package org.apereo.cas.oidc.slo;

import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;
import java.util.Map;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.logout.DefaultSingleLogoutRequestContext;
import org.apereo.cas.logout.slo.SingleLogoutExecutionRequest;
import org.apereo.cas.logout.slo.SingleLogoutMessage;
import org.apereo.cas.logout.slo.SingleLogoutMessageCreator;
import org.apereo.cas.oidc.AbstractOidcTests;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.services.RegisteredServiceLogoutType;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.util.DigestUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;

@Tag("OIDC")
/* loaded from: input_file:org/apereo/cas/oidc/slo/OidcSingleLogoutMessageCreatorTests.class */
class OidcSingleLogoutMessageCreatorTests extends AbstractOidcTests {

    @Autowired
    @Qualifier("oidcSingleLogoutMessageCreator")
    private SingleLogoutMessageCreator oidcSingleLogoutMessageCreator;

    OidcSingleLogoutMessageCreatorTests() {
    }

    @Test
    void verifyBackChannelLogout() throws Throwable {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService(true, false);
        Authentication authentication = CoreAuthenticationTestUtils.getAuthentication(RegisteredServiceTestUtils.getPrincipal("casuser"));
        TicketGrantingTicket ticketGrantingTicket = (TicketGrantingTicket) Mockito.mock(TicketGrantingTicket.class);
        Mockito.when(ticketGrantingTicket.getId()).thenReturn("TGT-0");
        Mockito.when(ticketGrantingTicket.getAuthentication()).thenReturn(authentication);
        SingleLogoutMessage create = this.oidcSingleLogoutMessageCreator.create(DefaultSingleLogoutRequestContext.builder().logoutType(RegisteredServiceLogoutType.BACK_CHANNEL).registeredService(oidcRegisteredService).executionRequest(SingleLogoutExecutionRequest.builder().ticketGrantingTicket(ticketGrantingTicket).build()).build());
        Assertions.assertNull(create.getMessage());
        JWTClaimsSet jWTClaimsSet = JWTParser.parse(create.getPayload()).getJWTClaimsSet();
        Assertions.assertEquals("https://sso.example.org/cas/oidc", jWTClaimsSet.getIssuer());
        Assertions.assertEquals("casuser", jWTClaimsSet.getSubject());
        Assertions.assertEquals(oidcRegisteredService.getClientId(), jWTClaimsSet.getAudience().getFirst());
        Assertions.assertNotNull(jWTClaimsSet.getClaim("iat"));
        Assertions.assertNotNull(jWTClaimsSet.getClaim("jti"));
        Assertions.assertNotNull(((Map) jWTClaimsSet.getClaim("events")).get("http://schemas.openid.net/event/backchannel-logout"));
        Assertions.assertEquals(DigestUtils.sha("TGT-0"), jWTClaimsSet.getClaim("sid"));
    }

    @Test
    void verifyFrontChannelLogout() throws Throwable {
        SingleLogoutMessage create = this.oidcSingleLogoutMessageCreator.create(DefaultSingleLogoutRequestContext.builder().logoutType(RegisteredServiceLogoutType.FRONT_CHANNEL).build());
        Assertions.assertEquals("", create.getPayload());
        Assertions.assertNull(create.getMessage());
    }
}
