package org.gluu.oxauth.ws.rs;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.Invocation;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.Response;
import org.apache.commons.codec.binary.Base64;
import org.gluu.oxauth.BaseTest;
import org.gluu.oxauth.client.AuthorizationRequest;
import org.gluu.oxauth.client.QueryStringDecoder;
import org.gluu.oxauth.client.RegisterRequest;
import org.gluu.oxauth.client.RegisterResponse;
import org.gluu.oxauth.client.TokenRequest;
import org.gluu.oxauth.client.UserInfoRequest;
import org.gluu.oxauth.client.model.authorize.Claim;
import org.gluu.oxauth.client.model.authorize.ClaimValue;
import org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest;
import org.gluu.oxauth.model.common.AuthorizationMethod;
import org.gluu.oxauth.model.common.GrantType;
import org.gluu.oxauth.model.common.Prompt;
import org.gluu.oxauth.model.common.ResponseType;
import org.gluu.oxauth.model.common.SubjectType;
import org.gluu.oxauth.model.crypto.OxAuthCryptoProvider;
import org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.gluu.oxauth.model.exception.InvalidJwtException;
import org.gluu.oxauth.model.jwt.Jwt;
import org.gluu.oxauth.model.register.ApplicationType;
import org.gluu.oxauth.model.register.RegisterResponseParam;
import org.gluu.oxauth.model.util.StringUtils;
import org.gluu.oxauth.util.ServerUtil;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.json.JSONException;
import org.json.JSONObject;
import org.testng.Assert;
import org.testng.annotations.Parameters;
import org.testng.annotations.Test;

/* loaded from: input_file:org/gluu/oxauth/ws/rs/UserInfoRestWebServiceEmbeddedTest.class */
public class UserInfoRestWebServiceEmbeddedTest extends BaseTest {

    @ArquillianResource
    private URI url;
    private static String clientId;
    private static String clientSecret;
    private static String accessToken1;
    private static String accessToken2;
    private static String accessToken3;
    private static String accessToken4;
    private static String accessToken5;
    private static String accessToken6;
    private static String accessToken7;
    private static String clientId1;
    private static String clientId2;
    private static String clientId3;
    private static String clientSecret1;
    private static String clientSecret2;
    private static String clientSecret3;

    @Parameters({"registerPath", "redirectUris", "sectorIdentifierUri"})
    @Test
    public void dynamicClientRegistration(String str, String str2, String str3) throws Exception {
        Invocation.Builder request = ResteasyClientBuilder.newClient().target(this.url.toString() + str).request();
        List asList = Arrays.asList(ResponseType.CODE, ResponseType.TOKEN, ResponseType.ID_TOKEN);
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(str2));
        registerRequest.setResponseTypes(asList);
        registerRequest.setSectorIdentifierUri(str3);
        registerRequest.setSubjectType(SubjectType.PAIRWISE);
        registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
        registerRequest.setClaims(Arrays.asList("iname", "o"));
        registerRequest.setGrantTypes(Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS));
        Response post = request.post(Entity.json(ServerUtil.toPrettyJson(registerRequest.getJSONParameters())));
        String str4 = (String) post.readEntity(String.class);
        showResponse("dynamicClientRegistration", post, str4);
        Assert.assertEquals(post.getStatus(), 200, "Unexpected response code. " + str4);
        Assert.assertNotNull(str4, "Unexpected result: " + str4);
        try {
            RegisterResponse valueOf = RegisterResponse.valueOf(str4);
            ClientTestUtil.assert_(valueOf);
            clientId = valueOf.getClientId();
            clientSecret = valueOf.getClientSecret();
        } catch (Exception e) {
            Assert.fail(e.getMessage(), e);
        }
    }

