package org.apereo.cas.web.support;

import jakarta.servlet.http.Cookie;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationResponse;
import org.apereo.cas.authentication.adaptive.geo.GeoLocationService;
import org.apereo.cas.configuration.model.support.cookie.PinnableCookieProperties;
import org.apereo.cas.configuration.model.support.cookie.TicketGrantingCookieProperties;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.spring.DirectObjectProvider;
import org.apereo.cas.web.cookie.CookieValueManager;
import org.apereo.cas.web.support.mgmr.DefaultCasCookieValueManager;
import org.apereo.cas.web.support.mgmr.DefaultCookieSameSitePolicy;
import org.apereo.inspektr.common.web.ClientInfo;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.mock.web.MockHttpServletRequest;

@Tag("Cookie")
/* loaded from: input_file:org/apereo/cas/web/support/DefaultCasCookieValueManagerTests.class */
class DefaultCasCookieValueManagerTests {
    private static final String CLIENT_IP = "127.0.0.1";
    private static final String USER_AGENT = "Test-Client/1.0.0";
    private static final String VALUE = "cookieValue";
    private CookieValueManager cookieValueManager;
    private Cookie cookie;
    private MockHttpServletRequest httpServletRequest;

    DefaultCasCookieValueManagerTests() {
    }

    @BeforeEach
    public void initialize() {
        this.cookie = (Cookie) Mockito.mock(Cookie.class);
        this.httpServletRequest = new MockHttpServletRequest();
        this.httpServletRequest.setRemoteAddr(CLIENT_IP);
        this.httpServletRequest.setLocalAddr(CLIENT_IP);
        this.httpServletRequest.addHeader("user-agent", USER_AGENT);
        ClientInfoHolder.setClientInfo(ClientInfo.from(this.httpServletRequest));
        this.cookieValueManager = getCookieValueManager(new TicketGrantingCookieProperties());
    }

    @AfterEach
    public void cleanup() {
        ClientInfoHolder.clear();
    }

    @Test
    void verifySessionPinning() throws Throwable {
        this.httpServletRequest.removeHeader("user-agent");
        PinnableCookieProperties pinToSession = new TicketGrantingCookieProperties().setPinToSession(true);
        Assertions.assertThrows(IllegalStateException.class, () -> {
            getCookieValueManager(pinToSession).buildCookieValue(VALUE, this.httpServletRequest);
        });
        pinToSession.setPinToSession(false);
        Assertions.assertNotNull(getCookieValueManager(pinToSession).buildCookieValue(VALUE, this.httpServletRequest));
    }

    @Test
    void verifySessionPinningAuthorizedOnFailure() throws Throwable {
        TicketGrantingCookieProperties ticketGrantingCookieProperties = new TicketGrantingCookieProperties();
        ticketGrantingCookieProperties.setAllowedIpAddressesPattern("^19.*.3.1\\d\\d");
        CookieValueManager cookieValueManager = getCookieValueManager(ticketGrantingCookieProperties);
        String buildCookieValue = cookieValueManager.buildCookieValue(VALUE, this.httpServletRequest);
        Assertions.assertNotNull(buildCookieValue);
        this.httpServletRequest.setRemoteAddr("198.127.3.155");
        ClientInfoHolder.setClientInfo(ClientInfo.from(this.httpServletRequest));
        Assertions.assertNotNull(cookieValueManager.obtainCookieValue(buildCookieValue, this.httpServletRequest));
    }

    @Test
    void verifyEncodeAndDecodeCookie() throws Throwable {
        String buildCookieValue = this.cookieValueManager.buildCookieValue(VALUE, this.httpServletRequest);
        Assertions.assertEquals(String.join("@", VALUE, CLIENT_IP, USER_AGENT), buildCookieValue);
        Mockito.when(this.cookie.getValue()).thenReturn(buildCookieValue);
        Assertions.assertEquals(VALUE, this.cookieValueManager.obtainCookieValue(this.cookie, this.httpServletRequest));
    }

