package org.apereo.cas.ws.idp.web;

import jakarta.servlet.http.HttpServletRequest;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apereo.cas.BaseCoreWsSecurityIdentityProviderConfigurationTests;
import org.apereo.cas.authentication.SecurityTokenServiceTokenFetcher;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.mock.MockServiceTicket;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.SecurityTokenTicket;
import org.apereo.cas.ticket.TicketValidator;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.ws.idp.services.WSFederationRegisteredService;
import org.apereo.cas.ws.idp.services.WSFederationRelyingPartyTokenProducer;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.context.TestPropertySource;

@Tag("WSFederation")
@TestPropertySource(properties = {"cas.tgc.crypto.enabled=false"})
@Import({WSFederationValidateRequestCallbackControllerTestConfiguration.class})
/* loaded from: input_file:org/apereo/cas/ws/idp/web/WSFederationValidateRequestCallbackControllerTests.class */
public class WSFederationValidateRequestCallbackControllerTests extends BaseCoreWsSecurityIdentityProviderConfigurationTests {

    @Autowired
    @Qualifier("federationValidateRequestCallbackController")
    private WSFederationValidateRequestCallbackController federationValidateRequestCallbackController;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("ticketGrantingTicketCookieGenerator")
    private CasCookieBuilder ticketGrantingTicketCookieGenerator;

    @Autowired
    @Qualifier("ticketRegistry")
    private TicketRegistry ticketRegistry;

    @TestConfiguration(value = "WSFederationValidateRequestCallbackControllerTestConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/ws/idp/web/WSFederationValidateRequestCallbackControllerTests$WSFederationValidateRequestCallbackControllerTestConfiguration.class */
    public static class WSFederationValidateRequestCallbackControllerTestConfiguration {
        @Bean
        public WSFederationRelyingPartyTokenProducer wsFederationRelyingPartyTokenProducer() throws Exception {
            WSFederationRelyingPartyTokenProducer wSFederationRelyingPartyTokenProducer = (WSFederationRelyingPartyTokenProducer) Mockito.mock(WSFederationRelyingPartyTokenProducer.class);
            Mockito.when(wSFederationRelyingPartyTokenProducer.produce((SecurityToken) Mockito.any(), (WSFederationRegisteredService) Mockito.any(), (WSFederationRequest) Mockito.any(), (HttpServletRequest) Mockito.any(), (TicketValidator.ValidationResult) Mockito.any())).thenReturn(UUID.randomUUID().toString());
            return wSFederationRelyingPartyTokenProducer;
        }

        @Bean
        public SecurityTokenServiceTokenFetcher securityTokenServiceTokenFetcher() {
            SecurityToken securityToken = new SecurityToken(UUID.randomUUID().toString());
            SecurityTokenServiceTokenFetcher securityTokenServiceTokenFetcher = (SecurityTokenServiceTokenFetcher) Mockito.mock(SecurityTokenServiceTokenFetcher.class);
            Mockito.when(securityTokenServiceTokenFetcher.fetch((Service) Mockito.any(), Mockito.anyString())).thenReturn(Optional.of(securityToken));
            return securityTokenServiceTokenFetcher;
        }
    }