    @Parameters({"authorizePath", "userId", "userSecret", "redirectUri"})
    @Test(dependsOnMethods = {"dynamicClientRegistration"})
    public void requestUserInfoStep1ImplicitFlow(String str, String str2, String str3, String str4) throws Exception {
        String encodeBase64String = Base64.encodeBase64String((str2 + ":" + str3).getBytes());
        String uuid = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(Arrays.asList(ResponseType.TOKEN), clientId, Arrays.asList("openid", "profile", "address", "email"), str4, UUID.randomUUID().toString());
        authorizationRequest.setState(uuid);
        authorizationRequest.getPrompts().add(Prompt.NONE);
        Invocation.Builder request = ResteasyClientBuilder.newClient().target(this.url.toString() + str + "?" + authorizationRequest.getQueryString()).request();
        request.header("Authorization", "Basic " + encodeBase64String);
        request.header("Accept", "text/plain");
        Response response = request.get();
        showResponse("requestUserInfo step 1 Implicit Flow", response, (String) response.readEntity(String.class));
        Assert.assertEquals(response.getStatus(), 302, "Unexpected response code.");
        Assert.assertNotNull(response.getLocation(), "Unexpected result: " + response.getLocation());
        if (response.getLocation() != null) {
            try {
                URI uri = new URI(response.getLocation().toString());
                Assert.assertNotNull(uri.getFragment(), "Fragment is null");
                Map decode = QueryStringDecoder.decode(uri.getFragment());
                Assert.assertNotNull(decode.get("access_token"), "The access token is null");
                Assert.assertNotNull(decode.get("token_type"), "The token type is null");
                Assert.assertNotNull(decode.get("expires_in"), "The expires in value is null");
                Assert.assertNotNull(decode.get("scope"), "The scope must be null");
                Assert.assertNull(decode.get("refresh_token"), "The refresh_token must be null");
                Assert.assertNotNull(decode.get("state"), "The state is null");
                Assert.assertEquals((String) decode.get("state"), uuid);
                accessToken1 = (String) decode.get("access_token");
            } catch (URISyntaxException e) {
                e.printStackTrace();
                Assert.fail("Response URI is not well formed");
            } catch (Exception e2) {
                e2.printStackTrace();
                Assert.fail("Unexpected error");
            }
        }
    }

    @Parameters({"userInfoPath"})
    @Test(dependsOnMethods = {"requestUserInfoStep1ImplicitFlow"})
    public void requestUserInfoStep2PostImplicitFlow(String str) throws Exception {
        Invocation.Builder request = ResteasyClientBuilder.newClient().target(this.url.toString() + str).request();
        request.header("Authorization", "Bearer " + accessToken1);
        request.header("Content-Type", "application/x-www-form-urlencoded");
        Response post = request.post(Entity.form(new MultivaluedHashMap(new UserInfoRequest((String) null).getParameters())));
        String str2 = (String) post.readEntity(String.class);
        showResponse("requestUserInfo step 2 POST Implicit Flow", post, str2);
        Assert.assertEquals(post.getStatus(), 200, "Unexpected response code.");
        Assert.assertTrue(post.getHeaderString("Cache-Control") != null && post.getHeaderString("Cache-Control").equals("no-store, private"), "Unexpected result: " + post.getHeaderString("Cache-Control"));
        Assert.assertTrue(post.getHeaderString("Pragma") != null && post.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + post.getHeaderString("Pragma"));
        Assert.assertNotNull(str2, "Unexpected result: " + str2);
        try {
            JSONObject jSONObject = new JSONObject(str2);
            Assert.assertTrue(jSONObject.has("sub"));
            Assert.assertTrue(jSONObject.has("name"));
            Assert.assertTrue(jSONObject.has("given_name"));
            Assert.assertTrue(jSONObject.has("family_name"));
            Assert.assertTrue(jSONObject.has("email"));
        } catch (JSONException e) {
            e.printStackTrace();
            Assert.fail(e.getMessage() + "\nResponse was: " + str2);
        } catch (Exception e2) {
            e2.printStackTrace();
            Assert.fail(e2.getMessage());
        }
    }

    @Parameters({"userInfoPath"})
    @Test(dependsOnMethods = {"requestUserInfoStep1ImplicitFlow"})
    public void requestUserInfoStep2GetImplicitFlow(String str) throws Exception {
        Invocation.Builder request = ResteasyClientBuilder.newClient().target(this.url.toString() + str + "?" + new UserInfoRequest((String) null).getQueryString()).request();
        request.header("Authorization", "Bearer " + accessToken1);
        Response response = request.get();
        String str2 = (String) response.readEntity(String.class);
        showResponse("requestUserInfo step 2 GET Implicit Flow", response, str2);
        Assert.assertEquals(response.getStatus(), 200, "Unexpected response code.");
        Assert.assertTrue(response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store, private"), "Unexpected result: " + response.getHeaderString("Cache-Control"));
        Assert.assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma"));
        Assert.assertNotNull(str2, "Unexpected result: " + str2);
        try {
            JSONObject jSONObject = new JSONObject(str2);
            Assert.assertTrue(jSONObject.has("sub"));
            Assert.assertTrue(jSONObject.has("name"));
            Assert.assertTrue(jSONObject.has("given_name"));
            Assert.assertTrue(jSONObject.has("family_name"));
            Assert.assertTrue(jSONObject.has("email"));
        } catch (JSONException e) {
            e.printStackTrace();
            Assert.fail(e.getMessage() + "\nResponse was: " + str2);
        } catch (Exception e2) {
            e2.printStackTrace();
            Assert.fail(e2.getMessage());
        }
    }

