package org.apereo.cas.web.flow.actions;

import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import lombok.Generated;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.authentication.principal.ClientCredential;
import org.apereo.cas.authentication.principal.DelegatedAuthenticationCandidateProfile;
import org.apereo.cas.authentication.principal.DelegatedClientAuthenticationCredentialResolver;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.TestBaseDelegatedClientAuthenticationCredentialResolver;
import org.apereo.cas.logout.slo.SingleLogoutContinuation;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.AllAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria;
import org.apereo.cas.services.CasRegisteredService;
import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
import org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.ticket.InvalidTicketException;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.MockRequestContext;
import org.apereo.cas.web.flow.BaseDelegatedClientAuthenticationActionTests;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationConfigurationContext;
import org.apereo.cas.web.flow.DelegationWebflowUtils;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.pac4j.core.client.Client;
import org.pac4j.jee.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.webflow.core.collection.MutableAttributeMap;

@Tag("Delegation")
/* loaded from: input_file:org/apereo/cas/web/flow/actions/DelegatedClientAuthenticationActionTests.class */
class DelegatedClientAuthenticationActionTests {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DelegatedClientAuthenticationActionTests.class);

    @Import({CredentialTestConfiguration.class})
    @Nested
    /* loaded from: input_file:org/apereo/cas/web/flow/actions/DelegatedClientAuthenticationActionTests$CredentialSelectionTests.class */
    class CredentialSelectionTests extends BaseDelegatedClientAuthenticationActionTests {
        CredentialSelectionTests(DelegatedClientAuthenticationActionTests delegatedClientAuthenticationActionTests) {
        }

        @Test
        void verifyCredentialSelectionStart() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.getHttpServletRequest().addHeader("user-agent", "Chrome");
            create.setParameter("client_name", "FacebookClient");
            AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(UUID.randomUUID().toString());
            this.servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of()));
            create.setParameter("service", service.getId());
            Client client = (Client) this.identityProviders.findClient("FacebookClient").get();
            create.setParameter("delegatedclientid", this.delegatedClientAuthenticationWebflowManager.store(create, new JEEContext(create.getHttpServletRequest(), create.getHttpServletResponse()), client).getId());
            Assertions.assertEquals("select", this.delegatedAuthenticationAction.execute(create).getId());
        }

        @Test
        void verifyCredentialSelectionFinish() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.getHttpServletRequest().addHeader("user-agent", "Chrome");
            create.setParameter("client_name", "FacebookClient");
            Client client = (Client) this.identityProviders.findClient("FacebookClient").get();
            create.setParameter("delegatedclientid", this.delegatedClientAuthenticationWebflowManager.store(create, new JEEContext(create.getHttpServletRequest(), create.getHttpServletResponse()), client).getId());
            DelegationWebflowUtils.putDelegatedClientAuthenticationCandidateProfile(create, DelegatedAuthenticationCandidateProfile.builder().id("casuser").key(UUID.randomUUID().toString()).linkedId("casuser-linked").build());
            Assertions.assertEquals("success", this.delegatedAuthenticationAction.execute(create).getId());
        }
    }

    @TestConfiguration(proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/web/flow/actions/DelegatedClientAuthenticationActionTests$CredentialTestConfiguration.class */
    static class CredentialTestConfiguration {
        CredentialTestConfiguration() {
        }

        @Bean
        public DelegatedClientAuthenticationCredentialResolver testDelegatedCredentialResolver(@Qualifier("delegatedClientAuthenticationConfigurationContext") DelegatedClientAuthenticationConfigurationContext delegatedClientAuthenticationConfigurationContext) {
            return new TestBaseDelegatedClientAuthenticationCredentialResolver(delegatedClientAuthenticationConfigurationContext);
        }
    }

    @Nested
    /* loaded from: input_file:org/apereo/cas/web/flow/actions/DelegatedClientAuthenticationActionTests$DefaultTests.class */
    class DefaultTests extends BaseDelegatedClientAuthenticationActionTests {
        DefaultTests(DelegatedClientAuthenticationActionTests delegatedClientAuthenticationActionTests) {
        }

