package org.apereo.cas.web.flow.authentication;

import com.github.benmanes.caffeine.cache.Caffeine;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.AllowedAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria;
import org.apereo.cas.services.AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria;
import org.apereo.cas.services.CasRegisteredService;
import org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy;
import org.apereo.cas.services.DefaultServicesManager;
import org.apereo.cas.services.DefaultServicesManagerRegisteredServiceLocator;
import org.apereo.cas.services.ExcludedAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria;
import org.apereo.cas.services.InMemoryServiceRegistry;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAuthenticationPolicy;
import org.apereo.cas.services.RegisteredServiceAuthenticationPolicyCriteria;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManagerConfigurationContext;
import org.apereo.cas.ticket.registry.DefaultTicketRegistry;
import org.apereo.cas.ticket.registry.DefaultTicketRegistrySupport;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.web.flow.SingleSignOnParticipationRequest;
import org.apereo.cas.web.flow.SingleSignOnParticipationStrategy;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.context.support.StaticApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.test.MockRequestContext;

@Tag("Webflow")
/* loaded from: input_file:org/apereo/cas/web/flow/authentication/RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategyTests.class */
public class RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategyTests {
    private static SingleSignOnParticipationStrategy getSingleSignOnStrategy(RegisteredService registeredService, TicketRegistry ticketRegistry) {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        DefaultServicesManager defaultServicesManager = new DefaultServicesManager(ServicesManagerConfigurationContext.builder().serviceRegistry(new InMemoryServiceRegistry(staticApplicationContext, List.of(registeredService), List.of())).applicationContext(staticApplicationContext).environments(new HashSet(0)).servicesCache(Caffeine.newBuilder().build()).registeredServiceLocators(List.of(new DefaultServicesManagerRegisteredServiceLocator())).build());
        defaultServicesManager.load();
        DefaultAuthenticationEventExecutionPlan defaultAuthenticationEventExecutionPlan = new DefaultAuthenticationEventExecutionPlan();
        defaultAuthenticationEventExecutionPlan.registerAuthenticationHandler(new SimpleTestUsernamePasswordAuthenticationHandler());
        return new RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy(defaultServicesManager, new DefaultTicketRegistrySupport(ticketRegistry), new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()}), defaultAuthenticationEventExecutionPlan, staticApplicationContext);
    }

    @Test
    public void verifyNoServiceOrPolicy() {
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService("serviceid1", Map.of());
        DefaultRegisteredServiceAuthenticationPolicy defaultRegisteredServiceAuthenticationPolicy = new DefaultRegisteredServiceAuthenticationPolicy();
        defaultRegisteredServiceAuthenticationPolicy.setCriteria((RegisteredServiceAuthenticationPolicyCriteria) null);
        registeredService.setAuthenticationPolicy(defaultRegisteredServiceAuthenticationPolicy);
        SingleSignOnParticipationStrategy singleSignOnStrategy = getSingleSignOnStrategy(registeredService, new DefaultTicketRegistry());
        SingleSignOnParticipationRequest build = SingleSignOnParticipationRequest.builder().httpServletRequest(mockHttpServletRequest).httpServletResponse(mockHttpServletResponse).requestContext(mockRequestContext).build();
        Assertions.assertTrue(singleSignOnStrategy.isParticipating(build));
        WebUtils.putRegisteredService(mockRequestContext, registeredService);
        Assertions.assertEquals(0, singleSignOnStrategy.getOrder());
        Assertions.assertFalse(singleSignOnStrategy.supports(build));
        registeredService.setAuthenticationPolicy((RegisteredServiceAuthenticationPolicy) null);
        Assertions.assertTrue(singleSignOnStrategy.isParticipating(build));
    }

    @Test
    public void verifyNoServiceOrSso() {
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        SingleSignOnParticipationStrategy singleSignOnStrategy = getSingleSignOnStrategy(RegisteredServiceTestUtils.getRegisteredService("serviceid1"), new DefaultTicketRegistry());
        SingleSignOnParticipationRequest build = SingleSignOnParticipationRequest.builder().httpServletRequest(mockHttpServletRequest).httpServletResponse(mockHttpServletResponse).requestContext(mockRequestContext).build();
        Assertions.assertFalse(singleSignOnStrategy.supports(build));
        WebUtils.putServiceIntoFlowScope(mockRequestContext, CoreAuthenticationTestUtils.getWebApplicationService("unknown"));
        Assertions.assertFalse(singleSignOnStrategy.supports(build));
    }

