package org.mule.runtime.test.oauth.clientcredentials;

import io.qameta.allure.Story;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.stream.Stream;
import org.apache.commons.io.IOUtils;
import org.hamcrest.Matchers;
import org.hamcrest.core.IsCollectionContaining;
import org.hamcrest.text.IsEqualIgnoringCase;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.ArgumentCaptor;
import org.mockito.ArgumentMatcher;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.mule.runtime.api.exception.MuleRuntimeException;
import org.mule.runtime.api.util.MultiMap;
import org.mule.runtime.http.api.client.HttpClient;
import org.mule.runtime.http.api.client.HttpRequestOptions;
import org.mule.runtime.http.api.domain.message.request.HttpRequest;
import org.mule.runtime.oauth.api.ClientCredentialsOAuthDancer;
import org.mule.runtime.oauth.api.builder.ClientCredentialsLocation;
import org.mule.runtime.oauth.api.builder.OAuthClientCredentialsDancerBuilder;
import org.mule.runtime.oauth.api.state.DancerState;
import org.mule.runtime.oauth.api.state.ResourceOwnerOAuthContextWithRefreshState;
import org.mule.runtime.test.AllureConstants;
import org.mule.runtime.test.oauth.AbstractOAuthTestCase;

@Story(AllureConstants.OAuthClientFeature.OAuthClientStory.CLIENT_CREDENTIALS)
/* loaded from: input_file:org/mule/runtime/test/oauth/clientcredentials/ClientCredentialsTokenTestCase.class */
public class ClientCredentialsTokenTestCase extends AbstractOAuthTestCase {
    private static final String ALADDIN = "Aladdin";
    private static final String OPEN_SESAME = "openSesame";
    private static final String CLIENT_ID = "client_id";
    private static final String CLIENT_SECRET = "client_secret";

    @Rule
    public ExpectedException expected = ExpectedException.none();

    /* loaded from: input_file:org/mule/runtime/test/oauth/clientcredentials/ClientCredentialsTokenTestCase$HttpRequestUrlMatcher.class */
    private static class HttpRequestUrlMatcher implements ArgumentMatcher<HttpRequest> {
        private final URI uri = new URI("http://host/token");

        public HttpRequestUrlMatcher(String str) throws URISyntaxException {
        }

        public boolean matches(HttpRequest httpRequest) {
            return httpRequest.getUri().equals(this.uri);
        }
    }

    @Test
    public void refreshTokenAfterInvalidate() throws Exception {
        HashMap hashMap = new HashMap();
        OAuthClientCredentialsDancerBuilder baseClientCredentialsDancerBuilder = baseClientCredentialsDancerBuilder(hashMap);
        baseClientCredentialsDancerBuilder.tokenUrl("http://host/token");
        ClientCredentialsOAuthDancer clientCredentialsOAuthDancer = (ClientCredentialsOAuthDancer) startDancer(baseClientCredentialsDancerBuilder);
        Assert.assertThat(clientCredentialsOAuthDancer.accessToken().get(), Matchers.not(Matchers.nullValue()));
        hashMap.clear();
        Assert.assertThat(clientCredentialsOAuthDancer.accessToken().get(), Matchers.not(Matchers.nullValue()));
        ((HttpClient) Mockito.verify(this.httpClient, Mockito.times(2))).sendAsync((HttpRequest) ArgumentMatchers.any(HttpRequest.class), (HttpRequestOptions) ArgumentMatchers.any(HttpRequestOptions.class));
    }

