package org.apereo.cas.web.flow;

import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import lombok.Generated;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.authentication.principal.ClientCredential;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.AbstractRegisteredService;
import org.apereo.cas.services.AllAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria;
import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
import org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.ticket.InvalidTicketException;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.MockServletContext;
import org.apereo.cas.web.BaseDelegatedAuthenticationTests;
import org.apereo.cas.web.DelegatedClientWebflowManager;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.Clients;
import org.pac4j.core.context.JEEContext;
import org.pac4j.core.context.session.JEESessionStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.http.HttpMethod;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.webflow.context.ExternalContextHolder;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.core.collection.MutableAttributeMap;
import org.springframework.webflow.engine.Flow;
import org.springframework.webflow.engine.FlowVariable;
import org.springframework.webflow.engine.support.BeanFactoryVariableValueFactory;
import org.springframework.webflow.execution.Action;
import org.springframework.webflow.execution.RequestContextHolder;
import org.springframework.webflow.test.MockFlowExecutionContext;
import org.springframework.webflow.test.MockFlowSession;
import org.springframework.webflow.test.MockRequestContext;

@Tag("WebflowActions")
@SpringBootTest(classes = {BaseDelegatedAuthenticationTests.SharedTestConfiguration.class})
/* loaded from: input_file:org/apereo/cas/web/flow/DelegatedClientAuthenticationActionTests.class */
public class DelegatedClientAuthenticationActionTests {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DelegatedClientAuthenticationActionTests.class);

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @Autowired
    @Qualifier("delegatedAuthenticationAction")
    private Action delegatedAuthenticationAction;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("delegatedClientWebflowManager")
    private DelegatedClientWebflowManager delegatedClientWebflowManager;

    @Autowired
    @Qualifier("centralAuthenticationService")
    private CentralAuthenticationService centralAuthenticationService;

    @Autowired
    @Qualifier("builtClients")
    private Clients builtClients;

    @Test
    public void verifyStartAuthenticationNoService() {
        assertStartAuthentication(null);
    }

    @Test
    public void verifyStartAuthenticationWithService() {
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService("https://google.com");
        this.servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId()));
        assertStartAuthentication(service);
    }

    @Test
    public void verifyFinishAuthenticationAuthzFailure() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setParameter("client_name", "FacebookClient");
        mockHttpServletRequest.addParameter("service", RegisteredServiceTestUtils.getService(UUID.randomUUID().toString()).getId());
        Client client = (Client) this.builtClients.findClient("FacebookClient").get();
        mockHttpServletRequest.addParameter("delegatedclientid", this.delegatedClientWebflowManager.store(new JEEContext(mockHttpServletRequest, new MockHttpServletResponse(), new JEESessionStore()), client).getId());
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        Assertions.assertThrows(UnauthorizedServiceException.class, () -> {
            this.delegatedAuthenticationAction.execute(mockRequestContext);
        });
    }

    @Test
    public void verifyFinishAuthentication() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setParameter("client_name", "FacebookClient");
        mockHttpServletRequest.addParameter("theme", "theme");
        mockHttpServletRequest.addParameter("locale", Locale.getDefault().getCountry());
        mockHttpServletRequest.addParameter("method", HttpMethod.POST.name());
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(UUID.randomUUID().toString());
        this.servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of()));
        mockHttpServletRequest.addParameter("service", service.getId());
        Client client = (Client) this.builtClients.findClient("FacebookClient").get();
        mockHttpServletRequest.addParameter("delegatedclientid", this.delegatedClientWebflowManager.store(new JEEContext(mockHttpServletRequest, new MockHttpServletResponse(), new JEESessionStore()), client).getId());
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        Assertions.assertEquals("success", this.delegatedAuthenticationAction.execute(mockRequestContext).getId());
        Assertions.assertEquals("theme", mockHttpServletRequest.getAttribute("theme"));
        Assertions.assertEquals(Locale.getDefault().getCountry(), mockHttpServletRequest.getAttribute("locale"));
        Assertions.assertEquals(HttpMethod.POST.name(), mockHttpServletRequest.getAttribute("method"));
        Assertions.assertEquals(service.getId(), mockHttpServletRequest.getAttribute("service"));
        MutableAttributeMap flowScope = mockRequestContext.getFlowScope();
        Assertions.assertEquals(service.getId(), ((Service) flowScope.get("service")).getId());
        ClientCredential clientCredential = (ClientCredential) flowScope.get("credential", ClientCredential.class);
        Assertions.assertNotNull(clientCredential);
        Assertions.assertEquals(clientCredential.getId(), "casuser");
    }

