package org.apereo.cas;

import java.util.Map;
import lombok.Generated;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.AuthenticationResult;
import org.apereo.cas.authentication.AuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.ContextualAuthenticationPolicyFactory;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.PrincipalException;
import org.apereo.cas.authentication.UsernamePasswordCredential;
import org.apereo.cas.authentication.exceptions.MixedPrincipalException;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationServiceFactory;
import org.apereo.cas.logout.LogoutManager;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.services.UnauthorizedSsoServiceException;
import org.apereo.cas.ticket.AbstractTicketException;
import org.apereo.cas.ticket.ExpirationPolicy;
import org.apereo.cas.ticket.ServiceTicket;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.TicketGrantingTicketImpl;
import org.apereo.cas.util.MockOnlyOneTicketRegistry;
import org.apereo.cas.validation.Cas20WithoutProxyingValidationSpecification;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.test.annotation.DirtiesContext;

@DirtiesContext
/* loaded from: input_file:org/apereo/cas/DefaultCentralAuthenticationServiceTests.class */
public class DefaultCentralAuthenticationServiceTests extends AbstractCentralAuthenticationServiceTests {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultCentralAuthenticationServiceTests.class);

    @Rule
    public ExpectedException thrown = ExpectedException.none();

    @Test
    public void verifyBadCredentialsOnTicketGrantingTicketCreation() {
        this.thrown.expect(AuthenticationException.class);
        getCentralAuthenticationService().createTicketGrantingTicket(CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword()}));
    }

    @Test
    public void verifyGoodCredentialsOnTicketGrantingTicketCreation() {
        try {
            Assert.assertNotNull(getCentralAuthenticationService().createTicketGrantingTicket(CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport())));
        } catch (AbstractTicketException e) {
            throw new AssertionError("Exception expected", e);
        }
    }

    @Test
    public void verifyDestroyTicketGrantingTicketWithNonExistingTicket() {
        getCentralAuthenticationService().destroyTicketGrantingTicket("test");
    }

    @Test
    public void verifyDestroyTicketGrantingTicketWithValidTicket() {
        getCentralAuthenticationService().destroyTicketGrantingTicket(getCentralAuthenticationService().createTicketGrantingTicket(CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport())).getId());
    }

    @Test
    public void verifyDisallowNullCredentialsWhenCreatingTicketGrantingTicket() {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{null});
        this.thrown.expect(RuntimeException.class);
        getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
    }

    @Test
    public void verifyDisallowNullCredentialsArrayWhenCreatingTicketGrantingTicket() {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{null, null});
        this.thrown.expect(RuntimeException.class);
        getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
    }

    @Test
    public void verifyDestroyTicketGrantingTicketWithInvalidTicket() {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
        ServiceTicket grantServiceTicket = getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService(), authenticationResult);
        this.thrown.expect(ClassCastException.class);
        getCentralAuthenticationService().destroyTicketGrantingTicket(grantServiceTicket.getId());
    }

    @Test
    public void verifyGrantingOfServiceTicketUsingDefaultTicketIdGen() {
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService("testDefault");
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Assert.assertNotNull(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult));
    }

    @Test
    public void verifyGrantServiceTicketWithValidTicketGrantingTicket() {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
        getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService(), authenticationResult);
    }

    @Test
    public void verifyGrantServiceTicketFailsAuthzRule() {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService("TestServiceAttributeForAuthzFails"));
        this.thrown.expect(PrincipalException.class);
        getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService("TestServiceAttributeForAuthzFails"), authenticationResult);
    }

    @Test
    public void verifyGrantServiceTicketPassesAuthzRule() {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService("TestServiceAttributeForAuthzPasses"));
        getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService("TestServiceAttributeForAuthzPasses"), authenticationResult);
    }

    @Test
    public void verifyGrantProxyTicketWithValidTicketGrantingTicket() {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
        Assert.assertTrue(getCentralAuthenticationService().grantProxyTicket(getCentralAuthenticationService().createProxyGrantingTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService(), authenticationResult).getId(), CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{RegisteredServiceTestUtils.getHttpBasedServiceCredentials()})).getId(), getService()).getId().startsWith("PT"));
    }

    @Test
    public void verifyGrantServiceTicketWithInvalidTicketGrantingTicket() {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
        TicketGrantingTicket createTicketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
        getCentralAuthenticationService().destroyTicketGrantingTicket(createTicketGrantingTicket.getId());
        this.thrown.expect(AbstractTicketException.class);
        getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), getService(), authenticationResult);
    }