    @Test
    public void refreshTokenOnceAtATime() throws Exception {
        HashMap hashMap = new HashMap();
        OAuthClientCredentialsDancerBuilder baseClientCredentialsDancerBuilder = baseClientCredentialsDancerBuilder(hashMap);
        baseClientCredentialsDancerBuilder.tokenUrl("http://host/token");
        ClientCredentialsOAuthDancer clientCredentialsOAuthDancer = (ClientCredentialsOAuthDancer) startDancer(baseClientCredentialsDancerBuilder);
        ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(2);
        hashMap.clear();
        try {
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i < 2; i++) {
                arrayList.add(newFixedThreadPool.submit(() -> {
                    try {
                        clientCredentialsOAuthDancer.refreshToken().get();
                    } catch (Exception e) {
                        throw new MuleRuntimeException(e);
                    }
                }));
            }
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                ((Future) it.next()).get(50000L, TimeUnit.MILLISECONDS);
            }
            ((HttpClient) Mockito.verify(this.httpClient, Mockito.times(2))).sendAsync((HttpRequest) ArgumentMatchers.argThat(new HttpRequestUrlMatcher("http://host/token")), (HttpRequestOptions) ArgumentMatchers.any(HttpRequestOptions.class));
            newFixedThreadPool.shutdownNow();
        } catch (Throwable th) {
            newFixedThreadPool.shutdownNow();
            throw th;
        }
    }

    @Test
    public void refreshTokenOnceAtATimeSequential() throws Exception {
        HashMap hashMap = new HashMap();
        OAuthClientCredentialsDancerBuilder baseClientCredentialsDancerBuilder = baseClientCredentialsDancerBuilder(hashMap);
        baseClientCredentialsDancerBuilder.tokenUrl("http://host/token");
        ClientCredentialsOAuthDancer clientCredentialsOAuthDancer = (ClientCredentialsOAuthDancer) startDancer(baseClientCredentialsDancerBuilder);
        hashMap.clear();
        CompletableFuture refreshToken = clientCredentialsOAuthDancer.refreshToken();
        CompletableFuture refreshToken2 = clientCredentialsOAuthDancer.refreshToken();
        refreshToken.get();
        refreshToken2.get();
        ((HttpClient) Mockito.verify(this.httpClient, Mockito.times(2))).sendAsync((HttpRequest) ArgumentMatchers.argThat(new HttpRequestUrlMatcher("http://host/token")), (HttpRequestOptions) ArgumentMatchers.any(HttpRequestOptions.class));
    }

    private void assertClientCredentialsEncodedInHeader(boolean z) throws Exception {
        OAuthClientCredentialsDancerBuilder baseClientCredentialsDancerBuilder = baseClientCredentialsDancerBuilder();
        baseClientCredentialsDancerBuilder.tokenUrl("http://host/token");
        baseClientCredentialsDancerBuilder.clientCredentials(ALADDIN, "open sesame");
        if (z) {
            baseClientCredentialsDancerBuilder.encodeClientCredentialsInBody(false);
        } else {
            baseClientCredentialsDancerBuilder.withClientCredentialsIn(ClientCredentialsLocation.BASIC_AUTH_HEADER);
        }
        startDancer(baseClientCredentialsDancerBuilder);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(HttpRequest.class);
        ((HttpClient) Mockito.verify(this.httpClient)).sendAsync((HttpRequest) forClass.capture(), (HttpRequestOptions) ArgumentMatchers.any(HttpRequestOptions.class));
        Assert.assertThat(((HttpRequest) forClass.getValue()).getHeaderValue("Authorization"), Matchers.is("Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="));
        Assert.assertThat(((HttpRequest) forClass.getValue()).getQueryParams(), Matchers.not(Matchers.hasKey(CLIENT_ID)));
        Assert.assertThat(((HttpRequest) forClass.getValue()).getQueryParams(), Matchers.not(Matchers.hasKey(CLIENT_SECRET)));
        String iOUtils = IOUtils.toString(((HttpRequest) forClass.getValue()).getEntity().getContent(), StandardCharsets.UTF_8);
        Assert.assertThat(iOUtils, Matchers.containsString("grant_type=client_credentials"));
        Assert.assertThat(iOUtils, Matchers.not(Matchers.containsString("client_secret=open+sesame")));
        Assert.assertThat(iOUtils, Matchers.not(Matchers.containsString("client_id=Aladdin")));
    }

    @Test
    public void clientCredentialsEncodedInHeaderCompatibility() throws Exception {
        assertClientCredentialsEncodedInHeader(true);
    }

    @Test
    public void clientCredentialsEncodedInHeader() throws Exception {
        assertClientCredentialsEncodedInHeader(false);
    }

