package org.apereo.cas.web.flow;

import com.github.benmanes.caffeine.cache.Caffeine;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.services.AbstractRegisteredService;
import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
import org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy;
import org.apereo.cas.services.DefaultServicesManager;
import org.apereo.cas.services.DefaultServicesManagerRegisteredServiceLocator;
import org.apereo.cas.services.InMemoryServiceRegistry;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManagerConfigurationContext;
import org.apereo.cas.ticket.registry.DefaultTicketRegistry;
import org.apereo.cas.ticket.registry.DefaultTicketRegistrySupport;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.context.support.StaticApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.test.MockRequestContext;

@Tag("Delegation")
@EnableConfigurationProperties({CasConfigurationProperties.class})
@SpringBootTest(classes = {RefreshAutoConfiguration.class})
/* loaded from: input_file:org/apereo/cas/web/flow/DelegatedAuthenticationSingleSignOnParticipationStrategyTests.class */
public class DelegatedAuthenticationSingleSignOnParticipationStrategyTests {
    private static SingleSignOnParticipationStrategy getSingleSignOnStrategy(RegisteredService registeredService, TicketRegistry ticketRegistry) {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        DefaultServicesManager defaultServicesManager = new DefaultServicesManager(ServicesManagerConfigurationContext.builder().serviceRegistry(new InMemoryServiceRegistry(staticApplicationContext, List.of(registeredService), List.of())).applicationContext(staticApplicationContext).environments(new HashSet(0)).servicesCache(Caffeine.newBuilder().build()).registeredServiceLocators(List.of(new DefaultServicesManagerRegisteredServiceLocator())).build());
        defaultServicesManager.load();
        new DefaultAuthenticationEventExecutionPlan(CoreAuthenticationTestUtils.getAuthenticationSystemSupport()).registerAuthenticationHandler(new SimpleTestUsernamePasswordAuthenticationHandler());
        return new DelegatedAuthenticationSingleSignOnParticipationStrategy(defaultServicesManager, new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()}), new DefaultTicketRegistrySupport(ticketRegistry));
    }

    @Test
    public void verifyNoServiceOrPolicy() {
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, new MockHttpServletResponse()));
        RegisteredService registeredService = CoreAuthenticationTestUtils.getRegisteredService("serviceid1");
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        Mockito.when(registeredService.getAccessStrategy()).thenReturn(defaultRegisteredServiceAccessStrategy);
        SingleSignOnParticipationStrategy singleSignOnStrategy = getSingleSignOnStrategy(registeredService, new DefaultTicketRegistry());
        SingleSignOnParticipationRequest build = SingleSignOnParticipationRequest.builder().httpServletRequest(mockHttpServletRequest).requestContext(mockRequestContext).build();
        Assertions.assertFalse(singleSignOnStrategy.supports(build));
        Assertions.assertTrue(singleSignOnStrategy.isParticipating(build));
        WebUtils.putRegisteredService(mockRequestContext, registeredService);
        Assertions.assertEquals(0, singleSignOnStrategy.getOrder());
        Assertions.assertTrue(singleSignOnStrategy.supports(build));
        Assertions.assertTrue(singleSignOnStrategy.isParticipating(build));
        defaultRegisteredServiceAccessStrategy.setDelegatedAuthenticationPolicy((RegisteredServiceDelegatedAuthenticationPolicy) null);
        Assertions.assertFalse(singleSignOnStrategy.supports(build));
        Assertions.assertTrue(singleSignOnStrategy.isParticipating(build));
    }

    @Test
    public void verifySsoWithMismatchedClient() {
        new StaticApplicationContext().refresh();
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, new MockHttpServletResponse()));
        AbstractRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService("serviceid1", Map.of());
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setDelegatedAuthenticationPolicy(new DefaultRegisteredServiceDelegatedAuthenticationPolicy().setAllowedProviders(List.of("Client2")));
        registeredService.setAccessStrategy(defaultRegisteredServiceAccessStrategy);
        DefaultTicketRegistry defaultTicketRegistry = new DefaultTicketRegistry();
        SingleSignOnParticipationStrategy singleSignOnStrategy = getSingleSignOnStrategy(registeredService, defaultTicketRegistry);
        WebUtils.putServiceIntoFlowScope(mockRequestContext, RegisteredServiceTestUtils.getService("serviceid1"));
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(CoreAuthenticationTestUtils.getAuthentication(Map.of("clientName", List.of("CAS"))));
        defaultTicketRegistry.addTicket(mockTicketGrantingTicket);
        WebUtils.putTicketGrantingTicketInScopes(mockRequestContext, mockTicketGrantingTicket);
        SingleSignOnParticipationRequest build = SingleSignOnParticipationRequest.builder().httpServletRequest(mockHttpServletRequest).requestContext(mockRequestContext).build();
        Assertions.assertTrue(singleSignOnStrategy.supports(build));
        Assertions.assertFalse(singleSignOnStrategy.isParticipating(build));
    }

    @Test
    public void verifySsoWithMissingClientAndExclusive() {
        new StaticApplicationContext().refresh();
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, new MockHttpServletResponse()));
        AbstractRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService("serviceid1", Map.of());
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setDelegatedAuthenticationPolicy(new DefaultRegisteredServiceDelegatedAuthenticationPolicy().setExclusive(true).setAllowedProviders(List.of("CAS")));
        registeredService.setAccessStrategy(defaultRegisteredServiceAccessStrategy);
        DefaultTicketRegistry defaultTicketRegistry = new DefaultTicketRegistry();
        SingleSignOnParticipationStrategy singleSignOnStrategy = getSingleSignOnStrategy(registeredService, defaultTicketRegistry);
        WebUtils.putServiceIntoFlowScope(mockRequestContext, RegisteredServiceTestUtils.getService("serviceid1"));
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket(CoreAuthenticationTestUtils.getAuthentication(Map.of()));
        defaultTicketRegistry.addTicket(mockTicketGrantingTicket);
        WebUtils.putTicketGrantingTicketInScopes(mockRequestContext, mockTicketGrantingTicket);
        SingleSignOnParticipationRequest build = SingleSignOnParticipationRequest.builder().httpServletRequest(mockHttpServletRequest).requestContext(mockRequestContext).build();
        Assertions.assertTrue(singleSignOnStrategy.supports(build));
        Assertions.assertFalse(singleSignOnStrategy.isParticipating(build));
    }
}
