package org.apereo.cas.oidc.profile;

import java.util.Map;
import java.util.Set;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.oidc.AbstractOidcTests;
import org.apereo.cas.oidc.OidcConstants;
import org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.util.CollectionUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.pac4j.core.context.JEEContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("OIDC")
/* loaded from: input_file:org/apereo/cas/oidc/profile/OidcProfileScopeToAttributesFilterTests.class */
public class OidcProfileScopeToAttributesFilterTests extends AbstractOidcTests {
    @Test
    public void verifyOAuth() {
        OAuthRegisteredService oAuthRegisteredService = getOAuthRegisteredService("example", "https://example.org");
        OAuth20AccessToken oAuth20AccessToken = (OAuth20AccessToken) Mockito.mock(OAuth20AccessToken.class);
        JEEContext jEEContext = new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse());
        Principal principal = CoreAuthenticationTestUtils.getPrincipal();
        Assertions.assertEquals(principal, this.profileScopeToAttributesFilter.filter(CoreAuthenticationTestUtils.getService(), principal, oAuthRegisteredService, jEEContext, oAuth20AccessToken));
    }

    @Test
    public void verifyOperationFilterWithoutOpenId() {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService();
        OAuth20AccessToken oAuth20AccessToken = (OAuth20AccessToken) Mockito.mock(OAuth20AccessToken.class);
        JEEContext jEEContext = new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse());
        Principal principal = CoreAuthenticationTestUtils.getPrincipal();
        Assertions.assertEquals(principal, this.profileScopeToAttributesFilter.filter(CoreAuthenticationTestUtils.getService(), principal, oidcRegisteredService, jEEContext, oAuth20AccessToken));
    }

    @Test
    public void verifyOperationFilterWithOpenId() {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService();
        OAuth20AccessToken oAuth20AccessToken = (OAuth20AccessToken) Mockito.mock(OAuth20AccessToken.class);
        Mockito.when(oAuth20AccessToken.getTicketGrantingTicket()).thenReturn(new MockTicketGrantingTicket("casuser"));
        Mockito.when(oAuth20AccessToken.getScopes()).thenReturn(CollectionUtils.wrapSet(new String[]{OidcConstants.StandardScopes.OPENID.getScope(), OidcConstants.StandardScopes.PHONE.getScope(), OidcConstants.StandardScopes.PROFILE.getScope(), OidcConstants.StandardScopes.ADDRESS.getScope(), OidcConstants.StandardScopes.EMAIL.getScope()}));
        oidcRegisteredService.getScopes().add(OidcConstants.StandardScopes.EMAIL.getScope());
        oidcRegisteredService.getScopes().add(OidcConstants.StandardScopes.ADDRESS.getScope());
        oidcRegisteredService.getScopes().add(OidcConstants.StandardScopes.PHONE.getScope());
        oidcRegisteredService.getScopes().add(OidcConstants.StandardScopes.PROFILE.getScope());
        Principal filter = this.profileScopeToAttributesFilter.filter(CoreAuthenticationTestUtils.getService(), CoreAuthenticationTestUtils.getPrincipal(CollectionUtils.wrap("email", "casuser@example.org", "address", "1234 Main Street", "phone", "123445677", "name", "CAS", "gender", "male")), oidcRegisteredService, new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse()), oAuth20AccessToken);
        Assertions.assertTrue(filter.getAttributes().containsKey("name"));
        Assertions.assertTrue(filter.getAttributes().containsKey("address"));
        Assertions.assertTrue(filter.getAttributes().containsKey("gender"));
        Assertions.assertTrue(filter.getAttributes().containsKey("email"));
        Assertions.assertEquals(4, filter.getAttributes().size());
    }

    @Test
    public void verifyOperationFilterWithServiceDefinedScopes() {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService();
        OAuth20AccessToken oAuth20AccessToken = (OAuth20AccessToken) Mockito.mock(OAuth20AccessToken.class);
        Mockito.when(oAuth20AccessToken.getTicketGrantingTicket()).thenReturn(new MockTicketGrantingTicket("casuser"));
        Mockito.when(oAuth20AccessToken.getScopes()).thenReturn(CollectionUtils.wrapSet(new String[]{OidcConstants.StandardScopes.OPENID.getScope(), OidcConstants.StandardScopes.PHONE.getScope(), OidcConstants.StandardScopes.PROFILE.getScope(), OidcConstants.StandardScopes.ADDRESS.getScope(), OidcConstants.StandardScopes.EMAIL.getScope()}));
        oidcRegisteredService.getScopes().clear();
        oidcRegisteredService.getScopes().add(OidcConstants.StandardScopes.EMAIL.getScope());
        Principal filter = this.profileScopeToAttributesFilter.filter(CoreAuthenticationTestUtils.getService(), CoreAuthenticationTestUtils.getPrincipal(CollectionUtils.wrap("email", "casuser@example.org", "address", "1234 Main Street", "phone", "123445677", "name", "CAS", "gender", "male")), oidcRegisteredService, new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse()), oAuth20AccessToken);
        Assertions.assertTrue(filter.getAttributes().containsKey("email"));
        Assertions.assertEquals(1, filter.getAttributes().size());
    }

