package org.apereo.cas.services;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.File;
import java.io.IOException;
import java.lang.invoke.SerializedLambda;
import java.nio.file.Files;
import java.nio.file.attribute.FileAttribute;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;

@Tag("RegisteredService")
/* loaded from: input_file:org/apereo/cas/services/DefaultRegisteredServiceAccessStrategyTests.class */
class DefaultRegisteredServiceAccessStrategyTests {
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(true).build().toObjectMapper();
    private static final String TEST = "test";
    private static final String PHONE = "phone";
    private static final String GIVEN_NAME = "givenName";
    private static final String CAS = "cas";
    private static final String KAZ = "KAZ";
    private static final String CN = "cn";

    DefaultRegisteredServiceAccessStrategyTests() {
    }

    private static Map<String, Set<String>> getRequiredAttributes() {
        HashMap hashMap = new HashMap();
        hashMap.put(CN, (Set) Stream.of((Object[]) new String[]{CAS, "SSO"}).collect(Collectors.toSet()));
        hashMap.put(GIVEN_NAME, (Set) Stream.of((Object[]) new String[]{"CAS", KAZ}).collect(Collectors.toSet()));
        hashMap.put(PHONE, Collections.singleton("\\d\\d\\d-\\d\\d\\d-\\d\\d\\d"));
        return hashMap;
    }

    private static Map<String, Set<String>> getRejectedAttributes() {
        HashMap hashMap = new HashMap();
        hashMap.put("address", Collections.singleton(".+"));
        hashMap.put("role", Collections.singleton("staff"));
        return hashMap;
    }

    private static Map getPrincipalAttributes() {
        HashMap hashMap = new HashMap();
        hashMap.put(CN, CAS);
        hashMap.put(GIVEN_NAME, Arrays.asList(CAS, KAZ));
        hashMap.put("sn", "surname");
        hashMap.put(PHONE, "123-456-7890");
        return hashMap;
    }

    @Test
    void checkLoad() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy(getRequiredAttributes(), getRejectedAttributes());
        defaultRegisteredServiceAccessStrategy.postLoad();
        Assertions.assertEquals(0, defaultRegisteredServiceAccessStrategy.getOrder());
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [org.apereo.cas.services.DefaultRegisteredServiceAccessStrategyTests$1] */
    @Test
    void checkDefaultInterfaceImpls() throws Throwable {
        ?? r0 = new RegisteredServiceAccessStrategy() { // from class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategyTests.1
            private static final long serialVersionUID = -6993120869616143038L;
        };
        Assertions.assertEquals(Integer.MAX_VALUE, r0.getOrder());
        Assertions.assertTrue(r0.isServiceAccessAllowed(RegisteredServiceTestUtils.getRegisteredService(), RegisteredServiceTestUtils.getService2()));
        Assertions.assertTrue(r0.isServiceAccessAllowedForSso(RegisteredServiceTestUtils.getRegisteredService()));
        Assertions.assertTrue(r0.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().build()));
        Assertions.assertNull(r0.getUnauthorizedRedirectUrl());
    }

    @Test
    void checkDefaultAuthzStrategyConfig() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        Assertions.assertTrue(defaultRegisteredServiceAccessStrategy.isServiceAccessAllowed(RegisteredServiceTestUtils.getRegisteredService(), RegisteredServiceTestUtils.getService2()));
        Assertions.assertTrue(defaultRegisteredServiceAccessStrategy.isServiceAccessAllowedForSso(RegisteredServiceTestUtils.getRegisteredService()));
    }

    @Test
    void checkDisabledAuthzStrategyConfig() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy(false, true);
        Assertions.assertFalse(defaultRegisteredServiceAccessStrategy.isServiceAccessAllowed(RegisteredServiceTestUtils.getRegisteredService(), RegisteredServiceTestUtils.getService2()));
        Assertions.assertTrue(defaultRegisteredServiceAccessStrategy.isServiceAccessAllowedForSso(RegisteredServiceTestUtils.getRegisteredService()));
    }

    @Test
    void checkDisabledSsoAuthzStrategyConfig() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy(true, false);
        Assertions.assertTrue(defaultRegisteredServiceAccessStrategy.isServiceAccessAllowed(RegisteredServiceTestUtils.getRegisteredService(), RegisteredServiceTestUtils.getService2()));
        Assertions.assertFalse(defaultRegisteredServiceAccessStrategy.isServiceAccessAllowedForSso(RegisteredServiceTestUtils.getRegisteredService()));
    }