    @Test
    public void clientCredentialsEncodedInHeaderByDefault() throws Exception {
        OAuthClientCredentialsDancerBuilder baseClientCredentialsDancerBuilder = baseClientCredentialsDancerBuilder();
        baseClientCredentialsDancerBuilder.tokenUrl("http://host/token");
        baseClientCredentialsDancerBuilder.clientCredentials(ALADDIN, "open sesame");
        startDancer(baseClientCredentialsDancerBuilder);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(HttpRequest.class);
        ((HttpClient) Mockito.verify(this.httpClient)).sendAsync((HttpRequest) forClass.capture(), (HttpRequestOptions) ArgumentMatchers.any(HttpRequestOptions.class));
        Assert.assertThat(((HttpRequest) forClass.getValue()).getHeaderValue("Authorization"), Matchers.is("Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="));
        Assert.assertThat(((HttpRequest) forClass.getValue()).getQueryParams(), Matchers.not(Matchers.hasKey(CLIENT_ID)));
        Assert.assertThat(((HttpRequest) forClass.getValue()).getQueryParams(), Matchers.not(Matchers.hasKey(CLIENT_SECRET)));
        String iOUtils = IOUtils.toString(((HttpRequest) forClass.getValue()).getEntity().getContent(), StandardCharsets.UTF_8);
        Assert.assertThat(iOUtils, Matchers.containsString("grant_type=client_credentials"));
        Assert.assertThat(iOUtils, Matchers.not(Matchers.containsString("client_secret=open+sesame")));
        Assert.assertThat(iOUtils, Matchers.not(Matchers.containsString("client_id=Aladdin")));
    }

    private void assertClientCredentialsInBody(boolean z) throws Exception {
        OAuthClientCredentialsDancerBuilder baseClientCredentialsDancerBuilder = baseClientCredentialsDancerBuilder();
        baseClientCredentialsDancerBuilder.tokenUrl("http://host/token");
        baseClientCredentialsDancerBuilder.clientCredentials(ALADDIN, "open sesame");
        if (z) {
            baseClientCredentialsDancerBuilder.encodeClientCredentialsInBody(true);
        } else {
            baseClientCredentialsDancerBuilder.withClientCredentialsIn(ClientCredentialsLocation.BODY);
        }
        startDancer(baseClientCredentialsDancerBuilder);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(HttpRequest.class);
        ((HttpClient) Mockito.verify(this.httpClient)).sendAsync((HttpRequest) forClass.capture(), (HttpRequestOptions) ArgumentMatchers.any(HttpRequestOptions.class));
        Assert.assertThat(((HttpRequest) forClass.getValue()).getHeaderNames(), Matchers.not(IsCollectionContaining.hasItem(IsEqualIgnoringCase.equalToIgnoringCase("Authorization"))));
        Assert.assertThat(((HttpRequest) forClass.getValue()).getQueryParams(), Matchers.not(Matchers.hasKey(CLIENT_ID)));
        Assert.assertThat(((HttpRequest) forClass.getValue()).getQueryParams(), Matchers.not(Matchers.hasKey(CLIENT_SECRET)));
        String iOUtils = IOUtils.toString(((HttpRequest) forClass.getValue()).getEntity().getContent(), StandardCharsets.UTF_8);
        Assert.assertThat(iOUtils, Matchers.containsString("grant_type=client_credentials"));
        Assert.assertThat(iOUtils, Matchers.containsString("client_secret=open+sesame"));
        Assert.assertThat(iOUtils, Matchers.containsString("client_id=Aladdin"));
    }

    @Test
    public void clientCredentialsInBodyCompatibility() throws Exception {
        assertClientCredentialsInBody(true);
    }

    @Test
    public void clientCredentialsInBody() throws Exception {
        assertClientCredentialsInBody(false);
    }

