package org.apereo.cas;

import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.AuthenticationResult;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.PrincipalException;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.exceptions.MixedPrincipalException;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationServiceFactory;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedProxyingException;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.services.UnauthorizedSsoServiceException;
import org.apereo.cas.ticket.AbstractTicketException;
import org.apereo.cas.ticket.InvalidTicketException;
import org.apereo.cas.ticket.ServiceTicketImpl;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.ticket.UnrecognizableServiceForServiceTicketValidationException;
import org.apereo.cas.ticket.proxy.ProxyTicket;
import org.apereo.cas.validation.DefaultCasProtocolValidationSpecification;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.test.context.TestPropertySource;

@Tag("CAS")
@TestPropertySource(properties = {"cas.ticket.crypto.enabled=true"})
/* loaded from: input_file:org/apereo/cas/DefaultCentralAuthenticationServiceTests.class */
class DefaultCentralAuthenticationServiceTests extends AbstractCentralAuthenticationServiceTests {
    DefaultCentralAuthenticationServiceTests() {
    }

    private static Service getService(String str) {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("service", str);
        return new WebApplicationServiceFactory().createService(mockHttpServletRequest);
    }

    private static Service getService() {
        return getService("https://google.com");
    }

    @Test
    void verifyBadCredentialsOnTicketGrantingTicketCreation() throws Throwable {
        Assertions.assertThrows(AuthenticationException.class, () -> {
            CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword()});
        });
    }

    @Test
    void verifyGoodCredentialsOnTicketGrantingTicketCreation() throws Throwable {
        Assertions.assertNotNull(getCentralAuthenticationService().createTicketGrantingTicket(CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport())));
    }

    @Test
    void verifyDestroyTicketGrantingTicketWithNonExistingTicket() throws Throwable {
        getTicketRegistry().deleteTicket("test");
    }

    @Test
    void verifyDestroyTicketGrantingTicketWithValidTicket() throws Throwable {
        getTicketRegistry().deleteTicket(getCentralAuthenticationService().createTicketGrantingTicket(CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport())).getId());
    }

    @Test
    void verifyDisallowNullCredentialsWhenCreatingTicketGrantingTicket() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{null});
        Assertions.assertThrows(RuntimeException.class, () -> {
            getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
        });
    }

    @Test
    void verifyDisallowNullCredentialsArrayWhenCreatingTicketGrantingTicket() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{null, null});
        Assertions.assertThrows(RuntimeException.class, () -> {
            getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
        });
    }

    @Test
    void verifyDestroyTicketGrantingTicketWithInvalidTicket() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
        Ticket grantServiceTicket = getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService(), authenticationResult);
        Assertions.assertDoesNotThrow(() -> {
            getTicketRegistry().deleteTicket(grantServiceTicket.getId());
        });
    }

    @Test
    void verifyGrantingOfServiceTicketUsingDefaultTicketIdGen() throws Throwable {
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService("testDefault");
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Assertions.assertNotNull(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult));
    }

    @Test
    void verifyGrantServiceTicketWithValidTicketGrantingTicket() throws Throwable {
        Assertions.assertNotNull(getCentralAuthenticationService().getTicketFactory());
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
        getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService(), authenticationResult);
    }

    @Test
    void verifyGrantServiceTicketFailsAuthzRule() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService("TestServiceAttributeForAuthzFails"));
        Assertions.assertThrows(PrincipalException.class, () -> {
            getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
        });
    }

    @Test
    void verifyGrantServiceTicketPassesAuthzRule() throws Throwable {
        Service service = getService("TestServiceAttributeForAuthzPasses");
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult);
    }

    @Test
    void verifyGrantProxyTicketWithValidTicketGrantingTicket() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
        ProxyTicket grantProxyTicket = getCentralAuthenticationService().grantProxyTicket(getCentralAuthenticationService().createProxyGrantingTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService(), authenticationResult).getId(), CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{RegisteredServiceTestUtils.getHttpBasedServiceCredentials()})).getId(), getService());
        Assertions.assertNotNull(grantProxyTicket);
        Assertions.assertNotNull(grantProxyTicket.getAuthentication());
    }

