package org.apereo.cas.support.pac4j.authentication.handler;

import java.util.List;
import java.util.Optional;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.principal.ClientCredential;
import org.apereo.cas.authentication.principal.DelegatedAuthenticationPreProcessor;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.provision.DelegatedClientUserProfileProvisioner;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationCoreProperties;
import org.apereo.cas.pac4j.client.DelegatedIdentityProviderFactory;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.pac4j.authentication.clients.RefreshableDelegatedIdentityProviders;
import org.apereo.cas.support.pac4j.authentication.handler.support.DelegatedClientAuthenticationHandler;
import org.apereo.cas.util.spring.ApplicationContextProvider;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.pac4j.core.client.BaseClient;
import org.pac4j.core.credentials.AnonymousCredentials;
import org.pac4j.jee.context.session.JEESessionStore;
import org.pac4j.oauth.client.FacebookClient;
import org.pac4j.oauth.credentials.OAuth20Credentials;
import org.pac4j.oauth.profile.facebook.FacebookProfile;
import org.springframework.context.support.StaticApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.webflow.context.ExternalContextHolder;
import org.springframework.webflow.context.servlet.ServletExternalContext;

@Tag("AuthenticationHandler")
/* loaded from: input_file:org/apereo/cas/support/pac4j/authentication/handler/DelegatedClientAuthenticationHandlerTests.class */
class DelegatedClientAuthenticationHandlerTests {
    private static final String CALLBACK_URL = "http://localhost:8080/callback";
    private static final String ID = "123456789";
    private FacebookClient fbClient;
    private DelegatedClientAuthenticationHandler handler;
    private ClientCredential clientCredential;

    DelegatedClientAuthenticationHandlerTests() {
    }

    @BeforeEach
    public void initialize() throws Throwable {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
        DelegatedAuthenticationPreProcessor delegatedAuthenticationPreProcessor = (DelegatedAuthenticationPreProcessor) Mockito.mock(DelegatedAuthenticationPreProcessor.class);
        Mockito.when(delegatedAuthenticationPreProcessor.process((Principal) ArgumentMatchers.any(Principal.class), (BaseClient) ArgumentMatchers.any(), (Credential) ArgumentMatchers.any(), (Service) ArgumentMatchers.any())).thenAnswer(invocationOnMock -> {
            return invocationOnMock.getArgument(0, Principal.class);
        });
        ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, delegatedAuthenticationPreProcessor, "customDelegatedAuthenticationPreProcessor");
        this.fbClient = new FacebookClient();
        this.handler = new DelegatedClientAuthenticationHandler(new Pac4jDelegatedAuthenticationCoreProperties(), (ServicesManager) Mockito.mock(ServicesManager.class), PrincipalFactoryUtils.newPrincipalFactory(), new RefreshableDelegatedIdentityProviders(CALLBACK_URL, DelegatedIdentityProviderFactory.withClients(List.of(this.fbClient))), DelegatedClientUserProfileProvisioner.noOp(), new JEESessionStore(), staticApplicationContext);
        this.handler.setTypedIdUsed(true);
        this.clientCredential = new ClientCredential(new OAuth20Credentials((String) null), this.fbClient.getName());
        ExternalContextHolder.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
    }

    @Test
    void verifyOk() throws Throwable {
        FacebookProfile facebookProfile = new FacebookProfile();
        facebookProfile.setId(ID);
        this.fbClient.setProfileCreator((callContext, credentials) -> {
            return Optional.of(facebookProfile);
        });
        Assertions.assertEquals(FacebookProfile.class.getName() + "#123456789", this.handler.authenticate(this.clientCredential, (Service) Mockito.mock(Service.class)).getPrincipal().getId());
    }

    @Test
    void verifyMissingClient() throws Throwable {
        FacebookProfile facebookProfile = new FacebookProfile();
        facebookProfile.setId(ID);
        this.fbClient.setProfileCreator((callContext, credentials) -> {
            return Optional.of(facebookProfile);
        });
        ClientCredential clientCredential = new ClientCredential(new AnonymousCredentials(), "UnknownClient");
        Assertions.assertThrows(PreventedException.class, () -> {
            this.handler.authenticate(clientCredential, (Service) Mockito.mock(Service.class));
        });
    }

    @Test
    void verifyOkWithSimpleIdentifier() throws Throwable {
        this.handler.setTypedIdUsed(false);
        FacebookProfile facebookProfile = new FacebookProfile();
        facebookProfile.setId(ID);
        this.fbClient.setProfileCreator((callContext, credentials) -> {
            return Optional.of(facebookProfile);
        });
        Assertions.assertEquals(ID, this.handler.authenticate(this.clientCredential, (Service) Mockito.mock(Service.class)).getPrincipal().getId());
    }

    @Test
    void verifyNoProfile() throws Throwable {
        Assertions.assertThrows(PreventedException.class, () -> {
            this.fbClient.setProfileCreator((callContext, credentials) -> {
                return Optional.empty();
            });
            this.handler.authenticate(this.clientCredential, (Service) Mockito.mock(Service.class));
        });
    }
}