    @Parameters({"tokenPath", "userId", "userSecret"})
    @Test(dependsOnMethods = {"dynamicClientRegistration"})
    public void requestUserInfoStep1PasswordFlow(String str, String str2, String str3) throws Exception {
        Invocation.Builder request = ResteasyClientBuilder.newClient().target(this.url.toString() + str).request();
        TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
        tokenRequest.setUsername(str2);
        tokenRequest.setPassword(str3);
        tokenRequest.setScope("openid profile address email");
        tokenRequest.setAuthUsername(clientId);
        tokenRequest.setAuthPassword(clientSecret);
        request.header("Authorization", "Basic " + tokenRequest.getEncodedCredentials());
        request.header("Content-Type", "application/x-www-form-urlencoded");
        Response post = request.post(Entity.form(new MultivaluedHashMap(tokenRequest.getParameters())));
        String str4 = (String) post.readEntity(String.class);
        showResponse("requestUserInfoStep1PasswordFlow", post, str4);
        Assert.assertEquals(post.getStatus(), 200, "Unexpected response code.");
        Assert.assertTrue(post.getHeaderString("Cache-Control") != null && post.getHeaderString("Cache-Control").equals("no-store"), "Unexpected result: " + post.getHeaderString("Cache-Control"));
        Assert.assertTrue(post.getHeaderString("Pragma") != null && post.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + post.getHeaderString("Pragma"));
        Assert.assertTrue(!str4.equals(null), "Unexpected result: " + str4);
        try {
            JSONObject jSONObject = new JSONObject(str4);
            Assert.assertTrue(jSONObject.has("access_token"), "Unexpected result: access_token not found");
            Assert.assertTrue(jSONObject.has("token_type"), "Unexpected result: token_type not found");
            Assert.assertTrue(jSONObject.has("refresh_token"), "Unexpected result: refresh_token not found");
            Assert.assertTrue(jSONObject.has("scope"), "Unexpected result: scope not found");
            accessToken4 = jSONObject.getString("access_token");
        } catch (JSONException e) {
            e.printStackTrace();
            Assert.fail(e.getMessage() + "\nResponse was: " + str4);
        }
    }

    @Parameters({"userInfoPath"})
    @Test(dependsOnMethods = {"requestUserInfoStep1PasswordFlow"})
    public void requestUserInfoStep2PasswordFlow(String str) throws Exception {
        Invocation.Builder request = ResteasyClientBuilder.newClient().target(this.url.toString() + str).request();
        request.header("Authorization", "Bearer " + accessToken4);
        request.header("Content-Type", "application/x-www-form-urlencoded");
        Response post = request.post(Entity.form(new MultivaluedHashMap(new UserInfoRequest((String) null).getParameters())));
        String str2 = (String) post.readEntity(String.class);
        showResponse("requestUserInfoStep2PasswordFlow", post, str2);
        Assert.assertEquals(post.getStatus(), 200, "Unexpected response code.");
        Assert.assertTrue(post.getHeaderString("Cache-Control") != null && post.getHeaderString("Cache-Control").equals("no-store, private"), "Unexpected result: " + post.getHeaderString("Cache-Control"));
        Assert.assertTrue(post.getHeaderString("Pragma") != null && post.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + post.getHeaderString("Pragma"));
        Assert.assertNotNull(str2, "Unexpected result: " + str2);
        try {
            JSONObject jSONObject = new JSONObject(str2);
            Assert.assertTrue(jSONObject.has("sub"));
            Assert.assertTrue(jSONObject.has("name"));
            Assert.assertTrue(jSONObject.has("given_name"));
            Assert.assertTrue(jSONObject.has("family_name"));
            Assert.assertTrue(jSONObject.has("email"));
        } catch (JSONException e) {
            e.printStackTrace();
            Assert.fail(e.getMessage() + "\nResponse was: " + str2);
        } catch (Exception e2) {
            e2.printStackTrace();
            Assert.fail(e2.getMessage());
        }
    }

    @Parameters({"userInfoPath"})
    @Test
    public void requestUserInfoInvalidRequest(String str) throws Exception {
        Response post = ResteasyClientBuilder.newClient().target(this.url.toString() + str).request().post(Entity.form(new MultivaluedHashMap(new UserInfoRequest((String) null).getParameters())));
        String str2 = (String) post.readEntity(String.class);
        showResponse("requestUserInfoInvalidRequest", post, str2);
        Assert.assertEquals(post.getStatus(), 400, "Unexpected response code.");
        Assert.assertNotNull(str2, "Unexpected result: " + str2);
        try {
            JSONObject jSONObject = new JSONObject(str2);
            Assert.assertTrue(jSONObject.has("error"), "The error type is null");
            Assert.assertTrue(jSONObject.has("error_description"), "The error description is null");
        } catch (JSONException e) {
            e.printStackTrace();
            Assert.fail(e.getMessage() + "\nResponse was: " + str2);
        }
    }