    @Test
    void setAuthzStrategyConfig() {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy(false, false);
        defaultRegisteredServiceAccessStrategy.setEnabled(true);
        defaultRegisteredServiceAccessStrategy.setSsoEnabled(true);
        Assertions.assertTrue(defaultRegisteredServiceAccessStrategy.isServiceAccessAllowed(RegisteredServiceTestUtils.getRegisteredService(), RegisteredServiceTestUtils.getService2()));
        Assertions.assertTrue(defaultRegisteredServiceAccessStrategy.isServiceAccessAllowedForSso(RegisteredServiceTestUtils.getRegisteredService()));
        Assertions.assertTrue(defaultRegisteredServiceAccessStrategy.isRequireAllAttributes());
    }

    @Test
    void checkAuthzPrincipalInactive() throws Throwable {
        Assertions.assertTrue(new DefaultRegisteredServiceAccessStrategy().setActivationCriteria(registeredServiceAccessStrategyRequest -> {
            return false;
        }).authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("test").build()));
    }

    @Test
    void checkAuthzPrincipalNoAttrRequirements() throws Throwable {
        Assertions.assertTrue(new DefaultRegisteredServiceAccessStrategy().authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("test").build()));
    }

    @Test
    void checkAuthzPrincipalWithAttrRequirementsEmptyPrincipal() throws Throwable {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(getRequiredAttributes());
        Assertions.assertFalse(defaultRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("test").build()));
    }

    @Test
    void checkAuthzPrincipalWithAttrRequirementsAll() throws Throwable {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(getRequiredAttributes());
        Assertions.assertTrue(defaultRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("test").attributes(getPrincipalAttributes()).build()));
    }

    @Test
    void checkAuthzWithAttributeRequirementAsGroovy() throws Throwable {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        HashMap hashMap = new HashMap();
        hashMap.put(CN, Set.of("groovy { return attributes.containsKey('name') && currentValues.contains('admin') }"));
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(hashMap);
        RegisteredServiceAccessStrategyRequest build = RegisteredServiceAccessStrategyRequest.builder().attributes(Map.of(PHONE, List.of("1234567890"))).principalId("test").build();
        Assertions.assertFalse(defaultRegisteredServiceAccessStrategy.authorizeRequest(build));
        Assertions.assertTrue(defaultRegisteredServiceAccessStrategy.authorizeRequest(build.withAttributes(Map.of(CN, List.of("admin"), "name", List.of("casuser")))));
    }

    @Test
    void checkAuthzPrincipalWithAttrRequirementsMissingOne() throws Throwable {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(getRequiredAttributes());
        Map principalAttributes = getPrincipalAttributes();
        principalAttributes.remove(CN);
        Assertions.assertFalse(defaultRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("test").attributes(principalAttributes).build()));
    }

    @Test
    void checkAuthzPrincipalWithAttrRequirementsMissingOneButNotAllNeeded() throws Throwable {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(getRequiredAttributes());
        defaultRegisteredServiceAccessStrategy.setRequireAllAttributes(false);
        Map principalAttributes = getPrincipalAttributes();
        principalAttributes.remove(CN);
        Assertions.assertTrue(defaultRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("test").attributes(principalAttributes).build()));
    }

    @Test
    void checkAuthzPrincipalWithAttrRequirementsNoValueMatch() throws Throwable {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        Map<String, Set<String>> requiredAttributes = getRequiredAttributes();
        requiredAttributes.remove(PHONE);
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(requiredAttributes);
        defaultRegisteredServiceAccessStrategy.setRequireAllAttributes(false);
        Map principalAttributes = getPrincipalAttributes();
        principalAttributes.remove(CN);
        principalAttributes.put(GIVEN_NAME, "theName");
        Assertions.assertFalse(defaultRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("test").attributes(principalAttributes).build()));
    }

    @Test
    void checkAuthzPrincipalWithAttrRequirementsWrongValue() throws Throwable {
        Map<String, Set<String>> requiredAttributes = getRequiredAttributes();
        requiredAttributes.put(GIVEN_NAME, Collections.singleton("not present"));
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequireAllAttributes(true);
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(requiredAttributes);
        Assertions.assertFalse(defaultRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("test").attributes(getPrincipalAttributes()).build()));
    }

    @Test
    void checkAuthzPrincipalWithAttrValueCaseSensitiveComparison() throws Throwable {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        Map<String, Set<String>> requiredAttributes = getRequiredAttributes();
        requiredAttributes.remove(PHONE);
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(requiredAttributes);
        Map principalAttributes = getPrincipalAttributes();
        principalAttributes.put(CN, "CAS");
        principalAttributes.put(GIVEN_NAME, "kaz");
        Assertions.assertFalse(defaultRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("test").attributes(principalAttributes).build()));
    }

    @Test
    void checkRejectedAttributesNotAvailable() throws Throwable {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(getRequiredAttributes());
        defaultRegisteredServiceAccessStrategy.setRejectedAttributes(getRejectedAttributes());
        Assertions.assertTrue(defaultRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("test").attributes(getPrincipalAttributes()).build()));
    }

