package org.apereo.cas;

import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.stream.IntStream;
import org.apereo.cas.audit.AuditableContext;
import org.apereo.cas.audit.AuditableExecution;
import org.apereo.cas.audit.AuditableExecutionResult;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationResult;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.authentication.principal.DefaultServiceMatchingStrategy;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationServiceFactory;
import org.apereo.cas.mock.MockServiceTicket;
import org.apereo.cas.services.CasModelRegisteredService;
import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
import org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider;
import org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy;
import org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceProxyPolicy;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ReturnAllAttributeReleasePolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedProxyingException;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.ticket.ExpirationPolicy;
import org.apereo.cas.ticket.ExpirationPolicyBuilder;
import org.apereo.cas.ticket.InvalidTicketException;
import org.apereo.cas.ticket.ServiceTicket;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.TransientSessionTicket;
import org.apereo.cas.ticket.UniqueTicketIdGenerator;
import org.apereo.cas.ticket.factory.DefaultProxyGrantingTicketFactory;
import org.apereo.cas.ticket.factory.DefaultProxyTicketFactory;
import org.apereo.cas.ticket.factory.DefaultServiceTicketFactory;
import org.apereo.cas.ticket.factory.DefaultTicketFactory;
import org.apereo.cas.ticket.factory.DefaultTicketGrantingTicketFactory;
import org.apereo.cas.ticket.factory.DefaultTransientSessionTicketFactory;
import org.apereo.cas.ticket.proxy.ProxyGrantingTicket;
import org.apereo.cas.ticket.proxy.ProxyTicket;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.ticket.tracking.TicketTrackingPolicy;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.lock.LockRepository;
import org.apereo.cas.validation.Assertion;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentMatcher;
import org.mockito.Mockito;
import org.springframework.mock.web.MockHttpServletRequest;

@Tag("CAS")
/* loaded from: input_file:org/apereo/cas/DefaultCentralAuthenticationServiceMockitoTests.class */
class DefaultCentralAuthenticationServiceMockitoTests extends BaseCasCoreTests {
    private static final String TGT_ID = "tgt-id";
    private static final String TGT2_ID = "tgt2-id";
    private static final String ST_ID = "st-id";
    private static final String ST2_ID = "st2-id";
    private static final String SVC1_ID = "test1";
    private static final String SVC2_ID = "test2";
    private static final String PRINCIPAL = "principal";
    private DefaultCentralAuthenticationService cas;
    private Authentication authentication;
    private TicketRegistry ticketRegMock;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apereo/cas/DefaultCentralAuthenticationServiceMockitoTests$VerifyServiceByIdMatcher.class */
    public static final class VerifyServiceByIdMatcher extends Record implements ArgumentMatcher<Service> {
        private final String id;

        private VerifyServiceByIdMatcher(String str) {
            this.id = str;
        }

        public boolean matches(Service service) {
            return service != null && service.getId().equals(id());
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, VerifyServiceByIdMatcher.class), VerifyServiceByIdMatcher.class, "id", "FIELD:Lorg/apereo/cas/DefaultCentralAuthenticationServiceMockitoTests$VerifyServiceByIdMatcher;->id:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, VerifyServiceByIdMatcher.class), VerifyServiceByIdMatcher.class, "id", "FIELD:Lorg/apereo/cas/DefaultCentralAuthenticationServiceMockitoTests$VerifyServiceByIdMatcher;->id:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, VerifyServiceByIdMatcher.class, Object.class), VerifyServiceByIdMatcher.class, "id", "FIELD:Lorg/apereo/cas/DefaultCentralAuthenticationServiceMockitoTests$VerifyServiceByIdMatcher;->id:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String id() {
            return this.id;
        }
    }

    DefaultCentralAuthenticationServiceMockitoTests() {
    }

    private static ServicesManager getServicesManager(Service service, Service service2) {
        RegisteredService createMockRegisteredService = createMockRegisteredService(service.getId(), true, getServiceProxyPolicy(false));
        RegisteredService createMockRegisteredService2 = createMockRegisteredService("test", false, getServiceProxyPolicy(true));
        RegisteredService createMockRegisteredService3 = createMockRegisteredService(service2.getId(), true, getServiceProxyPolicy(true));
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.argThat(new VerifyServiceByIdMatcher(service.getId())))).thenReturn(createMockRegisteredService);
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.argThat(new VerifyServiceByIdMatcher("test")))).thenReturn(createMockRegisteredService2);
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.argThat(new VerifyServiceByIdMatcher(service2.getId())))).thenReturn(createMockRegisteredService3);
        return servicesManager;
    }

