package org.apereo.cas.support.saml.web.idp.profile.sso;

import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.authentication.SamlIdPAuthenticationContext;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.jasig.cas.client.authentication.AttributePrincipalImpl;
import org.jasig.cas.client.validation.AssertionImpl;
import org.jasig.cas.client.validation.TicketValidator;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestMethodOrder;
import org.mockito.Mockito;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Issuer;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.context.TestPropertySource;

@Tag("SAML")
@TestPropertySource(properties = {"cas.authn.saml-idp.metadata.file-system.location=file:src/test/resources/metadata"})
@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
@Import({SamlIdPTestConfiguration.class})
/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/sso/SSOSamlIdPProfileCallbackHandlerControllerTests.class */
public class SSOSamlIdPProfileCallbackHandlerControllerTests extends BaseSamlIdPConfigurationTests {

    @Autowired
    @Qualifier("ssoPostProfileCallbackHandlerController")
    private SSOSamlIdPProfileCallbackHandlerController controller;
    private SamlRegisteredService samlRegisteredService;

    @TestConfiguration(value = "SamlIdPTestConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/sso/SSOSamlIdPProfileCallbackHandlerControllerTests$SamlIdPTestConfiguration.class */
    public static class SamlIdPTestConfiguration {
        @Bean
        public TicketValidator samlIdPTicketValidator() throws Exception {
            TicketValidator ticketValidator = (TicketValidator) Mockito.mock(TicketValidator.class);
            Mockito.when(ticketValidator.validate(Mockito.anyString(), Mockito.anyString())).thenReturn(new AssertionImpl(new AttributePrincipalImpl("casuser", CollectionUtils.wrap("cn", "cas"))));
            return ticketValidator;
        }
    }

    @BeforeEach
    public void beforeEach() {
        this.samlRegisteredService = getSamlRegisteredServiceFor(false, false, false, "https://cassp.example.org");
        this.servicesManager.save(this.samlRegisteredService);
    }

    @Test
    public void verifyNoRequest() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.controller.handleCallbackProfileRequestGet(mockHttpServletResponse, mockHttpServletRequest);
        });
    }

    @Test
    public void verifyNoTicket() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        AuthnRequest signAuthnRequest = signAuthnRequest(mockHttpServletRequest, mockHttpServletResponse, getAuthnRequest());
        mockHttpServletRequest.getSession().setAttribute("SAMLRequest", EncodingUtils.encodeBase64(SamlUtils.transformSamlObject(this.openSamlConfigBean, signAuthnRequest).toString()));
        MessageContext messageContext = new MessageContext();
        messageContext.setMessage(signAuthnRequest);
        mockHttpServletRequest.getSession().setAttribute(MessageContext.class.getName(), SamlIdPAuthenticationContext.from(messageContext).encode());
        Assertions.assertEquals(HttpStatus.BAD_REQUEST, this.controller.handleCallbackProfileRequestGet(mockHttpServletResponse, mockHttpServletRequest).getStatus());
    }

    @Test
    @Order(1)
    public void verifyValidationByPost() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        AuthnRequest authnRequest = getAuthnRequest();
        authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        AuthnRequest signAuthnRequest = signAuthnRequest(mockHttpServletRequest, mockHttpServletResponse, authnRequest);
        MessageContext messageContext = new MessageContext();
        messageContext.setMessage(signAuthnRequest);
        mockHttpServletRequest.getSession().setAttribute("SAMLRequest", EncodingUtils.encodeBase64(SamlUtils.transformSamlObject(this.openSamlConfigBean, signAuthnRequest).toString()));
        mockHttpServletRequest.getSession().setAttribute("RelayState", UUID.randomUUID().toString());
        mockHttpServletRequest.getSession().setAttribute(MessageContext.class.getName(), SamlIdPAuthenticationContext.from(messageContext).encode());
        mockHttpServletRequest.addParameter("ticket", "ST-1234567890");
        this.controller.handleCallbackProfileRequestGet(mockHttpServletResponse, mockHttpServletRequest);
        Assertions.assertEquals(HttpStatus.OK.value(), mockHttpServletResponse.getStatus());
    }

    @Test
    @Order(2)
    public void verifyValidationByRedirect() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        AuthnRequest authnRequest = getAuthnRequest();
        authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign");
        AuthnRequest signAuthnRequest = signAuthnRequest(mockHttpServletRequest, mockHttpServletResponse, authnRequest);
        mockHttpServletRequest.getSession().setAttribute("SAMLRequest", EncodingUtils.encodeBase64(SamlUtils.transformSamlObject(this.openSamlConfigBean, signAuthnRequest).toString()));
        mockHttpServletRequest.getSession().setAttribute("RelayState", UUID.randomUUID().toString());
        MessageContext messageContext = new MessageContext();
        messageContext.setMessage(signAuthnRequest);
        mockHttpServletRequest.getSession().setAttribute(MessageContext.class.getName(), SamlIdPAuthenticationContext.from(messageContext).encode());
        mockHttpServletRequest.addParameter("ticket", "ST-1234567890");
        this.controller.handleCallbackProfileRequestGet(mockHttpServletResponse, mockHttpServletRequest);
        Assertions.assertEquals(HttpStatus.OK.value(), mockHttpServletResponse.getStatus());
    }

    private AuthnRequest signAuthnRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthnRequest authnRequest) throws Exception {
        return this.samlIdPObjectSigner.encode(authnRequest, this.samlRegisteredService, (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, this.samlRegisteredService, this.samlRegisteredService.getServiceId()).get(), httpServletResponse, httpServletRequest, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", authnRequest, new MessageContext());
    }

    private AuthnRequest getAuthnRequest() {
        AuthnRequest buildObject = this.openSamlConfigBean.getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME).buildObject();
        Issuer buildObject2 = this.openSamlConfigBean.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject2.setValue(this.samlRegisteredService.getServiceId());
        buildObject.setIssuer(buildObject2);
        return buildObject;
    }
}