    @Test
    void verifyGrantProxyTicketUnauthzProxy() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
        Ticket grantServiceTicket = getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), RegisteredServiceTestUtils.getService("eduPersonTest"), authenticationResult);
        AuthenticationResult authenticationResult2 = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{RegisteredServiceTestUtils.getHttpBasedServiceCredentials()});
        Assertions.assertThrows(UnauthorizedProxyingException.class, () -> {
            getCentralAuthenticationService().createProxyGrantingTicket(grantServiceTicket.getId(), authenticationResult2);
        });
    }

    @Test
    void verifyGrantProxyTicketFailsServiceAccess() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
        Ticket createProxyGrantingTicket = getCentralAuthenticationService().createProxyGrantingTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService(), authenticationResult).getId(), CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{RegisteredServiceTestUtils.getHttpBasedServiceCredentials()}));
        Assertions.assertThrows(UnauthorizedSsoServiceException.class, () -> {
            getCentralAuthenticationService().grantProxyTicket(createProxyGrantingTicket.getId(), RegisteredServiceTestUtils.getService("unknown-service"));
        });
    }

    @Test
    void verifyGrantServiceTicketWithInvalidTicketGrantingTicket() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
        Ticket createTicketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
        getTicketRegistry().deleteTicket(createTicketGrantingTicket.getId());
        Assertions.assertThrows(AbstractTicketException.class, () -> {
            getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), getService(), authenticationResult);
        });
    }

    @Test
    void verifyDelegateTicketGrantingTicketWithProperParams() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService());
        Assertions.assertNotNull(getCentralAuthenticationService().createProxyGrantingTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService(), authenticationResult).getId(), CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{RegisteredServiceTestUtils.getHttpBasedServiceCredentials()})));
    }

    @Test
    void verifyProxyGrantingTicketHasRootAuthenticationAsPrincipal() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService());
        TicketGrantingTicket createTicketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
        Assertions.assertEquals(getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), getService(), authenticationResult).getService().getPrincipal(), createTicketGrantingTicket.getAuthentication().getPrincipal().getId());
    }

    @Test
    void verifyDelegateTicketGrantingTicketWithBadServiceTicket() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService());
        Ticket createTicketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
        Ticket grantServiceTicket = getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), getService(), authenticationResult);
        getTicketRegistry().deleteTicket(createTicketGrantingTicket.getId());
        AuthenticationResult authenticationResult2 = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{RegisteredServiceTestUtils.getHttpBasedServiceCredentials()});
        Assertions.assertThrows(AbstractTicketException.class, () -> {
            getCentralAuthenticationService().createProxyGrantingTicket(grantServiceTicket.getId(), authenticationResult2);
        });
    }

    @Test
    void verifyGrantServiceTicketWithValidCredentials() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService());
        getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService(), authenticationResult);
    }

    @Test
    void verifyGrantServiceTicketWithDifferentCredentials() throws Throwable {
        Ticket createTicketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword("testA")}));
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), new Credential[]{CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword("testB")});
        Assertions.assertThrows(MixedPrincipalException.class, () -> {
            getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), getService(), authenticationResult);
        });
    }

    @Test
    void verifyValidateServiceTicketWithValidService() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
        Assertions.assertNotNull(getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService(), authenticationResult).getId(), getService()));
    }

    @Test
    void verifyValidateServiceTicketWithMappedAttrPolicy() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
        Ticket createTicketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
        Service service = getService("accessStrategyMapped");
        Assertions.assertNotNull(getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), service, authenticationResult).getId(), service));
    }

    @Test
    void verifyValidateServiceTicketFailsTicket() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
        Ticket grantServiceTicket = getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService(), authenticationResult);
        String uuid = UUID.randomUUID().toString();
        Assertions.assertThrows(InvalidTicketException.class, () -> {
            getCentralAuthenticationService().validateServiceTicket(uuid, getService());
        });
        Assertions.assertThrows(UnrecognizableServiceForServiceTicketValidationException.class, () -> {
            getCentralAuthenticationService().validateServiceTicket(grantServiceTicket.getId(), RegisteredServiceTestUtils.getService(uuid));
        });
    }

    @Test
    void verifyValidateServiceTicketWithoutTicketGrantingTicket() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
        ServiceTicketImpl grantServiceTicket = getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService(), authenticationResult);
        grantServiceTicket.setTicketGrantingTicket((TicketGrantingTicket) null);
        Assertions.assertThrows(InvalidTicketException.class, () -> {
            getCentralAuthenticationService().validateServiceTicket(grantServiceTicket.getId(), getService());
        });
    }