    @Test
    public void verifyDelegateTicketGrantingTicketWithProperParams() {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService());
        Assert.assertTrue(getCentralAuthenticationService().createProxyGrantingTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService(), authenticationResult).getId(), CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{RegisteredServiceTestUtils.getHttpBasedServiceCredentials()})).getId().startsWith("PGT"));
    }

    @Test
    public void verifyProxyGrantingTicketHasRootAuthenticationAsPrincipal() {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService());
        TicketGrantingTicket createTicketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
        Assert.assertEquals(((AbstractWebApplicationService) AbstractWebApplicationService.class.cast(getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), getService(), authenticationResult).getService())).getPrincipal(), createTicketGrantingTicket.getAuthentication().getPrincipal().getId());
    }

    @Test
    public void verifyDelegateTicketGrantingTicketWithBadServiceTicket() {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService());
        TicketGrantingTicket createTicketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
        ServiceTicket grantServiceTicket = getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), getService(), authenticationResult);
        getCentralAuthenticationService().destroyTicketGrantingTicket(createTicketGrantingTicket.getId());
        AuthenticationResult authenticationResult2 = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{RegisteredServiceTestUtils.getHttpBasedServiceCredentials()});
        this.thrown.expect(AbstractTicketException.class);
        getCentralAuthenticationService().createProxyGrantingTicket(grantServiceTicket.getId(), authenticationResult2);
    }

    @Test
    public void verifyGrantServiceTicketWithValidCredentials() {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService());
        getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService(), authenticationResult);
    }

    @Test
    public void verifyGrantServiceTicketWithDifferentCredentials() {
        TicketGrantingTicket createTicketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword("testA")}));
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword("testB")});
        this.thrown.expect(MixedPrincipalException.class);
        getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), getService(), authenticationResult);
    }

    @Test
    public void verifyValidateServiceTicketWithValidService() {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
        getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService(), authenticationResult).getId(), getService());
    }

    @Test
    public void verifyValidateServiceTicketWithInvalidService() {
        this.thrown.expect(UnauthorizedServiceException.class);
        Service service = getService("badtestservice");
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult).getId(), service);
    }

    @Test
    public void verifyValidateServiceTicketWithInvalidServiceTicket() {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService());
        TicketGrantingTicket createTicketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
        ServiceTicket grantServiceTicket = getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), getService(), authenticationResult);
        getCentralAuthenticationService().destroyTicketGrantingTicket(createTicketGrantingTicket.getId());
        this.thrown.expect(AbstractTicketException.class);
        getCentralAuthenticationService().validateServiceTicket(grantServiceTicket.getId(), getService());
    }

    @Test
    public void verifyValidateServiceTicketNonExistantTicket() {
        this.thrown.expect(AbstractTicketException.class);
        getCentralAuthenticationService().validateServiceTicket("google", getService());
    }

    @Test
    public void verifyValidateServiceTicketWithoutUsernameAttribute() {
        UsernamePasswordCredential credentialsWithSameUsernameAndPassword = CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword();
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService());
        Assert.assertEquals(getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService(), authenticationResult).getId(), getService()).getPrimaryAuthentication().getPrincipal().getId(), credentialsWithSameUsernameAndPassword.getUsername());
    }

    @Test
    public void verifyValidateServiceTicketWithDefaultUsernameAttribute() {
        Service service = getService("testDefault");
        UsernamePasswordCredential credentialsWithSameUsernameAndPassword = CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword();
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Assert.assertEquals(getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult).getId(), service).getPrimaryAuthentication().getPrincipal().getId(), credentialsWithSameUsernameAndPassword.getUsername());
    }

    @Test
    public void verifyValidateServiceTicketWithUsernameAttribute() {
        Service service = getService("eduPersonTest");
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Assert.assertEquals("developer", getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult).getId(), service).getPrimaryAuthentication().getPrincipal().getId());
    }

    @Test
    public void verifyGrantServiceTicketWithCredsAndSsoFalse() {
        Service service = getService("TestSsoFalse");
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Assert.assertNotNull(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult));
    }

    @Test
    public void verifyGrantServiceTicketWithNoCredsAndSsoFalse() {
        Service service = getService("TestSsoFalse");
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Assert.assertNotNull(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult));
    }

    @Test
    public void verifyGrantServiceTicketWithNoCredsAndSsoFalseAndSsoFalse() {
        Service service = getService("TestSsoFalse");
        AuthenticationResult authenticationResult = (AuthenticationResult) Mockito.mock(AuthenticationResult.class);
        Mockito.when(authenticationResult.getAuthentication()).thenReturn(CoreAuthenticationTestUtils.getAuthentication());
        Mockito.when(Boolean.valueOf(authenticationResult.isCredentialProvided())).thenReturn(true);
        TicketGrantingTicket createTicketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
        getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), getService("eduPersonTest"), authenticationResult);
        this.thrown.expect(UnauthorizedSsoServiceException.class);
        Mockito.when(Boolean.valueOf(authenticationResult.isCredentialProvided())).thenReturn(false);
        getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), service, authenticationResult);
    }