    @Test
    public void clientCredentialsInQueryParams() throws Exception {
        OAuthClientCredentialsDancerBuilder baseClientCredentialsDancerBuilder = baseClientCredentialsDancerBuilder();
        baseClientCredentialsDancerBuilder.tokenUrl("http://host/token");
        baseClientCredentialsDancerBuilder.clientCredentials(ALADDIN, OPEN_SESAME);
        baseClientCredentialsDancerBuilder.withClientCredentialsIn(ClientCredentialsLocation.QUERY_PARAMS);
        startDancer(baseClientCredentialsDancerBuilder);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(HttpRequest.class);
        ((HttpClient) Mockito.verify(this.httpClient)).sendAsync((HttpRequest) forClass.capture(), (HttpRequestOptions) ArgumentMatchers.any(HttpRequestOptions.class));
        Assert.assertThat(((HttpRequest) forClass.getValue()).getHeaderNames(), Matchers.not(IsCollectionContaining.hasItem(IsEqualIgnoringCase.equalToIgnoringCase("Authorization"))));
        Assert.assertThat(((HttpRequest) forClass.getValue()).getQueryParams().get(CLIENT_ID), Matchers.is(ALADDIN));
        Assert.assertThat(((HttpRequest) forClass.getValue()).getQueryParams().get(CLIENT_SECRET), Matchers.is(OPEN_SESAME));
        String iOUtils = IOUtils.toString(((HttpRequest) forClass.getValue()).getEntity().getContent(), StandardCharsets.UTF_8);
        Assert.assertThat(iOUtils, Matchers.containsString("grant_type=client_credentials"));
        Assert.assertThat(iOUtils, Matchers.not(Matchers.containsString("client_secret=openSesame")));
        Assert.assertThat(iOUtils, Matchers.not(Matchers.containsString("client_id=Aladdin")));
    }

    @Test
    public void clientCredentialsWithCustomQueryParams() throws Exception {
        OAuthClientCredentialsDancerBuilder baseClientCredentialsDancerBuilder = baseClientCredentialsDancerBuilder();
        baseClientCredentialsDancerBuilder.tokenUrl("http://host/token");
        baseClientCredentialsDancerBuilder.clientCredentials(ALADDIN, OPEN_SESAME);
        baseClientCredentialsDancerBuilder.withClientCredentialsIn(ClientCredentialsLocation.QUERY_PARAMS);
        MultiMap multiMap = new MultiMap();
        String[] strArr = {"First of her name", "Mother of Dragons", "Mad Queen"};
        String[] strArr2 = {"Commander of the Night Watch", "Looser"};
        Stream.of((Object[]) strArr).forEach(str -> {
        });
        Stream.of((Object[]) strArr2).forEach(str2 -> {
        });
        baseClientCredentialsDancerBuilder.customParameters(multiMap);
        startDancer(baseClientCredentialsDancerBuilder);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(HttpRequest.class);
        ((HttpClient) Mockito.verify(this.httpClient)).sendAsync((HttpRequest) forClass.capture(), (HttpRequestOptions) ArgumentMatchers.any(HttpRequestOptions.class));
        HttpRequest httpRequest = (HttpRequest) forClass.getValue();
        Assert.assertThat(httpRequest.getQueryParams().getAll("Daenerys"), Matchers.containsInAnyOrder(strArr));
        Assert.assertThat(httpRequest.getQueryParams().getAll("Jon Snow"), Matchers.containsInAnyOrder(strArr2));
    }

    @Test
    public void clientCredentialsWithCustomHeaders() throws Exception {
        OAuthClientCredentialsDancerBuilder baseClientCredentialsDancerBuilder = baseClientCredentialsDancerBuilder();
        baseClientCredentialsDancerBuilder.tokenUrl("http://host/token");
        baseClientCredentialsDancerBuilder.clientCredentials(ALADDIN, OPEN_SESAME);
        baseClientCredentialsDancerBuilder.withClientCredentialsIn(ClientCredentialsLocation.QUERY_PARAMS);
        MultiMap multiMap = new MultiMap();
        String[] strArr = {"First of her name", "Mother of Dragons", "Mad Queen"};
        String[] strArr2 = {"Commander of the Night Watch", "Looser"};
        Stream.of((Object[]) strArr).forEach(str -> {
        });
        Stream.of((Object[]) strArr2).forEach(str2 -> {
        });
        baseClientCredentialsDancerBuilder.customHeaders(multiMap);
        startDancer(baseClientCredentialsDancerBuilder);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(HttpRequest.class);
        ((HttpClient) Mockito.verify(this.httpClient)).sendAsync((HttpRequest) forClass.capture(), (HttpRequestOptions) ArgumentMatchers.any(HttpRequestOptions.class));
        HttpRequest httpRequest = (HttpRequest) forClass.getValue();
        Assert.assertThat(httpRequest.getHeaders().getAll("Daenerys"), Matchers.containsInAnyOrder(strArr));
        Assert.assertThat(httpRequest.getHeaders().getAll("Jon Snow"), Matchers.containsInAnyOrder(strArr2));
    }