    @Test
    public void verifyOperationFilterWithServiceDefinedReleasePolicy() {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService();
        OAuth20AccessToken oAuth20AccessToken = (OAuth20AccessToken) Mockito.mock(OAuth20AccessToken.class);
        Mockito.when(oAuth20AccessToken.getTicketGrantingTicket()).thenReturn(new MockTicketGrantingTicket("casuser"));
        Mockito.when(oAuth20AccessToken.getScopes()).thenReturn(CollectionUtils.wrapSet(new String[]{OidcConstants.StandardScopes.OPENID.getScope(), OidcConstants.StandardScopes.PHONE.getScope(), OidcConstants.StandardScopes.PROFILE.getScope(), OidcConstants.StandardScopes.ADDRESS.getScope(), OidcConstants.StandardScopes.EMAIL.getScope()}));
        oidcRegisteredService.getScopes().clear();
        oidcRegisteredService.setAttributeReleasePolicy(new OidcProfileScopeAttributeReleasePolicy());
        Principal filter = this.profileScopeToAttributesFilter.filter(CoreAuthenticationTestUtils.getService(), CoreAuthenticationTestUtils.getPrincipal(CollectionUtils.wrap("email", "casuser@example.org", "address", "1234 Main Street", "phone", "123445677", "name", "CAS", "gender", "male")), oidcRegisteredService, new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse()), oAuth20AccessToken);
        Assertions.assertTrue(filter.getAttributes().containsKey("name"));
        Assertions.assertTrue(filter.getAttributes().containsKey("gender"));
        Assertions.assertEquals(2, filter.getAttributes().size());
    }

    @Test
    public void verifyByUserInfoClaims() {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService();
        OAuth20AccessToken oAuth20AccessToken = (OAuth20AccessToken) Mockito.mock(OAuth20AccessToken.class);
        Mockito.when(oAuth20AccessToken.getClaims()).thenReturn(Map.of("userinfo", Map.of("name", "{\"essential\": true}", "gender", "{\"essential\": true}")));
        Mockito.when(oAuth20AccessToken.getTicketGrantingTicket()).thenReturn(new MockTicketGrantingTicket("casuser"));
        Mockito.when(oAuth20AccessToken.getScopes()).thenReturn(CollectionUtils.wrapSet(new String[]{OidcConstants.StandardScopes.PROFILE.getScope(), OidcConstants.StandardScopes.OPENID.getScope()}));
        oidcRegisteredService.getScopes().clear();
        oidcRegisteredService.setAttributeReleasePolicy(new OidcProfileScopeAttributeReleasePolicy());
        Principal filter = this.profileScopeToAttributesFilter.filter(CoreAuthenticationTestUtils.getService(), CoreAuthenticationTestUtils.getPrincipal(CollectionUtils.wrap("email", "casuser@example.org", "address", "1234 Main Street", "phone", "123445677", "name", "CAS", "gender", "male")), oidcRegisteredService, new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse()), oAuth20AccessToken);
        Assertions.assertTrue(filter.getAttributes().containsKey("name"));
        Assertions.assertTrue(filter.getAttributes().containsKey("gender"));
        Assertions.assertEquals(2, filter.getAttributes().size());
    }

    @Test
    public void verifyAccessTokenNoScopes() {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService();
        OAuth20AccessToken oAuth20AccessToken = (OAuth20AccessToken) Mockito.mock(OAuth20AccessToken.class);
        Mockito.when(oAuth20AccessToken.getTicketGrantingTicket()).thenReturn(new MockTicketGrantingTicket("casuser"));
        Mockito.when(oAuth20AccessToken.getScopes()).thenReturn(Set.of(OidcConstants.StandardScopes.OPENID.getScope()));
        oidcRegisteredService.setAttributeReleasePolicy(new OidcProfileScopeAttributeReleasePolicy());
        JEEContext jEEContext = new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse());
        Principal filter = this.profileScopeToAttributesFilter.filter(CoreAuthenticationTestUtils.getService(), CoreAuthenticationTestUtils.getPrincipal(CollectionUtils.wrap("email", "casuser@example.org", "address", "1234 Main Street", "phone", "123445677", "name", "CAS", "gender", "male")), oidcRegisteredService, jEEContext, oAuth20AccessToken);
        Assertions.assertTrue(filter.getAttributes().containsKey("name"));
        Assertions.assertTrue(filter.getAttributes().containsKey("gender"));
        Assertions.assertTrue(filter.getAttributes().containsKey("address"));
        Assertions.assertTrue(filter.getAttributes().containsKey("phone"));
        Assertions.assertTrue(filter.getAttributes().containsKey("email"));
    }
}
