package org.apereo.cas.web.flow;

import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.model.core.sso.SingleSignOnProperties;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.BaseWebBasedRegisteredService;
import org.apereo.cas.services.CasModelRegisteredService;
import org.apereo.cas.services.DefaultRegisteredServiceSingleSignOnParticipationPolicy;
import org.apereo.cas.services.DefaultRegisteredServiceTicketGrantingTicketExpirationPolicy;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.model.TriStateBoolean;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.test.MockRequestContext;

@Tag("Webflow")
/* loaded from: input_file:org/apereo/cas/web/flow/DefaultSingleSignOnParticipationStrategyTests.class */
public class DefaultSingleSignOnParticipationStrategyTests {
    @Test
    public void verifyParticipationDisabled() {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, new SingleSignOnProperties().setSsoEnabled(false), (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class), (AuthenticationServiceSelectionPlan) Mockito.mock(AuthenticationServiceSelectionPlan.class));
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        Assertions.assertFalse(defaultSingleSignOnParticipationStrategy.isParticipating(SingleSignOnParticipationRequest.builder().httpServletRequest(mockHttpServletRequest).requestContext(mockRequestContext).build()));
    }

    @Test
    public void verifyParticipatesForRenew() {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, new SingleSignOnProperties().setCreateSsoCookieOnRenewAuthn(true).setRenewAuthnEnabled(true), (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class), (AuthenticationServiceSelectionPlan) Mockito.mock(AuthenticationServiceSelectionPlan.class));
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        mockHttpServletRequest.addParameter("renew", "true");
        SingleSignOnParticipationRequest build = SingleSignOnParticipationRequest.builder().httpServletRequest(mockHttpServletRequest).requestContext(mockRequestContext).build();
        Assertions.assertTrue(defaultSingleSignOnParticipationStrategy.isParticipating(build) || defaultSingleSignOnParticipationStrategy.isCreateCookieOnRenewedAuthentication(build) == TriStateBoolean.TRUE);
    }

    @Test
    public void verifyParticipatesForRenewDisabled() {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, new SingleSignOnProperties().setCreateSsoCookieOnRenewAuthn(false).setRenewAuthnEnabled(true), (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class), (AuthenticationServiceSelectionPlan) Mockito.mock(AuthenticationServiceSelectionPlan.class));
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        mockHttpServletRequest.addParameter("renew", "true");
        Assertions.assertFalse(defaultSingleSignOnParticipationStrategy.isParticipating(SingleSignOnParticipationRequest.builder().httpServletRequest(mockHttpServletRequest).requestContext(mockRequestContext).build()));
    }

    @Test
    public void verifyParticipateForServiceTgtExpirationPolicyWithoutTgt() {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        BaseWebBasedRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService();
        registeredService.setTicketGrantingTicketExpirationPolicy(new DefaultRegisteredServiceTicketGrantingTicketExpirationPolicy(2L));
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(registeredService);
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        WebUtils.putServiceIntoFlowScope(mockRequestContext, RegisteredServiceTestUtils.getService(registeredService.getServiceId()));
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, new SingleSignOnProperties().setCreateSsoCookieOnRenewAuthn(false).setRenewAuthnEnabled(true), (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class), new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()}));
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), mockRequestContext);
        Assertions.assertTrue(defaultSingleSignOnParticipationStrategy.isParticipating(SingleSignOnParticipationRequest.builder().httpServletRequest(mockHttpServletRequest).requestContext(mockRequestContext).build()));
    }

    @Test
    public void verifyDoesNotParticipateForService() {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        CasModelRegisteredService registeredService = CoreAuthenticationTestUtils.getRegisteredService();
        Mockito.when(Boolean.valueOf(registeredService.getAccessStrategy().isServiceAccessAllowedForSso())).thenReturn(false);
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(registeredService);
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        WebUtils.putServiceIntoFlowScope(mockRequestContext, CoreAuthenticationTestUtils.getWebApplicationService());
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, new SingleSignOnProperties().setCreateSsoCookieOnRenewAuthn(false).setRenewAuthnEnabled(true), (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class), new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()}));
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), mockRequestContext);
        Assertions.assertFalse(defaultSingleSignOnParticipationStrategy.isParticipating(SingleSignOnParticipationRequest.builder().httpServletRequest(mockHttpServletRequest).requestContext(mockRequestContext).build()));
    }

    @Test
    public void verifyCookieCreationByService() {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        CasModelRegisteredService registeredService = CoreAuthenticationTestUtils.getRegisteredService();
        DefaultRegisteredServiceSingleSignOnParticipationPolicy defaultRegisteredServiceSingleSignOnParticipationPolicy = new DefaultRegisteredServiceSingleSignOnParticipationPolicy();
        defaultRegisteredServiceSingleSignOnParticipationPolicy.setCreateCookieOnRenewedAuthentication(TriStateBoolean.FALSE);
        Mockito.when(registeredService.getSingleSignOnParticipationPolicy()).thenReturn(defaultRegisteredServiceSingleSignOnParticipationPolicy);
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(registeredService);
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        WebUtils.putServiceIntoFlowScope(mockRequestContext, CoreAuthenticationTestUtils.getWebApplicationService());
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, new SingleSignOnProperties().setCreateSsoCookieOnRenewAuthn(false).setRenewAuthnEnabled(true), (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class), new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()}));
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), mockRequestContext);
        Assertions.assertTrue(defaultSingleSignOnParticipationStrategy.isCreateCookieOnRenewedAuthentication(SingleSignOnParticipationRequest.builder().httpServletRequest(mockHttpServletRequest).requestContext(mockRequestContext).build()).isFalse());
    }