    @Test
    void verifyNoPinning() throws Throwable {
        TicketGrantingCookieProperties ticketGrantingCookieProperties = new TicketGrantingCookieProperties();
        ticketGrantingCookieProperties.setPinToSession(false);
        Assertions.assertEquals(VALUE, getCookieValueManager(ticketGrantingCookieProperties).obtainCookieValue(VALUE, new MockHttpServletRequest()));
    }

    @Test
    void verifyBadValue() throws Throwable {
        CookieValueManager cookieValueManager = getCookieValueManager(new TicketGrantingCookieProperties());
        Assertions.assertThrows(InvalidCookieException.class, () -> {
            cookieValueManager.obtainCookieValue(VALUE, new MockHttpServletRequest());
        });
    }

    @Test
    void verifyBadCookie() throws Throwable {
        CookieValueManager cookieValueManager = getCookieValueManager(new TicketGrantingCookieProperties());
        Assertions.assertThrows(InvalidCookieException.class, () -> {
            cookieValueManager.obtainCookieValue("cookieValue@1@", new MockHttpServletRequest());
        });
    }

    @Test
    void verifyBadIp() throws Throwable {
        CookieValueManager cookieValueManager = getCookieValueManager(new TicketGrantingCookieProperties());
        Assertions.assertThrows(InvalidCookieException.class, () -> {
            cookieValueManager.obtainCookieValue("cookieValue@1@agent", new MockHttpServletRequest());
        });
    }

    @Test
    void verifyBadAgent() throws Throwable {
        CookieValueManager cookieValueManager = getCookieValueManager(new TicketGrantingCookieProperties());
        Assertions.assertThrows(InvalidCookieException.class, () -> {
            cookieValueManager.obtainCookieValue("cookieValue@" + ClientInfoHolder.getClientInfo().getClientIpAddress() + "@agent", new MockHttpServletRequest());
        });
    }

    @Test
    void verifyMissingClientInfo() throws Throwable {
        CookieValueManager cookieValueManager = getCookieValueManager(new TicketGrantingCookieProperties());
        ClientInfoHolder.clear();
        Assertions.assertThrows(InvalidCookieException.class, () -> {
            cookieValueManager.obtainCookieValue("cookieValue@127.0.0.1@Test-Client/1.0.0", new MockHttpServletRequest());
        });
    }

    @Test
    void verifySessionGeoLocated() throws Throwable {
        PinnableCookieProperties geoLocateClientSession = new TicketGrantingCookieProperties().setPinToSession(true).setGeoLocateClientSession(true);
        GeoLocationService geoLocationService = (GeoLocationService) Mockito.mock(GeoLocationService.class);
        Mockito.when(geoLocationService.locate(Mockito.anyString())).thenReturn(new GeoLocationResponse().addAddress("London, UK").setLatitude(156.0d).setLongitude(34.0d));
        CookieValueManager cookieValueManager = getCookieValueManager(geoLocationService, geoLocateClientSession);
        Mockito.when(this.cookie.getValue()).thenReturn(cookieValueManager.buildCookieValue(VALUE, this.httpServletRequest));
        Assertions.assertEquals(VALUE, cookieValueManager.obtainCookieValue(this.cookie, this.httpServletRequest));
    }

    private static CookieValueManager getCookieValueManager(PinnableCookieProperties pinnableCookieProperties) {
        return getCookieValueManager((GeoLocationService) Mockito.mock(GeoLocationService.class), pinnableCookieProperties);
    }

    private static CookieValueManager getCookieValueManager(GeoLocationService geoLocationService, PinnableCookieProperties pinnableCookieProperties) {
        return new DefaultCasCookieValueManager(CipherExecutor.noOp(), new DirectObjectProvider(geoLocationService), DefaultCookieSameSitePolicy.INSTANCE, pinnableCookieProperties);
    }
}