    private static MockServiceTicket createMockServiceTicket(String str, Service service) {
        return new MockServiceTicket(str, service, (TicketGrantingTicket) null);
    }

    private static RegisteredServiceProxyPolicy getServiceProxyPolicy(boolean z) {
        return !z ? new RefuseRegisteredServiceProxyPolicy() : new RegexMatchingRegisteredServiceProxyPolicy().setPattern(".*");
    }

    private static RegisteredService createMockRegisteredService(String str, boolean z, RegisteredServiceProxyPolicy registeredServiceProxyPolicy) {
        CasModelRegisteredService casModelRegisteredService = (CasModelRegisteredService) Mockito.mock(CasModelRegisteredService.class);
        Mockito.when(casModelRegisteredService.getServiceId()).thenReturn(str);
        Mockito.when(casModelRegisteredService.getProxyPolicy()).thenReturn(registeredServiceProxyPolicy);
        Mockito.when(casModelRegisteredService.getName()).thenReturn(str);
        Mockito.when(Boolean.valueOf(casModelRegisteredService.matches((Service) Mockito.argThat(new VerifyServiceByIdMatcher(str))))).thenReturn(true);
        Mockito.when(casModelRegisteredService.getAttributeReleasePolicy()).thenReturn(new ReturnAllAttributeReleasePolicy());
        Mockito.when(casModelRegisteredService.getUsernameAttributeProvider()).thenReturn(new DefaultRegisteredServiceUsernameProvider());
        Mockito.when(casModelRegisteredService.getAccessStrategy()).thenReturn(new DefaultRegisteredServiceAccessStrategy(z, true));
        return casModelRegisteredService;
    }

    private static Service getService(String str) {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("service", str);
        return new WebApplicationServiceFactory().createService(mockHttpServletRequest);
    }

    @BeforeEach
    public void prepareNewCAS() throws Throwable {
        this.authentication = (Authentication) Mockito.mock(Authentication.class);
        Mockito.when(this.authentication.getAuthenticationDate()).thenReturn(ZonedDateTime.now(ZoneOffset.UTC));
        UsernamePasswordCredential credentialsWithSameUsernameAndPassword = RegisteredServiceTestUtils.getCredentialsWithSameUsernameAndPassword(PRINCIPAL);
        HashMap hashMap = new HashMap();
        hashMap.put("handler1", new DefaultAuthenticationHandlerExecutionResult((AuthenticationHandler) Mockito.mock(AuthenticationHandler.class), credentialsWithSameUsernameAndPassword));
        Mockito.when(this.authentication.getCredentials()).thenReturn(List.of(credentialsWithSameUsernameAndPassword));
        Mockito.when(this.authentication.getSuccesses()).thenReturn(hashMap);
        Mockito.when(this.authentication.getPrincipal()).thenReturn(PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(PRINCIPAL));
        TicketGrantingTicket createRootTicketGrantingTicket = createRootTicketGrantingTicket();
        Service service = getService(SVC1_ID);
        MockServiceTicket createMockServiceTicket = createMockServiceTicket(ST_ID, service);
        TicketGrantingTicket createMockTicketGrantingTicket = createMockTicketGrantingTicket(TGT_ID, createMockServiceTicket, false, createRootTicketGrantingTicket, new ArrayList());
        Mockito.when(createMockTicketGrantingTicket.getProxiedBy()).thenReturn(getService("proxiedBy"));
        createMockServiceTicket.setTicketGrantingTicket(createMockTicketGrantingTicket);
        List<Authentication> list = (List) Mockito.mock(List.class);
        Mockito.when(Integer.valueOf(list.size())).thenReturn(2);
        Mockito.when(list.toArray()).thenReturn(new Object[]{this.authentication, this.authentication});
        Mockito.when(list.get(Mockito.anyInt())).thenReturn(this.authentication);
        Mockito.when(createMockTicketGrantingTicket.getChainedAuthentications()).thenReturn(list);
        Service service2 = getService(SVC2_ID);
        MockServiceTicket createMockServiceTicket2 = createMockServiceTicket(ST2_ID, service2);
        TicketGrantingTicket createMockTicketGrantingTicket2 = createMockTicketGrantingTicket(TGT2_ID, createMockServiceTicket2, false, createRootTicketGrantingTicket, list);
        createMockServiceTicket2.setTicketGrantingTicket(createMockTicketGrantingTicket2);
        mockTicketRegistry(createMockServiceTicket, createMockTicketGrantingTicket, createMockServiceTicket2, createMockTicketGrantingTicket2);
        ServicesManager servicesManager = getServicesManager(service, service2);
        TicketFactory ticketFactory = getTicketFactory();
        DefaultAuthenticationServiceSelectionPlan defaultAuthenticationServiceSelectionPlan = new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()});
        AuditableExecution auditableExecution = (AuditableExecution) Mockito.mock(AuditableExecution.class);
        Mockito.when(auditableExecution.execute((AuditableContext) Mockito.any())).thenReturn(new AuditableExecutionResult());
        this.cas = new DefaultCentralAuthenticationService(CentralAuthenticationServiceContext.builder().applicationContext(this.applicationContext).ticketRegistry(this.ticketRegMock).servicesManager(servicesManager).ticketFactory(ticketFactory).lockRepository(LockRepository.asDefault()).authenticationServiceSelectionPlan(defaultAuthenticationServiceSelectionPlan).authenticationPolicy(new AtLeastOneCredentialValidatedAuthenticationPolicy(false)).principalFactory(PrincipalFactoryUtils.newPrincipalFactory()).cipherExecutor(CipherExecutor.noOpOfStringToString()).registeredServiceAccessStrategyEnforcer(auditableExecution).serviceMatchingStrategy(new DefaultServiceMatchingStrategy(servicesManager)).build());
    }

