package org.apereo.cas.support.saml.services;

import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.util.List;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicyContext;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests;
import org.apereo.cas.support.saml.SamlIdPTestUtils;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.http.HttpRequestUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.parallel.Execution;
import org.junit.jupiter.api.parallel.ExecutionMode;
import org.springframework.test.context.TestPropertySource;

@Tag("GroovyServices")
@Execution(ExecutionMode.SAME_THREAD)
@TestPropertySource(properties = {"cas.authn.saml-idp.core.entity-id=https://cas.example.org/idp", "cas.authn.saml-idp.metadata.file-system.location=${#systemProperties['java.io.tmpdir']}/idp-metadata34"})
/* loaded from: input_file:org/apereo/cas/support/saml/services/GroovySamlRegisteredServiceAttributeReleasePolicyTests.class */
class GroovySamlRegisteredServiceAttributeReleasePolicyTests extends BaseSamlIdPConfigurationTests {
    GroovySamlRegisteredServiceAttributeReleasePolicyTests() {
    }

    @BeforeEach
    public void setup() {
        this.servicesManager.deleteAll();
        this.defaultSamlRegisteredServiceCachingMetadataResolver.invalidate();
    }

    @Test
    void verifyUnknownScript() throws Throwable {
        GroovySamlRegisteredServiceAttributeReleasePolicy groovySamlRegisteredServiceAttributeReleasePolicy = new GroovySamlRegisteredServiceAttributeReleasePolicy();
        groovySamlRegisteredServiceAttributeReleasePolicy.setGroovyScript("classpath:unknown-123456.groovy");
        groovySamlRegisteredServiceAttributeReleasePolicy.setAllowedAttributes(CollectionUtils.wrapList(new String[]{"uid", "givenName", "displayName"}));
        SamlRegisteredService samlRegisteredService = SamlIdPTestUtils.getSamlRegisteredService();
        samlRegisteredService.setAttributeReleasePolicy(groovySamlRegisteredServiceAttributeReleasePolicy);
        Assertions.assertTrue(groovySamlRegisteredServiceAttributeReleasePolicy.getAttributes(RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(samlRegisteredService).applicationContext(this.applicationContext).service(CoreAuthenticationTestUtils.getService()).principal(CoreAuthenticationTestUtils.getPrincipal()).build()).isEmpty());
    }

    @Test
    void verifyScriptReleasesSamlAttributes() throws Throwable {
        GroovySamlRegisteredServiceAttributeReleasePolicy groovySamlRegisteredServiceAttributeReleasePolicy = new GroovySamlRegisteredServiceAttributeReleasePolicy();
        groovySamlRegisteredServiceAttributeReleasePolicy.setGroovyScript("classpath:saml-groovy-attrs.groovy");
        groovySamlRegisteredServiceAttributeReleasePolicy.setAllowedAttributes(CollectionUtils.wrapList(new String[]{"uid", "givenName", "displayName"}));
        SamlRegisteredService samlRegisteredService = SamlIdPTestUtils.getSamlRegisteredService();
        samlRegisteredService.setAttributeReleasePolicy(groovySamlRegisteredServiceAttributeReleasePolicy);
        Assertions.assertFalse(groovySamlRegisteredServiceAttributeReleasePolicy.getAttributes(RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(samlRegisteredService).applicationContext(this.applicationContext).service(CoreAuthenticationTestUtils.getService()).principal(CoreAuthenticationTestUtils.getPrincipal()).build()).isEmpty());
    }

