.RMI_NAME);
        ArrayList<ClientDto> arrayList = new ArrayList(50);
        for (int i = 0; i < 50; i++) {
            arrayList.add(lookup.registerClient("default", prepareClient("testMaxNumberOfDistinctGrants " + i + " " + System.currentTimeMillis()), masterAdminCredentials));
        }
        try {
            for (ClientDto clientDto : arrayList) {
                new OAuthClient(AJAXClient.User.User1, clientDto.getId(), clientDto.getSecret(), (String) clientDto.getRedirectURIs().get(0), getScope()).assertAccess();
            }
            boolean z = false;
            try {
                new OAuthClient(AJAXClient.User.User1, getClientId(), getClientSecret(), getRedirectURI(), getScope()).assertAccess();
            } catch (AssertionError e) {
                z = true;
            }
            Assert.assertTrue(z);
            new AJAXClient(AJAXClient.User.User1).execute(new RevokeRequest(((ClientDto) arrayList.iterator().next()).getId()));
            new OAuthClient(AJAXClient.User.User1, getClientId(), getClientSecret(), getRedirectURI(), getScope()).assertAccess();
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                try {
                    lookup.unregisterClient(((ClientDto) it.next()).getId(), masterAdminCredentials);
                } catch (Throwable th) {
                    th.printStackTrace();
                }
            }
        } catch (Throwable th2) {
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                try {
                    lookup.unregisterClient(((ClientDto) it2.next()).getId(), masterAdminCredentials);
                } catch (Throwable th3) {
                    th3.printStackTrace();
                }
            }
            throw th2;
        }
    }

    @Test
    public void testGrantStorageQuota() throws Exception {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < 10; i++) {
            arrayList.add(new OAuthClient(getClientId(), getClientSecret(), getRedirectURI(), getScope()));
            LockSupport.parkNanos(1000000L);
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            ((OAuthClient) it.next()).assertAccess();
        }
        arrayList.add(new OAuthClient(getClientId(), getClientSecret(), getRedirectURI(), getScope()));
        boolean z = false;
        try {
            ((OAuthClient) arrayList.get(0)).assertAccess();
        } catch (AssertionError e) {
            z = true;
        }
        Assert.assertTrue(z);
        arrayList.remove(0);
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            ((OAuthClient) it2.next()).assertAccess();
        }
    }
}
