package org.apereo.cas.web.view;

import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apereo.cas.BaseCasCoreTests;
import org.apereo.cas.authentication.AuthenticationResult;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.DefaultAuthenticationAttributeReleasePolicy;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.authentication.support.NoOpProtocolAttributeEncoder;
import org.apereo.cas.config.CasThymeleafConfiguration;
import org.apereo.cas.services.AbstractRegisteredService;
import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
import org.apereo.cas.services.PartialRegexRegisteredServiceMatchingStrategy;
import org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.web.config.CasThemesConfiguration;
import org.apereo.cas.ticket.ServiceTicket;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.validation.Assertion;
import org.apereo.cas.validation.ServiceTicketValidationAuthorizer;
import org.apereo.cas.validation.ServiceTicketValidationAuthorizerConfigurer;
import org.apereo.cas.validation.ServiceTicketValidationAuthorizersExecutionPlan;
import org.apereo.cas.web.AbstractServiceValidateController;
import org.apereo.cas.web.AbstractServiceValidateControllerTests;
import org.apereo.cas.web.MockRequestedAuthenticationContextValidator;
import org.apereo.cas.web.ServiceValidateConfigurationContext;
import org.apereo.cas.web.ServiceValidationViewFactory;
import org.apereo.cas.web.config.CasValidationConfiguration;
import org.apereo.cas.web.v2.ServiceValidateController;
import org.apereo.cas.web.view.attributes.NoOpProtocolAttributesRenderer;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.web.context.support.GenericWebApplicationContext;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.View;
import org.springframework.web.servlet.support.RequestContext;

@Tag("CAS")
@SpringBootTest(classes = {Cas20ResponseViewTestConfiguration.class, BaseCasCoreTests.SharedTestConfiguration.class, CasThemesConfiguration.class, CasThymeleafConfiguration.class, CasValidationConfiguration.class})
/* loaded from: input_file:org/apereo/cas/web/view/Cas20ResponseViewTests.class */
public class Cas20ResponseViewTests extends AbstractServiceValidateControllerTests {

    @Autowired
    @Qualifier("serviceValidationViewFactory")
    private ServiceValidationViewFactory serviceValidationViewFactory;

    @TestConfiguration(value = "Cas20ResponseViewTestConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/web/view/Cas20ResponseViewTests$Cas20ResponseViewTestConfiguration.class */
    public static class Cas20ResponseViewTestConfiguration implements ServiceTicketValidationAuthorizerConfigurer {
        public void configureAuthorizersExecutionPlan(ServiceTicketValidationAuthorizersExecutionPlan serviceTicketValidationAuthorizersExecutionPlan) {
            ServiceTicketValidationAuthorizer serviceTicketValidationAuthorizer = (ServiceTicketValidationAuthorizer) Mockito.mock(ServiceTicketValidationAuthorizer.class);
            ((ServiceTicketValidationAuthorizer) Mockito.doThrow(new Throwable[]{new IllegalArgumentException()}).when(serviceTicketValidationAuthorizer)).authorize((HttpServletRequest) Mockito.any(), (Service) Mockito.argThat(service -> {
                return service.getId().equals("not-authorized");
            }), (Assertion) Mockito.any());
            serviceTicketValidationAuthorizersExecutionPlan.registerAuthorizer(serviceTicketValidationAuthorizer);
        }
    }

    @Override // org.apereo.cas.web.AbstractServiceValidateControllerTests
    public AbstractServiceValidateController getServiceValidateControllerInstance() {
        return new ServiceValidateController(ServiceValidateConfigurationContext.builder().validationSpecifications(CollectionUtils.wrapSet(getValidationSpecification())).authenticationSystemSupport(getAuthenticationSystemSupport()).servicesManager(getServicesManager()).centralAuthenticationService(getCentralAuthenticationService()).argumentExtractor(getArgumentExtractor()).proxyHandler(getProxyHandler()).requestedContextValidator(new MockRequestedAuthenticationContextValidator()).authnContextAttribute("authenticationContext").validationAuthorizers(getServiceValidationAuthorizers()).renewEnabled(true).validationViewFactory(this.serviceValidationViewFactory).build());
    }

    @Test
    public void verifyValidationFailsInvalidTicket() throws Exception {
        RegisteredService registeredService = CoreAuthenticationTestUtils.getRegisteredService(CoreAuthenticationTestUtils.getWebApplicationService(UUID.randomUUID().toString()).getId());
        getServicesManager().save(registeredService);
        Mockito.when(registeredService.getProxyPolicy()).thenReturn(new RefuseRegisteredServiceProxyPolicy());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("pgtUrl", SERVICE.getId());
        mockHttpServletRequest.addParameter("service", SERVICE.getId());
        mockHttpServletRequest.addParameter("ticket", UUID.randomUUID().toString());
        ModelAndView handleRequestInternal = this.serviceValidateController.handleRequestInternal(mockHttpServletRequest, new MockHttpServletResponse());
        Assertions.assertNotNull(handleRequestInternal);
        Assertions.assertNotNull(handleRequestInternal.getView());
        Assertions.assertTrue(handleRequestInternal.getView().toString().contains("Failure"));
    }

