package org.apereo.cas.support.saml.web.idp.profile.slo;

import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.time.Clock;
import java.time.ZonedDateTime;
import java.util.Optional;
import java.util.UUID;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.logout.slo.SingleLogoutExecutionRequest;
import org.apereo.cas.logout.slo.SingleLogoutServiceMessageHandler;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.util.Saml20ObjectBuilder;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("SAMLLogout")
/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/slo/SamlIdPSingleLogoutServiceMessageHandlerTests.class */
class SamlIdPSingleLogoutServiceMessageHandlerTests extends BaseSamlIdPConfigurationTests {

    @Autowired
    @Qualifier("samlSingleLogoutServiceMessageHandler")
    private SingleLogoutServiceMessageHandler samlSingleLogoutServiceMessageHandler;

    @Autowired
    @Qualifier("samlIdPLogoutResponseObjectBuilder")
    private Saml20ObjectBuilder samlIdPLogoutResponseObjectBuilder;
    private SamlRegisteredService samlRegisteredService;

    SamlIdPSingleLogoutServiceMessageHandlerTests() {
    }

    @BeforeEach
    public void beforeEach() {
        this.samlRegisteredService = getSamlRegisteredServiceForTestShib();
        this.servicesManager.save(this.samlRegisteredService);
        SamlRegisteredService samlRegisteredService = new SamlRegisteredService();
        samlRegisteredService.setName("Mocky");
        samlRegisteredService.setServiceId("https://mocky.io");
        samlRegisteredService.setId(RandomUtils.nextInt());
        samlRegisteredService.setMetadataLocation("classpath:metadata/testshib-providers.xml");
        this.servicesManager.save(samlRegisteredService);
        SamlRegisteredService samlRegisteredService2 = new SamlRegisteredService();
        samlRegisteredService2.setName("MockySoap");
        samlRegisteredService2.setServiceId("urn:soap:slo:example");
        samlRegisteredService2.setId(RandomUtils.nextInt());
        samlRegisteredService2.setMetadataLocation("classpath:metadata/testshib-providers.xml");
        this.servicesManager.save(samlRegisteredService2);
    }

    @Test
    void verifySupports() throws Throwable {
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(this.samlRegisteredService.getServiceId());
        service.getAttributes().put("entityId", CollectionUtils.wrapList(new String[]{this.samlRegisteredService.getServiceId()}));
        Assertions.assertTrue(this.samlSingleLogoutServiceMessageHandler.supports(SingleLogoutExecutionRequest.builder().ticketGrantingTicket(new MockTicketGrantingTicket("casuser")).build(), service));
        Assertions.assertEquals(0, this.samlSingleLogoutServiceMessageHandler.getOrder());
    }

    @Test
    void verifySendByPost() throws Throwable {
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(this.samlRegisteredService.getServiceId());
        service.getAttributes().put("entityId", CollectionUtils.wrapList(new String[]{this.samlRegisteredService.getServiceId()}));
        Assertions.assertFalse(this.samlSingleLogoutServiceMessageHandler.handle(service, "ST-1234567890", SingleLogoutExecutionRequest.builder().ticketGrantingTicket(new MockTicketGrantingTicket("casuser")).build()).isEmpty());
    }

    @Test
    void verifyNoSaml() throws Throwable {
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib();
        this.servicesManager.save(samlRegisteredServiceForTestShib);
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(samlRegisteredServiceForTestShib.getServiceId());
        service.getAttributes().put("entityId", CollectionUtils.wrapList(new String[]{samlRegisteredServiceForTestShib.getServiceId()}));
        Assertions.assertFalse(this.samlSingleLogoutServiceMessageHandler.handle(service, "ST-1234567890", SingleLogoutExecutionRequest.builder().ticketGrantingTicket(new MockTicketGrantingTicket("casuser")).build()).isEmpty());
    }

    @Test
    void verifySendByRedirect() throws Throwable {
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService("https://mocky.io");
        service.getAttributes().put("entityId", CollectionUtils.wrapList(new String[]{this.samlRegisteredService.getServiceId()}));
        Assertions.assertFalse(this.samlSingleLogoutServiceMessageHandler.handle(service, "ST-1234567890", SingleLogoutExecutionRequest.builder().ticketGrantingTicket(new MockTicketGrantingTicket("casuser")).build()).isEmpty());
    }

    @Test
    void verifySkipLogoutForOriginator() throws Throwable {
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService("https://mocky.io");
        service.getAttributes().put("entityId", CollectionUtils.wrapList(new String[]{this.samlRegisteredService.getServiceId()}));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        StringWriter transformSamlObject = SamlUtils.transformSamlObject(this.openSamlConfigBean, this.samlIdPLogoutResponseObjectBuilder.newLogoutRequest(UUID.randomUUID().toString(), ZonedDateTime.now(Clock.systemUTC()), "https://github.com/apereo/cas", this.samlIdPLogoutResponseObjectBuilder.newIssuer(service.getId()), UUID.randomUUID().toString(), this.samlIdPLogoutResponseObjectBuilder.newNameID("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "cas@example.org")));
        try {
            WebUtils.putSingleLogoutRequest(mockHttpServletRequest, EncodingUtils.encodeBase64(transformSamlObject.toString().getBytes(StandardCharsets.UTF_8)));
            if (transformSamlObject != null) {
                transformSamlObject.close();
            }
            Assertions.assertFalse(this.samlSingleLogoutServiceMessageHandler.handle(service, "ST-1234567890", SingleLogoutExecutionRequest.builder().ticketGrantingTicket(new MockTicketGrantingTicket("casuser")).httpServletRequest(Optional.of(mockHttpServletRequest)).httpServletResponse(Optional.of(new MockHttpServletResponse())).build()).isEmpty());
        } catch (Throwable th) {
            if (transformSamlObject != null) {
                try {
                    transformSamlObject.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    void verifySoap() throws Throwable {
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService("urn:soap:slo:example");
        service.getAttributes().put("entityId", CollectionUtils.wrapList(new String[]{service.getId()}));
        Assertions.assertFalse(this.samlSingleLogoutServiceMessageHandler.handle(service, "ST-1234567890", SingleLogoutExecutionRequest.builder().ticketGrantingTicket(new MockTicketGrantingTicket("casuser")).build()).isEmpty());
    }
}
