package org.apereo.cas.authentication.principal.ldap;

import com.unboundid.ldap.sdk.LDAPConnection;
import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.List;
import org.apache.commons.io.IOUtils;
import org.apereo.cas.adaptors.ldap.LdapIntegrationTestsOperations;
import org.apereo.cas.authentication.principal.ClientCredential;
import org.apereo.cas.authentication.principal.DelegatedAuthenticationCandidateProfile;
import org.apereo.cas.authentication.principal.DelegatedClientAuthenticationCredentialResolver;
import org.apereo.cas.config.DelegatedAuthenticationProfileSelectionConfiguration;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.util.junit.EnabledIfListeningOnPort;
import org.apereo.cas.web.BaseDelegatedAuthenticationTests;
import org.apereo.inspektr.common.web.ClientInfo;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.credentials.TokenCredentials;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.core.io.ClassPathResource;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.webflow.context.ExternalContextHolder;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.execution.RequestContextHolder;
import org.springframework.webflow.test.MockRequestContext;

@Tag("Ldap")
@EnabledIfListeningOnPort(port = {LdapDelegatedClientAuthenticationCredentialResolverTests.LDAP_PORT})
@SpringBootTest(classes = {DelegatedAuthenticationProfileSelectionConfiguration.class, BaseDelegatedAuthenticationTests.SharedTestConfiguration.class}, properties = {"cas.authn.pac4j.profile-selection.ldap.ldap-url=ldap://localhost:10389", "cas.authn.pac4j.profile-selection.ldap.base-dn=ou=people,dc=example,dc=org", "cas.authn.pac4j.profile-selection.ldap.search-filter=uid={0}", "cas.authn.pac4j.profile-selection.ldap.bind-dn=cn=Directory Manager", "cas.authn.pac4j.profile-selection.ldap.bind-credential=password", "cas.authn.pac4j.profile-selection.ldap.profile-id-attribute=cn", "cas.authn.pac4j.profile-selection.ldap.attributes=sn,givenName,uid,mail,cn"})
/* loaded from: input_file:org/apereo/cas/authentication/principal/ldap/LdapDelegatedClientAuthenticationCredentialResolverTests.class */
public class LdapDelegatedClientAuthenticationCredentialResolverTests {
    private static final String USER = RandomUtils.randomAlphabetic(10);
    private static final int LDAP_PORT = 10389;

    @Autowired
    @Qualifier("ldapDelegatedClientAuthenticationCredentialResolver")
    private DelegatedClientAuthenticationCredentialResolver ldapDelegatedClientAuthenticationCredentialResolver;

    @BeforeAll
    public static void bootstrap() throws Exception {
        ClientInfoHolder.setClientInfo(new ClientInfo(new MockHttpServletRequest()));
        LDAPConnection lDAPConnection = new LDAPConnection("localhost", LDAP_PORT, "cn=Directory Manager", "password");
        try {
            LdapIntegrationTestsOperations.populateEntries(lDAPConnection, new ByteArrayInputStream(IOUtils.toString(new ClassPathResource("ldap-pac4j.ldif").getInputStream(), StandardCharsets.UTF_8).replace("$user", USER).getBytes(StandardCharsets.UTF_8)), "ou=people,dc=example,dc=org");
        } finally {
            if (Collections.singletonList(lDAPConnection).get(0) != null) {
                lDAPConnection.close();
            }
        }
    }

    @Test
    public void verifyOperation() throws Exception {
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setAttribute(Credentials.class.getName(), "caspac4j");
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        ClientCredential clientCredential = new ClientCredential(new TokenCredentials(USER), "FacebookClient");
        Assertions.assertTrue(this.ldapDelegatedClientAuthenticationCredentialResolver.supports(clientCredential));
        List resolve = this.ldapDelegatedClientAuthenticationCredentialResolver.resolve(mockRequestContext, clientCredential);
        Assertions.assertEquals(1, resolve.size());
        DelegatedAuthenticationCandidateProfile delegatedAuthenticationCandidateProfile = (DelegatedAuthenticationCandidateProfile) resolve.get(0);
        Assertions.assertEquals("caspac4j", delegatedAuthenticationCandidateProfile.getLinkedId());
        Assertions.assertEquals(USER, delegatedAuthenticationCandidateProfile.getId());
        Assertions.assertTrue(delegatedAuthenticationCandidateProfile.getAttributes().containsKey("mail"));
        Assertions.assertTrue(delegatedAuthenticationCandidateProfile.getAttributes().containsKey("uid"));
    }
}
