package org.apereo.cas.ws.idp.web;

import java.time.Clock;
import java.time.Instant;
import java.util.UUID;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.hc.core5.net.URIBuilder;
import org.apereo.cas.BaseCoreWsSecurityIdentityProviderConfigurationTests;
import org.apereo.cas.authentication.adaptive.UnauthorizedAuthenticationException;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.ticket.SecurityTokenTicket;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.ws.idp.services.WSFederationRegisteredService;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.context.TestPropertySource;

@Tag("WSFederation")
@TestPropertySource(properties = {"cas.tgc.crypto.enabled=false"})
/* loaded from: input_file:org/apereo/cas/ws/idp/web/WSFederationValidateRequestControllerTests.class */
public class WSFederationValidateRequestControllerTests extends BaseCoreWsSecurityIdentityProviderConfigurationTests {

    @Autowired
    @Qualifier("federationValidateRequestController")
    private WSFederationValidateRequestController federationValidateRequestController;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("ticketGrantingTicketCookieGenerator")
    private CasCookieBuilder ticketGrantingTicketCookieGenerator;

    @Autowired
    @Qualifier("ticketRegistry")
    private TicketRegistry ticketRegistry;

    @Test
    public void verifyNoWa() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Assertions.assertThrows(UnauthorizedAuthenticationException.class, () -> {
            this.federationValidateRequestController.handleFederationRequest(mockHttpServletResponse, mockHttpServletRequest);
        });
    }

    @Test
    public void verifyLogoutWithReply() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        WSFederationRegisteredService wsFederationRegisteredService = getWsFederationRegisteredService();
        mockHttpServletRequest.addParameter("wtrealm", wsFederationRegisteredService.getRealm());
        mockHttpServletRequest.addParameter("wreply", wsFederationRegisteredService.getServiceId());
        mockHttpServletRequest.addParameter("wa", "wsignout1.0");
        mockHttpServletRequest.addParameter("whr", "whr");
        mockHttpServletRequest.addParameter("wreq", "wreq");
        Assertions.assertDoesNotThrow(() -> {
            this.federationValidateRequestController.handleFederationRequest(mockHttpServletResponse, mockHttpServletRequest);
            return null;
        });
        Assertions.assertEquals(302, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("https://cas.example.org:8443/cas/logout?service=http://app.example5.org/wsfed-idp", mockHttpServletResponse.getHeader("Location"));
    }

    @Test
    public void verifyUnauthzServicesWithUnknownRealm() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        WSFederationRegisteredService wsFederationRegisteredService = getWsFederationRegisteredService();
        mockHttpServletRequest.addParameter("wtrealm", "unknown");
        mockHttpServletRequest.addParameter("wreply", wsFederationRegisteredService.getServiceId());
        mockHttpServletRequest.addParameter("wa", "wsignout1.0");
        WSFederationRequest of = WSFederationRequest.of(mockHttpServletRequest);
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(wsFederationRegisteredService.getServiceId());
        Assertions.assertThrows(UnauthorizedServiceException.class, () -> {
            this.federationValidateRequestController.findAndValidateFederationRequestForRegisteredService(service, of);
        });
    }

    @Test
    public void verifyUnauthzServicesWithMismatchedRealm() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        WSFederationRegisteredService wsFederationRegisteredService = getWsFederationRegisteredService("custom-realm");
        mockHttpServletRequest.addParameter("wtrealm", "custom-realm");
        mockHttpServletRequest.addParameter("wreply", wsFederationRegisteredService.getServiceId());
        mockHttpServletRequest.addParameter("wa", "wsignout1.0");
        WSFederationRequest of = WSFederationRequest.of(mockHttpServletRequest);
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(wsFederationRegisteredService.getServiceId());
        Assertions.assertThrows(UnauthorizedServiceException.class, () -> {
            this.federationValidateRequestController.findAndValidateFederationRequestForRegisteredService(service, of);
        });
    }

    @Test
    public void verifyLogoutWithoutReply() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.addParameter("wa", "wsignout1.0");
        Assertions.assertDoesNotThrow(() -> {
            this.federationValidateRequestController.handleFederationRequest(mockHttpServletResponse, mockHttpServletRequest);
            return null;
        });
        Assertions.assertEquals(302, mockHttpServletResponse.getStatus());
        Assertions.assertEquals("https://cas.example.org:8443/cas/logout", mockHttpServletResponse.getHeader("Location"));
    }

