package org.apereo.cas.pac4j.clients;

import com.github.benmanes.caffeine.cache.Caffeine;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.delegation.DelegationAutoRedirectTypes;
import org.apereo.cas.pac4j.client.DefaultDelegatedClientIdentityProviderRedirectionStrategy;
import org.apereo.cas.pac4j.client.DelegatedClientIdentityProviderRedirectionStrategy;
import org.apereo.cas.services.AbstractRegisteredService;
import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
import org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy;
import org.apereo.cas.services.DefaultServicesManager;
import org.apereo.cas.services.DefaultServicesManagerRegisteredServiceLocator;
import org.apereo.cas.services.InMemoryServiceRegistry;
import org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.ServicesManagerConfigurationContext;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.DelegatedClientIdentityProviderConfiguration;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.context.support.StaticApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.webflow.context.ExternalContextHolder;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.execution.RequestContextHolder;
import org.springframework.webflow.test.MockRequestContext;

@Tag("Delegation")
/* loaded from: input_file:org/apereo/cas/pac4j/clients/DefaultDelegatedClientIdentityProviderRedirectionStrategyTests.class */
public class DefaultDelegatedClientIdentityProviderRedirectionStrategyTests {
    private ServicesManager servicesManager;
    private CasCookieBuilder casCookieBuilder;

    private static MockRequestContext getMockRequestContext() {
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        return mockRequestContext;
    }

    private static DelegatedClientIdentityProviderConfiguration getProviderConfiguration(String str) {
        return DelegatedClientIdentityProviderConfiguration.builder().name(str).type("CasClient").redirectUrl("https://localhost:8443/redirect").autoRedirectType(DelegationAutoRedirectTypes.SERVER).build();
    }

    @BeforeEach
    public void setup() {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        this.servicesManager = new DefaultServicesManager(ServicesManagerConfigurationContext.builder().serviceRegistry(new InMemoryServiceRegistry(staticApplicationContext)).applicationContext(staticApplicationContext).environments(new HashSet(0)).servicesCache(Caffeine.newBuilder().build()).registeredServiceLocators(List.of(new DefaultServicesManagerRegisteredServiceLocator())).build());
        this.casCookieBuilder = (CasCookieBuilder) Mockito.mock(CasCookieBuilder.class);
    }

    @Test
    public void verifyExclusiveRedirect() {
        DelegatedClientIdentityProviderRedirectionStrategy strategy = getStrategy();
        MockRequestContext mockRequestContext = getMockRequestContext();
        DelegatedClientIdentityProviderConfiguration providerConfiguration = getProviderConfiguration("SomeClient");
        DefaultRegisteredServiceDelegatedAuthenticationPolicy defaultRegisteredServiceDelegatedAuthenticationPolicy = new DefaultRegisteredServiceDelegatedAuthenticationPolicy();
        defaultRegisteredServiceDelegatedAuthenticationPolicy.setAllowedProviders(CollectionUtils.wrapList(new String[]{"SomeClient"}));
        defaultRegisteredServiceDelegatedAuthenticationPolicy.setExclusive(true);
        configureService(defaultRegisteredServiceDelegatedAuthenticationPolicy);
        Optional primaryDelegatedAuthenticationProvider = strategy.getPrimaryDelegatedAuthenticationProvider(mockRequestContext, RegisteredServiceTestUtils.getService(), providerConfiguration);
        Assertions.assertFalse(primaryDelegatedAuthenticationProvider.isEmpty());
        Assertions.assertSame(((DelegatedClientIdentityProviderConfiguration) primaryDelegatedAuthenticationProvider.get()).getAutoRedirectType(), DelegationAutoRedirectTypes.SERVER);
        Assertions.assertEquals(Integer.MAX_VALUE, strategy.getOrder());
    }

    @Test
    public void verifyExistingPrimaryProvider() {
        DelegatedClientIdentityProviderRedirectionStrategy strategy = getStrategy();
        MockRequestContext mockRequestContext = getMockRequestContext();
        DelegatedClientIdentityProviderConfiguration providerConfiguration = getProviderConfiguration("SomeClient");
        providerConfiguration.setAutoRedirectType(DelegationAutoRedirectTypes.SERVER);
        configureService(new DefaultRegisteredServiceDelegatedAuthenticationPolicy());
        WebUtils.putDelegatedAuthenticationProviderPrimary(mockRequestContext, (Object) null);
        Optional primaryDelegatedAuthenticationProvider = strategy.getPrimaryDelegatedAuthenticationProvider(mockRequestContext, (WebApplicationService) null, providerConfiguration);
        Assertions.assertFalse(primaryDelegatedAuthenticationProvider.isEmpty());
        Assertions.assertSame(((DelegatedClientIdentityProviderConfiguration) primaryDelegatedAuthenticationProvider.get()).getAutoRedirectType(), DelegationAutoRedirectTypes.SERVER);
    }

    @Test
    public void verifyPrimaryViaCookie() {
        DelegatedClientIdentityProviderRedirectionStrategy strategy = getStrategy();
        MockRequestContext mockRequestContext = getMockRequestContext();
        DelegatedClientIdentityProviderConfiguration providerConfiguration = getProviderConfiguration("SomeClient");
        configureService(new DefaultRegisteredServiceDelegatedAuthenticationPolicy());
        Mockito.when(this.casCookieBuilder.retrieveCookieValue((HttpServletRequest) Mockito.any())).thenReturn("SomeClient");
        Optional primaryDelegatedAuthenticationProvider = strategy.getPrimaryDelegatedAuthenticationProvider(mockRequestContext, (WebApplicationService) null, providerConfiguration);
        Assertions.assertFalse(primaryDelegatedAuthenticationProvider.isEmpty());
        Assertions.assertSame(((DelegatedClientIdentityProviderConfiguration) primaryDelegatedAuthenticationProvider.get()).getAutoRedirectType(), DelegationAutoRedirectTypes.SERVER);
    }

    private void configureService(RegisteredServiceDelegatedAuthenticationPolicy registeredServiceDelegatedAuthenticationPolicy) {
        AbstractRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService();
        DefaultRegisteredServiceAccessStrategy defaultRegisteredServiceAccessStrategy = new DefaultRegisteredServiceAccessStrategy();
        defaultRegisteredServiceAccessStrategy.setDelegatedAuthenticationPolicy(registeredServiceDelegatedAuthenticationPolicy);
        registeredService.setAccessStrategy(defaultRegisteredServiceAccessStrategy);
        this.servicesManager.save(registeredService);
    }

    private DelegatedClientIdentityProviderRedirectionStrategy getStrategy() {
        CasConfigurationProperties casConfigurationProperties = new CasConfigurationProperties();
        casConfigurationProperties.getAuthn().getPac4j().getCookie().setEnabled(true);
        return new DefaultDelegatedClientIdentityProviderRedirectionStrategy(this.servicesManager, this.casCookieBuilder, casConfigurationProperties);
    }
}