    @Parameters({"userInfoPath"})
    @Test
    public void requestUserInfoInvalidToken(String str) throws Exception {
        UserInfoRequest userInfoRequest = new UserInfoRequest("INVALID_ACCESS_TOKEN");
        userInfoRequest.setAuthorizationMethod(AuthorizationMethod.FORM_ENCODED_BODY_PARAMETER);
        Response post = ResteasyClientBuilder.newClient().target(this.url.toString() + str).request().post(Entity.form(new MultivaluedHashMap(userInfoRequest.getParameters())));
        String str2 = (String) post.readEntity(String.class);
        showResponse("requestUserInfoInvalidToken", post, str2);
        Assert.assertEquals(post.getStatus(), 401, "Unexpected response code.");
        Assert.assertNotNull(str2, "Unexpected result: " + str2);
        try {
            JSONObject jSONObject = new JSONObject(str2);
            Assert.assertTrue(jSONObject.has("error"), "The error type is null");
            Assert.assertTrue(jSONObject.has("error_description"), "The error description is null");
        } catch (JSONException e) {
            e.printStackTrace();
            Assert.fail(e.getMessage() + "\nResponse was: " + str2);
        }
    }

    @Parameters({"userInfoPath"})
    @Test
    public void requestUserInfoInvalidSchema(String str) throws Exception {
        Invocation.Builder request = ResteasyClientBuilder.newClient().target(this.url.toString() + str).request();
        request.header("Content-Type", "application/x-www-form-urlencoded");
        UserInfoRequest userInfoRequest = new UserInfoRequest("INVALID_ACCESS_TOKEN");
        userInfoRequest.getParameters().put("schema", "INVALID_SCHEMA");
        Response post = request.post(Entity.form(new MultivaluedHashMap(userInfoRequest.getParameters())));
        String str2 = (String) post.readEntity(String.class);
        showResponse("requestUserInfoInvalidSchema", post, str2);
        Assert.assertEquals(post.getStatus(), 400, "Unexpected response code.");
        Assert.assertNotNull(str2, "Unexpected result: " + str2);
        try {
            JSONObject jSONObject = new JSONObject(str2);
            Assert.assertTrue(jSONObject.has("error"), "The error type is null");
            Assert.assertTrue(jSONObject.has("error_description"), "The error description is null");
        } catch (JSONException e) {
            e.printStackTrace();
            Assert.fail(e.getMessage() + "\nResponse was: " + str2);
        }
    }

    @Parameters({"authorizePath", "userId", "userSecret", "redirectUri"})
    @Test(dependsOnMethods = {"dynamicClientRegistration"})
    public void requestUserInfoAdditionalClaims(String str, String str2, String str3, String str4) throws Exception {
        String uuid = UUID.randomUUID().toString();
        ArrayList arrayList = new ArrayList();
        arrayList.add(ResponseType.TOKEN);
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(arrayList, clientId, Arrays.asList("openid", "profile", "address", "email"), str4, UUID.randomUUID().toString());
        authorizationRequest.setState(uuid);
        authorizationRequest.getPrompts().add(Prompt.NONE);
        authorizationRequest.setAuthUsername(str2);
        authorizationRequest.setAuthPassword(str3);
        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret, new OxAuthCryptoProvider());
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("invalid", ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("iname", ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("o", ClaimValue.createEssential(true)));
        String encodedJwt = jwtAuthorizationRequest.getEncodedJwt();
        authorizationRequest.setRequest(encodedJwt);
        System.out.println("Request JWT: " + encodedJwt);
        Invocation.Builder request = ResteasyClientBuilder.newClient().target(this.url.toString() + str + "?" + authorizationRequest.getQueryString()).request();
        request.header("Authorization", "Basic " + authorizationRequest.getEncodedCredentials());
        request.header("Accept", "text/plain");
        Response response = request.get();
        showResponse("requestUserInfoAdditionalClaims step 1", response, (String) response.readEntity(String.class));
        Assert.assertEquals(response.getStatus(), 302, "Unexpected response code.");
        Assert.assertNotNull(response.getLocation(), "Unexpected result: " + response.getLocation());
        if (response.getLocation() != null) {
            try {
                URI uri = new URI(response.getLocation().toString());
                Assert.assertNotNull(uri.getFragment(), "Fragment is null");
                Map decode = QueryStringDecoder.decode(uri.getFragment());
                Assert.assertNotNull(decode.get("access_token"), "The access token is null");
                Assert.assertNotNull(decode.get("token_type"), "The token type is null");
                Assert.assertNotNull(decode.get("expires_in"), "The expires in value is null");
                Assert.assertNotNull(decode.get("scope"), "The scope must be null");
                Assert.assertNull(decode.get("refresh_token"), "The refresh_token must be null");
                Assert.assertNotNull(decode.get("state"), "The state is null");
                Assert.assertEquals((String) decode.get("state"), uuid);
                accessToken3 = (String) decode.get("access_token");
            } catch (URISyntaxException e) {
                e.printStackTrace();
                Assert.fail("Response URI is not well formed");
            } catch (Exception e2) {
                e2.printStackTrace();
                Assert.fail(e2.getMessage());
            }
        }
    }

