package org.apereo.cas.support.saml.web.idp.profile.slo;

import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.time.Clock;
import java.time.ZonedDateTime;
import java.util.UUID;
import org.apereo.cas.configuration.support.TriStateBoolean;
import org.apereo.cas.logout.LogoutRedirectionStrategy;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.util.Saml20ObjectBuilder;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.MockRequestContext;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.test.context.TestPropertySource;

@Tag("SAMLLogout")
/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/slo/SamlIdPSingleLogoutRedirectionStrategyTests.class */
class SamlIdPSingleLogoutRedirectionStrategyTests {

    @Nested
    @TestPropertySource(properties = {"cas.authn.saml-idp.logout.send-logout-response=true", "cas.authn.saml-idp.logout.sign-logout-response=true", "cas.authn.saml-idp.metadata.file-system.location=${#systemProperties['java.io.tmpdir']}/idp-metadata6414"})
    /* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/slo/SamlIdPSingleLogoutRedirectionStrategyTests$SignResponsesGlobally.class */
    class SignResponsesGlobally extends BaseSamlIdPConfigurationTests {

        @Autowired
        @Qualifier("samlIdPLogoutResponseObjectBuilder")
        private Saml20ObjectBuilder samlIdPLogoutResponseObjectBuilder;

        @Autowired
        @Qualifier("samlIdPSingleLogoutRedirectionStrategy")
        private LogoutRedirectionStrategy samlIdPSingleLogoutRedirectionStrategy;

        SignResponsesGlobally(SamlIdPSingleLogoutRedirectionStrategyTests samlIdPSingleLogoutRedirectionStrategyTests) {
        }

        @Test
        void verifyOperationForPostBinding() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            SamlRegisteredService samlRegisteredServiceFor = getSamlRegisteredServiceFor(false, false, false, "https://mockypost.io");
            WebUtils.putRegisteredService(create.getHttpServletRequest(), samlRegisteredServiceFor);
            StringWriter transformSamlObject = SamlUtils.transformSamlObject(this.openSamlConfigBean, this.samlIdPLogoutResponseObjectBuilder.newLogoutRequest(UUID.randomUUID().toString(), ZonedDateTime.now(Clock.systemUTC()), "https://github.com/apereo/cas", this.samlIdPLogoutResponseObjectBuilder.newIssuer(samlRegisteredServiceFor.getServiceId()), UUID.randomUUID().toString(), this.samlIdPLogoutResponseObjectBuilder.newNameID("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "cas@example.org")));
            try {
                WebUtils.putSingleLogoutRequest(create.getHttpServletRequest(), EncodingUtils.encodeBase64(transformSamlObject.toString().getBytes(StandardCharsets.UTF_8)));
                if (transformSamlObject != null) {
                    transformSamlObject.close();
                }
                Assertions.assertTrue(this.samlIdPSingleLogoutRedirectionStrategy.supports(create.getHttpServletRequest(), create.getHttpServletResponse()));
                Assertions.assertNotNull(this.samlIdPSingleLogoutRedirectionStrategy.getName());
                this.samlIdPSingleLogoutRedirectionStrategy.handle(create.getHttpServletRequest(), create.getHttpServletResponse());
                Assertions.assertNull(WebUtils.getLogoutRedirectUrl(create.getHttpServletRequest(), String.class));
            } catch (Throwable th) {
                if (transformSamlObject != null) {
                    try {
                        transformSamlObject.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }

        @Test
        void verifyOperationForRedirectBindingByService() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            SamlRegisteredService samlRegisteredServiceFor = getSamlRegisteredServiceFor(false, false, false, "https://mocky.io");
            samlRegisteredServiceFor.setLogoutResponseBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
            WebUtils.putRegisteredService(create.getHttpServletRequest(), samlRegisteredServiceFor);
            StringWriter transformSamlObject = SamlUtils.transformSamlObject(this.openSamlConfigBean, this.samlIdPLogoutResponseObjectBuilder.newLogoutRequest(UUID.randomUUID().toString(), ZonedDateTime.now(Clock.systemUTC()), "https://github.com/apereo/cas", this.samlIdPLogoutResponseObjectBuilder.newIssuer(samlRegisteredServiceFor.getServiceId()), UUID.randomUUID().toString(), this.samlIdPLogoutResponseObjectBuilder.newNameID("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "cas@example.org")));
            try {
                WebUtils.putSingleLogoutRequest(create.getHttpServletRequest(), EncodingUtils.encodeBase64(transformSamlObject.toString().getBytes(StandardCharsets.UTF_8)));
                if (transformSamlObject != null) {
                    transformSamlObject.close();
                }
                this.samlIdPSingleLogoutRedirectionStrategy.handle(create.getHttpServletRequest(), create.getHttpServletResponse());
                Assertions.assertNotNull(WebUtils.getLogoutRedirectUrl(create.getHttpServletRequest(), String.class));
            } catch (Throwable th) {
                if (transformSamlObject != null) {
                    try {
                        transformSamlObject.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }

        @Test
        void verifyOperationForRedirectBinding() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            SamlRegisteredService samlRegisteredServiceFor = getSamlRegisteredServiceFor(false, false, false, "https://mocky.io");
            WebUtils.putRegisteredService(create.getHttpServletRequest(), samlRegisteredServiceFor);
            StringWriter transformSamlObject = SamlUtils.transformSamlObject(this.openSamlConfigBean, this.samlIdPLogoutResponseObjectBuilder.newLogoutRequest(UUID.randomUUID().toString(), ZonedDateTime.now(Clock.systemUTC()), "https://github.com/apereo/cas", this.samlIdPLogoutResponseObjectBuilder.newIssuer(samlRegisteredServiceFor.getServiceId()), UUID.randomUUID().toString(), this.samlIdPLogoutResponseObjectBuilder.newNameID("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "cas@example.org")));
            try {
                WebUtils.putSingleLogoutRequest(create.getHttpServletRequest(), EncodingUtils.encodeBase64(transformSamlObject.toString().getBytes(StandardCharsets.UTF_8)));
                if (transformSamlObject != null) {
                    transformSamlObject.close();
                }
                this.samlIdPSingleLogoutRedirectionStrategy.handle(create.getHttpServletRequest(), create.getHttpServletResponse());
                Assertions.assertNotNull(WebUtils.getLogoutRedirectUrl(create.getHttpServletRequest(), String.class));
            } catch (Throwable th) {
                if (transformSamlObject != null) {
                    try {
                        transformSamlObject.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }

        @Test
        void verifyNoLogoutResponse() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            SamlRegisteredService samlRegisteredServiceFor = getSamlRegisteredServiceFor(false, false, false, "https://mocky.io");
            samlRegisteredServiceFor.setLogoutResponseEnabled(false);
            WebUtils.putRegisteredService(create.getHttpServletRequest(), samlRegisteredServiceFor);
            Assertions.assertFalse(this.samlIdPSingleLogoutRedirectionStrategy.supports(create.getHttpServletRequest(), create.getHttpServletResponse()));
        }

        @Test
        void verifyLogoutForNonSamlService() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            WebUtils.putRegisteredService(create.getHttpServletRequest(), RegisteredServiceTestUtils.getRegisteredService(UUID.randomUUID().toString()));
            Assertions.assertFalse(this.samlIdPSingleLogoutRedirectionStrategy.supports(create.getHttpServletRequest(), create.getHttpServletResponse()));
        }
    }

    @Nested
    @TestPropertySource(properties = {"cas.authn.saml-idp.metadata.file-system.location=${#systemProperties['java.io.tmpdir']}/idp-metadata956", "cas.authn.saml-idp.logout.send-logout-response=true"})
    /* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/slo/SamlIdPSingleLogoutRedirectionStrategyTests$SignResponsesServices.class */
    class SignResponsesServices extends BaseSamlIdPConfigurationTests {

        @Autowired
        @Qualifier("samlIdPLogoutResponseObjectBuilder")
        private Saml20ObjectBuilder samlIdPLogoutResponseObjectBuilder;

        @Autowired
        @Qualifier("samlIdPSingleLogoutRedirectionStrategy")
        private LogoutRedirectionStrategy samlIdPSingleLogoutRedirectionStrategy;

        SignResponsesServices(SamlIdPSingleLogoutRedirectionStrategyTests samlIdPSingleLogoutRedirectionStrategyTests) {
        }

        @Test
        void verifyOperationForPostBinding() throws Throwable {
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            SamlRegisteredService samlRegisteredServiceFor = getSamlRegisteredServiceFor(false, false, false, "https://mockypost.io");
            samlRegisteredServiceFor.setSignLogoutResponse(TriStateBoolean.TRUE);
            WebUtils.putRegisteredService(create.getHttpServletRequest(), samlRegisteredServiceFor);
            StringWriter transformSamlObject = SamlUtils.transformSamlObject(this.openSamlConfigBean, this.samlIdPLogoutResponseObjectBuilder.newLogoutRequest(UUID.randomUUID().toString(), ZonedDateTime.now(Clock.systemUTC()), "https://github.com/apereo/cas", this.samlIdPLogoutResponseObjectBuilder.newIssuer(samlRegisteredServiceFor.getServiceId()), UUID.randomUUID().toString(), this.samlIdPLogoutResponseObjectBuilder.newNameID("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "cas@example.org")));
            try {
                WebUtils.putSingleLogoutRequest(create.getHttpServletRequest(), EncodingUtils.encodeBase64(transformSamlObject.toString().getBytes(StandardCharsets.UTF_8)));
                if (transformSamlObject != null) {
                    transformSamlObject.close();
                }
                Assertions.assertTrue(this.samlIdPSingleLogoutRedirectionStrategy.supports(create.getHttpServletRequest(), create.getHttpServletResponse()));
                Assertions.assertNotNull(this.samlIdPSingleLogoutRedirectionStrategy.getName());
                this.samlIdPSingleLogoutRedirectionStrategy.handle(create.getHttpServletRequest(), create.getHttpServletResponse());
                Assertions.assertNull(WebUtils.getLogoutRedirectUrl(create.getHttpServletRequest(), String.class));
            } catch (Throwable th) {
                if (transformSamlObject != null) {
                    try {
                        transformSamlObject.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
    }

    SamlIdPSingleLogoutRedirectionStrategyTests() {
    }
}
