package org.apereo.cas.web.flow;

import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.config.CasCoreWebConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.sso.SingleSignOnProperties;
import org.apereo.cas.configuration.support.TriStateBoolean;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.BaseWebBasedRegisteredService;
import org.apereo.cas.services.CasModelRegisteredService;
import org.apereo.cas.services.DefaultRegisteredServiceSingleSignOnParticipationPolicy;
import org.apereo.cas.services.DefaultRegisteredServiceTicketGrantingTicketExpirationPolicy;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.registry.TicketRegistrySupport;
import org.apereo.cas.util.MockRequestContext;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.autoconfigure.endpoint.EndpointAutoConfiguration;
import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointAutoConfiguration;
import org.springframework.boot.autoconfigure.web.WebProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.context.ConfigurableApplicationContext;

@Tag("Webflow")
@EnableConfigurationProperties({CasConfigurationProperties.class, WebProperties.class})
@SpringBootTest(classes = {RefreshAutoConfiguration.class, WebEndpointAutoConfiguration.class, EndpointAutoConfiguration.class, CasCoreWebConfiguration.class}, properties = {"spring.main.allow-bean-definition-overriding=true"})
/* loaded from: input_file:org/apereo/cas/web/flow/DefaultSingleSignOnParticipationStrategyTests.class */
class DefaultSingleSignOnParticipationStrategyTests {

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    DefaultSingleSignOnParticipationStrategyTests() {
    }

    @Test
    void verifyParticipationDisabledWithService() throws Throwable {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        CasModelRegisteredService registeredService = CoreAuthenticationTestUtils.getRegisteredService();
        Mockito.when(Boolean.valueOf(registeredService.getAccessStrategy().isServiceAccessAllowedForSso(registeredService))).thenReturn(true);
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(registeredService);
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, new SingleSignOnProperties().setSsoEnabled(false), (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class), new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()}));
        WebUtils.putServiceIntoFlowScope(create, RegisteredServiceTestUtils.getService(registeredService.getServiceId()));
        Assertions.assertFalse(defaultSingleSignOnParticipationStrategy.isParticipating(getSingleSignOnParticipationRequest(create)));
    }

    @Test
    void verifyParticipationDisabled() throws Throwable {
        Assertions.assertFalse(new DefaultSingleSignOnParticipationStrategy((ServicesManager) Mockito.mock(ServicesManager.class), new SingleSignOnProperties().setSsoEnabled(false), (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class), (AuthenticationServiceSelectionPlan) Mockito.mock(AuthenticationServiceSelectionPlan.class)).isParticipating(getSingleSignOnParticipationRequest(MockRequestContext.create(this.applicationContext))));
    }

    @Test
    void verifyParticipatesForRenew() throws Throwable {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, new SingleSignOnProperties().setCreateSsoCookieOnRenewAuthn(true).setRenewAuthnEnabled(true), (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class), (AuthenticationServiceSelectionPlan) Mockito.mock(AuthenticationServiceSelectionPlan.class));
        create.setParameter("renew", "true");
        SingleSignOnParticipationRequest singleSignOnParticipationRequest = getSingleSignOnParticipationRequest(create);
        Assertions.assertTrue(defaultSingleSignOnParticipationStrategy.isParticipating(singleSignOnParticipationRequest) || defaultSingleSignOnParticipationStrategy.isCreateCookieOnRenewedAuthentication(singleSignOnParticipationRequest) == TriStateBoolean.TRUE);
    }

    @Test
    void verifyParticipatesForRenewDisabled() throws Throwable {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, new SingleSignOnProperties().setCreateSsoCookieOnRenewAuthn(false).setRenewAuthnEnabled(true), (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class), (AuthenticationServiceSelectionPlan) Mockito.mock(AuthenticationServiceSelectionPlan.class));
        create.setParameter("renew", "true");
        Assertions.assertFalse(defaultSingleSignOnParticipationStrategy.isParticipating(getSingleSignOnParticipationRequest(create)));
    }

