package org.apereo.cas.web.flow;

import jakarta.servlet.http.Cookie;
import java.net.URI;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.CasRegisteredService;
import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
import org.apereo.cas.services.DenyAllAttributeReleasePolicy;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ReturnMappedAttributeReleasePolicy;
import org.apereo.cas.ticket.Ticket;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.util.MockRequestContext;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.webflow.execution.Action;

@Tag("WebflowServiceActions")
/* loaded from: input_file:org/apereo/cas/web/flow/GenerateServiceTicketActionTests.class */
class GenerateServiceTicketActionTests extends AbstractWebflowActionsTests {

    @Autowired
    @Qualifier("generateServiceTicketAction")
    private Action action;
    private Ticket ticketGrantingTicket;
    private Service service;

    GenerateServiceTicketActionTests() {
    }

    @BeforeEach
    public void onSetUp() throws Throwable {
        this.service = RegisteredServiceTestUtils.getService(UUID.randomUUID().toString());
        getServicesManager().save(RegisteredServiceTestUtils.getRegisteredService(this.service.getId(), Map.of()));
        this.ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(getAuthenticationSystemSupport().finalizeAuthenticationTransaction(this.service, new Credential[]{CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword()}));
        getTicketRegistry().addTicket(this.ticketGrantingTicket);
    }

    @Test
    void verifyServiceTicketFromCookie() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        create.getFlowScope().put("service", this.service);
        create.getFlowScope().put("ticketGrantingTicketId", this.ticketGrantingTicket.getId());
        create.setParameter("service", this.service.getId());
        create.getHttpServletRequest().setCookies(new Cookie[]{new Cookie("TGT", this.ticketGrantingTicket.getId())});
        this.action.execute(create);
        Assertions.assertNotNull(WebUtils.getServiceTicketFromRequestScope(create));
    }

    @Test
    void verifyTicketGrantingTicketFromRequest() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        create.getFlowScope().put("service", this.service);
        create.setParameter("service", this.service.getId());
        WebUtils.putTicketGrantingTicketInScopes(create, this.ticketGrantingTicket);
        this.action.execute(create);
        Assertions.assertNotNull(WebUtils.getServiceTicketFromRequestScope(create));
    }

    @Test
    void verifyServiceTicketWithAccessStrategyMapped() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        String uuid = UUID.randomUUID().toString();
        CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService(uuid, Map.of("Role", Set.of(".*developer.*")));
        registeredService.setAttributeReleasePolicy(new ReturnMappedAttributeReleasePolicy().setAllowedAttributes(Map.of("Role", "groovy { return attributes['eduPersonAffiliation'].get(0) }")));
        getServicesManager().save(registeredService);
        create.getFlowScope().put("service", RegisteredServiceTestUtils.getService(uuid));
        create.setParameter("service", uuid);
        WebUtils.putTicketGrantingTicketInScopes(create, this.ticketGrantingTicket);
        this.action.execute(create);
        Assertions.assertNotNull(WebUtils.getServiceTicketFromRequestScope(create));
    }

    @Test
    void verifyServiceTicketWithAccessStrategyDenied() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        String uuid = UUID.randomUUID().toString();
        CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService(uuid, Map.of("eduPersonAffiliation", Set.of(".*developer.*")));
        registeredService.setAttributeReleasePolicy(new DenyAllAttributeReleasePolicy());
        getServicesManager().save(registeredService);
        create.getFlowScope().put("service", RegisteredServiceTestUtils.getService(uuid));
        create.setParameter("service", uuid);
        WebUtils.putTicketGrantingTicketInScopes(create, this.ticketGrantingTicket);
        this.action.execute(create);
        Assertions.assertNotNull(WebUtils.getServiceTicketFromRequestScope(create));
    }

    @Test
    void verifyServiceTicketWithAccessStrategyMultivalued() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        String uuid = UUID.randomUUID().toString();
        CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService(uuid, Map.of("eduPersonAffiliation", Set.of(".*developer.*")));
        registeredService.setAttributeReleasePolicy(new ReturnMappedAttributeReleasePolicy().setAllowedAttributes(Map.of("eduPersonAffiliation", "groovy { return 'engineers' }")));
        getServicesManager().save(registeredService);
        create.getFlowScope().put("service", RegisteredServiceTestUtils.getService(uuid));
        create.setParameter("service", uuid);
        WebUtils.putTicketGrantingTicketInScopes(create, this.ticketGrantingTicket);
        this.action.execute(create);
        Assertions.assertNotNull(WebUtils.getServiceTicketFromRequestScope(create));
    }

    @Test
    void verifyTicketGrantingTicketNoTgt() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        create.getFlowScope().put("service", this.service);
        create.setParameter("service", this.service.getId());
        TicketGrantingTicket ticketGrantingTicket = (TicketGrantingTicket) Mockito.mock(TicketGrantingTicket.class);
        Mockito.when(ticketGrantingTicket.getId()).thenReturn("bleh");
        WebUtils.putTicketGrantingTicketInScopes(create, ticketGrantingTicket);
        Assertions.assertEquals("authenticationFailure", this.action.execute(create).getId());
    }

    @Test
    void verifyTicketGrantingTicketExpiredTgt() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        create.getFlowScope().put("service", this.service);
        create.setParameter("service", this.service.getId());
        WebUtils.putTicketGrantingTicketInScopes(create, this.ticketGrantingTicket);
        this.ticketGrantingTicket.markTicketExpired();
        getTicketRegistry().updateTicket(this.ticketGrantingTicket);
        Assertions.assertEquals("authenticationFailure", this.action.execute(create).getId());
    }

    @Test
    void verifyTicketGrantingTicketNotTgtButGateway() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        create.getFlowScope().put("service", this.service);
        create.setParameter("service", this.service.getId());
        create.setParameter("gateway", "true");
        TicketGrantingTicket ticketGrantingTicket = (TicketGrantingTicket) Mockito.mock(TicketGrantingTicket.class);
        Mockito.when(ticketGrantingTicket.getId()).thenReturn("bleh");
        WebUtils.putTicketGrantingTicketInScopes(create, ticketGrantingTicket);
        Assertions.assertEquals("gateway", this.action.execute(create).getId());
    }

    @Test
    void verifyWarnCookie() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(UUID.randomUUID().toString());
        create.getFlowScope().put("service", service);
        CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService(service.getId());
        registeredService.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy().setUnauthorizedRedirectUrl(new URI("https://github.com")));
        getServicesManager().save(registeredService);
        WebUtils.putWarningCookie(create, Boolean.TRUE);
        WebUtils.putTicketGrantingTicketInScopes(create, this.ticketGrantingTicket);
        Assertions.assertEquals("warn", this.action.execute(create).getId());
    }
}