    @Test
    public void verifyFailedAuthentication() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setParameter("error_message", "bad authn");
        mockHttpServletRequest.setParameter("error_code", "403");
        mockHttpServletRequest.setParameter("error_description", "authentication failed");
        mockHttpServletRequest.addParameter("service", CoreAuthenticationTestUtils.getService().getId());
        ServletExternalContext servletExternalContext = (ServletExternalContext) Mockito.mock(ServletExternalContext.class);
        Mockito.when(servletExternalContext.getNativeRequest()).thenReturn(mockHttpServletRequest);
        Mockito.when(servletExternalContext.getNativeResponse()).thenReturn(new MockHttpServletResponse());
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(servletExternalContext);
        Assertions.assertEquals("stop", this.delegatedAuthenticationAction.execute(mockRequestContext).getId());
    }

    @Test
    public void verifySsoAuthenticationWithUnauthorizedSso() throws Exception {
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Client client = (Client) this.builtClients.findClient("FacebookClient").get();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, new MockHttpServletResponse());
        mockHttpServletRequest.setParameter("client_name", "FacebookClient");
        Service service = CoreAuthenticationTestUtils.getService("https://delegated2-authn-policy.example.org");
        AbstractRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of());
        DefaultRegisteredServiceAuthenticationPolicy defaultRegisteredServiceAuthenticationPolicy = new DefaultRegisteredServiceAuthenticationPolicy();
        defaultRegisteredServiceAuthenticationPolicy.setRequiredAuthenticationHandlers(Set.of("MyCustomHandler"));
        defaultRegisteredServiceAuthenticationPolicy.setCriteria(new AllAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria());
        registeredService.setAuthenticationPolicy(defaultRegisteredServiceAuthenticationPolicy);
        this.servicesManager.save(registeredService);
        mockHttpServletRequest.addParameter("service", service.getId());
        mockHttpServletRequest.addParameter("delegatedclientid", this.delegatedClientWebflowManager.store(jEEContext, client).getId());
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        this.centralAuthenticationService.addTicket(mockTicketGrantingTicket);
        WebUtils.putTicketGrantingTicketInScopes(mockRequestContext, mockTicketGrantingTicket);
        Assertions.assertEquals("success", this.delegatedAuthenticationAction.execute(mockRequestContext).getId());
        Assertions.assertThrows(InvalidTicketException.class, () -> {
            this.centralAuthenticationService.getTicket(mockTicketGrantingTicket.getId());
        });
    }

    @Test
    public void verifySsoAuthentication() throws Exception {
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Client client = (Client) this.builtClients.findClient("FacebookClient").get();
        mockHttpServletRequest.addParameter("delegatedclientid", this.delegatedClientWebflowManager.store(new JEEContext(mockHttpServletRequest, new MockHttpServletResponse(), new JEESessionStore()), client).getId());
        mockHttpServletRequest.setParameter("client_name", "FacebookClient");
        Service service = CoreAuthenticationTestUtils.getService("https://delegated2.example.org");
        this.servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of()));
        mockHttpServletRequest.addParameter("service", service.getId());
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        this.centralAuthenticationService.addTicket(mockTicketGrantingTicket);
        WebUtils.putTicketGrantingTicketInScopes(mockRequestContext, mockTicketGrantingTicket);
        Assertions.assertEquals("success", this.delegatedAuthenticationAction.execute(mockRequestContext).getId());
    }

    @Test
    public void verifySsoAuthenticationUnauthz() throws Exception {
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.setParameter("client_name", "FacebookClient");
        Service service = CoreAuthenticationTestUtils.getService("https://delegated3.example.org");
        mockHttpServletRequest.addParameter("service", service.getId());
        Client client = (Client) this.builtClients.findClient("FacebookClient").get();
        mockHttpServletRequest.addParameter("delegatedclientid", this.delegatedClientWebflowManager.store(new JEEContext(mockHttpServletRequest, new MockHttpServletResponse(), new JEESessionStore()), client).getId());
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setEnabled(false);
        AbstractRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService(service.getId());
        registeredService.setAccessStrategy(defaultRegisteredServiceAccessStrategy);
        this.servicesManager.save(registeredService);
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser", Map.of(), Map.of("clientName", List.of("FacebookClient")));
        this.centralAuthenticationService.addTicket(mockTicketGrantingTicket);
        WebUtils.putTicketGrantingTicketInScopes(mockRequestContext, mockTicketGrantingTicket);
        Assertions.assertThrows(UnauthorizedServiceException.class, () -> {
            this.delegatedAuthenticationAction.execute(mockRequestContext).getId();
        });
        Assertions.assertThrows(InvalidTicketException.class, () -> {
            this.centralAuthenticationService.getTicket(mockTicketGrantingTicket.getId());
        });
    }

