package org.apereo.cas.support.saml.web.idp.profile.sso;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests;
import org.apereo.cas.support.saml.idp.SamlIdPSessionManager;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.util.Saml20HexRandomIdGenerator;
import org.apereo.cas.ticket.ServiceTicket;
import org.apereo.cas.ticket.tracking.TicketTrackingPolicy;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.apereo.cas.web.BrowserStorage;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestMethodOrder;
import org.mockito.Mockito;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Issuer;
import org.pac4j.jee.context.JEEContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.context.TestPropertySource;
import org.springframework.web.servlet.ModelAndView;

@Tag("SAML2Web")
@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
@TestPropertySource(properties = {"cas.authn.saml-idp.core.session-storage-type=BROWSER_STORAGE", "cas.authn.saml-idp.metadata.file-system.location=file:src/test/resources/metadata"})
/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/sso/SSOSamlIdPProfileCallbackHandlerControllerWithBrowserStorageTests.class */
class SSOSamlIdPProfileCallbackHandlerControllerWithBrowserStorageTests extends BaseSamlIdPConfigurationTests {
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(false).minimal(false).build().toObjectMapper();

    @Autowired
    @Qualifier("ssoPostProfileCallbackHandlerController")
    private SSOSamlIdPProfileCallbackHandlerController controller;
    private SamlRegisteredService samlRegisteredService;

    SSOSamlIdPProfileCallbackHandlerControllerWithBrowserStorageTests() {
    }

    @BeforeEach
    public void beforeEach() {
        this.samlRegisteredService = getSamlRegisteredServiceFor(false, false, false, "https://cassp.example.org");
        this.servicesManager.save(this.samlRegisteredService);
    }

    @Test
    void verifyReadFromStorage() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        AuthnRequest authnRequest = getAuthnRequest();
        authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        storeAuthnRequest(mockHttpServletRequest, mockHttpServletResponse, authnRequest);
        mockHttpServletRequest.addParameter("ticket", getServiceTicket().getId());
        ModelAndView handleCallbackProfileRequestGet = this.controller.handleCallbackProfileRequestGet(mockHttpServletResponse, mockHttpServletRequest);
        Assertions.assertEquals("storage/casBrowserStorageReadView", handleCallbackProfileRequestGet.getViewName());
        Assertions.assertTrue(handleCallbackProfileRequestGet.getModel().containsKey("browserStorage"));
    }

    @Test
    void verifyResumeFromStorage() throws Throwable {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        AuthnRequest authnRequest = getAuthnRequest();
        authnRequest.setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        storeAuthnRequest(mockHttpServletRequest, mockHttpServletResponse, authnRequest);
        mockHttpServletRequest.addParameter("ticket", getServiceTicket().getId());
        Optional trackableSession = this.samlIdPDistributedSessionStore.getTrackableSession(new JEEContext(mockHttpServletRequest, mockHttpServletResponse));
        Class<BrowserStorage> cls = BrowserStorage.class;
        Objects.requireNonNull(BrowserStorage.class);
        BrowserStorage browserStorage = (BrowserStorage) trackableSession.map(cls::cast).orElseThrow();
        mockHttpServletRequest.addParameter("browserStorage", MAPPER.writeValueAsString(Map.of(browserStorage.getContext(), browserStorage.getPayload())));
        Assertions.assertNull(this.controller.handleCallbackProfileRequestPost(mockHttpServletResponse, mockHttpServletRequest));
        Assertions.assertEquals(200, mockHttpServletResponse.getStatus());
    }

    private void storeAuthnRequest(MockHttpServletRequest mockHttpServletRequest, MockHttpServletResponse mockHttpServletResponse, AuthnRequest authnRequest) throws Throwable {
        MessageContext messageContext = new MessageContext();
        messageContext.setMessage(authnRequest);
        mockHttpServletRequest.addParameter("srid", authnRequest.getID());
        SamlIdPSessionManager.of(this.openSamlConfigBean, this.samlIdPDistributedSessionStore).store(new JEEContext(mockHttpServletRequest, mockHttpServletResponse), Pair.of(authnRequest, messageContext));
    }

    private AuthnRequest getAuthnRequest() {
        AuthnRequest buildObject = this.openSamlConfigBean.getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setID(Saml20HexRandomIdGenerator.INSTANCE.getNewString());
        Issuer buildObject2 = this.openSamlConfigBean.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject2.setValue(this.samlRegisteredService.getServiceId());
        buildObject.setIssuer(buildObject2);
        return buildObject;
    }

    private ServiceTicket getServiceTicket() throws Throwable {
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(UUID.randomUUID().toString());
        this.ticketRegistry.addTicket(mockTicketGrantingTicket);
        TicketTrackingPolicy ticketTrackingPolicy = (TicketTrackingPolicy) Mockito.mock(TicketTrackingPolicy.class);
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(this.samlRegisteredService.getServiceId());
        service.getAttributes().put("entityId", List.of(this.samlRegisteredService.getServiceId()));
        ServiceTicket grantServiceTicket = mockTicketGrantingTicket.grantServiceTicket(service, ticketTrackingPolicy);
        this.ticketRegistry.addTicket(grantServiceTicket);
        this.ticketRegistry.updateTicket(mockTicketGrantingTicket);
        return grantServiceTicket;
    }
}
