package org.apereo.cas.aws;

import java.util.List;
import org.apereo.cas.authentication.mfa.TestMultifactorAuthenticationProvider;
import org.apereo.cas.config.CasAmazonCoreAutoConfiguration;
import org.apereo.cas.config.CasAuthenticationEventExecutionPlanTestConfiguration;
import org.apereo.cas.config.CasCoreRestAutoConfiguration;
import org.apereo.cas.util.junit.EnabledIfListeningOnPort;
import org.apereo.cas.util.spring.ApplicationContextProvider;
import org.apereo.cas.web.report.AbstractCasEndpointTests;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.context.TestPropertySource;
import org.springframework.util.LinkedMultiValueMap;

@Tag("AmazonWebServices")
@EnabledIfListeningOnPort(port = {4566})
/* loaded from: input_file:org/apereo/cas/aws/AmazonSecurityTokenServiceEndpointTests.class */
class AmazonSecurityTokenServiceEndpointTests {

    @TestPropertySource(properties = {"cas.amazon-sts.endpoint=http://127.0.0.1:4566", "cas.amazon-sts.region=us-east-1", "cas.amazon-sts.credential-access-key=test", "cas.amazon-sts.credential-secret-key=test", "cas.authn.mfa.groovy-script.location=classpath:AmazonStsGroovyMfa.groovy", "management.endpoint.awsSts.enabled=true"})
    @Import({CasAmazonCoreAutoConfiguration.class, CasCoreRestAutoConfiguration.class, CasAuthenticationEventExecutionPlanTestConfiguration.class})
    /* loaded from: input_file:org/apereo/cas/aws/AmazonSecurityTokenServiceEndpointTests$BaseAmazonSecurityTokenServiceEndpointTests.class */
    static class BaseAmazonSecurityTokenServiceEndpointTests extends AbstractCasEndpointTests {
        BaseAmazonSecurityTokenServiceEndpointTests() {
        }
    }

    @Tag("AmazonWebServices")
    @Nested
    @TestPropertySource(properties = {"cas.amazon-sts.principal-attribute-name=groupMembership", "cas.amazon-sts.principal-attribute-value=^un[A-Z]known.*", "cas.authn.attribute-repository.stub.attributes.groupMembership=some-value"})
    /* loaded from: input_file:org/apereo/cas/aws/AmazonSecurityTokenServiceEndpointTests$WithMissingAuthorizationAttributeValues.class */
    class WithMissingAuthorizationAttributeValues extends BaseAmazonSecurityTokenServiceEndpointTests {

        @Autowired
        @Qualifier("awsSecurityTokenServiceEndpoint")
        private AmazonSecurityTokenServiceEndpoint awsSecurityTokenServiceEndpoint;

        WithMissingAuthorizationAttributeValues(AmazonSecurityTokenServiceEndpointTests amazonSecurityTokenServiceEndpointTests) {
        }

        @BeforeEach
        public void beforeEach() {
            ApplicationContextProvider.holdApplicationContext(this.applicationContext);
            TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(this.applicationContext);
        }

        @Test
        void verifyAuthzFails() throws Throwable {
            MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
            LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
            linkedMultiValueMap.put("username", List.of("casuser"));
            linkedMultiValueMap.put("password", List.of("resusac"));
            Assertions.assertEquals(HttpStatus.UNAUTHORIZED, this.awsSecurityTokenServiceEndpoint.fetchCredentials((String) null, (String) null, (String) null, (String) null, linkedMultiValueMap, mockHttpServletRequest, new MockHttpServletResponse()).getStatusCode());
        }
    }

    @Tag("AmazonWebServices")
    @Nested
    @TestPropertySource(properties = {"cas.amazon-sts.principal-attribute-name=unknown"})
    /* loaded from: input_file:org/apereo/cas/aws/AmazonSecurityTokenServiceEndpointTests$WithMissingAuthorizationAttributes.class */
    class WithMissingAuthorizationAttributes extends BaseAmazonSecurityTokenServiceEndpointTests {

