package org.apereo.cas.support.saml.web.idp.profile.sso;

import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.shibboleth.utilities.java.support.net.URLBuilder;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.PrincipalException;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
import org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.web.idp.profile.slo.SamlIdPHttpRedirectDeflateEncoder;
import org.apereo.cas.util.EncodingUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestMethodOrder;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Issuer;
import org.pac4j.jee.context.JEEContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.context.TestPropertySource;
import org.springframework.web.servlet.ModelAndView;

@Tag("SAML2Web")
@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
@TestPropertySource(properties = {"cas.tgc.crypto.enabled=false", "cas.authn.saml-idp.metadata.file-system.location=file:src/test/resources/metadata"})
/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/sso/SSOSamlIdPPostProfileHandlerControllerTests.class */
public class SSOSamlIdPPostProfileHandlerControllerTests extends BaseSamlIdPConfigurationTests {

    @Autowired
    @Qualifier("ssoPostProfileHandlerController")
    private SSOSamlIdPPostProfileHandlerController controller;
    private SamlRegisteredService samlRegisteredService;

    @BeforeEach
    public void beforeEach() {
        this.servicesManager.deleteAll();
        this.samlRegisteredService = getSamlRegisteredServiceFor(false, false, false, "https://cassp.example.org");
        this.servicesManager.save(this.samlRegisteredService);
    }

    @Test
    @Order(1)
    public void verifyPostSignRequest() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setMethod("POST");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.addParameter("SAMLRequest", EncodingUtils.encodeBase64(SamlUtils.transformSamlObject(this.openSamlConfigBean, signAuthnRequest(mockHttpServletRequest, mockHttpServletResponse, getAuthnRequest())).toString()));
        Assertions.assertEquals(HttpStatus.FOUND, this.controller.handleSaml2ProfileSsoPostRequest(mockHttpServletResponse, mockHttpServletRequest).getStatus());
    }

    @Test
    @Order(2)
    public void verifyRedirectRequest() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        SamlIdPHttpRedirectDeflateEncoder samlIdPHttpRedirectDeflateEncoder = new SamlIdPHttpRedirectDeflateEncoder("https://cas.example.org/login", signAuthnRequest(mockHttpServletRequest, mockHttpServletResponse, getAuthnRequest()));
        samlIdPHttpRedirectDeflateEncoder.doEncode();
        String remove = StringUtils.remove(samlIdPHttpRedirectDeflateEncoder.getRedirectUrl(), "https://cas.example.org/login?");
        new URLBuilder(samlIdPHttpRedirectDeflateEncoder.getRedirectUrl()).getQueryParams().forEach(pair -> {
            mockHttpServletRequest.addParameter((String) pair.getFirst(), (String) pair.getSecond());
        });
        mockHttpServletRequest.setQueryString(remove);
        Assertions.assertEquals(HttpStatus.FOUND, this.controller.handleSaml2ProfileSsoRedirectRequest(mockHttpServletResponse, mockHttpServletRequest).getStatus());
    }

    @Test
    @Order(3)
    public void verifyPutRequest() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setMethod("PUT");
        Assertions.assertEquals(HttpStatus.BAD_REQUEST, this.controller.handleSaml2ProfileSsoRedirectHeadRequest(new MockHttpServletResponse(), mockHttpServletRequest).getStatus());
    }

    @Test
    @Order(3)
    public void verifyBadRequest() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setMethod("POST");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.addParameter("SAMLRequest", "Bad Data");
        Assertions.assertEquals(HttpStatus.BAD_REQUEST, this.controller.handleSaml2ProfileSsoPostRequest(mockHttpServletResponse, mockHttpServletRequest).getStatus());
    }

    @Test
    @Order(4)
    public void verifyPostRequest() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setMethod("POST");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.addParameter("SAMLRequest", EncodingUtils.encodeBase64(SamlUtils.transformSamlObject(this.openSamlConfigBean, getAuthnRequest()).toString()));
        Assertions.assertEquals(HttpStatus.FOUND, this.controller.handleSaml2ProfileSsoPostRequest(mockHttpServletResponse, mockHttpServletRequest).getStatus());
    }

    @Test
    @Order(5)
    public void verifyPostRequestWithSso() throws Exception {
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        this.ticketRegistry.addTicket(mockTicketGrantingTicket);
        this.ticketGrantingTicketCookieGenerator.addCookie(mockHttpServletResponse, mockTicketGrantingTicket.getId());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setCookies(mockHttpServletResponse.getCookies());
        mockHttpServletRequest.setMethod("POST");
        mockHttpServletRequest.addParameter("SAMLRequest", EncodingUtils.encodeBase64(SamlUtils.transformSamlObject(this.openSamlConfigBean, getAuthnRequest()).toString()));
        this.samlIdPDistributedSessionStore.set(new JEEContext(mockHttpServletRequest, mockHttpServletResponse), "RelayState", "relay-state");
        Assertions.assertNull(this.controller.handleSaml2ProfileSsoPostRequest(mockHttpServletResponse, mockHttpServletRequest));
        Assertions.assertEquals(HttpStatus.OK.value(), mockHttpServletResponse.getStatus());
        Assertions.assertNotNull(mockHttpServletResponse.getContentAsString());
    }

