package org.apereo.cas.web.flow;

import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import java.util.Optional;
import java.util.Set;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.audit.AuditableExecutionResult;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationManager;
import org.apereo.cas.authentication.AuthenticationResult;
import org.apereo.cas.authentication.AuthenticationResultBuilder;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.AuthenticationTransaction;
import org.apereo.cas.authentication.AuthenticationTransactionManager;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.principal.ClientCredential;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationServiceFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.AbstractRegisteredService;
import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
import org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy;
import org.apereo.cas.services.RegisteredServiceAccessStrategy;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.ticket.ExpirationPolicy;
import org.apereo.cas.ticket.TicketGrantingTicketImpl;
import org.apereo.cas.ticket.expiration.builder.TransientSessionTicketExpirationPolicyBuilder;
import org.apereo.cas.ticket.factory.DefaultTransientSessionTicketFactory;
import org.apereo.cas.ticket.registry.DefaultTicketRegistry;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.DelegatedClientWebflowManager;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.support.DefaultArgumentExtractor;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.pac4j.core.client.BaseClient;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.Clients;
import org.pac4j.core.context.JEEContext;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.JEESessionStore;
import org.pac4j.oauth.client.FacebookClient;
import org.pac4j.oauth.client.TwitterClient;
import org.pac4j.oauth.credentials.OAuth20Credentials;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.http.HttpMethod;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.core.collection.MutableAttributeMap;
import org.springframework.webflow.engine.Flow;
import org.springframework.webflow.engine.FlowVariable;
import org.springframework.webflow.engine.support.BeanFactoryVariableValueFactory;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;
import org.springframework.webflow.test.MockFlowExecutionContext;
import org.springframework.webflow.test.MockFlowSession;
import org.springframework.webflow.test.MockRequestContext;

@SpringBootTest(classes = {RefreshAutoConfiguration.class})
/* loaded from: input_file:org/apereo/cas/web/flow/DelegatedClientAuthenticationActionTests.class */
public class DelegatedClientAuthenticationActionTests {
    private static final String TGT_ID = "TGT-00-xxxxxxxxxxxxxxxxxxxxxxxxxx.cas0";
    private static final String MY_KEY = "my_key";
    private static final String MY_SECRET = "my_secret";
    private static final String MY_LOGIN_URL = "http://casserver/login";
    private static final String MY_SERVICE = "http://myservice";
    private static final String MY_THEME = "my_theme";
    private static final List<String> CLIENTS = Arrays.asList("FacebookClient", "TwitterClient");

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @Test
    public void verifyStartAuthenticationNoService() {
        assertStartAuthentication(null);
    }

    @Test
    public void verifyStartAuthenticationWithService() {
        assertStartAuthentication(RegisteredServiceTestUtils.getService(MY_SERVICE));
    }