    @Test
    public void verifyLogin() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        WSFederationRegisteredService wsFederationRegisteredService = getWsFederationRegisteredService();
        mockHttpServletRequest.addParameter("wtrealm", wsFederationRegisteredService.getRealm());
        mockHttpServletRequest.addParameter("wreply", wsFederationRegisteredService.getServiceId());
        mockHttpServletRequest.addParameter("wa", "wsignin1.0");
        Assertions.assertDoesNotThrow(() -> {
            this.federationValidateRequestController.handleFederationRequest(mockHttpServletResponse, mockHttpServletRequest);
            return null;
        });
        Assertions.assertEquals(302, mockHttpServletResponse.getStatus());
        URIBuilder uRIBuilder = new URIBuilder(mockHttpServletResponse.getHeader("Location"));
        Assertions.assertTrue(uRIBuilder.getQueryParams().stream().anyMatch(nameValuePair -> {
            return nameValuePair.getName().equals("service");
        }));
        Assertions.assertTrue(uRIBuilder.getQueryParams().stream().anyMatch(nameValuePair2 -> {
            return nameValuePair2.getName().equals("wtrealm");
        }));
        Assertions.assertTrue(uRIBuilder.getQueryParams().stream().anyMatch(nameValuePair3 -> {
            return nameValuePair3.getName().equals("wreply");
        }));
    }

    @Test
    public void verifyLoginRenewWithNoToken() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        WSFederationRegisteredService wsFederationRegisteredService = getWsFederationRegisteredService();
        mockHttpServletRequest.addParameter("wtrealm", wsFederationRegisteredService.getRealm());
        mockHttpServletRequest.addParameter("wreply", wsFederationRegisteredService.getServiceId());
        mockHttpServletRequest.addParameter("wfresh", "5000");
        mockHttpServletRequest.addParameter("wa", "wsignin1.0");
        this.ticketRegistry.addTicket(new MockTicketGrantingTicket("casuser"));
        Assertions.assertDoesNotThrow(() -> {
            this.federationValidateRequestController.handleFederationRequest(mockHttpServletResponse, mockHttpServletRequest);
            return null;
        });
        Assertions.assertEquals(302, mockHttpServletResponse.getStatus());
        URIBuilder uRIBuilder = new URIBuilder(mockHttpServletResponse.getHeader("Location"));
        Assertions.assertTrue(uRIBuilder.getQueryParams().stream().anyMatch(nameValuePair -> {
            return nameValuePair.getName().equals("service");
        }));
        Assertions.assertTrue(uRIBuilder.getQueryParams().stream().anyMatch(nameValuePair2 -> {
            return nameValuePair2.getName().equals("renew");
        }));
        Assertions.assertTrue(uRIBuilder.getQueryParams().stream().anyMatch(nameValuePair3 -> {
            return nameValuePair3.getName().equals("wtrealm");
        }));
        Assertions.assertTrue(uRIBuilder.getQueryParams().stream().anyMatch(nameValuePair4 -> {
            return nameValuePair4.getName().equals("wreply");
        }));
    }

    @Test
    public void verifyLoginRenewDisabled() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        WSFederationRegisteredService wsFederationRegisteredService = getWsFederationRegisteredService();
        mockHttpServletRequest.addParameter("wtrealm", wsFederationRegisteredService.getRealm());
        mockHttpServletRequest.addParameter("wreply", wsFederationRegisteredService.getServiceId());
        mockHttpServletRequest.addParameter("wfresh", "0");
        mockHttpServletRequest.addParameter("wa", "wsignin1.0");
        this.ticketRegistry.addTicket(new MockTicketGrantingTicket("casuser"));
        Assertions.assertDoesNotThrow(() -> {
            this.federationValidateRequestController.handleFederationRequest(mockHttpServletResponse, mockHttpServletRequest);
            return null;
        });
        Assertions.assertNotNull(this.federationValidateRequestController.handleUnauthorizedServiceException(mockHttpServletRequest, new RuntimeException()));
        Assertions.assertEquals(302, mockHttpServletResponse.getStatus());
        URIBuilder uRIBuilder = new URIBuilder(mockHttpServletResponse.getHeader("Location"));
        Assertions.assertTrue(uRIBuilder.getQueryParams().stream().anyMatch(nameValuePair -> {
            return nameValuePair.getName().equals("service");
        }));
        Assertions.assertTrue(uRIBuilder.getQueryParams().stream().anyMatch(nameValuePair2 -> {
            return nameValuePair2.getName().equals("wtrealm");
        }));
        Assertions.assertTrue(uRIBuilder.getQueryParams().stream().anyMatch(nameValuePair3 -> {
            return nameValuePair3.getName().equals("wreply");
        }));
    }

