package org.apereo.cas.oidc.slo;

import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;
import java.text.ParseException;
import java.util.Map;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.logout.DefaultSingleLogoutRequestContext;
import org.apereo.cas.logout.SingleLogoutExecutionRequest;
import org.apereo.cas.logout.slo.SingleLogoutMessage;
import org.apereo.cas.oidc.AbstractOidcTests;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.services.RegisteredServiceLogoutType;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20ConfigurationContext;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.util.DigestUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;

@Tag("OIDC")
/* loaded from: input_file:org/apereo/cas/oidc/slo/OidcSingleLogoutMessageCreatorTests.class */
public class OidcSingleLogoutMessageCreatorTests extends AbstractOidcTests {
    private static final String PRINCIPAL_ID = "jleleu";

    @Test
    public void verifyBackChannelLogout() throws ParseException {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService(true, false);
        OAuth20ConfigurationContext build = OAuth20ConfigurationContext.builder().idTokenSigningAndEncryptionService(this.oidcTokenSigningAndEncryptionService).casProperties(this.casProperties).build();
        Authentication authentication = CoreAuthenticationTestUtils.getAuthentication(RegisteredServiceTestUtils.getPrincipal(PRINCIPAL_ID));
        TicketGrantingTicket ticketGrantingTicket = (TicketGrantingTicket) Mockito.mock(TicketGrantingTicket.class);
        Mockito.when(ticketGrantingTicket.getId()).thenReturn("TGT-0");
        Mockito.when(ticketGrantingTicket.getAuthentication()).thenReturn(authentication);
        SingleLogoutMessage create = new OidcSingleLogoutMessageCreator(build).create(DefaultSingleLogoutRequestContext.builder().logoutType(RegisteredServiceLogoutType.BACK_CHANNEL).registeredService(oidcRegisteredService).executionRequest(SingleLogoutExecutionRequest.builder().ticketGrantingTicket(ticketGrantingTicket).build()).build());
        Assertions.assertNull(create.getMessage());
        JWTClaimsSet jWTClaimsSet = JWTParser.parse(create.getPayload()).getJWTClaimsSet();
        Assertions.assertEquals("https://sso.example.org/cas/oidc", jWTClaimsSet.getIssuer());
        Assertions.assertEquals(PRINCIPAL_ID, jWTClaimsSet.getSubject());
        Assertions.assertEquals(oidcRegisteredService.getClientId(), jWTClaimsSet.getAudience().get(0));
        Assertions.assertNotNull(jWTClaimsSet.getClaim("iat"));
        Assertions.assertNotNull(jWTClaimsSet.getClaim("jti"));
        Assertions.assertNotNull(((Map) jWTClaimsSet.getClaim("events")).get("http://schemas.openid.net/event/backchannel-logout"));
        Assertions.assertEquals(DigestUtils.sha("TGT-0"), jWTClaimsSet.getClaim("sid"));
    }

    @Test
    public void verifyFrontChannelLogout() {
        OAuth20ConfigurationContext build = OAuth20ConfigurationContext.builder().build();
        SingleLogoutMessage create = new OidcSingleLogoutMessageCreator(build).create(DefaultSingleLogoutRequestContext.builder().logoutType(RegisteredServiceLogoutType.FRONT_CHANNEL).build());
        Assertions.assertEquals("", create.getPayload());
        Assertions.assertNull(create.getMessage());
    }
}