        @Test
        void verifyStartAuthenticationNoService() throws Throwable {
            assertStartAuthentication(null);
        }

        @Test
        void verifyStartAuthenticationWithService() throws Throwable {
            AbstractWebApplicationService service = RegisteredServiceTestUtils.getService("https://google.com");
            this.servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId()));
            assertStartAuthentication(service);
        }

        @Test
        void verifyExecutionFailureWithUnauthzResponse() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.addHeader("user-agent", "Chrome");
            AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(UUID.randomUUID().toString());
            this.servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId()));
            create.setParameter("service", service.getId());
            create.getHttpServletResponse().setStatus(HttpStatus.UNAUTHORIZED.value());
            Client client = (Client) this.identityProviders.findClient("FacebookClient").get();
            create.setParameter("delegatedclientid", this.delegatedClientAuthenticationWebflowManager.store(create, new JEEContext(create.getHttpServletRequest(), create.getHttpServletResponse()), client).getId());
            Assertions.assertEquals("stop", this.delegatedAuthenticationAction.execute(create).getId());
        }

        @Test
        void verifyFinishAuthenticationAuthzFailure() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.addHeader("user-agent", "Chrome");
            create.setParameter("client_name", "FacebookClient");
            create.setParameter("service", RegisteredServiceTestUtils.getService(UUID.randomUUID().toString()).getId());
            Client client = (Client) this.identityProviders.findClient("FacebookClient").get();
            create.setParameter("delegatedclientid", this.delegatedClientAuthenticationWebflowManager.store(create, new JEEContext(create.getHttpServletRequest(), create.getHttpServletResponse()), client).getId());
            Assertions.assertThrows(UnauthorizedServiceException.class, () -> {
                this.delegatedAuthenticationAction.execute(create);
            });
        }

        @Test
        void verifySaml2LogoutResponse() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            Client client = (Client) this.identityProviders.findClient("SAML2Client").get();
            create.addHeader("user-agent", "Chrome");
            create.setParameter("client_name", client.getName());
            JEEContext jEEContext = new JEEContext(create.getHttpServletRequest(), new MockHttpServletResponse());
            create.setMethod(HttpMethod.POST);
            create.getHttpServletRequest().setContent(EncodingUtils.encodeBase64(getLogoutResponse()).getBytes(StandardCharsets.UTF_8));
            AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(UUID.randomUUID().toString());
            this.servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of()));
            create.setParameter("service", service.getId());
            create.setParameter("delegatedclientid", this.delegatedClientAuthenticationWebflowManager.store(create, jEEContext, client).getId());
            Assertions.assertEquals("logout", this.delegatedAuthenticationAction.execute(create).getId());
        }

        @Test
        void verifyFinishAuthentication() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.addHeader("user-agent", "Chrome");
            create.setParameter("client_name", "FacebookClient");
            create.setParameter("theme", "theme");
            create.setParameter("locale", Locale.getDefault().getCountry());
            create.setParameter("method", HttpMethod.POST.name());
            AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(UUID.randomUUID().toString());
            this.servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of()));
            create.setParameter("service", service.getId());
            Client client = (Client) this.identityProviders.findClient("FacebookClient").get();
            create.setParameter("delegatedclientid", this.delegatedClientAuthenticationWebflowManager.store(create, new JEEContext(create.getHttpServletRequest(), create.getHttpServletResponse()), client).getId());
            Assertions.assertEquals("success", this.delegatedAuthenticationAction.execute(create).getId());
            Assertions.assertEquals("theme", create.getHttpServletRequest().getAttribute("theme"));
            Assertions.assertEquals(Locale.getDefault().getCountry(), create.getHttpServletRequest().getAttribute("locale"));
            Assertions.assertEquals(HttpMethod.POST.name(), create.getHttpServletRequest().getAttribute("method"));
            Assertions.assertEquals(service.getId(), ((Principal) create.getHttpServletRequest().getAttribute("service")).getId());
            MutableAttributeMap flowScope = create.getFlowScope();
            Assertions.assertEquals(service.getId(), ((Service) flowScope.get("service", Service.class)).getId());
            ClientCredential clientCredential = (ClientCredential) flowScope.get("credential", ClientCredential.class);
            Assertions.assertNotNull(clientCredential);
            Assertions.assertEquals("casuser", clientCredential.getId());
        }