    @Parameters({"userInfoPath"})
    @Test(dependsOnMethods = {"requestUserInfoAdditionalClaims"})
    public void requestUserInfoAdditionalClaimsStep2(String str) throws Exception {
        Invocation.Builder request = ResteasyClientBuilder.newClient().target(this.url.toString() + str).request();
        request.header("Content-Type", "application/x-www-form-urlencoded");
        UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken3);
        userInfoRequest.setAuthorizationMethod(AuthorizationMethod.FORM_ENCODED_BODY_PARAMETER);
        Response post = request.post(Entity.form(new MultivaluedHashMap(userInfoRequest.getParameters())));
        String str2 = (String) post.readEntity(String.class);
        showResponse("requestUserInfoAdditionalClaims step 2", post, str2);
        Assert.assertEquals(post.getStatus(), 200, "Unexpected response code.");
        Assert.assertTrue(post.getHeaderString("Cache-Control") != null && post.getHeaderString("Cache-Control").equals("no-store, private"), "Unexpected result: " + post.getHeaderString("Cache-Control"));
        Assert.assertTrue(post.getHeaderString("Pragma") != null && post.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + post.getHeaderString("Pragma"));
        Assert.assertNotNull(str2, "Unexpected result: " + str2);
        try {
            JSONObject jSONObject = new JSONObject(str2);
            Assert.assertTrue(jSONObject.has("sub"));
            Assert.assertTrue(jSONObject.has("name"));
            Assert.assertTrue(jSONObject.has("given_name"));
            Assert.assertTrue(jSONObject.has("family_name"));
            Assert.assertTrue(jSONObject.has("email"));
            Assert.assertTrue(jSONObject.has("iname"));
            Assert.assertTrue(jSONObject.has("o"));
        } catch (JSONException e) {
            e.printStackTrace();
            Assert.fail(e.getMessage() + "\nResponse was: " + str2);
        } catch (Exception e2) {
            e2.printStackTrace();
            Assert.fail(e2.getMessage());
        }
    }

    @Parameters({"registerPath", "redirectUris"})
    @Test
    public void requestUserInfoHS256Step1(String str, String str2) throws Exception {
        Invocation.Builder request = ResteasyClientBuilder.newClient().target(this.url.toString() + str).request();
        List asList = Arrays.asList(ResponseType.TOKEN);
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(str2));
        registerRequest.setResponseTypes(asList);
        registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.HS256);
        registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
        registerRequest.setGrantTypes(Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS));
        Response post = request.post(Entity.json(ServerUtil.toPrettyJson(registerRequest.getJSONParameters())));
        String str3 = (String) post.readEntity(String.class);
        showResponse("requestUserInfoHS256Step1", post, str3);
        Assert.assertEquals(post.getStatus(), 200, "Unexpected response code. " + str3);
        Assert.assertNotNull(str3, "Unexpected result: " + str3);
        try {
            JSONObject jSONObject = new JSONObject(str3);
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.CLIENT_ID.toString()));
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.CLIENT_SECRET.toString()));
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.REGISTRATION_ACCESS_TOKEN.toString()));
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.REGISTRATION_CLIENT_URI.toString()));
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.CLIENT_ID_ISSUED_AT.toString()));
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.CLIENT_SECRET_EXPIRES_AT.toString()));
            clientId1 = jSONObject.getString(RegisterResponseParam.CLIENT_ID.toString());
            clientSecret1 = jSONObject.getString(RegisterResponseParam.CLIENT_SECRET.toString());
        } catch (JSONException e) {
            e.printStackTrace();
            Assert.fail(e.getMessage() + "\nResponse was: " + str3);
        }
    }

