package org.apereo.cas.services;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.File;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.io.FileUtils;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apereo/cas/services/DefaultRegisteredServiceAccessStrategyTests.class */
public class DefaultRegisteredServiceAccessStrategyTests {
    private static final File JSON_FILE = new File(FileUtils.getTempDirectoryPath(), "x509CertificateCredential.json");
    private static final ObjectMapper MAPPER = new ObjectMapper().findAndRegisterModules();
    private static final String TEST = "test";
    private static final String PHONE = "phone";
    private static final String GIVEN_NAME = "givenName";
    private static final String CAS = "cas";
    private static final String KAZ = "KAZ";
    private static final String CN = "cn";

    @Test
    public void checkDefaultImpls() {
        Assert.assertEquals(0L, new DefaultRegisteredServiceAccessStrategy().getOrder());
    }

    @Test
    public void checkDefaultInterfaceImpls() {
        RegisteredServiceAccessStrategy registeredServiceAccessStrategy = new RegisteredServiceAccessStrategy() { // from class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategyTests.1
            private static final long serialVersionUID = -6993120869616143038L;
        };
        Assert.assertEquals(2147483647L, registeredServiceAccessStrategy.getOrder());
        Assert.assertTrue(registeredServiceAccessStrategy.isServiceAccessAllowed());
        Assert.assertTrue(registeredServiceAccessStrategy.isServiceAccessAllowedForSso());
        Assert.assertTrue(registeredServiceAccessStrategy.doPrincipalAttributesAllowServiceAccess((String) null, (Map) null));
        Assert.assertNull(registeredServiceAccessStrategy.getUnauthorizedRedirectUrl());
    }

    @Test
    public void checkDefaultAuthzStrategyConfig() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        Assert.assertTrue(defaultRegisteredServiceAccessStrategy.isServiceAccessAllowed());
        Assert.assertTrue(defaultRegisteredServiceAccessStrategy.isServiceAccessAllowedForSso());
    }

    @Test
    public void checkDisabledAuthzStrategyConfig() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy(false, true);
        Assert.assertFalse(defaultRegisteredServiceAccessStrategy.isServiceAccessAllowed());
        Assert.assertTrue(defaultRegisteredServiceAccessStrategy.isServiceAccessAllowedForSso());
    }

    @Test
    public void checkDisabledSsoAuthzStrategyConfig() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy(true, false);
        Assert.assertTrue(defaultRegisteredServiceAccessStrategy.isServiceAccessAllowed());
        Assert.assertFalse(defaultRegisteredServiceAccessStrategy.isServiceAccessAllowedForSso());
    }

    @Test
    public void setAuthzStrategyConfig() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy(false, false);
        defaultRegisteredServiceAccessStrategy.setEnabled(true);
        defaultRegisteredServiceAccessStrategy.setSsoEnabled(true);
        Assert.assertTrue(defaultRegisteredServiceAccessStrategy.isServiceAccessAllowed());
        Assert.assertTrue(defaultRegisteredServiceAccessStrategy.isServiceAccessAllowedForSso());
        Assert.assertTrue(defaultRegisteredServiceAccessStrategy.isRequireAllAttributes());
    }

    @Test
    public void checkAuthzPrincipalNoAttrRequirements() {
        Assert.assertTrue(new DefaultRegisteredServiceAccessStrategy().doPrincipalAttributesAllowServiceAccess("test", new HashMap()));
    }

    @Test
    public void checkAuthzPrincipalWithAttrRequirementsEmptyPrincipal() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(getRequiredAttributes());
        Assert.assertFalse(defaultRegisteredServiceAccessStrategy.doPrincipalAttributesAllowServiceAccess("test", new HashMap()));
    }

    @Test
    public void checkAuthzPrincipalWithAttrRequirementsAll() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(getRequiredAttributes());
        Assert.assertTrue(defaultRegisteredServiceAccessStrategy.doPrincipalAttributesAllowServiceAccess("test", getPrincipalAttributes()));
    }

    @Test
    public void checkAuthzPrincipalWithAttrRequirementsMissingOne() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(getRequiredAttributes());
        Map<String, Object> principalAttributes = getPrincipalAttributes();
        principalAttributes.remove(CN);
        Assert.assertFalse(defaultRegisteredServiceAccessStrategy.doPrincipalAttributesAllowServiceAccess("test", principalAttributes));
    }

    @Test
    public void checkAuthzPrincipalWithAttrRequirementsMissingOneButNotAllNeeded() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(getRequiredAttributes());
        defaultRegisteredServiceAccessStrategy.setRequireAllAttributes(false);
        Map<String, Object> principalAttributes = getPrincipalAttributes();
        principalAttributes.remove(CN);
        Assert.assertTrue(defaultRegisteredServiceAccessStrategy.doPrincipalAttributesAllowServiceAccess("test", principalAttributes));
    }

    @Test
    public void checkAuthzPrincipalWithAttrRequirementsNoValueMatch() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        Map<String, Set<String>> requiredAttributes = getRequiredAttributes();
        requiredAttributes.remove(PHONE);
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(requiredAttributes);
        defaultRegisteredServiceAccessStrategy.setRequireAllAttributes(false);
        Map<String, Object> principalAttributes = getPrincipalAttributes();
        principalAttributes.remove(CN);
        principalAttributes.put(GIVEN_NAME, "theName");
        Assert.assertFalse(defaultRegisteredServiceAccessStrategy.doPrincipalAttributesAllowServiceAccess("test", principalAttributes));
    }

