✅ WhenNotOnBlackList_ShouldNotThrowException(connectionString: "")
✅ WhenNotOnBlackList_ShouldNotThrowException(connectionString: "foo")
✅ WhenNotOnBlackList_ShouldNotThrowException(connectionString: "localhost")
✅ WhenNotOnBlackList_ShouldNotThrowException(connectionString: "mssql")
✅ WhenNotOnBlackList_ShouldNotThrowException(connectionString: "sql-cdrsandbox-dev.database.windows.net")
✅ WhenNotOnBlackList_ShouldNotThrowException(connectionString: "sql-cdrsandbox-test.database.windows.net")
✅ WhenNotOnBlackList_ShouldNotThrowException(connectionString: null)
✅ WhenOnBlackList_ShouldThrowException(connectionString: "foosql-cdrsandbox-prod.database.windows.netfoo", uppercase: False)
✅ WhenOnBlackList_ShouldThrowException(connectionString: "foosql-cdrsandbox-prod.database.windows.netfoo", uppercase: True)

✅ WhenValueExists_HasValue_ShouldReturnTrue
✅ WhenValueExists_IsNullOrEmpty_ShouldReturnFalse
✅ WhenValueIsEmpty_HasValue_ShouldReturnFalse
✅ WhenValueIsEmpty_IsNullOrEmpty_ShouldReturnTrue
✅ WhenValueIsNull_HasValue_ShouldReturnFalse
✅ WhenValueIsNull_IsNullOrEmpty_ShouldReturnTrue

✅ ServerCertificates_ValidationEnabled_ShouldValidateSslConnection("jwks.pfx","#M0ckDataRecipient#",False,"Self-signed TLS certificate should throw exception")
✅ ServerCertificates_ValidationEnabled_ShouldValidateSslConnection("mock-data-recipient-invalid.pfx","#M0ckDataRecipient#",False,"Expired TLS certificate should throw exception")
✅ ServerCertificates_ValidationEnabled_ShouldValidateSslConnection("mock-data-recipient.pfx","#M0ckDataRecipient#",True,"Valid TLS certificate provisioned by trusted CA should return true")

✅ Should_Return_InvalidRequest_With_ErrorCodes("","","code id_token","","","client_id is missing","invalid_request")
✅ Should_Return_InvalidRequest_With_ErrorCodes("78273140-cfa2-4073-b248-0eb41940e4c3","https://server/uri","","","","response_type is missing","invalid_request")
✅ Should_Return_InvalidRequest_With_ErrorCodes("78273140-cfa2-4073-b248-0eb41940e4c3","https://server/uri","code id_token","","","Invalid redirect_uri for client","invalid_request")
✅ Should_Return_InvalidRequest_With_ErrorCodes("78273140-cfa2-4073-b248-0eb41940e4c3","https://server/uri","code id_token","","","openid scope is missing","invalid_request")
✅ Should_Return_InvalidRequest_With_ErrorCodes("78273140-cfa2-4073-b248-0eb41940e4c3","https://server/uri","code id_token","","","response_type does not match request_uri response_type","invalid_request")
✅ Should_Return_InvalidRequest_With_ErrorCodes("78273140-cfa2-4073-b248-0eb41940e4c3","https://server/uri","code id_token","","","scope is missing","invalid_request")
✅ Should_Return_InvalidRequest_With_ErrorCodes("78273140-cfa2-4073-b248-0eb41940e4c3","https://server/uri","code id_token","openid scope","foo","response_mode is not supported","invalid_request")
✅ Should_Return_InvalidRequest_With_ErrorCodes("78273140-cfa2-4073-b248-0eb41940e4c3","https://server/uri","code id_token","openid scope","form_post","Software product not found","invalid_client")
✅ Should_Return_InvalidRequest_With_ErrorCodes("78273140-cfa2-4073-b248-0eb41940e4c3","https://server/uri","code id_token","openid scope","form_post","Software product status is INACTIVE","urn:au-cds:error:cds-all:Authorisation/AdrStatusNotActive")
✅ Should_Return_InvalidRequest_With_ErrorCodes("78273140-cfa2-4073-b248-0eb41940e4c3","https://server/uri","foo","","","response_type is not supported","invalid_request")
✅ Should_Return_InvalidRequest_With_ErrorCodes("foo","","code id_token","","","Invalid client_id","invalid_request")
✅ Should_Return_InvalidRequest_With_ErrorCodes("fooClient","","code id_token","","","request_uri is missing","invalid_request")
✅ Should_Return_InvalidRequest_With_ErrorCodes("fooClient","https://server/uri","code id_token","","","client_id does not match request_uri client_id","invalid_request")
✅ Should_Return_InvalidRequest_With_ErrorCodes("fooClient","https://server/uri","code id_token","","","Invalid request_uri","invalid_request")
✅ Should_Return_InvalidRequest_With_ErrorCodes("fooClient","https://server/uri","code id_token","","","request_uri has already been used","invalid_request_uri")
✅ Should_Return_InvalidRequest_With_ErrorCodes("fooClient","https://server/uri","code id_token","","","request_uri has expired","invalid_request_uri")

