package org.apereo.cas.support.saml.web.idp.profile.builders.authn;

import java.util.List;
import java.util.Map;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.RequestedAuthnContext;

@Tag("SAML")
/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/builders/authn/DefaultAuthnContextClassRefBuilderTests.class */
public class DefaultAuthnContextClassRefBuilderTests extends BaseSamlIdPConfigurationTests {
    @Test
    public void verifyOperationByService() {
        DefaultAuthnContextClassRefBuilder defaultAuthnContextClassRefBuilder = new DefaultAuthnContextClassRefBuilder(this.casProperties);
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib();
        samlRegisteredServiceForTestShib.setRequiredAuthenticationContextClass("some-context-class");
        AuthnRequest authnRequestFor = getAuthnRequestFor(samlRegisteredServiceForTestShib);
        Assertions.assertEquals(samlRegisteredServiceForTestShib.getRequiredAuthenticationContextClass(), defaultAuthnContextClassRefBuilder.build(getAssertion(), authnRequestFor, (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, authnRequestFor).get(), samlRegisteredServiceForTestShib));
    }

    @Test
    public void verifyOperationByAuthnRequest() {
        DefaultAuthnContextClassRefBuilder defaultAuthnContextClassRefBuilder = new DefaultAuthnContextClassRefBuilder(this.casProperties);
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib();
        AuthnRequest authnRequestFor = getAuthnRequestFor(samlRegisteredServiceForTestShib);
        RequestedAuthnContext requestedAuthnContext = (RequestedAuthnContext) Mockito.mock(RequestedAuthnContext.class);
        Mockito.when(requestedAuthnContext.getAuthnContextClassRefs()).thenReturn(List.of());
        Mockito.when(authnRequestFor.getRequestedAuthnContext()).thenReturn(requestedAuthnContext);
        Assertions.assertEquals("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", defaultAuthnContextClassRefBuilder.build(getAssertion(), authnRequestFor, (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, authnRequestFor).get(), samlRegisteredServiceForTestShib));
    }

    @Test
    public void verifyOperationByAssertion() {
        DefaultAuthnContextClassRefBuilder defaultAuthnContextClassRefBuilder = new DefaultAuthnContextClassRefBuilder(this.casProperties);
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib();
        AuthnRequest authnRequestFor = getAuthnRequestFor(samlRegisteredServiceForTestShib);
        AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) Mockito.mock(AuthnContextClassRef.class);
        Mockito.when(authnContextClassRef.getURI()).thenReturn("some-context");
        RequestedAuthnContext requestedAuthnContext = (RequestedAuthnContext) Mockito.mock(RequestedAuthnContext.class);
        Mockito.when(requestedAuthnContext.getAuthnContextClassRefs()).thenReturn(List.of(authnContextClassRef));
        Mockito.when(authnRequestFor.getRequestedAuthnContext()).thenReturn(requestedAuthnContext);
        Assertions.assertEquals("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", defaultAuthnContextClassRefBuilder.build(getAssertion(), authnRequestFor, (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, authnRequestFor).get(), samlRegisteredServiceForTestShib));
    }

    @Test
    public void verifyRefedsContext() {
        CasConfigurationProperties casConfigurationProperties = new CasConfigurationProperties();
        casConfigurationProperties.getAuthn().getSamlIdp().getAuthenticationContextClassMappings().add(String.format("https://refeds.org/profile/mfa->%s", "mfa-dummy"));
        DefaultAuthnContextClassRefBuilder defaultAuthnContextClassRefBuilder = new DefaultAuthnContextClassRefBuilder(casConfigurationProperties);
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib();
        AuthnRequest authnRequestFor = getAuthnRequestFor(samlRegisteredServiceForTestShib);
        AuthnContextClassRef authnContextClassRef = (AuthnContextClassRef) Mockito.mock(AuthnContextClassRef.class);
        Mockito.when(authnContextClassRef.getURI()).thenReturn("https://refeds.org/profile/mfa");
        RequestedAuthnContext requestedAuthnContext = (RequestedAuthnContext) Mockito.mock(RequestedAuthnContext.class);
        Mockito.when(requestedAuthnContext.getAuthnContextClassRefs()).thenReturn(List.of(authnContextClassRef));
        Mockito.when(authnRequestFor.getRequestedAuthnContext()).thenReturn(requestedAuthnContext);
        Assertions.assertEquals("https://refeds.org/profile/mfa", defaultAuthnContextClassRefBuilder.build(getAssertion(Map.of(casConfigurationProperties.getAuthn().getMfa().getAuthenticationContextAttribute(), "mfa-dummy")), authnRequestFor, (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, authnRequestFor).get(), samlRegisteredServiceForTestShib));
    }
}