    @Test
    public void verifyValidateServiceTicketNoAttributesReturned() {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService());
        Assert.assertEquals(0L, getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), r0, authenticationResult).getId(), r0).getPrimaryAuthentication().getPrincipal().getAttributes().size());
    }

    @Test
    public void verifyValidateServiceTicketReturnAllAttributes() {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService("eduPersonTest"));
        Assert.assertEquals(3L, getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), r0, authenticationResult).getId(), r0).getPrimaryAuthentication().getPrincipal().getAttributes().size());
    }

    @Test
    public void verifyValidateServiceTicketReturnOnlyAllowedAttribute() {
        Service service = getService("eduPersonTestInvalid");
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Map attributes = getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult).getId(), service).getPrimaryAuthentication().getPrincipal().getAttributes();
        Assert.assertEquals(1L, attributes.size());
        Assert.assertEquals("adopters", attributes.get("groupMembership"));
    }

    @Test
    public void verifyValidateServiceTicketAnonymous() {
        Service service = getService("testAnonymous");
        UsernamePasswordCredential credentialsWithSameUsernameAndPassword = CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword();
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Assert.assertNotEquals(credentialsWithSameUsernameAndPassword.getUsername(), getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult).getId(), service).getPrimaryAuthentication().getPrincipal().getId());
    }

    @Test
    public void verifyValidateServiceTicketWithInvalidUsernameAttribute() {
        Service service = getService("eduPersonTestInvalid");
        UsernamePasswordCredential credentialsWithSameUsernameAndPassword = CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword();
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Assert.assertEquals(getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult).getId(), service).getPrimaryAuthentication().getPrincipal().getId(), credentialsWithSameUsernameAndPassword.getUsername());
    }

    @Test
    public void verifyAuthenticateTwiceWithRenew() throws AbstractTicketException, AuthenticationException {
        CentralAuthenticationService centralAuthenticationService = getCentralAuthenticationService();
        Service service = getService("testDefault");
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        TicketGrantingTicket createTicketGrantingTicket = centralAuthenticationService.createTicketGrantingTicket(authenticationResult);
        centralAuthenticationService.grantServiceTicket(createTicketGrantingTicket.getId(), service, authenticationResult);
        Assert.assertTrue(new Cas20WithoutProxyingValidationSpecification().isSatisfiedBy(centralAuthenticationService.validateServiceTicket(centralAuthenticationService.grantServiceTicket(createTicketGrantingTicket.getId(), service, authenticationResult).getId(), service), new MockHttpServletRequest()));
    }

    @Test
    public void verifyDestroyRemoteRegistry() throws AbstractTicketException, AuthenticationException {
        MockOnlyOneTicketRegistry mockOnlyOneTicketRegistry = new MockOnlyOneTicketRegistry();
        TicketGrantingTicketImpl ticketGrantingTicketImpl = new TicketGrantingTicketImpl("TGT-1", (Authentication) Mockito.mock(Authentication.class), (ExpirationPolicy) Mockito.mock(ExpirationPolicy.class));
        LogoutManager logoutManager = (LogoutManager) Mockito.mock(LogoutManager.class);
        Mockito.when(logoutManager.performLogout((TicketGrantingTicket) Mockito.any(TicketGrantingTicket.class))).thenAnswer(invocationOnMock -> {
            ticketGrantingTicketImpl.markTicketExpired();
            mockOnlyOneTicketRegistry.updateTicket(ticketGrantingTicketImpl);
            return null;
        });
        mockOnlyOneTicketRegistry.addTicket(ticketGrantingTicketImpl);
        new DefaultCentralAuthenticationService((ApplicationEventPublisher) Mockito.mock(ApplicationEventPublisher.class), mockOnlyOneTicketRegistry, (ServicesManager) null, logoutManager, (TicketFactory) null, (AuthenticationServiceSelectionPlan) null, (ContextualAuthenticationPolicyFactory) null, (PrincipalFactory) null, (CipherExecutor) null, (AuditableExecution) Mockito.mock(AuditableExecution.class)).destroyTicketGrantingTicket(ticketGrantingTicketImpl.getId());
    }

    private static Service getService(String str) {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("service", str);
        return new WebApplicationServiceFactory().createService(mockHttpServletRequest);
    }

    private static Service getService() {
        return getService("https://google.com");
    }
}