        @Test
        void verifyFailedAuthentication() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.addHeader("user-agent", "Chrome");
            create.setParameter("error_message", "bad authn");
            create.setParameter("error_code", "403");
            create.setParameter("error_description", "authentication failed");
            create.setParameter("service", CoreAuthenticationTestUtils.getService().getId());
            Assertions.assertEquals("stop", this.delegatedAuthenticationAction.execute(create).getId());
        }

        @Test
        void verifySsoAuthenticationWithUnauthorizedSso() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.addHeader("user-agent", "Chrome");
            Client client = (Client) this.identityProviders.findClient("FacebookClient").orElseThrow();
            JEEContext jEEContext = new JEEContext(create.getHttpServletRequest(), create.getHttpServletResponse());
            create.setParameter("client_name", "FacebookClient");
            Service service = CoreAuthenticationTestUtils.getService("https://delegated2-authn-policy.example.org");
            CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of());
            DefaultRegisteredServiceAuthenticationPolicy defaultRegisteredServiceAuthenticationPolicy = new DefaultRegisteredServiceAuthenticationPolicy();
            defaultRegisteredServiceAuthenticationPolicy.setRequiredAuthenticationHandlers(Set.of("DelegatedClientAuthenticationHandler"));
            defaultRegisteredServiceAuthenticationPolicy.setCriteria(new AllAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria());
            registeredService.setAuthenticationPolicy(defaultRegisteredServiceAuthenticationPolicy);
            this.servicesManager.save(registeredService);
            create.setParameter("service", service.getId());
            create.setParameter("delegatedclientid", this.delegatedClientAuthenticationWebflowManager.store(create, jEEContext, client).getId());
            MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
            this.ticketRegistry.addTicket(mockTicketGrantingTicket);
            WebUtils.putTicketGrantingTicketInScopes(create, mockTicketGrantingTicket);
            Assertions.assertEquals("success", this.delegatedAuthenticationAction.execute(create).getId());
            Assertions.assertThrows(InvalidTicketException.class, () -> {
                this.ticketRegistry.getTicket(mockTicketGrantingTicket.getId(), TicketGrantingTicket.class);
            });
        }

        @Test
        void verifySsoAuthentication() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.addHeader("user-agent", "Chrome");
            Client client = (Client) this.identityProviders.findClient("FacebookClient").orElse(null);
            create.setParameter("delegatedclientid", this.delegatedClientAuthenticationWebflowManager.store(create, new JEEContext(create.getHttpServletRequest(), create.getHttpServletResponse()), client).getId());
            create.setParameter("client_name", "FacebookClient");
            Service service = CoreAuthenticationTestUtils.getService("https://delegated2.example.org");
            this.servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of()));
            create.setParameter("service", service.getId());
            MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
            this.ticketRegistry.addTicket(mockTicketGrantingTicket);
            WebUtils.putTicketGrantingTicketInScopes(create, mockTicketGrantingTicket);
            Assertions.assertEquals("generateServiceTicket", this.delegatedAuthenticationAction.execute(create).getId());
        }

        @Test
        void verifySsoAuthenticationWithInvalidTicketFails() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.setParameter("error_message", "Auth+failed");
            create.addHeader("user-agent", "Chrome");
            Client client = (Client) this.identityProviders.findClient("FacebookClient").get();
            create.setParameter("delegatedclientid", this.delegatedClientAuthenticationWebflowManager.store(create, new JEEContext(create.getHttpServletRequest(), new MockHttpServletResponse()), client).getId());
            create.setParameter("client_name", "FacebookClient");
            Service service = CoreAuthenticationTestUtils.getService("https://delegated2.example.org");
            this.servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of()));
            create.setParameter("service", service.getId());
            this.ticketRegistry.addTicket(new MockTicketGrantingTicket("casuser"));
            WebUtils.putTicketGrantingTicketInScopes(create, new MockTicketGrantingTicket("otheruser"));
            Assertions.assertEquals("stop", this.delegatedAuthenticationAction.execute(create).getId());
        }