    @Test
    @Order(6)
    public void verifyPostRequestWithSsoForcedAuthn() throws Exception {
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        this.ticketRegistry.addTicket(mockTicketGrantingTicket);
        this.ticketGrantingTicketCookieGenerator.addCookie(mockHttpServletResponse, mockTicketGrantingTicket.getId());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setCookies(mockHttpServletResponse.getCookies());
        mockHttpServletRequest.setMethod("POST");
        AuthnRequest authnRequest = getAuthnRequest();
        authnRequest.setForceAuthn(true);
        mockHttpServletRequest.addParameter("SAMLRequest", EncodingUtils.encodeBase64(SamlUtils.transformSamlObject(this.openSamlConfigBean, authnRequest).toString()));
        this.samlIdPDistributedSessionStore.set(new JEEContext(mockHttpServletRequest, mockHttpServletResponse), "RelayState", "relay-state");
        Assertions.assertEquals(HttpStatus.FOUND, this.controller.handleSaml2ProfileSsoPostRequest(mockHttpServletResponse, mockHttpServletRequest).getStatus());
    }

    @Test
    @Order(7)
    public void verifyPostRequestWithUnknownCookie() throws Exception {
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.ticketGrantingTicketCookieGenerator.addCookie(mockHttpServletResponse, new MockTicketGrantingTicket("casuser").getId());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setCookies(mockHttpServletResponse.getCookies());
        mockHttpServletRequest.setMethod("POST");
        mockHttpServletRequest.addParameter("SAMLRequest", EncodingUtils.encodeBase64(SamlUtils.transformSamlObject(this.openSamlConfigBean, getAuthnRequest()).toString()));
        this.samlIdPDistributedSessionStore.set(new JEEContext(mockHttpServletRequest, mockHttpServletResponse), "RelayState", "relay-state");
        Assertions.assertEquals(HttpStatus.FOUND, this.controller.handleSaml2ProfileSsoPostRequest(mockHttpServletResponse, mockHttpServletRequest).getStatus());
    }

    @Test
    @Order(8)
    public void verifyPostRequestWithSsoAndAccessStrategy() throws Exception {
        this.samlRegisteredService.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(Map.of("authnMethod", Set.of("X509"))));
        this.servicesManager.save(this.samlRegisteredService);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        this.ticketRegistry.addTicket(mockTicketGrantingTicket);
        this.ticketGrantingTicketCookieGenerator.addCookie(mockHttpServletResponse, mockTicketGrantingTicket.getId());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setCookies(mockHttpServletResponse.getCookies());
        mockHttpServletRequest.setMethod("POST");
        mockHttpServletRequest.addParameter("SAMLRequest", EncodingUtils.encodeBase64(SamlUtils.transformSamlObject(this.openSamlConfigBean, getAuthnRequest()).toString()));
        this.samlIdPDistributedSessionStore.set(new JEEContext(mockHttpServletRequest, mockHttpServletResponse), "RelayState", "relay-state");
        ModelAndView handleSaml2ProfileSsoPostRequest = this.controller.handleSaml2ProfileSsoPostRequest(mockHttpServletResponse, mockHttpServletRequest);
        Assertions.assertNotNull(handleSaml2ProfileSsoPostRequest);
        Assertions.assertTrue(handleSaml2ProfileSsoPostRequest.getModel().get("rootCauseException") instanceof PrincipalException);
        Assertions.assertEquals("error/casServiceErrorView", handleSaml2ProfileSsoPostRequest.getViewName());
        Assertions.assertEquals(HttpStatus.BAD_REQUEST, handleSaml2ProfileSsoPostRequest.getStatus());
    }

    private AuthnRequest signAuthnRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthnRequest authnRequest) {
        return this.samlIdPObjectSigner.encode(authnRequest, this.samlRegisteredService, (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, this.samlRegisteredService, this.samlRegisteredService.getServiceId()).get(), httpServletResponse, httpServletRequest, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", authnRequest, new MessageContext());
    }

    private AuthnRequest getAuthnRequest() {
        AuthnRequest buildObject = this.openSamlConfigBean.getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        Issuer buildObject2 = this.openSamlConfigBean.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject2.setValue(this.samlRegisteredService.getServiceId());
        buildObject.setIssuer(buildObject2);
        return buildObject;
    }
}