    @Test
    void verifyParticipateForServiceTgtExpirationPolicyWithoutTgt() throws Throwable {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        BaseWebBasedRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService();
        registeredService.setTicketGrantingTicketExpirationPolicy(new DefaultRegisteredServiceTicketGrantingTicketExpirationPolicy(2L));
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(registeredService);
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        WebUtils.putServiceIntoFlowScope(create, RegisteredServiceTestUtils.getService(registeredService.getServiceId()));
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, new SingleSignOnProperties().setCreateSsoCookieOnRenewAuthn(false).setRenewAuthnEnabled(true), (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class), new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()}));
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), create);
        Assertions.assertTrue(defaultSingleSignOnParticipationStrategy.isParticipating(getSingleSignOnParticipationRequest(create)));
    }

    @Test
    void verifyDoesNotParticipateForService() throws Throwable {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        CasModelRegisteredService registeredService = CoreAuthenticationTestUtils.getRegisteredService();
        Mockito.when(Boolean.valueOf(registeredService.getAccessStrategy().isServiceAccessAllowedForSso(registeredService))).thenReturn(false);
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(registeredService);
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        WebUtils.putServiceIntoFlowScope(create, CoreAuthenticationTestUtils.getWebApplicationService());
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, new SingleSignOnProperties().setCreateSsoCookieOnRenewAuthn(false).setRenewAuthnEnabled(true), (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class), new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()}));
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), create);
        Assertions.assertFalse(defaultSingleSignOnParticipationStrategy.isParticipating(getSingleSignOnParticipationRequest(create)));
    }

    @Test
    void verifyCookieCreationByService() throws Throwable {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        CasModelRegisteredService registeredService = CoreAuthenticationTestUtils.getRegisteredService();
        DefaultRegisteredServiceSingleSignOnParticipationPolicy defaultRegisteredServiceSingleSignOnParticipationPolicy = new DefaultRegisteredServiceSingleSignOnParticipationPolicy();
        defaultRegisteredServiceSingleSignOnParticipationPolicy.setCreateCookieOnRenewedAuthentication(TriStateBoolean.FALSE);
        Mockito.when(registeredService.getSingleSignOnParticipationPolicy()).thenReturn(defaultRegisteredServiceSingleSignOnParticipationPolicy);
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(registeredService);
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        WebUtils.putServiceIntoFlowScope(create, CoreAuthenticationTestUtils.getWebApplicationService());
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, new SingleSignOnProperties().setCreateSsoCookieOnRenewAuthn(false).setRenewAuthnEnabled(true), (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class), new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()}));
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), create);
        Assertions.assertTrue(defaultSingleSignOnParticipationStrategy.isCreateCookieOnRenewedAuthentication(getSingleSignOnParticipationRequest(create)).isFalse());
    }

    @Test
    void verifyRegisteredServiceFromContextEvaluatedBeforeService() throws Throwable {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        CasModelRegisteredService registeredService = CoreAuthenticationTestUtils.getRegisteredService();
        CasModelRegisteredService registeredService2 = CoreAuthenticationTestUtils.getRegisteredService("https://cas/idp/profile/SAML2/Callback");
        Mockito.when(Boolean.valueOf(registeredService.getAccessStrategy().isServiceAccessAllowedForSso(registeredService))).thenReturn(false);
        Mockito.when(Boolean.valueOf(registeredService2.getAccessStrategy().isServiceAccessAllowedForSso(registeredService))).thenReturn(true);
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(registeredService2);
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, new SingleSignOnProperties().setCreateSsoCookieOnRenewAuthn(false).setRenewAuthnEnabled(true), (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class), (AuthenticationServiceSelectionPlan) Mockito.mock(AuthenticationServiceSelectionPlan.class));
        WebUtils.putRegisteredService(create, registeredService);
        WebUtils.putServiceIntoFlowScope(create, CoreAuthenticationTestUtils.getWebApplicationService());
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), create);
        Assertions.assertFalse(defaultSingleSignOnParticipationStrategy.isParticipating(getSingleSignOnParticipationRequest(create)));
    }