        @Test
        void verifyLogoutRequestWithOkAction() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.addHeader("user-agent", "Chrome");
            create.setParameter("client_name", "LogoutClient");
            AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(UUID.randomUUID().toString());
            this.servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of()));
            create.setParameter("service", service.getId());
            Assertions.assertEquals("logout", this.delegatedAuthenticationAction.execute(create).getId());
            SingleLogoutContinuation singleLogoutContinuation = (SingleLogoutContinuation) create.getHttpServletRequest().getAttribute(SingleLogoutContinuation.class.getName());
            Assertions.assertNotNull(singleLogoutContinuation);
            Assertions.assertNotNull(singleLogoutContinuation.getContent());
            Assertions.assertNull(singleLogoutContinuation.getUrl());
        }

        @Test
        void verifyLogoutRequestWithFormPost() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.addHeader("user-agent", "Chrome");
            create.setParameter("client_name", "AutomaticPostLogoutClient");
            AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(UUID.randomUUID().toString());
            this.servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of()));
            create.setParameter("service", service.getId());
            Assertions.assertEquals("logout", this.delegatedAuthenticationAction.execute(create).getId());
            SingleLogoutContinuation singleLogoutContinuation = (SingleLogoutContinuation) create.getHttpServletRequest().getAttribute(SingleLogoutContinuation.class.getName());
            Assertions.assertNotNull(singleLogoutContinuation);
            Assertions.assertNull(singleLogoutContinuation.getContent());
            Assertions.assertNotNull(singleLogoutContinuation.getUrl());
        }

        @Test
        void verifyServerSideRedirectAuthentication() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.addHeader("user-agent", "Chrome");
            Service service = CoreAuthenticationTestUtils.getService("https://delegated2.example.org");
            this.servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of()));
            create.setParameter("service", service.getId());
            Assertions.assertEquals("generate", this.delegatedAuthenticationAction.execute(create).getId());
            Assertions.assertEquals("success", this.delegatedAuthenticationCreateClientsAction.execute(create).getId());
            Assertions.assertEquals(HttpStatus.FOUND.value(), create.getHttpServletResponse().getStatus());
            Assertions.assertEquals("clientredirect?client_name=CasClient", create.getHttpServletResponse().getHeader("Location"));
        }

        @Test
        void verifySsoAuthenticationUnauthz() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            create.addHeader("user-agent", "Chrome");
            create.setParameter("client_name", "FacebookClient");
            Service service = CoreAuthenticationTestUtils.getService("https://delegated3.example.org");
            create.setParameter("service", service.getId());
            Client client = (Client) this.identityProviders.findClient("FacebookClient").get();
            create.setParameter("delegatedclientid", this.delegatedClientAuthenticationWebflowManager.store(create, new JEEContext(create.getHttpServletRequest(), create.getHttpServletResponse()), client).getId());
            DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
            defaultRegisteredServiceAccessStrategy.setEnabled(false);
            CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService(service.getId());
            registeredService.setAccessStrategy(defaultRegisteredServiceAccessStrategy);
            this.servicesManager.save(registeredService);
            MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser", Map.of(), Map.of("clientName", List.of("FacebookClient")));
            this.ticketRegistry.addTicket(mockTicketGrantingTicket);
            WebUtils.putTicketGrantingTicketInScopes(create, mockTicketGrantingTicket);
            Assertions.assertThrows(UnauthorizedServiceException.class, () -> {
                this.delegatedAuthenticationAction.execute(create).getId();
            });
            Assertions.assertThrows(InvalidTicketException.class, () -> {
                this.ticketRegistry.getTicket(mockTicketGrantingTicket.getId(), TicketGrantingTicket.class);
            });
        }
    }

    DelegatedClientAuthenticationActionTests() {
    }
}
