package org.apereo.cas.services;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.File;
import java.net.URI;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.io.FileUtils;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;

@Tag("RegisteredService")
/* loaded from: input_file:org/apereo/cas/services/ChainingRegisteredServiceAccessStrategyTests.class */
class ChainingRegisteredServiceAccessStrategyTests {
    private static final File JSON_FILE = new File(FileUtils.getTempDirectoryPath(), "ChainingRegisteredServiceAccessStrategyTests.json");
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(true).build().toObjectMapper();

    ChainingRegisteredServiceAccessStrategyTests() {
    }

    @Test
    void verifyDelegatedAccessAnd() throws Throwable {
        ChainingRegisteredServiceAccessStrategy chainingRegisteredServiceAccessStrategy = new ChainingRegisteredServiceAccessStrategy();
        chainingRegisteredServiceAccessStrategy.setOperator(LogicalOperatorTypes.AND);
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("key1", Set.of("value1")));
        defaultRegisteredServiceAccessStrategy.setDelegatedAuthenticationPolicy(new DefaultRegisteredServiceDelegatedAuthenticationPolicy().setExclusive(true).setPermitUndefined(true).setAllowedProviders(List.of("P1")));
        chainingRegisteredServiceAccessStrategy.addStrategy(defaultRegisteredServiceAccessStrategy);
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy2 = new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("key2", Set.of("value2")));
        defaultRegisteredServiceAccessStrategy2.setDelegatedAuthenticationPolicy(new DefaultRegisteredServiceDelegatedAuthenticationPolicy().setExclusive(false).setPermitUndefined(false).setAllowedProviders(List.of("P2")));
        chainingRegisteredServiceAccessStrategy.addStrategy(defaultRegisteredServiceAccessStrategy2);
        RegisteredServiceDelegatedAuthenticationPolicy delegatedAuthenticationPolicy = chainingRegisteredServiceAccessStrategy.getDelegatedAuthenticationPolicy();
        Assertions.assertNotNull(delegatedAuthenticationPolicy);
        Assertions.assertFalse(delegatedAuthenticationPolicy.isExclusive());
        Assertions.assertFalse(delegatedAuthenticationPolicy.isPermitUndefined());
        Assertions.assertTrue(delegatedAuthenticationPolicy.getAllowedProviders().contains("P1"));
        Assertions.assertTrue(delegatedAuthenticationPolicy.getAllowedProviders().contains("P2"));
        Assertions.assertFalse(delegatedAuthenticationPolicy.isProviderRequired());
        Assertions.assertFalse(delegatedAuthenticationPolicy.isProviderAllowed("P2", new CasRegisteredService()));
    }

    @Test
    void verifyDelegatedAccessOr() throws Throwable {
        ChainingRegisteredServiceAccessStrategy chainingRegisteredServiceAccessStrategy = new ChainingRegisteredServiceAccessStrategy();
        chainingRegisteredServiceAccessStrategy.setOperator(LogicalOperatorTypes.OR);
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("key1", Set.of("value1")));
        defaultRegisteredServiceAccessStrategy.setDelegatedAuthenticationPolicy(new DefaultRegisteredServiceDelegatedAuthenticationPolicy().setExclusive(true).setPermitUndefined(true).setAllowedProviders(List.of("P1")));
        chainingRegisteredServiceAccessStrategy.addStrategy(defaultRegisteredServiceAccessStrategy);
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy2 = new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("key2", Set.of("value2")));
        defaultRegisteredServiceAccessStrategy2.setDelegatedAuthenticationPolicy(new DefaultRegisteredServiceDelegatedAuthenticationPolicy().setExclusive(false).setPermitUndefined(false).setAllowedProviders(List.of("P2")));
        chainingRegisteredServiceAccessStrategy.addStrategy(defaultRegisteredServiceAccessStrategy2);
        RegisteredServiceDelegatedAuthenticationPolicy delegatedAuthenticationPolicy = chainingRegisteredServiceAccessStrategy.getDelegatedAuthenticationPolicy();
        Assertions.assertNotNull(delegatedAuthenticationPolicy);
        Assertions.assertTrue(delegatedAuthenticationPolicy.isExclusive());
        Assertions.assertTrue(delegatedAuthenticationPolicy.isPermitUndefined());
        Assertions.assertTrue(delegatedAuthenticationPolicy.isProviderRequired());
        Assertions.assertTrue(delegatedAuthenticationPolicy.isProviderAllowed("P1", new CasRegisteredService()));
    }