    @Test
    public void verifySsoWithMismatchedHandlers() throws Exception {
        new StaticApplicationContext().refresh();
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService("serviceid1", Map.of());
        DefaultRegisteredServiceAuthenticationPolicy defaultRegisteredServiceAuthenticationPolicy = new DefaultRegisteredServiceAuthenticationPolicy();
        defaultRegisteredServiceAuthenticationPolicy.setRequiredAuthenticationHandlers(Set.of("SomeOtherHandler"));
        defaultRegisteredServiceAuthenticationPolicy.setCriteria(new AllowedAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria());
        registeredService.setAuthenticationPolicy(defaultRegisteredServiceAuthenticationPolicy);
        DefaultTicketRegistry defaultTicketRegistry = new DefaultTicketRegistry();
        SingleSignOnParticipationStrategy singleSignOnStrategy = getSingleSignOnStrategy(registeredService, defaultTicketRegistry);
        WebUtils.putServiceIntoFlowScope(mockRequestContext, CoreAuthenticationTestUtils.getWebApplicationService("serviceid1"));
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        defaultTicketRegistry.addTicket(mockTicketGrantingTicket);
        WebUtils.putTicketGrantingTicketInScopes(mockRequestContext, mockTicketGrantingTicket);
        SingleSignOnParticipationRequest build = SingleSignOnParticipationRequest.builder().httpServletRequest(mockHttpServletRequest).httpServletResponse(mockHttpServletResponse).requestContext(mockRequestContext).build();
        Assertions.assertTrue(singleSignOnStrategy.supports(build));
        Assertions.assertFalse(singleSignOnStrategy.isParticipating(build));
    }

    @Test
    public void verifySsoWithHandlers() throws Exception {
        new StaticApplicationContext().refresh();
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService("serviceid1", Map.of());
        DefaultRegisteredServiceAuthenticationPolicy defaultRegisteredServiceAuthenticationPolicy = new DefaultRegisteredServiceAuthenticationPolicy();
        defaultRegisteredServiceAuthenticationPolicy.setRequiredAuthenticationHandlers(Set.of(SimpleTestUsernamePasswordAuthenticationHandler.class.getSimpleName()));
        defaultRegisteredServiceAuthenticationPolicy.setCriteria(new AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria());
        registeredService.setAuthenticationPolicy(defaultRegisteredServiceAuthenticationPolicy);
        DefaultTicketRegistry defaultTicketRegistry = new DefaultTicketRegistry();
        SingleSignOnParticipationStrategy singleSignOnStrategy = getSingleSignOnStrategy(registeredService, defaultTicketRegistry);
        WebUtils.putServiceIntoFlowScope(mockRequestContext, CoreAuthenticationTestUtils.getWebApplicationService("serviceid1"));
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        defaultTicketRegistry.addTicket(mockTicketGrantingTicket);
        WebUtils.putTicketGrantingTicketInScopes(mockRequestContext, mockTicketGrantingTicket);
        SingleSignOnParticipationRequest build = SingleSignOnParticipationRequest.builder().httpServletRequest(mockHttpServletRequest).httpServletResponse(mockHttpServletResponse).requestContext(mockRequestContext).build();
        Assertions.assertTrue(singleSignOnStrategy.supports(build));
        Assertions.assertTrue(singleSignOnStrategy.isParticipating(build));
    }

    @Test
    public void verifySsoWithExcludedHandlers() throws Exception {
        new StaticApplicationContext().refresh();
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService("serviceid1", Map.of());
        DefaultRegisteredServiceAuthenticationPolicy defaultRegisteredServiceAuthenticationPolicy = new DefaultRegisteredServiceAuthenticationPolicy();
        defaultRegisteredServiceAuthenticationPolicy.setCriteria(new ExcludedAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria());
        defaultRegisteredServiceAuthenticationPolicy.setExcludedAuthenticationHandlers(Set.of(SimpleTestUsernamePasswordAuthenticationHandler.class.getName()));
        registeredService.setAuthenticationPolicy(defaultRegisteredServiceAuthenticationPolicy);
        DefaultTicketRegistry defaultTicketRegistry = new DefaultTicketRegistry();
        SingleSignOnParticipationStrategy singleSignOnStrategy = getSingleSignOnStrategy(registeredService, defaultTicketRegistry);
        WebUtils.putServiceIntoFlowScope(mockRequestContext, CoreAuthenticationTestUtils.getWebApplicationService("serviceid1"));
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        defaultTicketRegistry.addTicket(mockTicketGrantingTicket);
        WebUtils.putTicketGrantingTicketInScopes(mockRequestContext, mockTicketGrantingTicket);
        SingleSignOnParticipationRequest build = SingleSignOnParticipationRequest.builder().httpServletRequest(mockHttpServletRequest).httpServletResponse(mockHttpServletResponse).requestContext(mockRequestContext).build();
        Assertions.assertTrue(singleSignOnStrategy.supports(build));
        Assertions.assertFalse(singleSignOnStrategy.isParticipating(build));
    }
}