    @Test
    void checkRejectedAttributesAvailable() throws Throwable {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRejectedAttributes(getRejectedAttributes());
        Map principalAttributes = getPrincipalAttributes();
        principalAttributes.put("address", "1234 Main Street");
        Assertions.assertTrue(defaultRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("test").attributes(principalAttributes).build()));
    }

    @Test
    void checkRejectedAttributesAvailableRequireAll() throws Throwable {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequireAllAttributes(true);
        defaultRegisteredServiceAccessStrategy.setRejectedAttributes(getRejectedAttributes());
        Map principalAttributes = getPrincipalAttributes();
        principalAttributes.put("address", "1234 Main Street");
        Assertions.assertTrue(defaultRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("test").attributes(principalAttributes).build()));
    }

    @Test
    void checkRejectedAttributesAvailableRequireAll3() throws Throwable {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequireAllAttributes(false);
        defaultRegisteredServiceAccessStrategy.setRejectedAttributes(getRejectedAttributes());
        Map principalAttributes = getPrincipalAttributes();
        principalAttributes.put("role", "nomatch");
        Assertions.assertTrue(defaultRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("test").attributes(principalAttributes).build()));
    }

    @Test
    void checkRejectedAttributesAvailableRequireAll2() throws Throwable {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequireAllAttributes(false);
        defaultRegisteredServiceAccessStrategy.setRejectedAttributes(getRejectedAttributes());
        Map principalAttributes = getPrincipalAttributes();
        principalAttributes.put("role", "staff");
        Assertions.assertFalse(defaultRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("test").attributes(principalAttributes).build()));
    }

    @Test
    void checkAuthzPrincipalWithAttrValueCaseInsensitiveComparison() throws Throwable {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(getRequiredAttributes());
        Map principalAttributes = getPrincipalAttributes();
        defaultRegisteredServiceAccessStrategy.setCaseInsensitive(true);
        principalAttributes.put(CN, CAS);
        principalAttributes.put(GIVEN_NAME, "kaz");
        Assertions.assertTrue(defaultRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("test").attributes(principalAttributes).build()));
    }

    @Test
    void checkAuthzPrincipalWithAttrValuePatternComparison() throws Throwable {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        Map<String, Set<String>> requiredAttributes = getRequiredAttributes();
        requiredAttributes.remove(CN);
        requiredAttributes.remove(GIVEN_NAME);
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(requiredAttributes);
        Assertions.assertTrue(defaultRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("test").attributes(getPrincipalAttributes()).build()));
    }

    @Test
    void verifySerializeADefaultRegisteredServiceAccessStrategyToJson() throws IOException {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        Map<String, Set<String>> requiredAttributes = getRequiredAttributes();
        requiredAttributes.remove(CN);
        requiredAttributes.remove(GIVEN_NAME);
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(requiredAttributes);
        defaultRegisteredServiceAccessStrategy.setRejectedAttributes(getRejectedAttributes());
        File file = Files.createTempFile(RandomUtils.randomAlphabetic(8), ".json", new FileAttribute[0]).toFile();
        MAPPER.writeValue(file, defaultRegisteredServiceAccessStrategy);
        Assertions.assertEquals(defaultRegisteredServiceAccessStrategy, (DefaultRegisteredServiceAccessStrategy) MAPPER.readValue(file, DefaultRegisteredServiceAccessStrategy.class));
    }

    @Test
    void verifyRejectedAttributesMoreThanPrincipal() throws Throwable {
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setRejectedAttributes(getRejectedAttributes());
        defaultRegisteredServiceAccessStrategy.setRequiredAttributes(Map.of(CN, Set.of(CAS)));
        Assertions.assertFalse(defaultRegisteredServiceAccessStrategy.authorizeRequest(RegisteredServiceAccessStrategyRequest.builder().principalId("test").attributes(Map.of(CN, List.of(CAS))).build()));
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -2084262743:
                if (implMethodName.equals("lambda$checkAuthzPrincipalInactive$1b8de6ea$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/apereo/cas/services/RegisteredServiceAccessStrategyActivationCriteria") && serializedLambda.getFunctionalInterfaceMethodName().equals("shouldActivate") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/apereo/cas/services/RegisteredServiceAccessStrategyRequest;)Z") && serializedLambda.getImplClass().equals("org/apereo/cas/services/DefaultRegisteredServiceAccessStrategyTests") && serializedLambda.getImplMethodSignature().equals("(Lorg/apereo/cas/services/RegisteredServiceAccessStrategyRequest;)Z")) {
                    return registeredServiceAccessStrategyRequest -> {
                        return false;
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
