package org.geoserver.security.oauth2;

import java.util.Arrays;
import java.util.HashMap;
import org.geoserver.ows.URLMangler;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.client.ClientHttpRequest;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RequestAuthenticator;
import org.springframework.security.oauth2.client.http.AccessTokenRequiredException;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;

/* loaded from: input_file:org/geoserver/security/oauth2/OAuth2RestTemplateTest.class */
public class OAuth2RestTemplateTest extends AbstractOAuth2RestTemplateTest {
    public void open() throws Exception {
        this.configuration = new GeoNodeOAuth2SecurityConfiguration();
        this.configuration.setAccessTokenRequest(this.accessTokenRequest);
        this.resource = this.configuration.geoServerOAuth2Resource();
        Assert.assertNotNull(this.resource);
        this.resource.setTokenName("bearer_token");
        this.restTemplate = this.configuration.geoServerOauth2RestTemplate();
        Assert.assertNotNull(this.restTemplate);
        this.request = (ClientHttpRequest) Mockito.mock(ClientHttpRequest.class);
        this.headers = new HttpHeaders();
        Mockito.when(this.request.getHeaders()).thenReturn(this.headers);
        ClientHttpResponse clientHttpResponse = (ClientHttpResponse) Mockito.mock(ClientHttpResponse.class);
        Mockito.when(clientHttpResponse.getStatusCode()).thenReturn(HttpStatus.OK);
        Mockito.when(this.request.execute()).thenReturn(clientHttpResponse);
    }

    @Test(expected = AccessTokenRequiredException.class)
    public void testAccessDeneiedException() throws Exception {
        new DefaultOAuth2AccessToken("12345").setTokenType("access_token");
        this.authenticator.authenticate(this.resource, this.restTemplate.getOAuth2ClientContext(), this.request);
    }

    @Test
    public void testNonBearerToken() throws Exception {
        DefaultOAuth2AccessToken defaultOAuth2AccessToken = new DefaultOAuth2AccessToken("12345");
        defaultOAuth2AccessToken.setTokenType("access_token");
        this.restTemplate.getOAuth2ClientContext().setAccessToken(defaultOAuth2AccessToken);
        this.authenticator.authenticate(this.resource, this.restTemplate.getOAuth2ClientContext(), this.request);
        Assert.assertTrue(this.request.getHeaders().getFirst("Authorization").startsWith("access_token "));
    }

    @Test
    public void testCustomAuthenticator() throws Exception {
        DefaultOAuth2AccessToken defaultOAuth2AccessToken = new DefaultOAuth2AccessToken("12345");
        defaultOAuth2AccessToken.setTokenType("access_token");
        this.restTemplate.getOAuth2ClientContext().setAccessToken(defaultOAuth2AccessToken);
        new OAuth2RequestAuthenticator() { // from class: org.geoserver.security.oauth2.OAuth2RestTemplateTest.1
            public void authenticate(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, OAuth2ClientContext oAuth2ClientContext, ClientHttpRequest clientHttpRequest) {
                clientHttpRequest.getHeaders().set("X-Authorization", oAuth2ClientContext.getAccessToken().getTokenType() + " Nah-nah-na-nah-nah");
            }
        }.authenticate(this.resource, this.restTemplate.getOAuth2ClientContext(), this.request);
        Assert.assertEquals("access_token Nah-nah-na-nah-nah", this.request.getHeaders().getFirst("X-Authorization"));
    }

    @Test
    public void testBearerAccessTokenURLMangler() {
        DefaultOAuth2AccessToken defaultOAuth2AccessToken = new DefaultOAuth2AccessToken("12345");
        defaultOAuth2AccessToken.setTokenType("access_token");
        defaultOAuth2AccessToken.setTokenType("Bearer");
        this.restTemplate.getOAuth2ClientContext().setAccessToken(defaultOAuth2AccessToken);
        this.authenticator.authenticate(this.resource, this.restTemplate.getOAuth2ClientContext(), this.request);
        Assert.assertTrue(this.request.getHeaders().getFirst("Authorization").startsWith("Bearer"));
        OAuth2AccessTokenURLMangler oAuth2AccessTokenURLMangler = new OAuth2AccessTokenURLMangler(getSecurityManager(), this.configuration, this.restTemplate);
        oAuth2AccessTokenURLMangler.geoServerOauth2RestTemplate = this.restTemplate;
        Assert.assertNotNull(oAuth2AccessTokenURLMangler);
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("admin", "geoserver", Arrays.asList(new SimpleGrantedAuthority("ROLE_ADMINISTRATOR"))));
        StringBuilder sb = new StringBuilder("http://test.geoserver-org/wms");
        StringBuilder sb2 = new StringBuilder();
        HashMap hashMap = new HashMap();
        hashMap.put("request", "GetCapabilities");
        oAuth2AccessTokenURLMangler.mangleURL(sb, sb2, hashMap, URLMangler.URLType.SERVICE);
        Assert.assertTrue(hashMap.containsKey("access_token"));
        Assert.assertTrue("12345".equals(hashMap.get("access_token")));
    }
}