    @Test
    void verifyValidateServiceTicketWithInvalidService() throws Throwable {
        Service service = getService("badtestservice");
        Assertions.assertThrows(UnauthorizedServiceException.class, () -> {
            CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        });
    }

    @Test
    void verifyValidateServiceTicketWithInvalidServiceTicket() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService());
        Ticket createTicketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
        Ticket grantServiceTicket = getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), getService(), authenticationResult);
        getTicketRegistry().deleteTicket(createTicketGrantingTicket.getId());
        Assertions.assertThrows(AbstractTicketException.class, () -> {
            getCentralAuthenticationService().validateServiceTicket(grantServiceTicket.getId(), getService());
        });
    }

    @Test
    void verifyValidateServiceTicketWithInvalidProxy() throws Throwable {
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService());
        Ticket createTicketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
        Ticket grantServiceTicket = getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), getService(), authenticationResult);
        getTicketRegistry().deleteTicket(createTicketGrantingTicket.getId());
        Assertions.assertThrows(AbstractTicketException.class, () -> {
            getCentralAuthenticationService().validateServiceTicket(grantServiceTicket.getId(), getService());
        });
    }

    @Test
    void verifyValidateServiceTicketNonExistingTicket() throws Throwable {
        Assertions.assertThrows(AbstractTicketException.class, () -> {
            getCentralAuthenticationService().validateServiceTicket("google", getService());
        });
    }

    @Test
    void verifyValidateServiceTicketWithoutUsernameAttribute() throws Throwable {
        UsernamePasswordCredential credentialsWithSameUsernameAndPassword = CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword();
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService());
        Assertions.assertEquals(getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), getService(), authenticationResult).getId(), getService()).getPrimaryAuthentication().getPrincipal().getId(), credentialsWithSameUsernameAndPassword.getUsername());
    }

    @Test
    void verifyValidateServiceTicketWithDefaultUsernameAttribute() throws Throwable {
        Service service = getService("testDefault");
        UsernamePasswordCredential credentialsWithSameUsernameAndPassword = CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword();
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Assertions.assertEquals(getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult).getId(), service).getPrimaryAuthentication().getPrincipal().getId(), credentialsWithSameUsernameAndPassword.getUsername());
    }

    @Test
    void verifyTicketState() throws Throwable {
        Ticket createTicketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService("testDefault")));
        Ticket ticket = getTicketRegistry().getTicket(createTicketGrantingTicket.getId());
        Assertions.assertEquals(ticket, createTicketGrantingTicket);
        ticket.markTicketExpired();
        Assertions.assertTrue(getTicketRegistry().updateTicket(ticket).isExpired());
        Assertions.assertThrows(InvalidTicketException.class, () -> {
            getTicketRegistry().getTicket(createTicketGrantingTicket.getId(), TicketGrantingTicket.class);
        });
    }

    @Test
    void verifyValidateServiceTicketWithUsernameAttribute() throws Throwable {
        Service service = getService("eduPersonTest");
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Assertions.assertEquals("developer", getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult).getId(), service).getPrimaryAuthentication().getPrincipal().getId());
    }

    @Test
    void verifyGrantServiceTicketWithCredsAndSsoFalse() throws Throwable {
        Service service = getService("TestSsoFalse");
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Ticket createTicketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
        Assertions.assertNotNull(getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), service, authenticationResult));
        Assertions.assertEquals(1, createTicketGrantingTicket.getCountOfUses());
        Assertions.assertDoesNotThrow(() -> {
            return getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), service, authenticationResult);
        });
    }

    @Test
    void verifyGrantServiceTicketWithNoCredsAndSsoFalse() throws Throwable {
        Service service = getService("TestSsoFalse");
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(service);
        Mockito.when(Boolean.valueOf(authenticationResult.isCredentialProvided())).thenReturn(true);
        Ticket createTicketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
        Assertions.assertNotNull(getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), service, authenticationResult));
        Assertions.assertEquals(1, createTicketGrantingTicket.getCountOfUses());
        Mockito.when(Boolean.valueOf(authenticationResult.isCredentialProvided())).thenReturn(false);
        Assertions.assertThrows(UnauthorizedSsoServiceException.class, () -> {
            getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), service, authenticationResult);
        });
    }