    @Parameters({"authorizePath", "userId", "userSecret", "redirectUri"})
    @Test(dependsOnMethods = {"requestUserInfoHS256Step1"})
    public void requestUserInfoHS256Step2(String str, String str2, String str3, String str4) throws Exception {
        String uuid = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(Arrays.asList(ResponseType.TOKEN), clientId1, Arrays.asList("openid", "profile", "email"), str4, UUID.randomUUID().toString());
        authorizationRequest.setState(uuid);
        authorizationRequest.getPrompts().add(Prompt.NONE);
        authorizationRequest.setAuthUsername(str2);
        authorizationRequest.setAuthPassword(str3);
        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret1, new OxAuthCryptoProvider());
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("name", ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("nickname", ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("email", ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("email_verified", ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("picture", ClaimValue.createEssential(false)));
        String encodedJwt = jwtAuthorizationRequest.getEncodedJwt();
        authorizationRequest.setRequest(encodedJwt);
        System.out.println("Request JWT: " + encodedJwt);
        Invocation.Builder request = ResteasyClientBuilder.newClient().target(this.url.toString() + str + "?" + authorizationRequest.getQueryString()).request();
        request.header("Authorization", "Basic " + authorizationRequest.getEncodedCredentials());
        request.header("Accept", "text/plain");
        Response response = request.get();
        showResponse("requestUserInfoHS256Step2", response, (String) response.readEntity(String.class));
        Assert.assertEquals(response.getStatus(), 302, "Unexpected response code.");
        Assert.assertNotNull(response.getLocation(), "Unexpected result: " + response.getLocation());
        try {
            URI uri = new URI(response.getLocation().toString());
            Assert.assertNotNull(uri.getFragment(), "Query string is null");
            Map decode = QueryStringDecoder.decode(uri.getFragment());
            Assert.assertNotNull(decode.get("access_token"), "The accessToken is null");
            Assert.assertNotNull(decode.get("scope"), "The scope is null");
            Assert.assertNotNull(decode.get("state"), "The state is null");
            Assert.assertEquals((String) decode.get("state"), uuid);
            accessToken5 = (String) decode.get("access_token");
        } catch (URISyntaxException e) {
            e.printStackTrace();
            Assert.fail("Response URI is not well formed");
        }
    }

    @Parameters({"userInfoPath"})
    @Test(dependsOnMethods = {"requestUserInfoHS256Step2"})
    public void requestUserInfoHS256Step3(String str) throws Exception {
        Invocation.Builder request = ResteasyClientBuilder.newClient().target(this.url.toString() + str).request();
        request.header("Authorization", "Bearer " + accessToken5);
        request.header("Content-Type", "application/x-www-form-urlencoded");
        Response post = request.post(Entity.form(new MultivaluedHashMap(new UserInfoRequest((String) null).getParameters())));
        String str2 = (String) post.readEntity(String.class);
        showResponse("requestUserInfoHS256Step3", post, str2);
        Assert.assertEquals(post.getStatus(), 200, "Unexpected response code.");
        Assert.assertTrue(post.getHeaderString("Cache-Control") != null && post.getHeaderString("Cache-Control").equals("no-store, private"), "Unexpected result: " + post.getHeaderString("Cache-Control"));
        Assert.assertTrue(post.getHeaderString("Pragma") != null && post.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + post.getHeaderString("Pragma"));
        Assert.assertNotNull(str2, "Unexpected result: " + str2);
        try {
            Jwt parse = Jwt.parse(str2);
            Assert.assertNotNull(parse.getClaims().getClaimAsString("sub"));
            Assert.assertNotNull(parse.getClaims().getClaimAsString("name"));
            Assert.assertNotNull(parse.getClaims().getClaimAsString("email"));
            Assert.assertNotNull(parse.getClaims().getClaimAsString("picture"));
        } catch (InvalidJwtException e) {
            e.printStackTrace();
            Assert.fail(e.getMessage() + "\nResponse was: " + str2);
        } catch (Exception e2) {
            e2.printStackTrace();
            Assert.fail(e2.getMessage());
        }
    }

    @Parameters({"registerPath", "redirectUris"})
    @Test
    public void requestUserInfoHS384Step1(String str, String str2) throws Exception {
        List asList = Arrays.asList(ResponseType.TOKEN);
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(str2));
        registerRequest.setResponseTypes(asList);
        registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.HS384);
        registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
        registerRequest.setGrantTypes(Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS));
        Response post = ResteasyClientBuilder.newClient().target(this.url.toString() + str).request().post(Entity.json(ServerUtil.toPrettyJson(registerRequest.getJSONParameters())));
        String str3 = (String) post.readEntity(String.class);
        showResponse("requestUserInfoHS384Step1", post, str3);
        Assert.assertEquals(post.getStatus(), 200, "Unexpected response code. " + str3);
        Assert.assertNotNull(str3, "Unexpected result: " + str3);
        try {
            JSONObject jSONObject = new JSONObject(str3);
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.CLIENT_ID.toString()));
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.CLIENT_SECRET.toString()));
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.REGISTRATION_ACCESS_TOKEN.toString()));
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.REGISTRATION_CLIENT_URI.toString()));
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.CLIENT_ID_ISSUED_AT.toString()));
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.CLIENT_SECRET_EXPIRES_AT.toString()));
            clientId2 = jSONObject.getString(RegisterResponseParam.CLIENT_ID.toString());
            clientSecret2 = jSONObject.getString(RegisterResponseParam.CLIENT_SECRET.toString());
        } catch (JSONException e) {
            e.printStackTrace();
            Assert.fail(e.getMessage() + "\nResponse was: " + str3);
        }
    }