    @Test
    public void checkAuthzPrincipalWithAttrValueCaseSensitiveComparison() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        Map<String, Set<String>> requiredAttributes = getRequiredAttributes();
        requiredAttributes.remove(PHONE);
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(requiredAttributes);
        Map<String, Object> principalAttributes = getPrincipalAttributes();
        principalAttributes.put(CN, "CAS");
        principalAttributes.put(GIVEN_NAME, "kaz");
        Assert.assertFalse(defaultRegisteredServiceAccessStrategy.doPrincipalAttributesAllowServiceAccess("test", principalAttributes));
    }

    @Test
    public void checkRejectedAttributesNotAvailable() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(getRequiredAttributes());
        defaultRegisteredServiceAccessStrategy.setRejectedAttributes(getRejectedAttributes());
        Assert.assertTrue(defaultRegisteredServiceAccessStrategy.doPrincipalAttributesAllowServiceAccess("test", getPrincipalAttributes()));
    }

    @Test
    public void checkRejectedAttributesAvailable() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRejectedAttributes(getRejectedAttributes());
        Map<String, Object> principalAttributes = getPrincipalAttributes();
        principalAttributes.put("address", "1234 Main Street");
        Assert.assertTrue(defaultRegisteredServiceAccessStrategy.doPrincipalAttributesAllowServiceAccess("test", principalAttributes));
    }

    @Test
    public void checkRejectedAttributesAvailableRequireAll() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequireAllAttributes(true);
        defaultRegisteredServiceAccessStrategy.setRejectedAttributes(getRejectedAttributes());
        Map<String, Object> principalAttributes = getPrincipalAttributes();
        principalAttributes.put("address", "1234 Main Street");
        Assert.assertTrue(defaultRegisteredServiceAccessStrategy.doPrincipalAttributesAllowServiceAccess("test", principalAttributes));
    }

    @Test
    public void checkRejectedAttributesAvailableRequireAll3() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequireAllAttributes(false);
        defaultRegisteredServiceAccessStrategy.setRejectedAttributes(getRejectedAttributes());
        Map<String, Object> principalAttributes = getPrincipalAttributes();
        principalAttributes.put("role", "nomatch");
        Assert.assertTrue(defaultRegisteredServiceAccessStrategy.doPrincipalAttributesAllowServiceAccess("test", principalAttributes));
    }

    @Test
    public void checkRejectedAttributesAvailableRequireAll2() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequireAllAttributes(false);
        defaultRegisteredServiceAccessStrategy.setRejectedAttributes(getRejectedAttributes());
        Map<String, Object> principalAttributes = getPrincipalAttributes();
        principalAttributes.put("role", "staff");
        Assert.assertFalse(defaultRegisteredServiceAccessStrategy.doPrincipalAttributesAllowServiceAccess("test", principalAttributes));
    }

    @Test
    public void checkAuthzPrincipalWithAttrValueCaseInsensitiveComparison() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(getRequiredAttributes());
        Map<String, Object> principalAttributes = getPrincipalAttributes();
        defaultRegisteredServiceAccessStrategy.setCaseInsensitive(true);
        principalAttributes.put(CN, CAS);
        principalAttributes.put(GIVEN_NAME, "kaz");
        Assert.assertTrue(defaultRegisteredServiceAccessStrategy.doPrincipalAttributesAllowServiceAccess("test", principalAttributes));
    }

    @Test
    public void checkAuthzPrincipalWithAttrValuePatternComparison() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        Map<String, Set<String>> requiredAttributes = getRequiredAttributes();
        requiredAttributes.remove(CN);
        requiredAttributes.remove(GIVEN_NAME);
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(requiredAttributes);
        Assert.assertTrue(defaultRegisteredServiceAccessStrategy.doPrincipalAttributesAllowServiceAccess("test", getPrincipalAttributes()));
    }

    @Test
    public void verifySerializeADefaultRegisteredServiceAccessStrategyToJson() throws IOException {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        Map<String, Set<String>> requiredAttributes = getRequiredAttributes();
        requiredAttributes.remove(CN);
        requiredAttributes.remove(GIVEN_NAME);
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(requiredAttributes);
        defaultRegisteredServiceAccessStrategy.setRejectedAttributes(getRejectedAttributes());
        MAPPER.writeValue(JSON_FILE, defaultRegisteredServiceAccessStrategy);
        Assert.assertEquals(defaultRegisteredServiceAccessStrategy, (RegisteredServiceAccessStrategy) MAPPER.readValue(JSON_FILE, DefaultRegisteredServiceAccessStrategy.class));
    }

    private static Map<String, Set<String>> getRequiredAttributes() {
        HashMap hashMap = new HashMap();
        hashMap.put(CN, (Set) Stream.of((Object[]) new String[]{CAS, "SSO"}).collect(Collectors.toSet()));
        hashMap.put(GIVEN_NAME, (Set) Stream.of((Object[]) new String[]{"CAS", KAZ}).collect(Collectors.toSet()));
        hashMap.put(PHONE, Collections.singleton("\\d\\d\\d-\\d\\d\\d-\\d\\d\\d"));
        return hashMap;
    }

    private static Map<String, Set<String>> getRejectedAttributes() {
        HashMap hashMap = new HashMap();
        hashMap.put("address", Collections.singleton(".+"));
        hashMap.put("role", Collections.singleton("staff"));
        return hashMap;
    }

    private static Map<String, Object> getPrincipalAttributes() {
        HashMap hashMap = new HashMap();
        hashMap.put(CN, CAS);
        hashMap.put(GIVEN_NAME, Arrays.asList(CAS, KAZ));
        hashMap.put("sn", "surname");
        hashMap.put(PHONE, "123-456-7890");
        return hashMap;
    }
}
