package org.apereo.cas.support.saml.web.idp.profile.sso;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.List;
import java.util.UUID;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests;
import org.apereo.cas.support.saml.idp.SamlIdPSessionManager;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor;
import org.apereo.cas.support.saml.util.Saml20HexRandomIdGenerator;
import org.apereo.cas.ticket.ServiceTicket;
import org.apereo.cas.ticket.tracking.TicketTrackingPolicy;
import org.apereo.cas.util.junit.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.Response;
import org.pac4j.jee.context.JEEContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.context.TestPropertySource;

@Tag("SAML2Web")
@TestPropertySource(properties = {"cas.authn.saml-idp.metadata.file-system.location=file:src/test/resources/metadata"})
/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/sso/SSOSamlIdPProfileCallbackHandlerControllerTests.class */
class SSOSamlIdPProfileCallbackHandlerControllerTests extends BaseSamlIdPConfigurationTests {

    @Autowired
    @Qualifier("ssoPostProfileCallbackHandlerController")
    private SSOSamlIdPProfileCallbackHandlerController controller;
    private SamlRegisteredService samlRegisteredService;

    SSOSamlIdPProfileCallbackHandlerControllerTests() {
    }

    @BeforeEach
    public void beforeEach() {
        this.samlRegisteredService = getSamlRegisteredServiceFor(false, false, false, "https://cassp.example.org");
        this.servicesManager.save(this.samlRegisteredService);
    }

    @Test
    void verifyNoRequest() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Assertions.assertThrowsWithRootCause(RuntimeException.class, IllegalArgumentException.class, () -> {
            this.controller.handleCallbackProfileRequestGet(mockHttpServletResponse, mockHttpServletRequest);
        });
    }

    @Test
    void verifyNoTicketPassiveAuthn() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        AuthnRequest signAuthnRequest = signAuthnRequest(mockHttpServletRequest, mockHttpServletResponse, getAuthnRequest(true));
        MessageContext messageContext = new MessageContext();
        messageContext.setMessage(signAuthnRequest);
        storeAuthnRequest(mockHttpServletRequest, mockHttpServletResponse, signAuthnRequest, messageContext);
        org.junit.jupiter.api.Assertions.assertNull(this.controller.handleCallbackProfileRequestGet(mockHttpServletResponse, mockHttpServletRequest));
        org.junit.jupiter.api.Assertions.assertEquals(HttpStatus.OK.value(), mockHttpServletResponse.getStatus());
        org.junit.jupiter.api.Assertions.assertEquals("urn:oasis:names:tc:SAML:2.0:status:NoPassive", ((Response) mockHttpServletRequest.getAttribute(Response.class.getName())).getStatus().getStatusCode().getValue());
    }

    private void storeAuthnRequest(MockHttpServletRequest mockHttpServletRequest, MockHttpServletResponse mockHttpServletResponse, AuthnRequest authnRequest, MessageContext messageContext) throws Throwable {
        mockHttpServletRequest.addParameter("srid", authnRequest.getID());
        SamlIdPSessionManager.of(this.openSamlConfigBean, this.samlIdPDistributedSessionStore).store(new JEEContext(mockHttpServletRequest, mockHttpServletResponse), Pair.of(authnRequest, messageContext));
    }

    @Test
    void verifyNoTicket() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        AuthnRequest signAuthnRequest = signAuthnRequest(mockHttpServletRequest, mockHttpServletResponse, getAuthnRequest());
        MessageContext messageContext = new MessageContext();
        messageContext.setMessage(signAuthnRequest);
        storeAuthnRequest(mockHttpServletRequest, mockHttpServletResponse, signAuthnRequest, messageContext);
        org.junit.jupiter.api.Assertions.assertEquals(HttpStatus.BAD_REQUEST, this.controller.handleCallbackProfileRequestGet(mockHttpServletResponse, mockHttpServletRequest).getStatus());
    }

    @Test
    void verifyValidationByPost() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        AuthnRequest authnRequest = getAuthnRequest();
        authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        AuthnRequest signAuthnRequest = signAuthnRequest(mockHttpServletRequest, mockHttpServletResponse, authnRequest);
        MessageContext messageContext = new MessageContext();
        messageContext.setMessage(signAuthnRequest);
        storeAuthnRequest(mockHttpServletRequest, mockHttpServletResponse, signAuthnRequest, messageContext);
        mockHttpServletRequest.addParameter("ticket", getServiceTicket().getId());
        this.controller.handleCallbackProfileRequestGet(mockHttpServletResponse, mockHttpServletRequest);
        org.junit.jupiter.api.Assertions.assertEquals(HttpStatus.OK.value(), mockHttpServletResponse.getStatus());
    }

    @Test
    void verifyValidationByRedirect() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        AuthnRequest authnRequest = getAuthnRequest();
        authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign");
        AuthnRequest signAuthnRequest = signAuthnRequest(mockHttpServletRequest, mockHttpServletResponse, authnRequest);
        MessageContext messageContext = new MessageContext();
        messageContext.setMessage(signAuthnRequest);
        storeAuthnRequest(mockHttpServletRequest, mockHttpServletResponse, signAuthnRequest, messageContext);
        mockHttpServletRequest.addParameter("ticket", getServiceTicket().getId());
        this.controller.handleCallbackProfileRequestGet(mockHttpServletResponse, mockHttpServletRequest);
        org.junit.jupiter.api.Assertions.assertEquals(HttpStatus.OK.value(), mockHttpServletResponse.getStatus());
    }

    private AuthnRequest signAuthnRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthnRequest authnRequest) throws Throwable {
        return this.samlIdPObjectSigner.encode(authnRequest, this.samlRegisteredService, (SamlRegisteredServiceMetadataAdaptor) SamlRegisteredServiceMetadataAdaptor.get(this.samlRegisteredServiceCachingMetadataResolver, this.samlRegisteredService, this.samlRegisteredService.getServiceId()).get(), httpServletResponse, httpServletRequest, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", authnRequest, new MessageContext());
    }

    private ServiceTicket getServiceTicket() throws Throwable {
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(UUID.randomUUID().toString());
        this.ticketRegistry.addTicket(mockTicketGrantingTicket);
        TicketTrackingPolicy ticketTrackingPolicy = (TicketTrackingPolicy) Mockito.mock(TicketTrackingPolicy.class);
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(this.samlRegisteredService.getServiceId());
        service.getAttributes().put("entityId", List.of(this.samlRegisteredService.getServiceId()));
        ServiceTicket grantServiceTicket = mockTicketGrantingTicket.grantServiceTicket(service, ticketTrackingPolicy);
        this.ticketRegistry.addTicket(grantServiceTicket);
        this.ticketRegistry.updateTicket(mockTicketGrantingTicket);
        return grantServiceTicket;
    }

    private AuthnRequest getAuthnRequest() {
        return getAuthnRequest(false);
    }

    private AuthnRequest getAuthnRequest(boolean z) {
        AuthnRequest buildObject = this.openSamlConfigBean.getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setID(Saml20HexRandomIdGenerator.INSTANCE.getNewString());
        Issuer buildObject2 = this.openSamlConfigBean.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject2.setValue(this.samlRegisteredService.getServiceId());
        buildObject.setIssuer(buildObject2);
        buildObject.setIsPassive(Boolean.valueOf(z));
        return buildObject;
    }
}