    @Test
    public void exceptionOnTokenRequest() throws Exception {
        IllegalStateException illegalStateException = new IllegalStateException();
        Mockito.when(this.httpClient.sendAsync((HttpRequest) ArgumentMatchers.any(), (HttpRequestOptions) ArgumentMatchers.any())).thenThrow(new Throwable[]{illegalStateException});
        HashMap hashMap = new HashMap();
        OAuthClientCredentialsDancerBuilder baseClientCredentialsDancerBuilder = baseClientCredentialsDancerBuilder(hashMap);
        baseClientCredentialsDancerBuilder.tokenUrl("http://host/token");
        this.expected.expect(Matchers.sameInstance(illegalStateException));
        try {
            startDancer(baseClientCredentialsDancerBuilder);
            Assert.assertThat(((ResourceOwnerOAuthContextWithRefreshState) hashMap.get("default")).getDancerState(), Matchers.is(DancerState.NO_TOKEN));
            Assert.assertThat(((ResourceOwnerOAuthContextWithRefreshState) hashMap.get("default")).getAccessToken(), Matchers.is(Matchers.nullValue()));
        } catch (Throwable th) {
            Assert.assertThat(((ResourceOwnerOAuthContextWithRefreshState) hashMap.get("default")).getDancerState(), Matchers.is(DancerState.NO_TOKEN));
            Assert.assertThat(((ResourceOwnerOAuthContextWithRefreshState) hashMap.get("default")).getAccessToken(), Matchers.is(Matchers.nullValue()));
            throw th;
        }
    }

    @Test
    public void exceptionOnTokenRequestWithPreviouslyStoredToken() throws Exception {
        IllegalStateException illegalStateException = new IllegalStateException();
        Mockito.when(this.httpClient.sendAsync((HttpRequest) ArgumentMatchers.any(), (HttpRequestOptions) ArgumentMatchers.any())).thenThrow(new Throwable[]{illegalStateException});
        HashMap hashMap = new HashMap();
        ResourceOwnerOAuthContextWithRefreshState resourceOwnerOAuthContextWithRefreshState = new ResourceOwnerOAuthContextWithRefreshState("default");
        resourceOwnerOAuthContextWithRefreshState.setAccessToken("PreviousToken");
        resourceOwnerOAuthContextWithRefreshState.setDancerState(DancerState.HAS_TOKEN);
        hashMap.put("default", resourceOwnerOAuthContextWithRefreshState);
        OAuthClientCredentialsDancerBuilder baseClientCredentialsDancerBuilder = baseClientCredentialsDancerBuilder(hashMap);
        baseClientCredentialsDancerBuilder.tokenUrl("http://host/token");
        this.expected.expect(Matchers.sameInstance(illegalStateException));
        try {
            startDancer(baseClientCredentialsDancerBuilder);
            Assert.assertThat(((ResourceOwnerOAuthContextWithRefreshState) hashMap.get("default")).getDancerState(), Matchers.is(DancerState.NO_TOKEN));
            Assert.assertThat(((ResourceOwnerOAuthContextWithRefreshState) hashMap.get("default")).getAccessToken(), Matchers.is(Matchers.nullValue()));
        } catch (Throwable th) {
            Assert.assertThat(((ResourceOwnerOAuthContextWithRefreshState) hashMap.get("default")).getDancerState(), Matchers.is(DancerState.NO_TOKEN));
            Assert.assertThat(((ResourceOwnerOAuthContextWithRefreshState) hashMap.get("default")).getAccessToken(), Matchers.is(Matchers.nullValue()));
            throw th;
        }
    }
}
