package org.apereo.cas.web.flow;

import java.util.List;
import java.util.Locale;
import java.util.Set;
import lombok.Generated;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.audit.AuditableExecutionResult;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationManager;
import org.apereo.cas.authentication.AuthenticationResult;
import org.apereo.cas.authentication.AuthenticationResultBuilder;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.AuthenticationTransaction;
import org.apereo.cas.authentication.AuthenticationTransactionManager;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.principal.ClientCredential;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationServiceFactory;
import org.apereo.cas.services.AbstractRegisteredService;
import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
import org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.ExpirationPolicy;
import org.apereo.cas.ticket.TicketGrantingTicketImpl;
import org.apereo.cas.ticket.factory.DefaultTransientSessionTicketFactory;
import org.apereo.cas.ticket.registry.DefaultTicketRegistry;
import org.apereo.cas.ticket.support.HardTimeoutExpirationPolicy;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.Pac4jUtils;
import org.apereo.cas.util.serialization.StringSerializer;
import org.apereo.cas.web.DelegatedClientWebflowManager;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.pac4j.DelegatedSessionCookieManager;
import org.apereo.cas.web.pac4j.SessionStoreCookieSerializer;
import org.apereo.cas.web.support.CookieRetrievingCookieGenerator;
import org.apereo.cas.web.support.DefaultArgumentExtractor;
import org.assertj.core.api.Assertions;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;
import org.pac4j.core.client.BaseClient;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.Clients;
import org.pac4j.core.context.WebContext;
import org.pac4j.oauth.client.FacebookClient;
import org.pac4j.oauth.client.TwitterClient;
import org.pac4j.oauth.credentials.OAuth20Credentials;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.core.collection.MutableAttributeMap;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;
import org.springframework.webflow.test.MockRequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/DelegatedClientAuthenticationActionTests.class */
public class DelegatedClientAuthenticationActionTests {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DelegatedClientAuthenticationActionTests.class);
    private static final String TGT_ID = "TGT-00-xxxxxxxxxxxxxxxxxxxxxxxxxx.cas0";
    private static final String MY_KEY = "my_key";
    private static final String MY_SECRET = "my_secret";
    private static final String MY_LOGIN_URL = "http://casserver/login";
    private static final String MY_SERVICE = "http://myservice";
    private static final String MY_THEME = "my_theme";

    @Test
    public void verifyStartAuthenticationNoService() throws Exception {
        verifyStartAuthentication(null);
    }

    @Test
    public void verifyStartAuthenticationWithService() throws Exception {
        verifyStartAuthentication(RegisteredServiceTestUtils.getService(MY_SERVICE));
    }