        @Autowired
        @Qualifier("awsSecurityTokenServiceEndpoint")
        private AmazonSecurityTokenServiceEndpoint awsSecurityTokenServiceEndpoint;

        WithMissingAuthorizationAttributes(AmazonSecurityTokenServiceEndpointTests amazonSecurityTokenServiceEndpointTests) {
        }

        @BeforeEach
        public void beforeEach() {
            ApplicationContextProvider.holdApplicationContext(this.applicationContext);
            TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(this.applicationContext);
        }

        @Test
        void verifyAuthzFails() throws Throwable {
            MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
            LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
            linkedMultiValueMap.put("username", List.of("casuser"));
            linkedMultiValueMap.put("password", List.of("resusac"));
            Assertions.assertEquals(HttpStatus.UNAUTHORIZED, this.awsSecurityTokenServiceEndpoint.fetchCredentials((String) null, (String) null, (String) null, (String) null, linkedMultiValueMap, mockHttpServletRequest, new MockHttpServletResponse()).getStatusCode());
        }
    }

    @Tag("AmazonWebServices")
    @Nested
    @TestPropertySource(properties = {"cas.amazon-sts.principal-attribute-name=awsroles", "cas.amazon-sts.principal-attribute-value=arn.+", "cas.amazon-sts.rbac-enabled=true", "cas.authn.attribute-repository.stub.attributes.awsroles=arn:aws:iam::223873472255:role/adminuser-iam-role,arn:aws:iam::123873472251:role/superuser-iam-role"})
    /* loaded from: input_file:org/apereo/cas/aws/AmazonSecurityTokenServiceEndpointTests$WithMultipleRolesRequest.class */
    class WithMultipleRolesRequest extends BaseAmazonSecurityTokenServiceEndpointTests {

        @Autowired
        @Qualifier("awsSecurityTokenServiceEndpoint")
        private AmazonSecurityTokenServiceEndpoint awsSecurityTokenServiceEndpoint;

        WithMultipleRolesRequest(AmazonSecurityTokenServiceEndpointTests amazonSecurityTokenServiceEndpointTests) {
        }

        @BeforeEach
        public void beforeEach() {
            ApplicationContextProvider.holdApplicationContext(this.applicationContext);
            TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(this.applicationContext);
        }

        @Test
        void verifyOperation() throws Throwable {
            MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
            LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
            linkedMultiValueMap.put("username", List.of("casuser"));
            linkedMultiValueMap.put("password", List.of("resusac"));
            Assertions.assertEquals(HttpStatus.UNAUTHORIZED, this.awsSecurityTokenServiceEndpoint.fetchCredentials((String) null, (String) null, (String) null, (String) null, linkedMultiValueMap, mockHttpServletRequest, new MockHttpServletResponse()).getStatusCode());
        }

        @Test
        void verifySpecificUnknownRoleOperation() throws Throwable {
            MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
            LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
            linkedMultiValueMap.put("username", List.of("casuser"));
            linkedMultiValueMap.put("password", List.of("resusac"));
            Assertions.assertEquals(HttpStatus.UNAUTHORIZED, this.awsSecurityTokenServiceEndpoint.fetchCredentials((String) null, (String) null, (String) null, "this-is-unknown-role", linkedMultiValueMap, mockHttpServletRequest, new MockHttpServletResponse()).getStatusCode());
        }
    }

    @Tag("AmazonWebServices")
    @Nested
    @TestPropertySource(properties = {"cas.amazon-sts.principal-attribute-name=awsroles", "cas.amazon-sts.principal-attribute-value=.+", "cas.amazon-sts.rbac-enabled=true", "cas.authn.attribute-repository.stub.attributes.awsroles=arn:aws:iam::223873472255:role/adminuser-iam-role"})
    /* loaded from: input_file:org/apereo/cas/aws/AmazonSecurityTokenServiceEndpointTests$WithRoleRequest.class */
    class WithRoleRequest extends BaseAmazonSecurityTokenServiceEndpointTests {