    @Test
    void verifyRequiredAttributes() throws Throwable {
        ChainingRegisteredServiceAccessStrategy chainingRegisteredServiceAccessStrategy = new ChainingRegisteredServiceAccessStrategy();
        chainingRegisteredServiceAccessStrategy.setOperator(LogicalOperatorTypes.AND);
        chainingRegisteredServiceAccessStrategy.addStrategy(new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("key1", Set.of("value1"))));
        chainingRegisteredServiceAccessStrategy.addStrategy(new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("key2", Set.of("value2"))));
        chainingRegisteredServiceAccessStrategy.addStrategy(new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("key1", Set.of("value3"))));
        Map requiredAttributes = chainingRegisteredServiceAccessStrategy.getRequiredAttributes();
        Assertions.assertEquals(2, requiredAttributes.size());
        Assertions.assertTrue(requiredAttributes.containsKey("key1"));
        Assertions.assertTrue(requiredAttributes.containsKey("key2"));
        Assertions.assertTrue(((Set) requiredAttributes.get("key1")).contains("value1"));
        Assertions.assertTrue(((Set) requiredAttributes.get("key1")).contains("value3"));
        Assertions.assertTrue(((Set) requiredAttributes.get("key2")).contains("value2"));
    }

    @Test
    void verifyAndOperation() throws Throwable {
        ChainingRegisteredServiceAccessStrategy chainingRegisteredServiceAccessStrategy = new ChainingRegisteredServiceAccessStrategy();
        chainingRegisteredServiceAccessStrategy.setOperator(LogicalOperatorTypes.AND);
        chainingRegisteredServiceAccessStrategy.addStrategy(new DefaultRegisteredServiceAccessStrategy(false, true));
        chainingRegisteredServiceAccessStrategy.addStrategy(new DefaultRegisteredServiceAccessStrategy(true, false));
        Assertions.assertFalse(chainingRegisteredServiceAccessStrategy.isServiceAccessAllowed(CoreAuthenticationTestUtils.getRegisteredService(), CoreAuthenticationTestUtils.getService()));
        Assertions.assertFalse(chainingRegisteredServiceAccessStrategy.isServiceAccessAllowedForSso(CoreAuthenticationTestUtils.getRegisteredService()));
    }

    @Test
    void verifyPrincipalAccessAnd() throws Throwable {
        ChainingRegisteredServiceAccessStrategy chainingRegisteredServiceAccessStrategy = new ChainingRegisteredServiceAccessStrategy();
        chainingRegisteredServiceAccessStrategy.setOperator(LogicalOperatorTypes.AND);
        chainingRegisteredServiceAccessStrategy.addStrategy(new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("key1", Set.of("value1"))));
        chainingRegisteredServiceAccessStrategy.addStrategy(new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("key2", Set.of("value2"))));
        Assertions.assertFalse(chainingRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("casuser").attributes(CollectionUtils.wrap("key1", Set.of("value1"))).build()));
        Assertions.assertFalse(chainingRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("casuser").attributes(CollectionUtils.wrap("key2", Set.of("value2"))).build()));
        Assertions.assertTrue(chainingRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("casuser").attributes(CollectionUtils.wrap("key1", Set.of("value1"), "key2", Set.of("value2"))).build()));
    }

    @Test
    void verifyPrincipalAccessOr() throws Throwable {
        ChainingRegisteredServiceAccessStrategy chainingRegisteredServiceAccessStrategy = new ChainingRegisteredServiceAccessStrategy();
        chainingRegisteredServiceAccessStrategy.setOperator(LogicalOperatorTypes.OR);
        chainingRegisteredServiceAccessStrategy.addStrategy(new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("key1", Set.of("value1"))));
        chainingRegisteredServiceAccessStrategy.addStrategy(new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("key2", Set.of("value2"))));
        Assertions.assertTrue(chainingRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("casuser").attributes(CollectionUtils.wrap("key1", Set.of("value1"))).build()));
        Assertions.assertTrue(chainingRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("casuser").attributes(CollectionUtils.wrap("key2", Set.of("value2"))).build()));
    }