✅ Validate_ClientAssertionRequest_InvalidClient_Test("","","","","",False,False,"client_assertion not provided","invalid_client")
✅ Validate_ClientAssertionRequest_InvalidClient_Test("eyJraWQiOiJCNTQ4QzkxNEEwMjc4N0EzQjVGMTU1ODNDOEVCMDMwRDk0QkMyNDI0IiwiYWxnIjoiUFMyNTYifQ.eyJzdWIiOiIzZTZjNWYzZC1iZDU4LTRhYWEtOGMyMy1hY2ZlYzgzN2I1MDYiLCJhdWQiOiJodHRwczpcL1wvZGgtdGVzdC5pZHAuZGV2LmNkcnNhbmRib3guZ292LmF1XC9kaC1lbmVyZ3ktNSIsImlzcyI6IjNlNmM1ZjNkLWJkNTgtNGFhYS04YzIzLWFjZmVjODM3YjUwNiIsImV4cCI6MTY1MjM0MDUzOCwiaWF0IjoxNjUyMzQwNDc4LCJqdGkiOiJMd3J0YTJLU2RhNGpPWVYwSDVwUiJ9.SjGr9X5vxnYywoVU1GAcG6N4taPniDJPYuEme1wPD2tvNjK4D-huQsb4BuaLJZem1MBbIDZprmvMk8_YkL50qOdvdaFYflqIif6SfFlaAIzN5B-9pzSM3iOC7Q0bt26xjr-C8MZaprc3O7LhsdpSynWIWiqle9I248-quikMsqyTDXhiVm_PtKnDs-DwzdfXvcp4JJcgN4Gk_fb431n2UGeQzFHAT-SCasvDVO7i9Zhw72bS8orWo7-ybiAUFjK8-B38lCih6LZg7mjDQdJWnXmkO4tqTYCIJgVEQteiaxUJRmsPlPX6Uvh0jC22pj3VTqGRIW4yukzeKgtB4q2HyQ","urn:ietf:params:oauth:client-assertion-type:jwt-bearer","","authorization_code","",True,False,"Client not found","invalid_client")
✅ Validate_ClientAssertionRequest_InvalidClient_Test("foo","","","","",False,False,"client_assertion_type not provided","invalid_client")
✅ Validate_ClientAssertionRequest_InvalidClient_Test("foo","foo","","","",False,False,"client_assertion_type must be urn:ietf:params:oauth:client-assertion-type:jwt-bearer","invalid_client")
✅ Validate_ClientAssertionRequest_InvalidClient_Test("foo","urn:ietf:params:oauth:client-assertion-type:jwt-bearer","","","",True,False,"grant_type not provided","unsupported_grant_type")
✅ Validate_ClientAssertionRequest_InvalidClient_Test("foo","urn:ietf:params:oauth:client-assertion-type:jwt-bearer","","authorization_code","",True,False,"Cannot read client_assertion.  Invalid format.","invalid_client")
✅ Validate_ClientAssertionRequest_InvalidClient_Test("foo","urn:ietf:params:oauth:client-assertion-type:jwt-bearer","","foo","",True,False,"unsupported grant_type","unsupported_grant_type")
✅ Validate_ClientAssertionRequest_InvalidClient_Test("validate_assertion1","urn:ietf:params:oauth:client-assertion-type:jwt-bearer","","authorization_code","",True,False,"Client not found","invalid_client")
✅ Validate_ClientAssertionRequest_InvalidClient_Test("validate_assertion2","urn:ietf:params:oauth:client-assertion-type:jwt-bearer","","authorization_code","",True,False,"Client not found","invalid_client")

✅ Validate_ClientRegistrationRequest_InvalidClient_Test("empty_client_registration",False,"Registration request is empty","invalid_client_metadata")
✅ Validate_ClientRegistrationRequest_InvalidClient_Test("SSA_validation_with_SS_and_JWKS",False,"SSA validation failed.","invalid_software_statement")
✅ Validate_ClientRegistrationRequest_InvalidClient_Test("SSA_validation_with_SS_and_Null_JWKS",False,"Could not load SSA JWKS from Register endpoint: https://localhost:7000/cdr-register/v1/jwks","invalid_software_statement")
✅ Validate_ClientRegistrationRequest_InvalidClient_Test("SSA_validation_with_SS",False,"Could not load SSA JWKS from Register endpoint: https://localhost:7000/cdr-register/v1/jwks","invalid_software_statement")
✅ Validate_ClientRegistrationRequest_InvalidClient_Test("SSA_validation_without_SS",False,"The software_statement is empty or invalid","invalid_software_statement")