    private void verifyStartAuthentication(Service service) throws Exception {
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        String country = Locale.getDefault().getCountry();
        mockHttpServletRequest.setParameter("theme", MY_THEME);
        mockHttpServletRequest.setParameter("locale", country);
        mockHttpServletRequest.setParameter("method", HttpMethod.POST.name());
        ServletExternalContext servletExternalContext = (ServletExternalContext) Mockito.mock(ServletExternalContext.class);
        Mockito.when(servletExternalContext.getNativeRequest()).thenReturn(mockHttpServletRequest);
        Mockito.when(servletExternalContext.getNativeResponse()).thenReturn(mockHttpServletResponse);
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(servletExternalContext);
        if (service != null) {
            mockRequestContext.getFlowScope().put("service", service);
        }
        Client facebookClient = new FacebookClient(MY_KEY, MY_SECRET);
        Clients clients = new Clients(MY_LOGIN_URL, new Client[]{facebookClient, new TwitterClient("3nJPbVTVRZWAyUgoUKQ8UA", "h6LZyZJmcW46Vu8R47MYfeXTSYGI30EqnWaSwVhFkbA")});
        Mockito.when(((AuditableExecution) Mockito.mock(AuditableExecution.class)).execute((AuditableContext) Mockito.any())).thenReturn(new AuditableExecutionResult());
        DelegatedClientWebflowManager delegatedClientWebflowManager = new DelegatedClientWebflowManager(new DefaultTicketRegistry(), new DefaultTransientSessionTicketFactory(new HardTimeoutExpirationPolicy(60L)), "theme", "locale", new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()}), new DefaultArgumentExtractor(new WebApplicationServiceFactory()));
        mockHttpServletRequest.addParameter("delegatedclientid", delegatedClientWebflowManager.store(Pac4jUtils.getPac4jJ2EContext(mockHttpServletRequest, new MockHttpServletResponse()), facebookClient).getId());
        Assert.assertEquals("error", getDelegatedClientAction(facebookClient, service, clients, mockHttpServletRequest).execute(mockRequestContext).getId());
        delegatedClientWebflowManager.retrieve(mockRequestContext, Pac4jUtils.getPac4jJ2EContext(mockHttpServletRequest, new MockHttpServletResponse()), facebookClient);
        Assert.assertEquals(MY_THEME, mockHttpServletRequest.getAttribute("theme"));
        Assert.assertEquals(Locale.getDefault().getCountry(), mockHttpServletRequest.getAttribute("locale"));
        Assert.assertEquals(HttpMethod.POST.name(), mockHttpServletRequest.getAttribute("method"));
        Set set = (Set) mockRequestContext.getFlowScope().get("pac4jUrls");
        Assert.assertFalse(set.isEmpty());
        Assert.assertSame(2, Integer.valueOf(set.size()));
        set.stream().map(providerLoginPageConfiguration -> {
            return UriComponentsBuilder.fromUriString(providerLoginPageConfiguration.getRedirectUrl()).build();
        }).forEach(uriComponents -> {
            Assertions.assertThat(uriComponents.getPath()).isEqualTo("clientredirect");
            Assertions.assertThat((List) uriComponents.getQueryParams().get("client_name")).hasSize(1).isSubsetOf(new String[]{"FacebookClient", "TwitterClient"});
            if (service != null) {
                Assertions.assertThat((List) uriComponents.getQueryParams().get("service")).hasSize(1).contains(new String[]{MY_SERVICE});
            } else {
                Assertions.assertThat((List) uriComponents.getQueryParams().get("service")).isNull();
            }
            Assertions.assertThat((List) uriComponents.getQueryParams().get("method")).hasSize(1).contains(new String[]{HttpMethod.POST.toString()});
            Assertions.assertThat((List) uriComponents.getQueryParams().get("theme")).hasSize(1).contains(new String[]{MY_THEME});
            Assertions.assertThat((List) uriComponents.getQueryParams().get("locale")).hasSize(1).contains(new String[]{country});
        });
    }

    @Test
    public void verifyFinishAuthentication() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setParameter("client_name", "FacebookClient");
        mockHttpServletRequest.addParameter("theme", MY_THEME);
        mockHttpServletRequest.addParameter("locale", Locale.getDefault().getCountry());
        mockHttpServletRequest.addParameter("method", HttpMethod.POST.name());
        Service service = CoreAuthenticationTestUtils.getService(MY_SERVICE);
        mockHttpServletRequest.addParameter("service", service.getId());
        ServletExternalContext servletExternalContext = (ServletExternalContext) Mockito.mock(ServletExternalContext.class);
        Mockito.when(servletExternalContext.getNativeRequest()).thenReturn(mockHttpServletRequest);
        Mockito.when(servletExternalContext.getNativeResponse()).thenReturn(new MockHttpServletResponse());
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(servletExternalContext);
        FacebookClient facebookClient = new FacebookClient() { // from class: org.apereo.cas.web.flow.DelegatedClientAuthenticationActionTests.1
            /* JADX INFO: Access modifiers changed from: protected */
            /* renamed from: retrieveCredentials, reason: merged with bridge method [inline-methods] */
            public OAuth20Credentials m1retrieveCredentials(WebContext webContext) {
                return new OAuth20Credentials("fakeVerifier");
            }
        };
        facebookClient.setName(FacebookClient.class.getSimpleName());
        Assert.assertEquals("success", getDelegatedClientAction(facebookClient, service, new Clients(MY_LOGIN_URL, facebookClient), mockHttpServletRequest).execute(mockRequestContext).getId());
        Assert.assertEquals(MY_THEME, mockHttpServletRequest.getAttribute("theme"));
        Assert.assertEquals(Locale.getDefault().getCountry(), mockHttpServletRequest.getAttribute("locale"));
        Assert.assertEquals(HttpMethod.POST.name(), mockHttpServletRequest.getAttribute("method"));
        Assert.assertEquals(MY_SERVICE, mockHttpServletRequest.getAttribute("service"));
        MutableAttributeMap flowScope = mockRequestContext.getFlowScope();
        Assert.assertEquals(service.getId(), ((Service) flowScope.get("service")).getId());
        ClientCredential clientCredential = (ClientCredential) flowScope.get("credential");
        Assert.assertNotNull(clientCredential);
        Assert.assertTrue(clientCredential.getId().startsWith("NotYetAuthenticated-"));
    }