    @Test
    public void verifyLoginRenewWithToken() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        WSFederationRegisteredService wsFederationRegisteredService = getWsFederationRegisteredService();
        mockHttpServletRequest.addParameter("wtrealm", wsFederationRegisteredService.getRealm());
        mockHttpServletRequest.addParameter("wreply", wsFederationRegisteredService.getServiceId());
        mockHttpServletRequest.addParameter("wfresh", "1");
        mockHttpServletRequest.addParameter("wa", "wsignin1.0");
        SecurityToken securityToken = (SecurityToken) Mockito.mock(SecurityToken.class);
        Mockito.when(Boolean.valueOf(securityToken.isExpired())).thenReturn(Boolean.FALSE);
        Mockito.when(securityToken.getCreated()).thenReturn(Instant.now(Clock.systemUTC()).minusSeconds(300L));
        String str = "STS-" + UUID.randomUUID();
        SecurityTokenTicket securityTokenTicket = (SecurityTokenTicket) Mockito.mock(SecurityTokenTicket.class);
        Mockito.when(securityTokenTicket.getPrefix()).thenReturn("STS");
        Mockito.when(securityTokenTicket.getId()).thenReturn(str);
        Mockito.when(Boolean.valueOf(securityTokenTicket.isExpired())).thenReturn(Boolean.FALSE);
        Mockito.when(securityTokenTicket.getSecurityToken()).thenReturn(securityToken);
        this.ticketRegistry.addTicket(securityTokenTicket);
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        mockTicketGrantingTicket.getDescendantTickets().add(str);
        this.ticketRegistry.addTicket(mockTicketGrantingTicket);
        this.ticketGrantingTicketCookieGenerator.addCookie(mockHttpServletResponse, mockTicketGrantingTicket.getId());
        mockHttpServletRequest.setCookies(mockHttpServletResponse.getCookies());
        Assertions.assertDoesNotThrow(() -> {
            this.federationValidateRequestController.handleFederationRequest(mockHttpServletResponse, mockHttpServletRequest);
            return null;
        });
        Assertions.assertEquals(302, mockHttpServletResponse.getStatus());
        URIBuilder uRIBuilder = new URIBuilder(mockHttpServletResponse.getHeader("Location"));
        Assertions.assertTrue(uRIBuilder.getQueryParams().stream().anyMatch(nameValuePair -> {
            return nameValuePair.getName().equals("service");
        }));
        Assertions.assertTrue(uRIBuilder.getQueryParams().stream().anyMatch(nameValuePair2 -> {
            return nameValuePair2.getName().equals("renew");
        }));
        Assertions.assertTrue(uRIBuilder.getQueryParams().stream().anyMatch(nameValuePair3 -> {
            return nameValuePair3.getName().equals("wtrealm");
        }));
        Assertions.assertTrue(uRIBuilder.getQueryParams().stream().anyMatch(nameValuePair4 -> {
            return nameValuePair4.getName().equals("wreply");
        }));
    }

    private WSFederationRegisteredService getWsFederationRegisteredService() {
        return getWsFederationRegisteredService("urn:org:apereo:cas:ws:idp:realm-CAS");
    }

    private WSFederationRegisteredService getWsFederationRegisteredService(String str) {
        WSFederationRegisteredService wSFederationRegisteredService = new WSFederationRegisteredService();
        wSFederationRegisteredService.setRealm(str);
        wSFederationRegisteredService.setServiceId("http://app.example5.org/wsfed-idp");
        wSFederationRegisteredService.setName("WSFED App");
        wSFederationRegisteredService.setId(100L);
        wSFederationRegisteredService.setAppliesTo("CAS");
        wSFederationRegisteredService.setWsdlLocation("classpath:wsdl/ws-trust-1.4-service.wsdl");
        this.servicesManager.save(wSFederationRegisteredService);
        return wSFederationRegisteredService;
    }
}