    @Test
    void verifyRegisteredServiceWithValidSso() throws Throwable {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        CasModelRegisteredService registeredService = CoreAuthenticationTestUtils.getRegisteredService();
        Mockito.when(Boolean.valueOf(registeredService.getAccessStrategy().isServiceAccessAllowedForSso(registeredService))).thenReturn(true);
        Mockito.when(registeredService.getSingleSignOnParticipationPolicy()).thenReturn(new DefaultRegisteredServiceSingleSignOnParticipationPolicy());
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(registeredService);
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        SingleSignOnProperties singleSignOnProperties = new SingleSignOnProperties();
        TicketRegistrySupport ticketRegistrySupport = (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class);
        Mockito.when(ticketRegistrySupport.getTicket(Mockito.anyString())).thenReturn(mockTicketGrantingTicket);
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, singleSignOnProperties, ticketRegistrySupport, (AuthenticationServiceSelectionPlan) Mockito.mock(AuthenticationServiceSelectionPlan.class));
        WebUtils.putRegisteredService(create, registeredService);
        WebUtils.putServiceIntoFlowScope(create, CoreAuthenticationTestUtils.getWebApplicationService());
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), create);
        WebUtils.putTicketGrantingTicketInScopes(create, mockTicketGrantingTicket);
        Assertions.assertTrue(defaultSingleSignOnParticipationStrategy.isParticipating(getSingleSignOnParticipationRequest(create)));
    }

    @Test
    void verifyRegisteredServiceWithValidSsoAndServiceExpPolicy() throws Throwable {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        CasModelRegisteredService registeredService = CoreAuthenticationTestUtils.getRegisteredService();
        Mockito.when(Boolean.valueOf(registeredService.getAccessStrategy().isServiceAccessAllowedForSso(registeredService))).thenReturn(true);
        Mockito.when(registeredService.getTicketGrantingTicketExpirationPolicy()).thenReturn(new DefaultRegisteredServiceTicketGrantingTicketExpirationPolicy(1L));
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(registeredService);
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        mockTicketGrantingTicket.setCreated(ZonedDateTime.now(ZoneOffset.UTC).minusHours(1L));
        SingleSignOnProperties singleSignOnProperties = new SingleSignOnProperties();
        TicketRegistrySupport ticketRegistrySupport = (TicketRegistrySupport) Mockito.mock(TicketRegistrySupport.class);
        Mockito.when(ticketRegistrySupport.getTicket(Mockito.anyString())).thenReturn(mockTicketGrantingTicket);
        DefaultSingleSignOnParticipationStrategy defaultSingleSignOnParticipationStrategy = new DefaultSingleSignOnParticipationStrategy(servicesManager, singleSignOnProperties, ticketRegistrySupport, (AuthenticationServiceSelectionPlan) Mockito.mock(AuthenticationServiceSelectionPlan.class));
        WebUtils.putRegisteredService(create, registeredService);
        WebUtils.putServiceIntoFlowScope(create, CoreAuthenticationTestUtils.getWebApplicationService());
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), create);
        WebUtils.putTicketGrantingTicketInScopes(create, mockTicketGrantingTicket);
        Assertions.assertFalse(defaultSingleSignOnParticipationStrategy.isParticipating(getSingleSignOnParticipationRequest(create)));
    }

    private static SingleSignOnParticipationRequest getSingleSignOnParticipationRequest(MockRequestContext mockRequestContext) {
        return SingleSignOnParticipationRequest.builder().httpServletRequest(mockRequestContext.getHttpServletRequest()).httpServletResponse(mockRequestContext.getHttpServletResponse()).requestContext(mockRequestContext).build();
    }
}
