package org.apereo.cas.support.saml.services.logout;

import java.net.URL;
import org.apereo.cas.logout.DefaultSingleLogoutRequestContext;
import org.apereo.cas.logout.SingleLogoutExecutionRequest;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.RegisteredServiceLogoutType;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests;
import org.apereo.cas.support.saml.SamlIdPTestUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.web.idp.profile.slo.SamlIdPProfileSingleLogoutMessageCreator;
import org.apereo.cas.util.CollectionUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.test.context.TestPropertySource;

@Tag("SAML")
@TestPropertySource(properties = {"cas.authn.saml-idp.algs.override-signature-canonicalization-algorithm=http://www.w3.org/2001/10/xml-exc-c14n#"})
/* loaded from: input_file:org/apereo/cas/support/saml/services/logout/SamlIdPProfileSingleLogoutMessageCreatorTests.class */
public class SamlIdPProfileSingleLogoutMessageCreatorTests extends BaseSamlIdPConfigurationTests {
    @Test
    public void verifyOperation() throws Exception {
        SamlIdPProfileSingleLogoutMessageCreator samlIdPProfileSingleLogoutMessageCreator = new SamlIdPProfileSingleLogoutMessageCreator(this.openSamlConfigBean, this.servicesManager, this.defaultSamlRegisteredServiceCachingMetadataResolver, this.casProperties.getAuthn().getSamlIdp(), this.samlIdPObjectSigner);
        SamlRegisteredService samlRegisteredService = SamlIdPTestUtils.getSamlRegisteredService();
        samlRegisteredService.setWhiteListBlackListPrecedence("WHITELIST");
        samlRegisteredService.setSigningKeyAlgorithm("RSA");
        samlRegisteredService.setSigningSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
        Assertions.assertNotNull(samlIdPProfileSingleLogoutMessageCreator.create(DefaultSingleLogoutRequestContext.builder().logoutUrl(new URL("https://sp.example.org/slo")).registeredService(samlRegisteredService).service(RegisteredServiceTestUtils.getService("https://sp.testshib.org/shibboleth-sp")).ticketId("ST-123456789").executionRequest(SingleLogoutExecutionRequest.builder().ticketGrantingTicket(new MockTicketGrantingTicket("casuser")).build()).logoutType(RegisteredServiceLogoutType.BACK_CHANNEL).properties(CollectionUtils.wrap("singleLogoutSamlBinding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")).build()));
    }

    @Test
    public void verifySignByBasicCredOperation() throws Exception {
        SamlIdPProfileSingleLogoutMessageCreator samlIdPProfileSingleLogoutMessageCreator = new SamlIdPProfileSingleLogoutMessageCreator(this.openSamlConfigBean, this.servicesManager, this.defaultSamlRegisteredServiceCachingMetadataResolver, this.casProperties.getAuthn().getSamlIdp(), this.samlIdPObjectSigner);
        SamlRegisteredService samlRegisteredService = SamlIdPTestUtils.getSamlRegisteredService();
        samlRegisteredService.setSigningCredentialType("basic");
        Assertions.assertNotNull(samlIdPProfileSingleLogoutMessageCreator.create(DefaultSingleLogoutRequestContext.builder().logoutUrl(new URL("https://sp.example.org/slo")).registeredService(samlRegisteredService).service(RegisteredServiceTestUtils.getService("https://sp.testshib.org/shibboleth-sp")).ticketId("ST-123456789").executionRequest(SingleLogoutExecutionRequest.builder().ticketGrantingTicket(new MockTicketGrantingTicket("casuser")).build()).logoutType(RegisteredServiceLogoutType.BACK_CHANNEL).properties(CollectionUtils.wrap("singleLogoutSamlBinding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")).build()));
    }

    @Test
    public void verifySignByFingerprintOperation() throws Exception {
        SamlIdPProfileSingleLogoutMessageCreator samlIdPProfileSingleLogoutMessageCreator = new SamlIdPProfileSingleLogoutMessageCreator(this.openSamlConfigBean, this.servicesManager, this.defaultSamlRegisteredServiceCachingMetadataResolver, this.casProperties.getAuthn().getSamlIdp(), this.samlIdPObjectSigner);
        SamlRegisteredService samlRegisteredService = SamlIdPTestUtils.getSamlRegisteredService();
        samlRegisteredService.setSigningCredentialFingerprint("badfingerprint");
        DefaultSingleLogoutRequestContext build = DefaultSingleLogoutRequestContext.builder().logoutUrl(new URL("https://sp.example.org/slo")).registeredService(samlRegisteredService).service(RegisteredServiceTestUtils.getService("https://sp.testshib.org/shibboleth-sp")).ticketId("ST-123456789").executionRequest(SingleLogoutExecutionRequest.builder().ticketGrantingTicket(new MockTicketGrantingTicket("casuser")).build()).logoutType(RegisteredServiceLogoutType.BACK_CHANNEL).properties(CollectionUtils.wrap("singleLogoutSamlBinding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")).build();
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            samlIdPProfileSingleLogoutMessageCreator.create(build);
        });
    }
}