    @Test
    void verifyNonExistentServiceWhenDelegatingTicketGrantingTicket() throws Throwable {
        Assertions.assertThrows(InvalidTicketException.class, () -> {
            this.cas.createProxyGrantingTicket("bad-st", getAuthenticationContext());
        });
    }

    @Test
    void verifyInvalidServiceWhenDelegatingTicketGrantingTicket() throws Throwable {
        Assertions.assertThrows(UnauthorizedServiceException.class, () -> {
            this.cas.createProxyGrantingTicket(ST_ID, getAuthenticationContext());
        });
    }

    @Test
    void disallowVendingServiceTicketsWhenServiceIsNotAllowedToProxyCAS1019() {
        Assertions.assertThrows(UnauthorizedProxyingException.class, () -> {
            this.cas.grantServiceTicket(TGT_ID, RegisteredServiceTestUtils.getService(SVC1_ID), getAuthenticationContext());
        });
    }

    @Test
    void verifyChainedAuthenticationsOnValidation() throws Throwable {
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(SVC2_ID);
        ServiceTicket grantServiceTicket = this.cas.grantServiceTicket(TGT2_ID, service, getAuthenticationContext());
        Assertions.assertNotNull(grantServiceTicket);
        Assertion validateServiceTicket = this.cas.validateServiceTicket(grantServiceTicket.getId(), service);
        Assertions.assertNotNull(validateServiceTicket);
        Assertions.assertEquals(validateServiceTicket.getService(), service);
        Assertions.assertEquals(PRINCIPAL, validateServiceTicket.getPrimaryAuthentication().getPrincipal().getId());
        Assertions.assertSame(2, Integer.valueOf(validateServiceTicket.getChainedAuthentications().size()));
        IntStream.range(0, validateServiceTicket.getChainedAuthentications().size()).forEach(i -> {
            Assertions.assertEquals(validateServiceTicket.getChainedAuthentications().get(i), this.authentication);
        });
    }

    private TicketFactory getTicketFactory() {
        DefaultTicketFactory defaultTicketFactory = new DefaultTicketFactory();
        defaultTicketFactory.addTicketFactory(ProxyGrantingTicket.class, new DefaultProxyGrantingTicketFactory((UniqueTicketIdGenerator) null, (ExpirationPolicyBuilder) null, CipherExecutor.noOpOfStringToString(), (ServicesManager) Mockito.mock(ServicesManager.class)));
        defaultTicketFactory.addTicketFactory(TicketGrantingTicket.class, new DefaultTicketGrantingTicketFactory((UniqueTicketIdGenerator) null, (ExpirationPolicyBuilder) null, CipherExecutor.noOpOfSerializableToString(), (ServicesManager) Mockito.mock(ServicesManager.class)));
        defaultTicketFactory.addTicketFactory(ServiceTicket.class, new DefaultServiceTicketFactory(neverExpiresExpirationPolicyBuilder(), new HashMap(0), this.serviceTicketSessionTrackingPolicy, CipherExecutor.noOpOfStringToString(), (ServicesManager) Mockito.mock(ServicesManager.class)));
        defaultTicketFactory.addTicketFactory(ProxyTicket.class, new DefaultProxyTicketFactory((ExpirationPolicyBuilder) null, new HashMap(0), CipherExecutor.noOpOfStringToString(), this.serviceTicketSessionTrackingPolicy, (ServicesManager) Mockito.mock(ServicesManager.class)));
        defaultTicketFactory.addTicketFactory(TransientSessionTicket.class, new DefaultTransientSessionTicketFactory(neverExpiresExpirationPolicyBuilder()));
        Assertions.assertSame(Ticket.class, defaultTicketFactory.getTicketType());
        return defaultTicketFactory;
    }