    @Test
    public void verifyValidationTicketAuthzFails() throws Exception {
        WebApplicationService webApplicationService = CoreAuthenticationTestUtils.getWebApplicationService("not-authorized");
        AbstractRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService(webApplicationService.getId());
        registeredService.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy());
        getServicesManager().save(registeredService);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("service", webApplicationService.getId());
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), webApplicationService);
        mockHttpServletRequest.addParameter("ticket", getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), webApplicationService, authenticationResult).getId());
        ModelAndView handleRequestInternal = this.serviceValidateController.handleRequestInternal(mockHttpServletRequest, new MockHttpServletResponse());
        Assertions.assertNotNull(handleRequestInternal);
        Assertions.assertNotNull(handleRequestInternal.getView());
        Assertions.assertTrue(handleRequestInternal.getView().toString().contains("Failure"));
    }

    @Test
    public void verifyValidationFailsBadProxy() throws Exception {
        WebApplicationService webApplicationService = CoreAuthenticationTestUtils.getWebApplicationService(UUID.randomUUID().toString());
        AbstractRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService(webApplicationService.getId());
        registeredService.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy());
        registeredService.setMatchingStrategy(new PartialRegexRegisteredServiceMatchingStrategy());
        registeredService.setProxyPolicy(new RefuseRegisteredServiceProxyPolicy());
        getServicesManager().save(registeredService);
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), webApplicationService);
        ServiceTicket grantServiceTicket = getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), webApplicationService, authenticationResult);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("pgtUrl", SERVICE.getId());
        mockHttpServletRequest.addParameter("service", SERVICE.getId());
        mockHttpServletRequest.addParameter("ticket", grantServiceTicket.getId());
        ModelAndView handleRequestInternal = this.serviceValidateController.handleRequestInternal(mockHttpServletRequest, new MockHttpServletResponse());
        Assertions.assertNotNull(handleRequestInternal);
        Assertions.assertNotNull(handleRequestInternal.getView());
        Assertions.assertTrue(handleRequestInternal.getView().toString().contains("Failure"));
    }

    @Test
    public void verifyValidationFailsBadAccess() throws Exception {
        WebApplicationService webApplicationService = CoreAuthenticationTestUtils.getWebApplicationService(UUID.randomUUID().toString());
        AbstractRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService(webApplicationService.getId());
        registeredService.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(true, true));
        registeredService.setMatchingStrategy(new PartialRegexRegisteredServiceMatchingStrategy());
        registeredService.setProxyPolicy(new RefuseRegisteredServiceProxyPolicy());
        getServicesManager().save(registeredService);
        AuthenticationResult authenticationResult = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), webApplicationService);
        ServiceTicket grantServiceTicket = getCentralAuthenticationService().grantServiceTicket(getCentralAuthenticationService().createTicketGrantingTicket(authenticationResult).getId(), webApplicationService, authenticationResult);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("pgtUrl", SERVICE.getId());
        mockHttpServletRequest.addParameter("service", SERVICE.getId());
        mockHttpServletRequest.addParameter("ticket", grantServiceTicket.getId());
        registeredService.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(false, false));
        ModelAndView handleRequestInternal = this.serviceValidateController.handleRequestInternal(mockHttpServletRequest, new MockHttpServletResponse());
        Assertions.assertNotNull(handleRequestInternal);
        Assertions.assertNotNull(handleRequestInternal.getView());
        Assertions.assertTrue(handleRequestInternal.getView().toString().contains("Failure"));
    }

    @Test
    public void verifyView() throws Exception {
        ModelAndView modelAndViewUponServiceValidationWithSecurePgtUrl = getModelAndViewUponServiceValidationWithSecurePgtUrl(RegisteredServiceTestUtils.getService("https://www.casinthecloud.com"));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(new MockServletContext());
        mockHttpServletRequest.setAttribute(RequestContext.WEB_APPLICATION_CONTEXT_ATTRIBUTE, new GenericWebApplicationContext(mockHttpServletRequest.getServletContext()));
        new Cas20ResponseView(true, new NoOpProtocolAttributeEncoder(), (ServicesManager) null, new View() { // from class: org.apereo.cas.web.view.Cas20ResponseViewTests.1
            public String getContentType() {
                return "text/html";
            }

            public void render(Map<String, ?> map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
                Objects.requireNonNull(httpServletRequest);
                map.forEach(httpServletRequest::setAttribute);
            }
        }, new DefaultAuthenticationAttributeReleasePolicy("attribute"), new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[0]), NoOpProtocolAttributesRenderer.INSTANCE).render(modelAndViewUponServiceValidationWithSecurePgtUrl.getModel(), mockHttpServletRequest, new MockHttpServletResponse());
        Assertions.assertNotNull(mockHttpServletRequest.getAttribute("chainedAuthentications"));
        Assertions.assertNotNull(mockHttpServletRequest.getAttribute("primaryAuthentication"));
        Assertions.assertNotNull(mockHttpServletRequest.getAttribute("principal"));
        Assertions.assertNotNull(mockHttpServletRequest.getAttribute("pgtIou"));
    }
}
