package org.apereo.cas.support.saml.web.idp.profile.sso;

import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests;
import org.apereo.cas.support.saml.SamlUtils;
import org.apereo.cas.support.saml.authentication.SamlIdPAuthenticationContext;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.web.BrowserSessionStorage;
import org.jasig.cas.client.authentication.AttributePrincipalImpl;
import org.jasig.cas.client.validation.AssertionImpl;
import org.jasig.cas.client.validation.TicketValidator;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestMethodOrder;
import org.mockito.Mockito;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Issuer;
import org.pac4j.core.context.JEEContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.context.TestPropertySource;

@Tag("SAML2")
@TestPropertySource(properties = {"cas.authn.saml-idp.core.session-storage-type=BROWSER_SESSION_STORAGE", "cas.authn.saml-idp.metadata.file-system.location=file:src/test/resources/metadata"})
@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
@Import({SamlIdPTestConfiguration.class})
/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/sso/SSOSamlIdPProfileCallbackHandlerControllerWithBrowserStorageTests.class */
public class SSOSamlIdPProfileCallbackHandlerControllerWithBrowserStorageTests extends BaseSamlIdPConfigurationTests {

    @Autowired
    @Qualifier("ssoPostProfileCallbackHandlerController")
    private SSOSamlIdPProfileCallbackHandlerController controller;
    private SamlRegisteredService samlRegisteredService;

    @TestConfiguration(value = "SamlIdPTestConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/sso/SSOSamlIdPProfileCallbackHandlerControllerWithBrowserStorageTests$SamlIdPTestConfiguration.class */
    public static class SamlIdPTestConfiguration {
        @Bean
        public TicketValidator samlIdPTicketValidator() throws Exception {
            TicketValidator ticketValidator = (TicketValidator) Mockito.mock(TicketValidator.class);
            Mockito.when(ticketValidator.validate(Mockito.anyString(), Mockito.anyString())).thenReturn(new AssertionImpl(new AttributePrincipalImpl("casuser", CollectionUtils.wrap("cn", "cas"))));
            return ticketValidator;
        }
    }

    @BeforeEach
    public void beforeEach() {
        this.samlRegisteredService = getSamlRegisteredServiceFor(false, false, false, "https://cassp.example.org");
        this.servicesManager.save(this.samlRegisteredService);
    }

    @Test
    public void verifyReadFromStorage() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        getAuthnRequest().setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        mockHttpServletRequest.getSession().setAttribute("SAMLRequest", EncodingUtils.encodeBase64(SamlUtils.transformSamlObject(this.openSamlConfigBean, getAuthnRequest()).toString()));
        mockHttpServletRequest.getSession().setAttribute("RelayState", UUID.randomUUID().toString());
        mockHttpServletRequest.addParameter("ticket", "ST-1234567890");
        Assertions.assertEquals("storage/casSessionStorageReadView", this.controller.handleCallbackProfileRequestGet(mockHttpServletResponse, mockHttpServletRequest).getViewName());
    }

    @Test
    public void verifyResumeFromStorage() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        getAuthnRequest().setProtocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        mockHttpServletRequest.getSession().setAttribute("SAMLRequest", EncodingUtils.encodeBase64(SamlUtils.transformSamlObject(this.openSamlConfigBean, getAuthnRequest()).toString()));
        mockHttpServletRequest.getSession().setAttribute("RelayState", UUID.randomUUID().toString());
        MessageContext messageContext = new MessageContext();
        messageContext.setMessage(getAuthnRequest());
        mockHttpServletRequest.getSession().setAttribute(MessageContext.class.getName(), SamlIdPAuthenticationContext.from(messageContext).encode());
        mockHttpServletRequest.addParameter("ticket", "ST-1234567890");
        Optional trackableSession = this.samlIdPDistributedSessionStore.getTrackableSession(new JEEContext(mockHttpServletRequest, mockHttpServletResponse));
        Class<BrowserSessionStorage> cls = BrowserSessionStorage.class;
        Objects.requireNonNull(BrowserSessionStorage.class);
        mockHttpServletRequest.addParameter("sessionStorage", (String) trackableSession.map(cls::cast).map((v0) -> {
            return v0.getPayload();
        }).orElseThrow());
        Assertions.assertNull(this.controller.handleCallbackProfileRequestPost(mockHttpServletResponse, mockHttpServletRequest));
        Assertions.assertEquals(200, mockHttpServletResponse.getStatus());
    }

    private AuthnRequest getAuthnRequest() {
        AuthnRequest buildObject = this.openSamlConfigBean.getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME).buildObject();
        Issuer buildObject2 = this.openSamlConfigBean.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject2.setValue(this.samlRegisteredService.getServiceId());
        buildObject.setIssuer(buildObject2);
        return buildObject;
    }
}