    private void assertStartAuthentication(Service service) {
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        String country = Locale.getDefault().getCountry();
        mockHttpServletRequest.setParameter("theme", MY_THEME);
        mockHttpServletRequest.setParameter("locale", country);
        mockHttpServletRequest.setParameter("method", HttpMethod.POST.name());
        ServletExternalContext servletExternalContext = (ServletExternalContext) Mockito.mock(ServletExternalContext.class);
        Mockito.when(servletExternalContext.getNativeRequest()).thenReturn(mockHttpServletRequest);
        Mockito.when(servletExternalContext.getNativeResponse()).thenReturn(mockHttpServletResponse);
        Flow flow = new Flow("mockFlow");
        flow.addVariable(new FlowVariable("credential", new BeanFactoryVariableValueFactory(UsernamePasswordCredential.class, this.applicationContext.getAutowireCapableBeanFactory())));
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setFlowExecutionContext(new MockFlowExecutionContext(new MockFlowSession(flow)));
        mockRequestContext.setExternalContext(servletExternalContext);
        if (service != null) {
            mockRequestContext.getFlowScope().put("service", service);
        }
        Client facebookClient = new FacebookClient(MY_KEY, MY_SECRET);
        Clients clients = new Clients(MY_LOGIN_URL, new Client[]{facebookClient, new TwitterClient("3nJPbVTVRZWAyUgoUKQ8UA", "h6LZyZJmcW46Vu8R47MYfeXTSYGI30EqnWaSwVhFkbA")});
        Mockito.when(((AuditableExecution) Mockito.mock(AuditableExecution.class)).execute((AuditableContext) Mockito.any())).thenReturn(new AuditableExecutionResult());
        DelegatedClientWebflowManager delegatedClientWebflowManager = new DelegatedClientWebflowManager(new DefaultTicketRegistry(), new DefaultTransientSessionTicketFactory(getExpirationPolicyBuilder()), new CasConfigurationProperties(), new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()}), new DefaultArgumentExtractor(new WebApplicationServiceFactory()));
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse(), new JEESessionStore());
        mockHttpServletRequest.addParameter("delegatedclientid", delegatedClientWebflowManager.store(jEEContext, facebookClient).getId());
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setDelegatedAuthenticationPolicy(new DefaultRegisteredServiceDelegatedAuthenticationPolicy(CollectionUtils.wrapList(new String[]{facebookClient.getName()}), true, false));
        Assertions.assertEquals("error", getDelegatedClientAction(facebookClient, service, clients, mockHttpServletRequest, defaultRegisteredServiceAccessStrategy).execute(mockRequestContext).getId());
        delegatedClientWebflowManager.retrieve(mockRequestContext, jEEContext, facebookClient);
        Assertions.assertEquals(MY_THEME, mockHttpServletRequest.getAttribute("theme"));
        Assertions.assertEquals(Locale.getDefault().getCountry(), mockHttpServletRequest.getAttribute("locale"));
        Assertions.assertEquals(HttpMethod.POST.name(), mockHttpServletRequest.getAttribute("method"));
        Set set = (Set) mockRequestContext.getFlowScope().get("delegatedAuthenticationProviderUrls");
        Assertions.assertFalse(set.isEmpty());
        Assertions.assertSame(2, Integer.valueOf(set.size()));
        set.stream().map(delegatedClientIdentityProviderConfiguration -> {
            return UriComponentsBuilder.fromUriString(delegatedClientIdentityProviderConfiguration.getRedirectUrl()).build();
        }).forEach(uriComponents -> {
            Assertions.assertEquals("clientredirect", uriComponents.getPath());
            List list = (List) uriComponents.getQueryParams().get("client_name");
            Assertions.assertEquals(1, list.size());
            Assertions.assertTrue(CLIENTS.containsAll(list));
            List list2 = (List) uriComponents.getQueryParams().get("service");
            if (service != null) {
                Assertions.assertEquals(1, list2.size());
                Assertions.assertTrue(list2.contains(MY_SERVICE));
            } else {
                Assertions.assertNull(list2);
            }
            List list3 = (List) uriComponents.getQueryParams().get("method");
            Assertions.assertEquals(1, list3.size());
            Assertions.assertTrue(list3.contains(HttpMethod.POST.toString()));
            List list4 = (List) uriComponents.getQueryParams().get("theme");
            Assertions.assertEquals(1, list4.size());
            Assertions.assertTrue(list4.contains(MY_THEME));
            List list5 = (List) uriComponents.getQueryParams().get("locale");
            Assertions.assertEquals(1, list5.size());
            Assertions.assertTrue(list5.contains(country));
        });
    }

    private TransientSessionTicketExpirationPolicyBuilder getExpirationPolicyBuilder() {
        CasConfigurationProperties casConfigurationProperties = new CasConfigurationProperties();
        casConfigurationProperties.getTicket().getTst().setTimeToKillInSeconds(60L);
        return new TransientSessionTicketExpirationPolicyBuilder(casConfigurationProperties);
    }