    @Test
    void verifyScriptReleasesSamlAttributesWithEntityId() throws Throwable {
        GroovySamlRegisteredServiceAttributeReleasePolicy groovySamlRegisteredServiceAttributeReleasePolicy = new GroovySamlRegisteredServiceAttributeReleasePolicy();
        groovySamlRegisteredServiceAttributeReleasePolicy.setGroovyScript("classpath:saml-groovy-attrs.groovy");
        groovySamlRegisteredServiceAttributeReleasePolicy.setAllowedAttributes(CollectionUtils.wrapList(new String[]{"uid", "givenName", "displayName"}));
        SamlRegisteredService samlRegisteredService = SamlIdPTestUtils.getSamlRegisteredService();
        samlRegisteredService.setAttributeReleasePolicy(groovySamlRegisteredServiceAttributeReleasePolicy);
        HttpRequestUtils.getHttpServletRequestFromRequestAttributes().removeParameter("entityId");
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService();
        service.getAttributes().put("entityId", List.of(samlRegisteredService.getServiceId()));
        Assertions.assertFalse(groovySamlRegisteredServiceAttributeReleasePolicy.getAttributes(RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(samlRegisteredService).applicationContext(this.applicationContext).service(service).principal(CoreAuthenticationTestUtils.getPrincipal()).build()).isEmpty());
    }

    @Test
    void verifyScriptReleasesSamlAttributesWithProviderId() throws Throwable {
        GroovySamlRegisteredServiceAttributeReleasePolicy groovySamlRegisteredServiceAttributeReleasePolicy = new GroovySamlRegisteredServiceAttributeReleasePolicy();
        groovySamlRegisteredServiceAttributeReleasePolicy.setGroovyScript("classpath:saml-groovy-attrs.groovy");
        groovySamlRegisteredServiceAttributeReleasePolicy.setAllowedAttributes(CollectionUtils.wrapList(new String[]{"uid", "givenName", "displayName"}));
        SamlRegisteredService samlRegisteredService = SamlIdPTestUtils.getSamlRegisteredService();
        samlRegisteredService.setAttributeReleasePolicy(groovySamlRegisteredServiceAttributeReleasePolicy);
        HttpRequestUtils.getHttpServletRequestFromRequestAttributes().removeParameter("entityId");
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService();
        service.getAttributes().put("providerId", List.of(samlRegisteredService.getServiceId()));
        Assertions.assertFalse(groovySamlRegisteredServiceAttributeReleasePolicy.getAttributes(RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(samlRegisteredService).applicationContext(this.applicationContext).service(service).principal(CoreAuthenticationTestUtils.getPrincipal()).build()).isEmpty());
    }

    @Test
    void verifyScriptReleasesSamlAttributesWithSamlRequest() throws Throwable {
        GroovySamlRegisteredServiceAttributeReleasePolicy groovySamlRegisteredServiceAttributeReleasePolicy = new GroovySamlRegisteredServiceAttributeReleasePolicy();
        groovySamlRegisteredServiceAttributeReleasePolicy.setGroovyScript("classpath:saml-groovy-attrs.groovy");
        groovySamlRegisteredServiceAttributeReleasePolicy.setAllowedAttributes(CollectionUtils.wrapList(new String[]{"uid", "givenName", "displayName"}));
        SamlRegisteredService samlRegisteredService = SamlIdPTestUtils.getSamlRegisteredService();
        samlRegisteredService.setAttributeReleasePolicy(groovySamlRegisteredServiceAttributeReleasePolicy);
        HttpRequestUtils.getHttpServletRequestFromRequestAttributes().removeParameter("entityId");
        StringWriter transformSamlObject = SamlUtils.transformSamlObject(this.openSamlConfigBean, SamlIdPTestUtils.getAuthnRequest(this.openSamlConfigBean, samlRegisteredService));
        try {
            String encodeBase64 = EncodingUtils.encodeBase64(transformSamlObject.toString().getBytes(StandardCharsets.UTF_8));
            AbstractWebApplicationService service = RegisteredServiceTestUtils.getService();
            service.getAttributes().put("SAMLRequest", List.of(encodeBase64));
            Assertions.assertFalse(groovySamlRegisteredServiceAttributeReleasePolicy.getAttributes(RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(samlRegisteredService).applicationContext(this.applicationContext).service(service).principal(CoreAuthenticationTestUtils.getPrincipal()).build()).isEmpty());
            if (transformSamlObject != null) {
                transformSamlObject.close();
            }
        } catch (Throwable th) {
            if (transformSamlObject != null) {
                try {
                    transformSamlObject.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
