package org.apereo.cas.web.flow;

import java.util.UUID;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.web.BaseDelegatedAuthenticationTests;
import org.apereo.cas.web.DelegatedClientWebflowManager;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.pac4j.cas.client.CasClient;
import org.pac4j.cas.config.CasConfiguration;
import org.pac4j.core.context.JEEContext;
import org.pac4j.oauth.client.OAuth10Client;
import org.pac4j.oauth.client.OAuth20Client;
import org.pac4j.oauth.config.OAuth10Configuration;
import org.pac4j.oauth.config.OAuth20Configuration;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.config.OidcConfiguration;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.config.SAML2Configuration;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.webflow.context.ExternalContextHolder;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.execution.RequestContextHolder;
import org.springframework.webflow.test.MockRequestContext;

@Tag("Webflow")
@SpringBootTest(classes = {BaseDelegatedAuthenticationTests.SharedTestConfiguration.class})
/* loaded from: input_file:org/apereo/cas/web/flow/DelegatedClientWebflowManagerTests.class */
public class DelegatedClientWebflowManagerTests {

    @Autowired
    @Qualifier("ticketRegistry")
    private TicketRegistry ticketRegistry;

    @Autowired
    @Qualifier("delegatedClientWebflowManager")
    private DelegatedClientWebflowManager delegatedClientWebflowManager;
    private JEEContext context;
    private MockRequestContext requestContext;
    private MockHttpServletRequest httpServletRequest;

    @BeforeEach
    public void setup() {
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService();
        this.httpServletRequest = new MockHttpServletRequest();
        this.httpServletRequest.addParameter("service", service.getId());
        this.context = new JEEContext(this.httpServletRequest, new MockHttpServletResponse());
        this.requestContext = new MockRequestContext();
        this.requestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), this.context.getNativeRequest(), this.context.getNativeResponse()));
        RequestContextHolder.setRequestContext(this.requestContext);
        ExternalContextHolder.setExternalContext(this.requestContext.getExternalContext());
    }

    @Test
    public void verifyOidcStoreOperation() {
        OidcConfiguration oidcConfiguration = new OidcConfiguration();
        oidcConfiguration.setClientId(UUID.randomUUID().toString());
        oidcConfiguration.setSecret(UUID.randomUUID().toString());
        OidcClient oidcClient = new OidcClient(oidcConfiguration);
        Ticket store = this.delegatedClientWebflowManager.store(this.context, oidcClient);
        Assertions.assertNotNull(this.ticketRegistry.getTicket(store.getId()));
        Assertions.assertTrue(oidcConfiguration.isWithState());
        Assertions.assertEquals(store.getId(), oidcConfiguration.getStateGenerator().generateValue(this.context));
        this.httpServletRequest.addParameter("state", store.getId());
        Assertions.assertNotNull(this.delegatedClientWebflowManager.retrieve(this.requestContext, this.context, oidcClient));
        Assertions.assertNull(this.ticketRegistry.getTicket(store.getId()));
    }

    @Test
    public void verifyOAuth2StoreOperation() {
        OAuth20Configuration oAuth20Configuration = new OAuth20Configuration();
        oAuth20Configuration.setKey(UUID.randomUUID().toString());
        oAuth20Configuration.setSecret(UUID.randomUUID().toString());
        OAuth20Client oAuth20Client = new OAuth20Client();
        oAuth20Client.setConfiguration(oAuth20Configuration);
        Ticket store = this.delegatedClientWebflowManager.store(this.context, oAuth20Client);
        Assertions.assertNotNull(this.ticketRegistry.getTicket(store.getId()));
        Assertions.assertTrue(oAuth20Configuration.isWithState());
        Assertions.assertEquals(store.getId(), oAuth20Configuration.getStateGenerator().generateValue(this.context));
        Assertions.assertThrows(UnauthorizedServiceException.class, () -> {
            this.delegatedClientWebflowManager.retrieve(this.requestContext, this.context, oAuth20Client);
        });
        this.httpServletRequest.addParameter("state", store.getId());
        Assertions.assertNotNull(this.delegatedClientWebflowManager.retrieve(this.requestContext, this.context, oAuth20Client));
        Assertions.assertNull(this.ticketRegistry.getTicket(store.getId()));
    }

    @Test
    public void verifyOAuth1StoreOperation() {
        OAuth10Configuration oAuth10Configuration = new OAuth10Configuration();
        oAuth10Configuration.setKey(UUID.randomUUID().toString());
        oAuth10Configuration.setSecret(UUID.randomUUID().toString());
        OAuth10Client oAuth10Client = new OAuth10Client();
        oAuth10Client.setConfiguration(oAuth10Configuration);
        Ticket store = this.delegatedClientWebflowManager.store(this.context, oAuth10Client);
        Assertions.assertNotNull(this.ticketRegistry.getTicket(store.getId()));
        Assertions.assertNotNull(this.delegatedClientWebflowManager.retrieve(this.requestContext, this.context, oAuth10Client));
        Assertions.assertNull(this.ticketRegistry.getTicket(store.getId()));
    }

    @Test
    public void verifyCasStoreOperation() {
        CasConfiguration casConfiguration = new CasConfiguration();
        casConfiguration.setLoginUrl("https://example.org/login");
        CasClient casClient = new CasClient();
        casClient.setConfiguration(casConfiguration);
        Ticket store = this.delegatedClientWebflowManager.store(this.context, casClient);
        Assertions.assertNotNull(this.ticketRegistry.getTicket(store.getId()));
        Assertions.assertEquals(store.getId(), casConfiguration.getCustomParams().get("delegatedclientid"));
        Assertions.assertNotNull(this.delegatedClientWebflowManager.retrieve(this.requestContext, this.context, casClient));
        Assertions.assertNull(this.ticketRegistry.getTicket(store.getId()));
    }

    @Test
    public void verifySamlStoreOperation() {
        SAML2Client sAML2Client = new SAML2Client(new SAML2Configuration());
        Ticket store = this.delegatedClientWebflowManager.store(this.context, sAML2Client);
        Assertions.assertNotNull(this.ticketRegistry.getTicket(store.getId()));
        Assertions.assertEquals(store.getId(), this.context.getSessionStore().get(this.context, "samlRelayState").get());
        this.httpServletRequest.addParameter("RelayState", store.getId());
        Assertions.assertNotNull(this.delegatedClientWebflowManager.retrieve(this.requestContext, this.context, sAML2Client));
        Assertions.assertNull(this.ticketRegistry.getTicket(store.getId()));
    }

    @Test
    public void verifyExpiredTicketOperation() {
        SAML2Client sAML2Client = new SAML2Client(new SAML2Configuration());
        Ticket store = this.delegatedClientWebflowManager.store(this.context, sAML2Client);
        Assertions.assertNotNull(this.ticketRegistry.getTicket(store.getId()));
        Assertions.assertEquals(store.getId(), this.context.getSessionStore().get(this.context, "samlRelayState").get());
        this.httpServletRequest.addParameter("RelayState", store.getId());
        store.markTicketExpired();
        Assertions.assertThrows(UnauthorizedServiceException.class, () -> {
            this.delegatedClientWebflowManager.retrieve(this.requestContext, this.context, sAML2Client);
        });
    }
}