    @Test
    public void verifyLogoutRequestWithOkAction() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setParameter("client_name", "MockClientNoCredentials");
        mockHttpServletRequest.addParameter("logoutendpoint", "true");
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(UUID.randomUUID().toString());
        this.servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of()));
        mockHttpServletRequest.addParameter("service", service.getId());
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        Assertions.assertEquals("error", this.delegatedAuthenticationAction.execute(mockRequestContext).getId());
    }

    private void assertStartAuthentication(Service service) {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Flow flow = new Flow("mockFlow");
        flow.addVariable(new FlowVariable("credential", new BeanFactoryVariableValueFactory(UsernamePasswordCredential.class, this.applicationContext.getAutowireCapableBeanFactory())));
        String language = Locale.ENGLISH.getLanguage();
        mockHttpServletRequest.setParameter("theme", "theme");
        LOGGER.debug("Setting locale [{}] for request parameter as [{}]", language, mockHttpServletRequest.getParameterMap());
        mockHttpServletRequest.setParameter("locale", language);
        mockHttpServletRequest.setParameter("method", HttpMethod.POST.name());
        LOGGER.debug("Set request parameters as [{}]", mockHttpServletRequest.getParameterMap());
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        mockRequestContext.setFlowExecutionContext(new MockFlowExecutionContext(new MockFlowSession(flow)));
        if (service != null) {
            WebUtils.putServiceIntoFlowScope(mockRequestContext, service);
        }
        Client client = (Client) this.builtClients.findClient("SAML2Client").get();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, mockHttpServletResponse, new JEESessionStore());
        mockHttpServletRequest.addParameter("delegatedclientid", this.delegatedClientWebflowManager.store(jEEContext, client).getId());
        LOGGER.debug("Initializing action with request parameters [{}]", jEEContext.getRequestParameters());
        Assertions.assertEquals("error", this.delegatedAuthenticationAction.execute(mockRequestContext).getId());
        this.delegatedClientWebflowManager.retrieve(mockRequestContext, jEEContext, client);
        Assertions.assertEquals("theme", mockHttpServletRequest.getAttribute("theme"));
        Assertions.assertEquals(language, mockHttpServletRequest.getAttribute("locale"));
        Assertions.assertEquals(HttpMethod.POST.name(), mockHttpServletRequest.getAttribute("method"));
        Set delegatedAuthenticationProviderConfigurations = WebUtils.getDelegatedAuthenticationProviderConfigurations(mockRequestContext);
        Assertions.assertFalse(delegatedAuthenticationProviderConfigurations.isEmpty());
        Assertions.assertSame(3, Integer.valueOf(delegatedAuthenticationProviderConfigurations.size()));
        delegatedAuthenticationProviderConfigurations.stream().map(delegatedClientIdentityProviderConfiguration -> {
            LOGGER.debug("Redirect URL [{}]", delegatedClientIdentityProviderConfiguration.getRedirectUrl());
            return UriComponentsBuilder.fromUriString(delegatedClientIdentityProviderConfiguration.getRedirectUrl()).build();
        }).forEach(uriComponents -> {
            Assertions.assertEquals("clientredirect", uriComponents.getPath());
            Assertions.assertEquals(1, ((List) uriComponents.getQueryParams().get("client_name")).size());
            List list = (List) uriComponents.getQueryParams().get("service");
            if (service != null) {
                Assertions.assertEquals(1, list.size());
                Assertions.assertTrue(list.contains(EncodingUtils.urlEncode("https://google.com")));
            } else {
                Assertions.assertNull(list);
            }
            List list2 = (List) uriComponents.getQueryParams().get("method");
            Assertions.assertEquals(1, list2.size());
            Assertions.assertTrue(list2.contains(HttpMethod.POST.toString()));
            List list3 = (List) uriComponents.getQueryParams().get("theme");
            Assertions.assertEquals(1, list3.size());
            Assertions.assertTrue(list3.contains("theme"));
            List list4 = (List) uriComponents.getQueryParams().get("locale");
            Assertions.assertEquals(1, list4.size());
            Assertions.assertTrue(list4.contains(language));
        });
    }
}
