package org.apereo.cas.ws.idp.web;

import java.time.Clock;
import java.time.Instant;
import java.util.UUID;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apereo.cas.BaseCoreWsSecurityIdentityProviderConfigurationTests;
import org.apereo.cas.authentication.adaptive.UnauthorizedAuthenticationException;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.SecurityTokenTicket;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.ws.idp.services.WSFederationRegisteredService;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.function.Executable;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("WSFederation")
@EnableConfigurationProperties({CasConfigurationProperties.class})
@SpringBootTest(classes = {BaseCoreWsSecurityIdentityProviderConfigurationTests.SharedTestConfiguration.class}, properties = {"cas.tgc.crypto.enabled=false", "cas.authn.wsfed-idp.idp.realm=urn:org:apereo:cas:ws:idp:realm-CAS", "cas.authn.wsfed-idp.idp.realm-name=CAS", "cas.authn.wsfed-idp.sts.signing-keystore-file=classpath:ststrust.jks", "cas.authn.wsfed-idp.sts.signing-keystore-password=storepass", "cas.authn.wsfed-idp.sts.encryption-keystore-file=classpath:stsencrypt.jks", "cas.authn.wsfed-idp.sts.encryption-keystore-password=storepass", "cas.authn.wsfed-idp.sts.subject-name-id-format=unspecified", "cas.authn.wsfed-idp.sts.encryptTokens=true", "cas.authn.wsfed-idp.sts.realm.keystore-file=stsrealm_a.jks", "cas.authn.wsfed-idp.sts.realm.keystore-password=storepass", "cas.authn.wsfed-idp.sts.realm.keystore-alias=realma", "cas.authn.wsfed-idp.sts.realm.key-password=realma", "cas.authn.wsfed-idp.sts.realm.issuer=CAS"})
/* loaded from: input_file:org/apereo/cas/ws/idp/web/WSFederationValidateRequestControllerTests.class */
public class WSFederationValidateRequestControllerTests {

    @Autowired
    @Qualifier("federationValidateRequestController")
    private WSFederationValidateRequestController federationValidateRequestController;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("ticketGrantingTicketCookieGenerator")
    private CasCookieBuilder ticketGrantingTicketCookieGenerator;

    @Autowired
    @Qualifier("ticketRegistry")
    private TicketRegistry ticketRegistry;

    @Test
    public void verifyNoWa() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Assertions.assertThrows(UnauthorizedAuthenticationException.class, () -> {
            this.federationValidateRequestController.handleFederationRequest(mockHttpServletResponse, mockHttpServletRequest);
        });
    }

    @Test
    public void verifyLogoutWithReply() {
        final MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        final MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        WSFederationRegisteredService wsFederationRegisteredService = getWsFederationRegisteredService();
        mockHttpServletRequest.addParameter("wtrealm", wsFederationRegisteredService.getRealm());
        mockHttpServletRequest.addParameter("wreply", wsFederationRegisteredService.getServiceId());
        mockHttpServletRequest.addParameter("wa", "wsignout1.0");
        Assertions.assertDoesNotThrow(new Executable() { // from class: org.apereo.cas.ws.idp.web.WSFederationValidateRequestControllerTests.1
            public void execute() throws Throwable {
                WSFederationValidateRequestControllerTests.this.federationValidateRequestController.handleFederationRequest(mockHttpServletResponse, mockHttpServletRequest);
            }
        });
        Assertions.assertEquals(302, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("https://cas.example.org:8443/cas/logout?service=http://app.example5.org/wsfed-idp", mockHttpServletResponse.getHeader("Location"));
    }

    @Test
    public void verifyLogoutWithoutReply() {
        final MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        final MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.addParameter("wa", "wsignout1.0");
        Assertions.assertDoesNotThrow(new Executable() { // from class: org.apereo.cas.ws.idp.web.WSFederationValidateRequestControllerTests.2
            public void execute() throws Throwable {
                WSFederationValidateRequestControllerTests.this.federationValidateRequestController.handleFederationRequest(mockHttpServletResponse, mockHttpServletRequest);
            }
        });
        Assertions.assertEquals(302, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("https://cas.example.org:8443/cas/logout", mockHttpServletResponse.getHeader("Location"));
    }

    @Test
    public void verifyLogin() {
        final MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        final MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        WSFederationRegisteredService wsFederationRegisteredService = getWsFederationRegisteredService();
        mockHttpServletRequest.addParameter("wtrealm", wsFederationRegisteredService.getRealm());
        mockHttpServletRequest.addParameter("wreply", wsFederationRegisteredService.getServiceId());
        mockHttpServletRequest.addParameter("wa", "wsignin1.0");
        Assertions.assertDoesNotThrow(new Executable() { // from class: org.apereo.cas.ws.idp.web.WSFederationValidateRequestControllerTests.3
            public void execute() throws Throwable {
                WSFederationValidateRequestControllerTests.this.federationValidateRequestController.handleFederationRequest(mockHttpServletResponse, mockHttpServletRequest);
            }
        });
        Assertions.assertEquals(302, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("https://cas.example.org:8443/cas/login?service=%2Fws%2Fidp%2Ffederationcallback%3Fwa%3Dwsignin1.0%26wreply%3Dhttp%253A%252F%252Fapp.example5.org%252Fwsfed-idp%26wtrealm%3Durn%253Aorg%253Aapereo%253Acas%253Aws%253Aidp%253Arealm-CAS", mockHttpServletResponse.getHeader("Location"));
    }