✅ Validate_Jwt_Validator_InvalidClient_Test("jwt_validator_invalid_token","foo","",False,"request - token validation error","invalid_client")

✅ Validate_Par_Request_InvalidClient_Test("par_request_client_id_missing","","",False,"request is not a well-formed JWT","invalid_request")
✅ Validate_Par_Request_InvalidClient_Test("par_request_client_invalid_jwt","foo","",False,"","invalid_request_object")
✅ Validate_Par_Request_InvalidClient_Test("par_request_client_jwt_validator","foo","",False,"","invalid_request_object")

✅ Validate_RequestObject_InvalidClient_Test("jwt_test_case1","foo",False,"client_id does not match client_id in request object JWT","unauthorized_client")
✅ Validate_RequestObject_InvalidClient_Test("jwt_test_case2","foo",False,"redirect_uri missing from request object JWT","invalid_request_object")
✅ Validate_RequestObject_InvalidClient_Test("jwt_test_case3","foo",False,"Invalid redirect_uri","invalid_request")
✅ Validate_RequestObject_InvalidClient_Test("jwt_test_case4","foo",False,"Invalid redirect_uri for client","invalid_request")
✅ Validate_RequestObject_InvalidClient_Test("jwt_test_redirect_uri_match_with_nbf","foo",False,"response_type is missing","invalid_request")
✅ Validate_RequestObject_InvalidClient_Test("jwt_test_redirect_uri_match","foo",False,"Invalid request - nbf is missing","invalid_request_object")
✅ Validate_RequestObject_InvalidClient_Test("missing_client_id","foo",False,"client_id is missing","invalid_request")

✅ Validate_Token_Request_InvalidClient_Test("token_client_id_missing","","","","","",False,"client_id is missing","invalid_request")
✅ Validate_Token_Request_InvalidClient_Test("token_client_id_unmatched","foo","refresh_token","","","",False,"client_id does not match","invalid_request")
✅ Validate_Token_Request_InvalidClient_Test("token_code_verifier_foo","foo","authorization_code","foo","ACTIVE","foo",False,"authorization code is invalid","invalid_grant")
✅ Validate_Token_Request_InvalidClient_Test("token_code_verifier_missing","foo","authorization_code","foo","ACTIVE","foo",False,"code_verifier is missing","invalid_grant")
✅ Validate_Token_Request_InvalidClient_Test("token_grant_expired","foo","authorization_code","foo","ACTIVE","foo",False,"authorization code has expired","invalid_grant")
✅ Validate_Token_Request_InvalidClient_Test("token_granttype_missing","foo","","","","",False,"grant_type is missing","invalid_request")
✅ Validate_Token_Request_InvalidClient_Test("token_granttype_missing","foo","foo","","","",False,"unsupported grant_type","unsupported_grant_type")
✅ Validate_Token_Request_InvalidClient_Test("token_granttype_supported","foo","refresh_token","","","",False,"Could not retrieve client metadata","invalid_request")
✅ Validate_Token_Request_InvalidClient_Test("token_is_missing","foo","","","","",False,"invalid token request","invalid_request")
✅ Validate_Token_Request_InvalidClient_Test("token_redirect_uri_missing","foo","authorization_code","foo","ACTIVE","foo",False,"redirect_uri is missing","invalid_request")
✅ Validate_Token_Request_InvalidClient_Test("token_refresh_token_missing","foo","refresh_token","foo","ACTIVE","",False,"refresh_token is missing","invalid_grant")
✅ Validate_Token_Request_InvalidClient_Test("token_request_code_missing","foo","authorization_code","foo","ACTIVE","",False,"code is missing","invalid_request")
✅ Validate_Token_Request_InvalidClient_Test("token_software_product_id_empty","foo","refresh_token","","","",False,"Could not retrieve client metadata","invalid_request")
✅ Validate_Token_Request_InvalidClient_Test("token_software_product_id_foo","foo","refresh_token","foo","","",False,"Software product not found","invalid_client")
✅ Validate_Token_Request_InvalidClient_Test("token_software_product_inactive","foo","refresh_token","foo","INACTIVE","",False,"Software product status is INACTIVE","urn:au-cds:error:cds-all:Authorisation/AdrStatusNotActive")