    @Parameters({"authorizePath", "userId", "userSecret", "redirectUri"})
    @Test(dependsOnMethods = {"requestUserInfoHS384Step1"})
    public void requestUserInfoHS384Step2(String str, String str2, String str3, String str4) throws Exception {
        String uuid = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(Arrays.asList(ResponseType.TOKEN), clientId2, Arrays.asList("openid", "profile", "email"), str4, UUID.randomUUID().toString());
        authorizationRequest.setState(uuid);
        authorizationRequest.getPrompts().add(Prompt.NONE);
        authorizationRequest.setAuthUsername(str2);
        authorizationRequest.setAuthPassword(str3);
        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS384, clientSecret2, new OxAuthCryptoProvider());
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("name", ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("nickname", ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("email", ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("email_verified", ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("picture", ClaimValue.createEssential(false)));
        String encodedJwt = jwtAuthorizationRequest.getEncodedJwt();
        authorizationRequest.setRequest(encodedJwt);
        System.out.println("Request JWT: " + encodedJwt);
        Invocation.Builder request = ResteasyClientBuilder.newClient().target(this.url.toString() + str + "?" + authorizationRequest.getQueryString()).request();
        request.header("Authorization", "Basic " + authorizationRequest.getEncodedCredentials());
        request.header("Accept", "text/plain");
        Response response = request.get();
        showResponse("requestUserInfoHS384Step2", response, (String) response.readEntity(String.class));
        Assert.assertEquals(response.getStatus(), 302, "Unexpected response code.");
        Assert.assertNotNull(response.getLocation(), "Unexpected result: " + response.getLocation());
        try {
            URI uri = new URI(response.getLocation().toString());
            Assert.assertNotNull(uri.getFragment(), "Query string is null");
            Map decode = QueryStringDecoder.decode(uri.getFragment());
            Assert.assertNotNull(decode.get("access_token"), "The accessToken is null");
            Assert.assertNotNull(decode.get("scope"), "The scope is null");
            Assert.assertNotNull(decode.get("state"), "The state is null");
            Assert.assertEquals((String) decode.get("state"), uuid);
            accessToken6 = (String) decode.get("access_token");
        } catch (URISyntaxException e) {
            e.printStackTrace();
            Assert.fail("Response URI is not well formed");
        }
    }

    @Parameters({"userInfoPath"})
    @Test(dependsOnMethods = {"requestUserInfoHS384Step2"})
    public void requestUserInfoHS384Step3(String str) throws Exception {
        Invocation.Builder request = ResteasyClientBuilder.newClient().target(this.url.toString() + str).request();
        request.header("Authorization", "Bearer " + accessToken6);
        Response post = request.post(Entity.form(new MultivaluedHashMap(new UserInfoRequest((String) null).getParameters())));
        String str2 = (String) post.readEntity(String.class);
        showResponse("requestUserInfoHS384Step3", post, str2);
        Assert.assertEquals(post.getStatus(), 200, "Unexpected response code.");
        Assert.assertTrue(post.getHeaderString("Cache-Control") != null && post.getHeaderString("Cache-Control").equals("no-store, private"), "Unexpected result: " + post.getHeaderString("Cache-Control"));
        Assert.assertTrue(post.getHeaderString("Pragma") != null && post.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + post.getHeaderString("Pragma"));
        Assert.assertNotNull(str2, "Unexpected result: " + str2);
        try {
            Jwt parse = Jwt.parse(str2);
            Assert.assertNotNull(parse.getClaims().getClaimAsString("sub"));
            Assert.assertNotNull(parse.getClaims().getClaimAsString("name"));
            Assert.assertNotNull(parse.getClaims().getClaimAsString("email"));
            Assert.assertNotNull(parse.getClaims().getClaimAsString("picture"));
        } catch (Exception e) {
            e.printStackTrace();
            Assert.fail(e.getMessage());
        } catch (InvalidJwtException e2) {
            e2.printStackTrace();
            Assert.fail(e2.getMessage() + "\nResponse was: " + str2);
        }
    }

    @Parameters({"registerPath", "redirectUris"})
    @Test
    public void requestUserInfoHS512Step1(String str, String str2) throws Exception {
        Invocation.Builder request = ResteasyClientBuilder.newClient().target(this.url.toString() + str).request();
        List asList = Arrays.asList(ResponseType.TOKEN);
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(str2));
        registerRequest.setResponseTypes(asList);
        registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.HS512);
        registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
        registerRequest.setGrantTypes(Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS));
        Response post = request.post(Entity.json(ServerUtil.toPrettyJson(registerRequest.getJSONParameters())));
        String str3 = (String) post.readEntity(String.class);
        showResponse("requestUserInfoHS512Step1", post, str3);
        Assert.assertEquals(post.getStatus(), 200, "Unexpected response code. " + str3);
        Assert.assertNotNull(str3, "Unexpected result: " + str3);
        try {
            JSONObject jSONObject = new JSONObject(str3);
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.CLIENT_ID.toString()));
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.CLIENT_SECRET.toString()));
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.REGISTRATION_ACCESS_TOKEN.toString()));
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.REGISTRATION_CLIENT_URI.toString()));
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.CLIENT_ID_ISSUED_AT.toString()));
            Assert.assertTrue(jSONObject.has(RegisterResponseParam.CLIENT_SECRET_EXPIRES_AT.toString()));
            clientId3 = jSONObject.getString(RegisterResponseParam.CLIENT_ID.toString());
            clientSecret3 = jSONObject.getString(RegisterResponseParam.CLIENT_SECRET.toString());
        } catch (JSONException e) {
            e.printStackTrace();
            Assert.fail(e.getMessage() + "\nResponse was: " + str3);
        }
    }