    private static ServicesManager getServicesManagerWith(Service service, BaseClient baseClient) {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        AbstractRegisteredService registeredService = service != null ? RegisteredServiceTestUtils.getRegisteredService(service.getId()) : null;
        if (registeredService != null) {
            DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
            defaultRegisteredServiceAccessStrategy.setDelegatedAuthenticationPolicy(new DefaultRegisteredServiceDelegatedAuthenticationPolicy(CollectionUtils.wrapList(new String[]{baseClient.getName()})));
            registeredService.setAccessStrategy(defaultRegisteredServiceAccessStrategy);
        }
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(registeredService);
        return servicesManager;
    }

    private AbstractAction getDelegatedClientAction(BaseClient baseClient, Service service, Clients clients, MockHttpServletRequest mockHttpServletRequest) {
        Mockito.when(((CentralAuthenticationService) Mockito.mock(CentralAuthenticationService.class)).createTicketGrantingTicket((AuthenticationResult) Mockito.any())).thenReturn(new TicketGrantingTicketImpl(TGT_ID, (Authentication) Mockito.mock(Authentication.class), (ExpirationPolicy) Mockito.mock(ExpirationPolicy.class)));
        AuthenticationTransactionManager authenticationTransactionManager = (AuthenticationTransactionManager) Mockito.mock(AuthenticationTransactionManager.class);
        AuthenticationManager authenticationManager = (AuthenticationManager) Mockito.mock(AuthenticationManager.class);
        Mockito.when(authenticationManager.authenticate((AuthenticationTransaction) Mockito.any(AuthenticationTransaction.class))).thenReturn(CoreAuthenticationTestUtils.getAuthentication());
        Mockito.when(authenticationTransactionManager.getAuthenticationManager()).thenReturn(authenticationManager);
        Mockito.when(authenticationTransactionManager.handle((AuthenticationTransaction) Mockito.any(AuthenticationTransaction.class), (AuthenticationResultBuilder) Mockito.any(AuthenticationResultBuilder.class))).thenReturn(authenticationTransactionManager);
        AuthenticationResult authenticationResult = (AuthenticationResult) Mockito.mock(AuthenticationResult.class);
        Mockito.when(authenticationResult.getAuthentication()).thenReturn(CoreAuthenticationTestUtils.getAuthentication());
        Mockito.when(authenticationResult.getService()).thenReturn(service);
        AuthenticationSystemSupport authenticationSystemSupport = (AuthenticationSystemSupport) Mockito.mock(AuthenticationSystemSupport.class);
        Mockito.when(authenticationSystemSupport.getAuthenticationTransactionManager()).thenReturn(authenticationTransactionManager);
        Mockito.when(authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction((Service) Mockito.any(), (Credential[]) Mockito.any())).thenReturn(authenticationResult);
        AuditableExecution auditableExecution = (AuditableExecution) Mockito.mock(AuditableExecution.class);
        Mockito.when(auditableExecution.execute((AuditableContext) Mockito.any())).thenReturn(new AuditableExecutionResult());
        DelegatedClientWebflowManager delegatedClientWebflowManager = new DelegatedClientWebflowManager(new DefaultTicketRegistry(), new DefaultTransientSessionTicketFactory(new HardTimeoutExpirationPolicy(60L)), "theme", "locale", new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()}), new DefaultArgumentExtractor(new WebApplicationServiceFactory()));
        mockHttpServletRequest.addParameter("delegatedclientid", delegatedClientWebflowManager.store(Pac4jUtils.getPac4jJ2EContext(mockHttpServletRequest, new MockHttpServletResponse()), baseClient).getId());
        CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver = (CasDelegatingWebflowEventResolver) Mockito.mock(CasDelegatingWebflowEventResolver.class);
        Mockito.when(casDelegatingWebflowEventResolver.resolveSingle((RequestContext) Mockito.any())).thenReturn(new Event(this, "success"));
        return new DelegatedClientAuthenticationAction(casDelegatingWebflowEventResolver, (CasWebflowEventResolver) Mockito.mock(CasWebflowEventResolver.class), (AdaptiveAuthenticationPolicy) Mockito.mock(AdaptiveAuthenticationPolicy.class), clients, getServicesManagerWith(service, baseClient), auditableExecution, delegatedClientWebflowManager, new DelegatedSessionCookieManager((CookieRetrievingCookieGenerator) Mockito.mock(CookieRetrievingCookieGenerator.class), (StringSerializer) Mockito.mock(SessionStoreCookieSerializer.class)), authenticationSystemSupport, "locale", "theme", new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()}), (CentralAuthenticationService) Mockito.mock(CentralAuthenticationService.class));
    }
}
