package org.apereo.cas.web.saml2;

import java.nio.charset.StandardCharsets;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.Map;
import java.util.UUID;
import lombok.Generated;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.pac4j.client.DelegatedIdentityProviders;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.test.CasTestExtension;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.MockRequestContext;
import org.apereo.cas.web.flow.DelegatedClientAuthenticationWebflowManager;
import org.apereo.cas.web.saml2.BaseSaml2DelegatedAuthenticationTests;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.pac4j.core.client.Client;
import org.pac4j.jee.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.http.HttpMethod;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.webflow.execution.Action;

@Tag("Delegation")
@ExtendWith({CasTestExtension.class})
@SpringBootTest(classes = {BaseSaml2DelegatedAuthenticationTests.SharedTestConfiguration.class})
/* loaded from: input_file:org/apereo/cas/web/saml2/DelegatedClientAuthenticationActionSamlTests.class */
class DelegatedClientAuthenticationActionSamlTests {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DelegatedClientAuthenticationActionSamlTests.class);

    @Autowired
    @Qualifier("delegatedIdentityProviders")
    private DelegatedIdentityProviders identityProviders;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("delegatedClientWebflowManager")
    private DelegatedClientAuthenticationWebflowManager delegatedClientAuthenticationWebflowManager;

    @Autowired
    @Qualifier("delegatedAuthenticationAction")
    private Action delegatedAuthenticationAction;

    DelegatedClientAuthenticationActionSamlTests() {
    }

    @Test
    void verifySaml2LogoutResponse() throws Throwable {
        MockRequestContext create = MockRequestContext.create(this.applicationContext);
        Client client = (Client) this.identityProviders.findClient("SAML2Client").get();
        create.addHeader("user-agent", "Chrome");
        create.setParameter("client_name", client.getName());
        JEEContext jEEContext = new JEEContext(create.getHttpServletRequest(), new MockHttpServletResponse());
        create.setMethod(HttpMethod.POST);
        create.getHttpServletRequest().setContent(EncodingUtils.encodeBase64(getLogoutResponse()).getBytes(StandardCharsets.UTF_8));
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(UUID.randomUUID().toString());
        this.servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of()));
        create.setParameter("service", service.getId());
        create.setParameter("delegatedclientid", this.delegatedClientAuthenticationWebflowManager.store(create, jEEContext, client).getId());
        Assertions.assertEquals("logout", this.delegatedAuthenticationAction.execute(create).getId());
    }

    private static String getLogoutResponse() {
        return "<samlp:LogoutResponse xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_6c3737282f007720e736f0f4028feed8cb9b40291c\" Version=\"2.0\" IssueInstant=\"" + String.valueOf(ZonedDateTime.now(ZoneOffset.UTC)) + "\" Destination=\"http://callback.example.org?client_name=SAML2Client\" InResponseTo=\"ONELOGIN_21df91a89767879fc0f7df6a1490c6000c81644d\">  <saml:Issuer>https://cas.example.org/idp</saml:Issuer>  <samlp:Status>    <samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/>  </samlp:Status></samlp:LogoutResponse>";
    }
}