    @Test
    void verifyGrantServiceTicketWithNoCredsAndSsoFalseAndSsoFalse() throws Throwable {
        Service service = getService("TestSsoFalse");
        AuthenticationResult authenticationResult = (AuthenticationResult) Mockito.mock(AuthenticationResult.class);
        Mockito.when(authenticationResult.getAuthentication()).thenReturn(CoreAuthenticationTestUtils.getAuthentication());
        Mockito.when(Boolean.valueOf(authenticationResult.isCredentialProvided())).thenReturn(true);
        Ticket createTicketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult);
        getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), getService("eduPersonTest"), authenticationResult);
        Mockito.when(Boolean.valueOf(authenticationResult.isCredentialProvided())).thenReturn(false);
        Assertions.assertThrows(UnauthorizedSsoServiceException.class, () -> {
            getCentralAuthenticationService().grantServiceTicket(createTicketGrantingTicket.getId(), service, authenticationResult);
        });
    }

    @Test
    void verifyValidateServiceTicketNoAttributesReturned() throws Throwable {
        Service service = getService();
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Map attributes = getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult).getId(), service).getPrimaryAuthentication().getPrincipal().getAttributes();
        Assertions.assertEquals(1, attributes.size());
        Assertions.assertTrue(attributes.containsKey("binaryAttribute"));
    }

    @Test
    void verifyValidateServiceTicketReturnAllAttributes() throws Throwable {
        Service service = getService("eduPersonTest");
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Map attributes = getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult).getId(), service).getPrimaryAuthentication().getPrincipal().getAttributes();
        Assertions.assertEquals(5, attributes.size());
        Assertions.assertTrue(attributes.containsKey("uid"));
        Assertions.assertTrue(attributes.containsKey("mail"));
        Assertions.assertTrue(attributes.containsKey("binaryAttribute"));
        Assertions.assertTrue(attributes.containsKey("groupMembership"));
        Assertions.assertTrue(attributes.containsKey("eduPersonAffiliation"));
    }

    @Test
    void verifyValidateServiceTicketReturnOnlyAllowedAttribute() throws Throwable {
        Service service = getService("eduPersonTestInvalid");
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Map attributes = getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult).getId(), service).getPrimaryAuthentication().getPrincipal().getAttributes();
        Assertions.assertEquals(1, attributes.size());
        Assertions.assertEquals("adopters", ((List) attributes.get("groupMembership")).getFirst());
    }

    @Test
    void verifyValidateServiceTicketAnonymous() throws Throwable {
        Service service = getService("testAnonymous");
        UsernamePasswordCredential credentialsWithSameUsernameAndPassword = CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword();
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Assertions.assertNotEquals(credentialsWithSameUsernameAndPassword.getUsername(), getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult).getId(), service).getPrimaryAuthentication().getPrincipal().getId());
    }

    @Test
    void verifyValidateServiceTicketWithInvalidUsernameAttribute() throws Throwable {
        Service service = getService("eduPersonTestInvalid");
        UsernamePasswordCredential credentialsWithSameUsernameAndPassword = CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword();
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Assertions.assertEquals(getCentralAuthenticationService().validateServiceTicket(getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), service, authenticationResult).getId(), service).getPrimaryAuthentication().getPrincipal().getId(), credentialsWithSameUsernameAndPassword.getUsername());
    }

    @Test
    void verifyAuthenticateTwiceWithRenew() throws Throwable {
        CentralAuthenticationService centralAuthenticationService = getCentralAuthenticationService();
        Service service = getService("testDefault");
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
        Ticket createTicketGrantingTicket = centralAuthenticationService.createTicketGrantingTicket(authenticationResult);
        centralAuthenticationService.grantServiceTicket(createTicketGrantingTicket.getId(), service, authenticationResult);
        Assertions.assertTrue(new DefaultCasProtocolValidationSpecification((ServicesManager) Mockito.mock(ServicesManager.class), assertion -> {
            return true;
        }).isSatisfiedBy(centralAuthenticationService.validateServiceTicket(centralAuthenticationService.grantServiceTicket(createTicketGrantingTicket.getId(), service, authenticationResult).getId(), service), new MockHttpServletRequest()));
    }
}
