package org.apereo.cas.web.flow.authentication;

import java.util.Map;
import java.util.Set;
import java.util.UUID;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.AllowedAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria;
import org.apereo.cas.services.AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria;
import org.apereo.cas.services.CasRegisteredService;
import org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy;
import org.apereo.cas.services.ExcludedAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAuthenticationPolicy;
import org.apereo.cas.services.RegisteredServiceAuthenticationPolicyCriteria;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.test.CasTestExtension;
import org.apereo.cas.ticket.registry.DefaultTicketRegistrySupport;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.MockRequestContext;
import org.apereo.cas.web.flow.BaseWebflowConfigurerTests;
import org.apereo.cas.web.flow.SingleSignOnParticipationRequest;
import org.apereo.cas.web.flow.SingleSignOnParticipationStrategy;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.context.ConfigurableApplicationContext;

@Tag("Webflow")
@ExtendWith({CasTestExtension.class})
@SpringBootTest(classes = {BaseWebflowConfigurerTests.SharedTestConfiguration.class})
/* loaded from: input_file:org/apereo/cas/web/flow/authentication/RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategyTests.class */
class RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategyTests {

    @Autowired
    protected ConfigurableApplicationContext applicationContext;

    @Autowired
    @Qualifier("servicesManager")
    protected ServicesManager servicesManager;

    @Autowired
    @Qualifier("ticketRegistry")
    protected TicketRegistry ticketRegistry;

    RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategyTests() {
    }

    private SingleSignOnParticipationStrategy getSingleSignOnStrategy(RegisteredService registeredService) {
        DefaultAuthenticationEventExecutionPlan defaultAuthenticationEventExecutionPlan = new DefaultAuthenticationEventExecutionPlan();
        defaultAuthenticationEventExecutionPlan.registerAuthenticationHandler(new SimpleTestUsernamePasswordAuthenticationHandler());
        this.servicesManager.save(registeredService);
        return new RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy(this.servicesManager, new DefaultTicketRegistrySupport(this.ticketRegistry), new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()}), defaultAuthenticationEventExecutionPlan, this.applicationContext);
    }

    @Test
    void verifyNoServiceOrPolicy() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService(UUID.randomUUID().toString(), Map.of());
        DefaultRegisteredServiceAuthenticationPolicy defaultRegisteredServiceAuthenticationPolicy = new DefaultRegisteredServiceAuthenticationPolicy();
        defaultRegisteredServiceAuthenticationPolicy.setCriteria((RegisteredServiceAuthenticationPolicyCriteria) null);
        registeredService.setAuthenticationPolicy(defaultRegisteredServiceAuthenticationPolicy);
        SingleSignOnParticipationStrategy singleSignOnStrategy = getSingleSignOnStrategy(registeredService);
        SingleSignOnParticipationRequest build = SingleSignOnParticipationRequest.builder().httpServletRequest(create.getHttpServletRequest()).httpServletResponse(create.getHttpServletResponse()).requestContext(create).build();
        Assertions.assertTrue(singleSignOnStrategy.isParticipating(build));
        WebUtils.putRegisteredService(create, registeredService);
        Assertions.assertEquals(0, singleSignOnStrategy.getOrder());
        Assertions.assertFalse(singleSignOnStrategy.supports(build));
        registeredService.setAuthenticationPolicy((RegisteredServiceAuthenticationPolicy) null);
        Assertions.assertTrue(singleSignOnStrategy.isParticipating(build));
    }

    @Test
    void verifyNoServiceOrSso() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        SingleSignOnParticipationStrategy singleSignOnStrategy = getSingleSignOnStrategy(RegisteredServiceTestUtils.getRegisteredService(UUID.randomUUID().toString()));
        SingleSignOnParticipationRequest build = SingleSignOnParticipationRequest.builder().httpServletRequest(create.getHttpServletRequest()).httpServletResponse(create.getHttpServletResponse()).requestContext(create).build();
        Assertions.assertFalse(singleSignOnStrategy.supports(build));
        WebUtils.putServiceIntoFlowScope(create, CoreAuthenticationTestUtils.getWebApplicationService("unknown"));
        Assertions.assertFalse(singleSignOnStrategy.supports(build));
    }

