package org.apereo.cas.web.flow.actions;

import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.apereo.cas.authentication.principal.ClientCredential;
import org.apereo.cas.logout.slo.SingleLogoutContinuation;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.util.MockRequestContext;
import org.apereo.cas.util.MockWebServer;
import org.apereo.cas.web.BaseDelegatedAuthenticationTests;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationConfigurationContext;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.SessionIndex;
import org.pac4j.core.context.CallContext;
import org.pac4j.jee.context.JEEContext;
import org.pac4j.saml.context.SAML2MessageContext;
import org.pac4j.saml.credentials.SAML2Credentials;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.webflow.execution.Action;

@Tag("Delegation")
@SpringBootTest(classes = {BaseDelegatedAuthenticationTests.SharedTestConfiguration.class})
/* loaded from: input_file:org/apereo/cas/web/flow/actions/DelegatedAuthenticationIdentityProviderLogoutActionTests.class */
class DelegatedAuthenticationIdentityProviderLogoutActionTests {

    @Autowired
    @Qualifier("delegatedAuthenticationIdentityProviderLogoutAction")
    private Action action;

    @Autowired
    @Qualifier("delegatedClientAuthenticationConfigurationContext")
    private DelegatedClientAuthenticationConfigurationContext configurationContext;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    DelegatedAuthenticationIdentityProviderLogoutActionTests() {
    }

    @Test
    void verifyOperation() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        create.setParameter("client_name", "SAML2Client");
        create.addHeader("user-agent", "Mozilla/5.0 (Windows NT 10.0; WOW64)");
        Assertions.assertEquals("proceed", this.action.execute(create).getId());
    }

    @Test
    void verifyPostLogout() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        create.setMethod(HttpMethod.POST);
        Ticket prepCredential = prepCredential(create, UUID.randomUUID().toString(), "AutomaticPostLogoutClient");
        create.setParameter("client_name", "AutomaticPostLogoutClient");
        create.addHeader("user-agent", "Mozilla/5.0 (Windows NT 10.0; WOW64)");
        MockWebServer mockWebServer = new MockWebServer(HttpStatus.OK);
        try {
            mockWebServer.start();
            create.getHttpServletRequest().setAttribute(SingleLogoutContinuation.class.getName(), SingleLogoutContinuation.builder().url("http://localhost:%s".formatted(Integer.valueOf(mockWebServer.getPort()))).build());
            Assertions.assertEquals("done", this.action.execute(create).getId());
            Assertions.assertNull(this.configurationContext.getTicketRegistry().getTicket(prepCredential.getId()));
            Assertions.assertNull(create.getHttpServletRequest().getAttribute(SingleLogoutContinuation.class.getName()));
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    void verifyPostBackChannelSaml2LogoutOperation() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        create.setMethod(HttpMethod.POST);
        create.setParameter("client_name", "SAML2Client");
        create.addHeader("user-agent", "Mozilla/5.0 (Windows NT 10.0; WOW64)");
        Ticket prepCredential = prepCredential(create, UUID.randomUUID().toString(), "SAML2Client");
        Assertions.assertEquals("done", this.action.execute(create).getId());
        Assertions.assertNull(this.configurationContext.getTicketRegistry().getTicket(prepCredential.getId()));
    }

    private Ticket prepCredential(MockRequestContext mockRequestContext, String str, String str2) throws Exception {
        String uuid = UUID.randomUUID().toString();
        ClientCredential clientCredential = getClientCredential(mockRequestContext, uuid, str2);
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(str, clientCredential, Map.of("sessionindex", List.of(uuid)));
        this.configurationContext.getTicketRegistry().addTicket(mockTicketGrantingTicket);
        WebUtils.putCredential(mockRequestContext, clientCredential);
        return mockTicketGrantingTicket;
    }

    private ClientCredential getClientCredential(MockRequestContext mockRequestContext, String str, String str2) {
        SAML2MessageContext sAML2MessageContext = new SAML2MessageContext(new CallContext(new JEEContext(mockRequestContext.getHttpServletRequest(), mockRequestContext.getHttpServletResponse()), this.configurationContext.getSessionStore()));
        MessageContext messageContext = new MessageContext();
        LogoutRequest logoutRequest = (LogoutRequest) Mockito.mock(LogoutRequest.class);
        SessionIndex sessionIndex = (SessionIndex) Mockito.mock(SessionIndex.class);
        Mockito.when(sessionIndex.getValue()).thenReturn(str);
        Mockito.when(logoutRequest.getSessionIndexes()).thenReturn(List.of(sessionIndex));
        messageContext.setMessage(logoutRequest);
        sAML2MessageContext.setMessageContext(messageContext);
        return new ClientCredential(new SAML2Credentials(sAML2MessageContext), str2);
    }
}