    @Parameters({"authorizePath", "userId", "userSecret", "redirectUri"})
    @Test(dependsOnMethods = {"requestUserInfoHS512Step1"})
    public void requestUserInfoHS512Step2(String str, String str2, String str3, String str4) throws Exception {
        String uuid = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(Arrays.asList(ResponseType.TOKEN), clientId3, Arrays.asList("openid", "profile", "email"), str4, UUID.randomUUID().toString());
        authorizationRequest.setState(uuid);
        authorizationRequest.getPrompts().add(Prompt.NONE);
        authorizationRequest.setAuthUsername(str2);
        authorizationRequest.setAuthPassword(str3);
        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS512, clientSecret3, new OxAuthCryptoProvider());
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("name", ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("nickname", ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("email", ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("email_verified", ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim("picture", ClaimValue.createEssential(false)));
        String encodedJwt = jwtAuthorizationRequest.getEncodedJwt();
        authorizationRequest.setRequest(encodedJwt);
        System.out.println("Request JWT: " + encodedJwt);
        Invocation.Builder request = ResteasyClientBuilder.newClient().target(this.url.toString() + str + "?" + authorizationRequest.getQueryString()).request();
        request.header("Authorization", "Basic " + authorizationRequest.getEncodedCredentials());
        request.header("Accept", "text/plain");
        Response response = request.get();
        showResponse("requestUserInfoHS512Step2", response, (String) response.readEntity(String.class));
        Assert.assertEquals(response.getStatus(), 302, "Unexpected response code.");
        Assert.assertNotNull(response.getLocation(), "Unexpected result: " + response.getLocation());
        try {
            URI uri = new URI(response.getLocation().toString());
            Assert.assertNotNull(uri.getFragment(), "Query string is null");
            Map decode = QueryStringDecoder.decode(uri.getFragment());
            Assert.assertNotNull(decode.get("access_token"), "The accessToken is null");
            Assert.assertNotNull(decode.get("scope"), "The scope is null");
            Assert.assertNotNull(decode.get("state"), "The state is null");
            Assert.assertEquals((String) decode.get("state"), uuid);
            accessToken7 = (String) decode.get("access_token");
        } catch (URISyntaxException e) {
            e.printStackTrace();
            Assert.fail("Response URI is not well formed");
        }
    }

    @Parameters({"userInfoPath"})
    @Test(dependsOnMethods = {"requestUserInfoHS512Step2"})
    public void requestUserInfoHS512Step3(String str) throws Exception {
        Invocation.Builder request = ResteasyClientBuilder.newClient().target(this.url.toString() + str).request();
        request.header("Authorization", "Bearer " + accessToken7);
        request.header("Content-Type", "application/x-www-form-urlencoded");
        Response post = request.post(Entity.form(new MultivaluedHashMap(new UserInfoRequest((String) null).getParameters())));
        String str2 = (String) post.readEntity(String.class);
        showResponse("requestUserInfoHS512Step3", post, str2);
        Assert.assertEquals(post.getStatus(), 200, "Unexpected response code.");
        Assert.assertTrue(post.getHeaderString("Cache-Control") != null && post.getHeaderString("Cache-Control").equals("no-store, private"), "Unexpected result: " + post.getHeaderString("Cache-Control"));
        Assert.assertTrue(post.getHeaderString("Pragma") != null && post.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + post.getHeaderString("Pragma"));
        Assert.assertNotNull(str2, "Unexpected result: " + str2);
        try {
            Jwt parse = Jwt.parse(str2);
            Assert.assertNotNull(parse.getClaims().getClaimAsString("sub"));
            Assert.assertNotNull(parse.getClaims().getClaimAsString("name"));
            Assert.assertNotNull(parse.getClaims().getClaimAsString("email"));
            Assert.assertNotNull(parse.getClaims().getClaimAsString("picture"));
        } catch (InvalidJwtException e) {
            e.printStackTrace();
            Assert.fail(e.getMessage() + "\nResponse was: " + str2);
        } catch (Exception e2) {
            e2.printStackTrace();
            Assert.fail(e2.getMessage());
        }
    }
}