        @Autowired
        @Qualifier("awsSecurityTokenServiceEndpoint")
        private AmazonSecurityTokenServiceEndpoint awsSecurityTokenServiceEndpoint;

        WithRoleRequest(AmazonSecurityTokenServiceEndpointTests amazonSecurityTokenServiceEndpointTests) {
        }

        @BeforeEach
        public void beforeEach() {
            ApplicationContextProvider.holdApplicationContext(this.applicationContext);
            TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(this.applicationContext);
        }

        @Test
        void verifyOperation() throws Throwable {
            MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
            LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
            linkedMultiValueMap.put("username", List.of("casuser"));
            linkedMultiValueMap.put("password", List.of("resusac"));
            Assertions.assertEquals(HttpStatus.OK, this.awsSecurityTokenServiceEndpoint.fetchCredentials((String) null, (String) null, (String) null, (String) null, linkedMultiValueMap, mockHttpServletRequest, new MockHttpServletResponse()).getStatusCode());
        }
    }

    @Tag("AmazonWebServices")
    @Nested
    @TestPropertySource(properties = {"cas.amazon-sts.principal-attribute-name=", "cas.amazon-sts.principal-attribute-value="})
    /* loaded from: input_file:org/apereo/cas/aws/AmazonSecurityTokenServiceEndpointTests$WithoutAuthorizationAttributes.class */
    class WithoutAuthorizationAttributes extends BaseAmazonSecurityTokenServiceEndpointTests {

        @Autowired
        @Qualifier("awsSecurityTokenServiceEndpoint")
        private AmazonSecurityTokenServiceEndpoint awsSecurityTokenServiceEndpoint;

        WithoutAuthorizationAttributes(AmazonSecurityTokenServiceEndpointTests amazonSecurityTokenServiceEndpointTests) {
        }

        @BeforeEach
        public void beforeEach() {
            ApplicationContextProvider.holdApplicationContext(this.applicationContext);
            TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(this.applicationContext);
        }

        @Test
        void verifyOperation() throws Throwable {
            MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
            LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
            linkedMultiValueMap.put("username", List.of("casuser"));
            linkedMultiValueMap.put("password", List.of("resusac"));
            Assertions.assertEquals(HttpStatus.OK, this.awsSecurityTokenServiceEndpoint.fetchCredentials((String) null, (String) null, (String) null, (String) null, linkedMultiValueMap, mockHttpServletRequest, new MockHttpServletResponse()).getStatusCode());
        }

        @Test
        void verifyContextValidationFails() throws Throwable {
            MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
            LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
            linkedMultiValueMap.put("username", List.of("test1234"));
            linkedMultiValueMap.put("password", List.of("4321tset"));
            Assertions.assertEquals(HttpStatus.UNAUTHORIZED, this.awsSecurityTokenServiceEndpoint.fetchCredentials((String) null, (String) null, (String) null, (String) null, linkedMultiValueMap, mockHttpServletRequest, new MockHttpServletResponse()).getStatusCode());
        }

        @Test
        void verifyNoCredentials() throws Throwable {
            MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
            Assertions.assertEquals(HttpStatus.UNAUTHORIZED, this.awsSecurityTokenServiceEndpoint.fetchCredentials((String) null, (String) null, (String) null, (String) null, new LinkedMultiValueMap(), mockHttpServletRequest, new MockHttpServletResponse()).getStatusCode());
        }

        @Test
        void verifyFailsAuthN() throws Throwable {
            MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
            LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
            linkedMultiValueMap.put("username", List.of("casuser"));
            linkedMultiValueMap.put("password", List.of("bad-password"));
            Assertions.assertEquals(HttpStatus.UNAUTHORIZED, this.awsSecurityTokenServiceEndpoint.fetchCredentials((String) null, (String) null, (String) null, (String) null, linkedMultiValueMap, mockHttpServletRequest, new MockHttpServletResponse()).getStatusCode());
        }
    }

    AmazonSecurityTokenServiceEndpointTests() {
    }
}