    @Test
    void verifyOrOperation() throws Throwable {
        ChainingRegisteredServiceAccessStrategy chainingRegisteredServiceAccessStrategy = new ChainingRegisteredServiceAccessStrategy();
        chainingRegisteredServiceAccessStrategy.setUnauthorizedRedirectUrl(new URI("https://google.com"));
        chainingRegisteredServiceAccessStrategy.setOperator(LogicalOperatorTypes.OR);
        chainingRegisteredServiceAccessStrategy.addStrategy(new DefaultRegisteredServiceAccessStrategy(false, true));
        chainingRegisteredServiceAccessStrategy.addStrategy(new DefaultRegisteredServiceAccessStrategy(true, false));
        Assertions.assertTrue(chainingRegisteredServiceAccessStrategy.isServiceAccessAllowed(CoreAuthenticationTestUtils.getRegisteredService(), CoreAuthenticationTestUtils.getService()));
        Assertions.assertTrue(chainingRegisteredServiceAccessStrategy.isServiceAccessAllowedForSso(CoreAuthenticationTestUtils.getRegisteredService()));
        Assertions.assertNotNull(chainingRegisteredServiceAccessStrategy.getUnauthorizedRedirectUrl());
    }

    @Test
    void verifySerializeToJson() throws Throwable {
        ChainingRegisteredServiceAccessStrategy chainingRegisteredServiceAccessStrategy = new ChainingRegisteredServiceAccessStrategy();
        chainingRegisteredServiceAccessStrategy.setUnauthorizedRedirectUrl(new URI("https://google.com"));
        chainingRegisteredServiceAccessStrategy.setOperator(LogicalOperatorTypes.OR);
        chainingRegisteredServiceAccessStrategy.addStrategy(new DefaultRegisteredServiceAccessStrategy(false, true));
        chainingRegisteredServiceAccessStrategy.addStrategy(new DefaultRegisteredServiceAccessStrategy(true, false));
        MAPPER.writeValue(JSON_FILE, chainingRegisteredServiceAccessStrategy);
        Assertions.assertEquals(chainingRegisteredServiceAccessStrategy, (ChainingRegisteredServiceAccessStrategy) MAPPER.readValue(JSON_FILE, ChainingRegisteredServiceAccessStrategy.class));
    }

    @Test
    void verifyPrincipalAccessMixedRules() throws Throwable {
        RegisteredServiceAccessStrategy chainingRegisteredServiceAccessStrategy = new ChainingRegisteredServiceAccessStrategy();
        chainingRegisteredServiceAccessStrategy.setOperator(LogicalOperatorTypes.AND);
        chainingRegisteredServiceAccessStrategy.addStrategy(new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("key1", Set.of("value1"))));
        chainingRegisteredServiceAccessStrategy.addStrategy(new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("key2", Set.of("value2"))));
        RegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("key3", Set.of("value3")));
        ChainingRegisteredServiceAccessStrategy chainingRegisteredServiceAccessStrategy2 = new ChainingRegisteredServiceAccessStrategy();
        chainingRegisteredServiceAccessStrategy2.setOperator(LogicalOperatorTypes.OR);
        chainingRegisteredServiceAccessStrategy2.addStrategies(new RegisteredServiceAccessStrategy[]{chainingRegisteredServiceAccessStrategy, defaultRegisteredServiceAccessStrategy});
        Assertions.assertFalse(chainingRegisteredServiceAccessStrategy2.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("casuser").attributes(CollectionUtils.wrap("key1", Set.of("value1"))).build()));
        Assertions.assertFalse(chainingRegisteredServiceAccessStrategy2.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("casuser").attributes(CollectionUtils.wrap("key2", Set.of("value2"))).build()));
        Assertions.assertTrue(chainingRegisteredServiceAccessStrategy2.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("casuser").attributes(CollectionUtils.wrap("key1", Set.of("value1"), "key2", Set.of("value2"))).build()));
        Assertions.assertTrue(chainingRegisteredServiceAccessStrategy2.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("casuser").attributes(CollectionUtils.wrap("key3", Set.of("value3"))).build()));
    }
}
