package org.apereo.cas.web.saml2;

import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.principal.ClientCredential;
import org.apereo.cas.support.pac4j.authentication.DelegatedAuthenticationClientLogoutRequest;
import org.apereo.cas.test.CasTestExtension;
import org.apereo.cas.ticket.TicketFactory;
import org.apereo.cas.ticket.TicketGrantingTicketImpl;
import org.apereo.cas.ticket.TransientSessionTicket;
import org.apereo.cas.ticket.TransientSessionTicketFactory;
import org.apereo.cas.ticket.expiration.NeverExpiresExpirationPolicy;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.MockRequestContext;
import org.apereo.cas.web.flow.DelegationWebflowUtils;
import org.apereo.cas.web.saml2.BaseSaml2DelegatedAuthenticationTests;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mockito;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.LogoutResponse;
import org.opensaml.saml.saml2.core.SessionIndex;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.jee.context.JEEContext;
import org.pac4j.saml.context.SAML2MessageContext;
import org.pac4j.saml.credentials.SAML2Credentials;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.http.HttpMethod;
import org.springframework.webflow.execution.Action;

@Tag("Delegation")
@ExtendWith({CasTestExtension.class})
@SpringBootTest(classes = {BaseSaml2DelegatedAuthenticationTests.SharedTestConfiguration.class}, properties = {"cas.authn.pac4j.core.session-replication.replicate-sessions=false"})
/* loaded from: input_file:org/apereo/cas/web/saml2/DelegatedSaml2ClientLogoutActionTests.class */
class DelegatedSaml2ClientLogoutActionTests {

    @Autowired
    @Qualifier("delegatedSaml2ClientLogoutAction")
    private Action delegatedSaml2ClientLogoutAction;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @Autowired
    @Qualifier("delegatedClientDistributedSessionStore")
    private SessionStore delegatedClientDistributedSessionStore;

    @Autowired
    @Qualifier("ticketRegistry")
    private TicketRegistry ticketRegistry;

    @Autowired
    @Qualifier("defaultTicketFactory")
    private TicketFactory ticketFactory;

    DelegatedSaml2ClientLogoutActionTests() {
    }

    @Test
    void verifyOperationPostMethod() throws Exception {
        String uuid = UUID.randomUUID().toString();
        TicketGrantingTicketImpl ticketGrantingTicketImpl = new TicketGrantingTicketImpl(UUID.randomUUID().toString(), CoreAuthenticationTestUtils.getAuthentication(UUID.randomUUID().toString(), Map.of("sessionindex", List.of(uuid))), NeverExpiresExpirationPolicy.INSTANCE);
        this.ticketRegistry.addTicket(ticketGrantingTicketImpl);
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        create.setMethod(HttpMethod.POST);
        JEEContext jEEContext = new JEEContext(create.getHttpServletRequest(), create.getHttpServletResponse());
        ProfileManager profileManager = new ProfileManager(jEEContext, this.delegatedClientDistributedSessionStore);
        CommonProfile commonProfile = new CommonProfile();
        commonProfile.setId(UUID.randomUUID().toString());
        commonProfile.setClientName("SAML2Client");
        profileManager.save(true, commonProfile, false);
        SAML2MessageContext sAML2MessageContext = new SAML2MessageContext(new CallContext(jEEContext, this.delegatedClientDistributedSessionStore));
        MessageContext messageContext = new MessageContext();
        LogoutRequest logoutRequest = (LogoutRequest) Mockito.mock(LogoutRequest.class);
        SessionIndex sessionIndex = (SessionIndex) Mockito.mock(SessionIndex.class);
        Mockito.when(sessionIndex.getValue()).thenReturn(uuid);
        Mockito.when(logoutRequest.getSessionIndexes()).thenReturn(List.of(sessionIndex));
        messageContext.setMessage(logoutRequest);
        sAML2MessageContext.setMessageContext(messageContext);
        WebUtils.putCredential(create, new ClientCredential(new SAML2Credentials(sAML2MessageContext), commonProfile.getClientName(), false, commonProfile));
        this.delegatedSaml2ClientLogoutAction.execute(create);
        Assertions.assertNull(this.ticketRegistry.getTicket(ticketGrantingTicketImpl.getId()));
    }