    private AuthenticationResult getAuthenticationContext() {
        AuthenticationResult authenticationResult = (AuthenticationResult) Mockito.mock(AuthenticationResult.class);
        Mockito.when(authenticationResult.getAuthentication()).thenReturn(this.authentication);
        return authenticationResult;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void mockTicketRegistry(ServiceTicket serviceTicket, TicketGrantingTicket ticketGrantingTicket, ServiceTicket serviceTicket2, TicketGrantingTicket ticketGrantingTicket2) {
        this.ticketRegMock = (TicketRegistry) Mockito.mock(TicketRegistry.class);
        Mockito.when(this.ticketRegMock.getTicket((String) Mockito.eq(ticketGrantingTicket.getId()), (Class) Mockito.eq(TicketGrantingTicket.class))).thenReturn(ticketGrantingTicket);
        Mockito.when(this.ticketRegMock.getTicket((String) Mockito.eq(ticketGrantingTicket2.getId()), (Class) Mockito.eq(TicketGrantingTicket.class))).thenReturn(ticketGrantingTicket2);
        Mockito.when(this.ticketRegMock.getTicket((String) Mockito.eq(serviceTicket.getId()), (Class) Mockito.eq(ServiceTicket.class))).thenReturn(serviceTicket);
        Mockito.when(this.ticketRegMock.getTicket((String) Mockito.eq(serviceTicket2.getId()), (Class) Mockito.eq(ServiceTicket.class))).thenReturn(serviceTicket2);
        Mockito.when(this.ticketRegMock.getTickets()).thenReturn(Arrays.asList(ticketGrantingTicket, ticketGrantingTicket2, serviceTicket, serviceTicket2));
        Mockito.when(this.ticketRegMock.stream()).thenCallRealMethod();
    }

    private TicketGrantingTicket createRootTicketGrantingTicket() {
        TicketGrantingTicket ticketGrantingTicket = (TicketGrantingTicket) Mockito.mock(TicketGrantingTicket.class);
        Mockito.when(Boolean.valueOf(ticketGrantingTicket.isExpired())).thenReturn(false);
        Mockito.when(ticketGrantingTicket.getAuthentication()).thenReturn(this.authentication);
        return ticketGrantingTicket;
    }

    private TicketGrantingTicket createMockTicketGrantingTicket(String str, ServiceTicket serviceTicket, boolean z, TicketGrantingTicket ticketGrantingTicket, List<Authentication> list) {
        TicketGrantingTicket ticketGrantingTicket2 = (TicketGrantingTicket) Mockito.mock(TicketGrantingTicket.class);
        Mockito.when(Boolean.valueOf(ticketGrantingTicket2.isExpired())).thenReturn(Boolean.valueOf(z));
        Mockito.when(ticketGrantingTicket2.getId()).thenReturn(str);
        Mockito.when(ticketGrantingTicket2.grantServiceTicket(Mockito.anyString(), (Service) Mockito.argThat(new VerifyServiceByIdMatcher(serviceTicket.getService().getId())), (ExpirationPolicy) Mockito.any(ExpirationPolicy.class), Mockito.anyBoolean(), (TicketTrackingPolicy) Mockito.any())).thenReturn(serviceTicket);
        Mockito.when(ticketGrantingTicket2.getRoot()).thenReturn(ticketGrantingTicket);
        Mockito.when(ticketGrantingTicket2.getChainedAuthentications()).thenReturn(list);
        Mockito.when(ticketGrantingTicket2.getAuthentication()).thenReturn(this.authentication);
        return ticketGrantingTicket2;
    }
}