    @Test
    void verifySsoWithMismatchedHandlers() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService(UUID.randomUUID().toString(), Map.of());
        DefaultRegisteredServiceAuthenticationPolicy defaultRegisteredServiceAuthenticationPolicy = new DefaultRegisteredServiceAuthenticationPolicy();
        defaultRegisteredServiceAuthenticationPolicy.setRequiredAuthenticationHandlers(Set.of("SomeOtherHandler"));
        defaultRegisteredServiceAuthenticationPolicy.setCriteria(new AllowedAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria());
        registeredService.setAuthenticationPolicy(defaultRegisteredServiceAuthenticationPolicy);
        SingleSignOnParticipationStrategy singleSignOnStrategy = getSingleSignOnStrategy(registeredService);
        WebUtils.putServiceIntoFlowScope(create, CoreAuthenticationTestUtils.getWebApplicationService(registeredService.getServiceId()));
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        this.ticketRegistry.addTicket(mockTicketGrantingTicket);
        WebUtils.putTicketGrantingTicketInScopes(create, mockTicketGrantingTicket);
        SingleSignOnParticipationRequest build = SingleSignOnParticipationRequest.builder().httpServletRequest(create.getHttpServletRequest()).httpServletResponse(create.getHttpServletResponse()).requestContext(create).build();
        Assertions.assertTrue(singleSignOnStrategy.supports(build));
        Assertions.assertFalse(singleSignOnStrategy.isParticipating(build));
    }

    @Test
    void verifySsoWithHandlers() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService(UUID.randomUUID().toString(), Map.of());
        DefaultRegisteredServiceAuthenticationPolicy defaultRegisteredServiceAuthenticationPolicy = new DefaultRegisteredServiceAuthenticationPolicy();
        defaultRegisteredServiceAuthenticationPolicy.setRequiredAuthenticationHandlers(Set.of(SimpleTestUsernamePasswordAuthenticationHandler.class.getSimpleName()));
        defaultRegisteredServiceAuthenticationPolicy.setCriteria(new AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria());
        registeredService.setAuthenticationPolicy(defaultRegisteredServiceAuthenticationPolicy);
        SingleSignOnParticipationStrategy singleSignOnStrategy = getSingleSignOnStrategy(registeredService);
        WebUtils.putServiceIntoFlowScope(create, CoreAuthenticationTestUtils.getWebApplicationService(registeredService.getServiceId()));
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        this.ticketRegistry.addTicket(mockTicketGrantingTicket);
        WebUtils.putTicketGrantingTicketInScopes(create, mockTicketGrantingTicket);
        SingleSignOnParticipationRequest build = SingleSignOnParticipationRequest.builder().httpServletRequest(create.getHttpServletRequest()).httpServletResponse(create.getHttpServletResponse()).requestContext(create).build();
        Assertions.assertTrue(singleSignOnStrategy.supports(build));
        Assertions.assertTrue(singleSignOnStrategy.isParticipating(build));
    }

    @Test
    void verifySsoWithExcludedHandlers() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService(UUID.randomUUID().toString(), Map.of());
        DefaultRegisteredServiceAuthenticationPolicy defaultRegisteredServiceAuthenticationPolicy = new DefaultRegisteredServiceAuthenticationPolicy();
        defaultRegisteredServiceAuthenticationPolicy.setCriteria(new ExcludedAuthenticationHandlersRegisteredServiceAuthenticationPolicyCriteria());
        defaultRegisteredServiceAuthenticationPolicy.setExcludedAuthenticationHandlers(Set.of(SimpleTestUsernamePasswordAuthenticationHandler.class.getName()));
        registeredService.setAuthenticationPolicy(defaultRegisteredServiceAuthenticationPolicy);
        SingleSignOnParticipationStrategy singleSignOnStrategy = getSingleSignOnStrategy(registeredService);
        WebUtils.putServiceIntoFlowScope(create, CoreAuthenticationTestUtils.getWebApplicationService(registeredService.getServiceId()));
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        this.ticketRegistry.addTicket(mockTicketGrantingTicket);
        WebUtils.putTicketGrantingTicketInScopes(create, mockTicketGrantingTicket);
        SingleSignOnParticipationRequest build = SingleSignOnParticipationRequest.builder().httpServletRequest(create.getHttpServletRequest()).httpServletResponse(create.getHttpServletResponse()).requestContext(create).build();
        Assertions.assertTrue(singleSignOnStrategy.supports(build));
        Assertions.assertFalse(singleSignOnStrategy.isParticipating(build));
    }
}