    @Test
    void verifyOperationLogoutRequest() throws Exception {
        String uuid = UUID.randomUUID().toString();
        TicketGrantingTicketImpl ticketGrantingTicketImpl = new TicketGrantingTicketImpl(UUID.randomUUID().toString(), CoreAuthenticationTestUtils.getAuthentication(UUID.randomUUID().toString(), Map.of("sessionindex", List.of(uuid))), NeverExpiresExpirationPolicy.INSTANCE);
        this.ticketRegistry.addTicket(ticketGrantingTicketImpl);
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        create.setMethod(HttpMethod.GET);
        create.setParameter("logoutRequest", "adirectlogoutrequesttotreat");
        JEEContext jEEContext = new JEEContext(create.getHttpServletRequest(), create.getHttpServletResponse());
        ProfileManager profileManager = new ProfileManager(jEEContext, this.delegatedClientDistributedSessionStore);
        CommonProfile commonProfile = new CommonProfile();
        commonProfile.setId(UUID.randomUUID().toString());
        commonProfile.setClientName("SAML2Client");
        profileManager.save(true, commonProfile, false);
        SAML2MessageContext sAML2MessageContext = new SAML2MessageContext(new CallContext(jEEContext, this.delegatedClientDistributedSessionStore));
        MessageContext messageContext = new MessageContext();
        LogoutRequest logoutRequest = (LogoutRequest) Mockito.mock(LogoutRequest.class);
        SessionIndex sessionIndex = (SessionIndex) Mockito.mock(SessionIndex.class);
        Mockito.when(sessionIndex.getValue()).thenReturn(uuid);
        Mockito.when(logoutRequest.getSessionIndexes()).thenReturn(List.of(sessionIndex));
        messageContext.setMessage(logoutRequest);
        sAML2MessageContext.setMessageContext(messageContext);
        WebUtils.putCredential(create, new ClientCredential(new SAML2Credentials(sAML2MessageContext), commonProfile.getClientName(), false, commonProfile));
        this.delegatedSaml2ClientLogoutAction.execute(create);
        Assertions.assertNull(this.ticketRegistry.getTicket(ticketGrantingTicketImpl.getId()));
    }

    @Test
    void verifyLogoutResponse() throws Exception {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        create.setMethod(HttpMethod.POST);
        JEEContext jEEContext = new JEEContext(create.getHttpServletRequest(), create.getHttpServletResponse());
        ProfileManager profileManager = new ProfileManager(jEEContext, this.delegatedClientDistributedSessionStore);
        CommonProfile commonProfile = new CommonProfile();
        commonProfile.setId(UUID.randomUUID().toString());
        commonProfile.setClientName("SAML2Client");
        profileManager.save(true, commonProfile, false);
        DelegatedAuthenticationClientLogoutRequest build = DelegatedAuthenticationClientLogoutRequest.builder().target("https://google.com").status(200).build();
        String uuid = UUID.randomUUID().toString();
        String normalizeTicketId = TransientSessionTicketFactory.normalizeTicketId(uuid);
        this.ticketRegistry.addTicket(this.ticketFactory.get(TransientSessionTicket.class).create(normalizeTicketId, Map.of(DelegatedAuthenticationClientLogoutRequest.class.getName(), build)));
        SAML2MessageContext sAML2MessageContext = new SAML2MessageContext(new CallContext(jEEContext, this.delegatedClientDistributedSessionStore));
        MessageContext messageContext = new MessageContext();
        LogoutResponse logoutResponse = (LogoutResponse) Mockito.mock(LogoutResponse.class);
        Mockito.when(logoutResponse.getInResponseTo()).thenReturn(uuid);
        messageContext.setMessage(logoutResponse);
        sAML2MessageContext.setMessageContext(messageContext);
        WebUtils.putCredential(create, new ClientCredential(new SAML2Credentials(sAML2MessageContext), commonProfile.getClientName(), false, commonProfile));
        this.delegatedSaml2ClientLogoutAction.execute(create);
        Assertions.assertNotNull((DelegatedAuthenticationClientLogoutRequest) DelegationWebflowUtils.getDelegatedAuthenticationLogoutRequest(create, DelegatedAuthenticationClientLogoutRequest.class));
        Assertions.assertNull(DelegationWebflowUtils.getDelegatedAuthenticationLogoutRequestTicket(create));
        Assertions.assertNull(this.ticketRegistry.getTicket(normalizeTicketId));
    }
}