    @Test
    public void verifyWithTicketGrantingTicket() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        WSFederationRegisteredService wsFederationRegisteredService = getWsFederationRegisteredService();
        mockHttpServletRequest.addParameter("wtrealm", wsFederationRegisteredService.getRealm());
        mockHttpServletRequest.addParameter("wreply", wsFederationRegisteredService.getServiceId());
        mockHttpServletRequest.addParameter("wa", "wsignin1.0");
        mockHttpServletRequest.addParameter("wctx", UUID.randomUUID().toString());
        Assertions.assertEquals("error", this.federationValidateRequestCallbackController.handleFederationRequest(mockHttpServletResponse, mockHttpServletRequest).getViewName());
        SecurityToken securityToken = new SecurityToken(UUID.randomUUID().toString());
        String str = "STS-" + UUID.randomUUID();
        SecurityTokenTicket securityTokenTicket = (SecurityTokenTicket) Mockito.mock(SecurityTokenTicket.class);
        Mockito.when(securityTokenTicket.getPrefix()).thenReturn("STS");
        Mockito.when(securityTokenTicket.getId()).thenReturn(str);
        Mockito.when(Boolean.valueOf(securityTokenTicket.isExpired())).thenReturn(Boolean.FALSE);
        Mockito.when(securityTokenTicket.getSecurityToken()).thenReturn(securityToken);
        this.ticketRegistry.addTicket(securityTokenTicket);
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        mockTicketGrantingTicket.getDescendantTickets().add(str);
        this.ticketRegistry.addTicket(mockTicketGrantingTicket);
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(wsFederationRegisteredService.getServiceId());
        service.getAttributes().put("wreply", List.of(wsFederationRegisteredService.getServiceId()));
        MockServiceTicket mockServiceTicket = new MockServiceTicket("123456", service, mockTicketGrantingTicket);
        this.ticketRegistry.addTicket(mockServiceTicket);
        mockHttpServletRequest.addParameter("ticket", mockServiceTicket.getId());
        this.ticketGrantingTicketCookieGenerator.addCookie(mockHttpServletResponse, mockTicketGrantingTicket.getId());
        mockHttpServletRequest.setCookies(mockHttpServletResponse.getCookies());
        Assertions.assertEquals("casPostResponseView", this.federationValidateRequestCallbackController.handleFederationRequest(mockHttpServletResponse, mockHttpServletRequest).getViewName());
    }

    @Test
    public void verifyWithoutTicketGrantingTicket() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        WSFederationRegisteredService wsFederationRegisteredService = getWsFederationRegisteredService();
        mockHttpServletRequest.addParameter("wtrealm", wsFederationRegisteredService.getRealm());
        mockHttpServletRequest.addParameter("wreply", wsFederationRegisteredService.getServiceId());
        mockHttpServletRequest.addParameter("wa", "wsignin1.0");
        mockHttpServletRequest.addParameter("wctx", UUID.randomUUID().toString());
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        this.ticketRegistry.addTicket(mockTicketGrantingTicket);
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(wsFederationRegisteredService.getServiceId());
        service.getAttributes().put("wreply", List.of(wsFederationRegisteredService.getServiceId()));
        MockServiceTicket mockServiceTicket = new MockServiceTicket("123456", service, mockTicketGrantingTicket);
        this.ticketRegistry.addTicket(mockServiceTicket);
        mockHttpServletRequest.addParameter("ticket", mockServiceTicket.getId());
        this.ticketGrantingTicketCookieGenerator.addCookie(mockHttpServletResponse, mockTicketGrantingTicket.getId());
        mockHttpServletRequest.setCookies(mockHttpServletResponse.getCookies());
        Assertions.assertEquals("casPostResponseView", this.federationValidateRequestCallbackController.handleFederationRequest(mockHttpServletResponse, mockHttpServletRequest).getViewName());
    }

    private WSFederationRegisteredService getWsFederationRegisteredService() {
        WSFederationRegisteredService wSFederationRegisteredService = new WSFederationRegisteredService();
        wSFederationRegisteredService.setRealm("urn:org:apereo:cas:ws:idp:realm-CAS");
        wSFederationRegisteredService.setServiceId("http://app.example5.org/wsfed-idp");
        wSFederationRegisteredService.setName("WSFED App");
        wSFederationRegisteredService.setId(100L);
        wSFederationRegisteredService.setAppliesTo("CAS");
        wSFederationRegisteredService.setWsdlLocation("classpath:wsdl/ws-trust-1.4-service.wsdl");
        this.servicesManager.save(wSFederationRegisteredService);
        return wSFederationRegisteredService;
    }
}
