package org.apereo.cas.web.view;

import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.util.Map;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.BaseCasCoreTests;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.DefaultAuthenticationAttributeReleasePolicy;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.ProtocolAttributeEncoder;
import org.apereo.cas.authentication.support.DefaultCasProtocolAttributeEncoder;
import org.apereo.cas.config.CasThymeleafConfiguration;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.web.config.CasThemesConfiguration;
import org.apereo.cas.services.web.view.AbstractCasView;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.crypto.PrivateKeyFactoryBean;
import org.apereo.cas.web.AbstractServiceValidateController;
import org.apereo.cas.web.AbstractServiceValidateControllerTests;
import org.apereo.cas.web.MockRequestedAuthenticationContextValidator;
import org.apereo.cas.web.ServiceValidateConfigurationContext;
import org.apereo.cas.web.ServiceValidationViewFactory;
import org.apereo.cas.web.config.CasValidationConfiguration;
import org.apereo.cas.web.v2.ServiceValidateController;
import org.apereo.cas.web.view.attributes.DefaultCas30ProtocolAttributesRenderer;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.apereo.services.persondir.support.StubPersonAttributeDao;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.core.io.ClassPathResource;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.web.context.support.GenericWebApplicationContext;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.View;
import org.springframework.web.servlet.support.RequestContext;

@Tag("CAS")
@SpringBootTest(properties = {"cas.clearpass.cache-credential=true", "cas.clearpass.crypto.enabled=false"}, classes = {AttributeRepositoryTestConfiguration.class, BaseCasCoreTests.SharedTestConfiguration.class, CasThemesConfiguration.class, CasThymeleafConfiguration.class, CasValidationConfiguration.class})
/* loaded from: input_file:org/apereo/cas/web/view/Cas30ResponseViewTests.class */
public class Cas30ResponseViewTests extends AbstractServiceValidateControllerTests {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(Cas30ResponseViewTests.class);

    @Autowired
    @Qualifier("serviceValidationViewFactory")
    protected ServiceValidationViewFactory serviceValidationViewFactory;

    @Autowired
    @Qualifier("servicesManager")
    protected ServicesManager servicesManager;

    @TestConfiguration(value = "AttributeRepositoryTestConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/web/view/Cas30ResponseViewTests$AttributeRepositoryTestConfiguration.class */
    public static class AttributeRepositoryTestConfiguration {
        @Bean
        public IPersonAttributeDao attributeRepository() {
            return new StubPersonAttributeDao(CollectionUtils.wrap("uid", CollectionUtils.wrap("uid"), "eduPersonAffiliation", CollectionUtils.wrap("developer"), "groupMembership", CollectionUtils.wrap("adopters"), "binaryAttribute", CollectionUtils.wrap("binaryAttributeValue".getBytes(StandardCharsets.UTF_8))));
        }
    }

    private static String decryptCredential(String str) {
        PrivateKeyFactoryBean privateKeyFactoryBean = new PrivateKeyFactoryBean();
        privateKeyFactoryBean.setAlgorithm("RSA");
        privateKeyFactoryBean.setLocation(new ClassPathResource("keys/RSA4096Private.p8"));
        privateKeyFactoryBean.setSingleton(false);
        PrivateKey privateKey = (PrivateKey) privateKeyFactoryBean.getObject();
        LOGGER.debug("Initializing cipher based on [{}]", privateKey.getAlgorithm());
        Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
        LOGGER.debug("Decoding value [{}]", str);
        byte[] decodeBase64 = EncodingUtils.decodeBase64(str);
        LOGGER.debug("Initializing decrypt-mode via private key [{}]", privateKey.getAlgorithm());
        cipher.init(2, privateKey);
        return new String(cipher.doFinal(decodeBase64), StandardCharsets.UTF_8);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static View getDelegatedView() {
        return new View() { // from class: org.apereo.cas.web.view.Cas30ResponseViewTests.1
            public String getContentType() {
                return "text/html";
            }

            public void render(Map<String, ?> map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
                Cas30ResponseViewTests.LOGGER.warn("Setting attribute [{}]", map.keySet());
                Objects.requireNonNull(httpServletRequest);
                map.forEach(httpServletRequest::setAttribute);
            }
        };
    }