    @Test
    public void verifyFinishAuthenticationAuthzFailure() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setParameter("client_name", "FacebookClient");
        Service service = CoreAuthenticationTestUtils.getService(MY_SERVICE);
        mockHttpServletRequest.addParameter("service", service.getId());
        ServletExternalContext servletExternalContext = (ServletExternalContext) Mockito.mock(ServletExternalContext.class);
        Mockito.when(servletExternalContext.getNativeRequest()).thenReturn(mockHttpServletRequest);
        Mockito.when(servletExternalContext.getNativeResponse()).thenReturn(new MockHttpServletResponse());
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(servletExternalContext);
        FacebookClient facebookClient = new FacebookClient() { // from class: org.apereo.cas.web.flow.DelegatedClientAuthenticationActionTests.1
            protected Optional<OAuth20Credentials> retrieveCredentials(WebContext webContext) {
                return Optional.of(new OAuth20Credentials("fakeVerifier"));
            }
        };
        facebookClient.setName(FacebookClient.class.getSimpleName());
        Clients clients = new Clients(MY_LOGIN_URL, facebookClient);
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setEnabled(false);
        Assertions.assertThrows(UnauthorizedServiceException.class, () -> {
            getDelegatedClientAction(facebookClient, service, clients, mockHttpServletRequest, defaultRegisteredServiceAccessStrategy).execute(mockRequestContext);
        });
    }

    @Test
    public void verifyFinishAuthentication() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setParameter("client_name", "FacebookClient");
        mockHttpServletRequest.addParameter("theme", MY_THEME);
        mockHttpServletRequest.addParameter("locale", Locale.getDefault().getCountry());
        mockHttpServletRequest.addParameter("method", HttpMethod.POST.name());
        Service service = CoreAuthenticationTestUtils.getService(MY_SERVICE);
        mockHttpServletRequest.addParameter("service", service.getId());
        ServletExternalContext servletExternalContext = (ServletExternalContext) Mockito.mock(ServletExternalContext.class);
        Mockito.when(servletExternalContext.getNativeRequest()).thenReturn(mockHttpServletRequest);
        Mockito.when(servletExternalContext.getNativeResponse()).thenReturn(new MockHttpServletResponse());
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(servletExternalContext);
        FacebookClient facebookClient = new FacebookClient() { // from class: org.apereo.cas.web.flow.DelegatedClientAuthenticationActionTests.2
            protected Optional<OAuth20Credentials> retrieveCredentials(WebContext webContext) {
                return Optional.of(new OAuth20Credentials("fakeVerifier"));
            }
        };
        facebookClient.setName(FacebookClient.class.getSimpleName());
        Clients clients = new Clients(MY_LOGIN_URL, facebookClient);
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setDelegatedAuthenticationPolicy(new DefaultRegisteredServiceDelegatedAuthenticationPolicy(CollectionUtils.wrapList(new String[]{facebookClient.getName()}), true, false));
        Assertions.assertEquals("success", getDelegatedClientAction(facebookClient, service, clients, mockHttpServletRequest, defaultRegisteredServiceAccessStrategy).execute(mockRequestContext).getId());
        Assertions.assertEquals(MY_THEME, mockHttpServletRequest.getAttribute("theme"));
        Assertions.assertEquals(Locale.getDefault().getCountry(), mockHttpServletRequest.getAttribute("locale"));
        Assertions.assertEquals(HttpMethod.POST.name(), mockHttpServletRequest.getAttribute("method"));
        Assertions.assertEquals(MY_SERVICE, mockHttpServletRequest.getAttribute("service"));
        MutableAttributeMap flowScope = mockRequestContext.getFlowScope();
        Assertions.assertEquals(service.getId(), ((Service) flowScope.get("service")).getId());
        ClientCredential clientCredential = (ClientCredential) flowScope.get("credential");
        Assertions.assertNotNull(clientCredential);
        Assertions.assertTrue(clientCredential.getId().startsWith("NotYetAuthenticated-"));
    }

    private static ServicesManager getServicesManagerWith(Service service, RegisteredServiceAccessStrategy registeredServiceAccessStrategy) {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        AbstractRegisteredService abstractRegisteredService = (AbstractRegisteredService) Optional.ofNullable(service).map(service2 -> {
            return RegisteredServiceTestUtils.getRegisteredService(service2.getId());
        }).orElse(null);
        if (abstractRegisteredService != null) {
            abstractRegisteredService.setAccessStrategy(registeredServiceAccessStrategy);
        }
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(abstractRegisteredService);
        return servicesManager;
    }