    @Test
    public void verifyRegisteredServiceFromContextEvaluatedBeforeService() {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        CasModelRegisteredService registeredService = CoreAuthenticationTestUtils.getRegisteredService();
        CasModelRegisteredService registeredService2 = CoreAuthenticationTestUtils.getRegisteredService("https://cas/idp/profile/SAML2/Callback");
        Mockito.when(Boolean.valueOf(registeredService.getAccessStrategy().isServiceAccessAllowedForSso())).thenReturn(false);
        Mockito.when(Boolean.valueOf(registeredService2.getAccessStrategy().isServiceAccessAllowedForSso())).thenReturn(true);
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(registeredService2);
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, new SingleSignOnProperties().setCreateSsoCookieOnRenewAuthn(false).setRenewAuthnEnabled(true), (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class), (AuthenticationServiceSelectionPlan) Mockito.mock(AuthenticationServiceSelectionPlan.class));
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        WebUtils.putRegisteredService(mockRequestContext, registeredService);
        WebUtils.putServiceIntoFlowScope(mockRequestContext, CoreAuthenticationTestUtils.getWebApplicationService());
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), mockRequestContext);
        Assertions.assertFalse(defaultSingleSignOnParticipationStrategy.isParticipating(SingleSignOnParticipationRequest.builder().httpServletRequest(mockHttpServletRequest).requestContext(mockRequestContext).build()));
    }

    @Test
    public void verifyRegisteredServiceWithValidSso() {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        CasModelRegisteredService registeredService = CoreAuthenticationTestUtils.getRegisteredService();
        Mockito.when(Boolean.valueOf(registeredService.getAccessStrategy().isServiceAccessAllowedForSso())).thenReturn(true);
        Mockito.when(registeredService.getSingleSignOnParticipationPolicy()).thenReturn(new DefaultRegisteredServiceSingleSignOnParticipationPolicy());
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(registeredService);
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        SingleSignOnProperties singleSignOnProperties = new SingleSignOnProperties();
        TicketRegistrySupport ticketRegistrySupport = (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class);
        Mockito.when(ticketRegistrySupport.getTicket(Mockito.anyString())).thenReturn(mockTicketGrantingTicket);
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, singleSignOnProperties, ticketRegistrySupport, (AuthenticationServiceSelectionPlan) Mockito.mock(AuthenticationServiceSelectionPlan.class));
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        WebUtils.putRegisteredService(mockRequestContext, registeredService);
        WebUtils.putServiceIntoFlowScope(mockRequestContext, CoreAuthenticationTestUtils.getWebApplicationService());
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), mockRequestContext);
        WebUtils.putTicketGrantingTicketInScopes(mockRequestContext, mockTicketGrantingTicket);
        Assertions.assertTrue(defaultSingleSignOnParticipationStrategy.isParticipating(SingleSignOnParticipationRequest.builder().httpServletRequest(mockHttpServletRequest).requestContext(mockRequestContext).build()));
    }

    @Test
    public void verifyRegisteredServiceWithValidSsoAndServiceExpPolicy() {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        CasModelRegisteredService registeredService = CoreAuthenticationTestUtils.getRegisteredService();
        Mockito.when(Boolean.valueOf(registeredService.getAccessStrategy().isServiceAccessAllowedForSso())).thenReturn(true);
        Mockito.when(registeredService.getTicketGrantingTicketExpirationPolicy()).thenReturn(new DefaultRegisteredServiceTicketGrantingTicketExpirationPolicy(1L));
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(registeredService);
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        mockTicketGrantingTicket.setCreated(ZonedDateTime.now(ZoneOffset.UTC).minusHours(1L));
        SingleSignOnProperties singleSignOnProperties = new SingleSignOnProperties();
        TicketRegistrySupport ticketRegistrySupport = (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class);
        Mockito.when(ticketRegistrySupport.getTicket(Mockito.anyString())).thenReturn(mockTicketGrantingTicket);
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, singleSignOnProperties, ticketRegistrySupport, (AuthenticationServiceSelectionPlan) Mockito.mock(AuthenticationServiceSelectionPlan.class));
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        WebUtils.putRegisteredService(mockRequestContext, registeredService);
        WebUtils.putServiceIntoFlowScope(mockRequestContext, CoreAuthenticationTestUtils.getWebApplicationService());
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), mockRequestContext);
        WebUtils.putTicketGrantingTicketInScopes(mockRequestContext, mockTicketGrantingTicket);
        Assertions.assertFalse(defaultSingleSignOnParticipationStrategy.isParticipating(SingleSignOnParticipationRequest.builder().httpServletRequest(mockHttpServletRequest).requestContext(mockRequestContext).build()));
    }
}