    @Override // org.apereo.cas.web.AbstractServiceValidateControllerTests
    public AbstractServiceValidateController getServiceValidateControllerInstance() {
        return new ServiceValidateController(ServiceValidateConfigurationContext.builder().ticketRegistry(getTicketRegistry()).validationSpecifications(CollectionUtils.wrapSet(getValidationSpecification())).authenticationSystemSupport(getAuthenticationSystemSupport()).servicesManager(getServicesManager()).centralAuthenticationService(getCentralAuthenticationService()).argumentExtractor(getArgumentExtractor()).proxyHandler(getProxyHandler()).requestedContextValidator(new MockRequestedAuthenticationContextValidator()).validationAuthorizers(getServiceValidationAuthorizers()).validationViewFactory(this.serviceValidationViewFactory).casProperties(this.casProperties).build());
    }

    @Test
    public void verifyViewAuthnAttributes() throws Exception {
        Map<?, ?> renderView = renderView();
        Assertions.assertTrue(renderView.containsKey("authenticationDate"));
        Assertions.assertTrue(renderView.containsKey("isFromNewLogin"));
        Assertions.assertTrue(renderView.containsKey("longTermAuthenticationRequestTokenUsed"));
    }

    @Test
    public void verifyPasswordAsAuthenticationAttributeCanDecrypt() throws Exception {
        Map<?, ?> renderView = renderView();
        Assertions.assertTrue(renderView.containsKey("credential"));
        Assertions.assertEquals(decryptCredential((String) renderView.get("credential")), CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword().toPassword());
    }

    @Test
    public void verifyProxyGrantingTicketAsAuthenticationAttributeCanDecrypt() throws Exception {
        Map<?, ?> renderView = renderView();
        LOGGER.trace("Attributes are [{}]", renderView.keySet());
        Assertions.assertTrue(renderView.containsKey("proxyGrantingTicket"));
        Assertions.assertNotNull(decryptCredential((String) renderView.get("proxyGrantingTicket")));
    }

    @Test
    public void verifyViewBinaryAttributes() throws Exception {
        Map<?, ?> renderView = renderView();
        Assertions.assertTrue(renderView.containsKey("binaryAttribute"));
        Assertions.assertEquals("binaryAttributeValue", EncodingUtils.decodeBase64ToString(renderView.get("binaryAttribute").toString()));
    }

    protected Map<?, ?> renderView() throws Exception {
        ModelAndView modelAndViewUponServiceValidationWithSecurePgtUrl = getModelAndViewUponServiceValidationWithSecurePgtUrl(DEFAULT_SERVICE);
        LOGGER.debug("Retrieved model and view [{}]", modelAndViewUponServiceValidationWithSecurePgtUrl.getModel());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(new MockServletContext());
        mockHttpServletRequest.setAttribute(RequestContext.WEB_APPLICATION_CONTEXT_ATTRIBUTE, new GenericWebApplicationContext(mockHttpServletRequest.getServletContext()));
        getCasViewToRender(new DefaultCasProtocolAttributeEncoder(this.servicesManager, CipherExecutor.noOpOfStringToString()), getDelegatedView()).render(modelAndViewUponServiceValidationWithSecurePgtUrl.getModel(), mockHttpServletRequest, new MockHttpServletResponse());
        return getRenderedViewModelMap(mockHttpServletRequest);
    }

    protected Map getRenderedViewModelMap(MockHttpServletRequest mockHttpServletRequest) {
        return (Map) mockHttpServletRequest.getAttribute("attributes");
    }

    protected AbstractCasView getCasViewToRender(ProtocolAttributeEncoder protocolAttributeEncoder, View view) {
        return new Cas30ResponseView(true, protocolAttributeEncoder, this.servicesManager, view, new DefaultAuthenticationAttributeReleasePolicy("attribute"), new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()}), new DefaultCas30ProtocolAttributesRenderer());
    }
}