    @Test
    public void verifyLoginRenewWithNoToken() {
        final MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        final MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        WSFederationRegisteredService wsFederationRegisteredService = getWsFederationRegisteredService();
        mockHttpServletRequest.addParameter("wtrealm", wsFederationRegisteredService.getRealm());
        mockHttpServletRequest.addParameter("wreply", wsFederationRegisteredService.getServiceId());
        mockHttpServletRequest.addParameter("wfresh", "5000");
        mockHttpServletRequest.addParameter("wa", "wsignin1.0");
        this.ticketRegistry.addTicket(new MockTicketGrantingTicket("casuser"));
        Assertions.assertDoesNotThrow(new Executable() { // from class: org.apereo.cas.ws.idp.web.WSFederationValidateRequestControllerTests.4
            public void execute() throws Throwable {
                WSFederationValidateRequestControllerTests.this.federationValidateRequestController.handleFederationRequest(mockHttpServletResponse, mockHttpServletRequest);
            }
        });
        Assertions.assertEquals(302, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("https://cas.example.org:8443/cas/login?service=%2Fws%2Fidp%2Ffederationcallback%3Fwa%3Dwsignin1.0%26wreply%3Dhttp%253A%252F%252Fapp.example5.org%252Fwsfed-idp%26wtrealm%3Durn%253Aorg%253Aapereo%253Acas%253Aws%253Aidp%253Arealm-CAS%26wfresh%3D5000&renew=true", mockHttpServletResponse.getHeader("Location"));
    }

    @Test
    public void verifyLoginRenewWithToken() {
        final MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        final MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        WSFederationRegisteredService wsFederationRegisteredService = getWsFederationRegisteredService();
        mockHttpServletRequest.addParameter("wtrealm", wsFederationRegisteredService.getRealm());
        mockHttpServletRequest.addParameter("wreply", wsFederationRegisteredService.getServiceId());
        mockHttpServletRequest.addParameter("wfresh", "1");
        mockHttpServletRequest.addParameter("wa", "wsignin1.0");
        SecurityToken securityToken = (SecurityToken) Mockito.mock(SecurityToken.class);
        Mockito.when(Boolean.valueOf(securityToken.isExpired())).thenReturn(Boolean.FALSE);
        Mockito.when(securityToken.getCreated()).thenReturn(Instant.now(Clock.systemUTC()).minusSeconds(300L));
        String uuid = UUID.randomUUID().toString();
        SecurityTokenTicket securityTokenTicket = (SecurityTokenTicket) Mockito.mock(SecurityTokenTicket.class);
        Mockito.when(securityTokenTicket.getPrefix()).thenReturn("STS");
        Mockito.when(securityTokenTicket.getId()).thenReturn("STS-" + uuid);
        Mockito.when(Boolean.valueOf(securityTokenTicket.isExpired())).thenReturn(Boolean.FALSE);
        Mockito.when(securityTokenTicket.getSecurityToken()).thenReturn(securityToken);
        this.ticketRegistry.addTicket(securityTokenTicket);
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        mockTicketGrantingTicket.getDescendantTickets().add(securityTokenTicket.getId());
        this.ticketRegistry.addTicket(mockTicketGrantingTicket);
        this.ticketGrantingTicketCookieGenerator.addCookie(mockHttpServletResponse, mockTicketGrantingTicket.getId());
        mockHttpServletRequest.setCookies(mockHttpServletResponse.getCookies());
        Assertions.assertDoesNotThrow(new Executable() { // from class: org.apereo.cas.ws.idp.web.WSFederationValidateRequestControllerTests.5
            public void execute() throws Throwable {
                WSFederationValidateRequestControllerTests.this.federationValidateRequestController.handleFederationRequest(mockHttpServletResponse, mockHttpServletRequest);
            }
        });
        Assertions.assertEquals(302, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("https://cas.example.org:8443/cas/login?service=%2Fws%2Fidp%2Ffederationcallback%3Fwa%3Dwsignin1.0%26wreply%3Dhttp%253A%252F%252Fapp.example5.org%252Fwsfed-idp%26wtrealm%3Durn%253Aorg%253Aapereo%253Acas%253Aws%253Aidp%253Arealm-CAS%26wfresh%3D1&renew=true", mockHttpServletResponse.getHeader("Location"));
    }

    private WSFederationRegisteredService getWsFederationRegisteredService() {
        WSFederationRegisteredService wSFederationRegisteredService = new WSFederationRegisteredService();
        wSFederationRegisteredService.setRealm("urn:org:apereo:cas:ws:idp:realm-CAS");
        wSFederationRegisteredService.setServiceId("http://app.example5.org/wsfed-idp");
        wSFederationRegisteredService.setName("WSFED App");
        wSFederationRegisteredService.setId(100L);
        wSFederationRegisteredService.setAppliesTo("CAS");
        wSFederationRegisteredService.setWsdlLocation("classpath:wsdl/ws-trust-1.4-service.wsdl");
        this.servicesManager.save(wSFederationRegisteredService);
        return wSFederationRegisteredService;
    }
}