    private AbstractAction getDelegatedClientAction(BaseClient baseClient, Service service, Clients clients, MockHttpServletRequest mockHttpServletRequest, RegisteredServiceAccessStrategy registeredServiceAccessStrategy) {
        Mockito.when(((CentralAuthenticationService) Mockito.mock(CentralAuthenticationService.class)).createTicketGrantingTicket((AuthenticationResult) Mockito.any())).thenReturn(new TicketGrantingTicketImpl(TGT_ID, (Authentication) Mockito.mock(Authentication.class), (ExpirationPolicy) Mockito.mock(ExpirationPolicy.class)));
        AuthenticationTransactionManager authenticationTransactionManager = (AuthenticationTransactionManager) Mockito.mock(AuthenticationTransactionManager.class);
        AuthenticationManager authenticationManager = (AuthenticationManager) Mockito.mock(AuthenticationManager.class);
        Mockito.when(authenticationManager.authenticate((AuthenticationTransaction) Mockito.any(AuthenticationTransaction.class))).thenReturn(CoreAuthenticationTestUtils.getAuthentication());
        Mockito.when(authenticationTransactionManager.getAuthenticationManager()).thenReturn(authenticationManager);
        Mockito.when(authenticationTransactionManager.handle((AuthenticationTransaction) Mockito.any(AuthenticationTransaction.class), (AuthenticationResultBuilder) Mockito.any(AuthenticationResultBuilder.class))).thenReturn(authenticationTransactionManager);
        AuthenticationResult authenticationResult = (AuthenticationResult) Mockito.mock(AuthenticationResult.class);
        Mockito.when(authenticationResult.getAuthentication()).thenReturn(CoreAuthenticationTestUtils.getAuthentication());
        Mockito.when(authenticationResult.getService()).thenReturn(service);
        AuthenticationSystemSupport authenticationSystemSupport = (AuthenticationSystemSupport) Mockito.mock(AuthenticationSystemSupport.class);
        Mockito.when(authenticationSystemSupport.getAuthenticationTransactionManager()).thenReturn(authenticationTransactionManager);
        Mockito.when(authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction((Service) Mockito.any(), (Credential[]) Mockito.any())).thenReturn(authenticationResult);
        AuditableExecution auditableExecution = (AuditableExecution) Mockito.mock(AuditableExecution.class);
        Mockito.when(auditableExecution.execute((AuditableContext) Mockito.any())).thenReturn(new AuditableExecutionResult());
        DelegatedClientWebflowManager delegatedClientWebflowManager = new DelegatedClientWebflowManager(new DefaultTicketRegistry(), new DefaultTransientSessionTicketFactory(getExpirationPolicyBuilder()), new CasConfigurationProperties(), new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()}), new DefaultArgumentExtractor(new WebApplicationServiceFactory()));
        mockHttpServletRequest.addParameter("delegatedclientid", delegatedClientWebflowManager.store(new JEEContext(mockHttpServletRequest, new MockHttpServletResponse(), new JEESessionStore()), baseClient).getId());
        CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver = (CasDelegatingWebflowEventResolver) Mockito.mock(CasDelegatingWebflowEventResolver.class);
        Mockito.when(casDelegatingWebflowEventResolver.resolveSingle((RequestContext) Mockito.any())).thenReturn(new Event(this, "success"));
        return new DelegatedClientAuthenticationAction(casDelegatingWebflowEventResolver, (CasWebflowEventResolver) Mockito.mock(CasWebflowEventResolver.class), (AdaptiveAuthenticationPolicy) Mockito.mock(AdaptiveAuthenticationPolicy.class), clients, getServicesManagerWith(service, registeredServiceAccessStrategy), auditableExecution, delegatedClientWebflowManager, authenticationSystemSupport, new CasConfigurationProperties(), new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()}), (CentralAuthenticationService) Mockito.mock(CentralAuthenticationService.class), SingleSignOnParticipationStrategy.alwaysParticipating(), new JEESessionStore(), CollectionUtils.wrap(new DefaultArgumentExtractor(new WebApplicationServiceFactory())));
    }
}
