package org.apereo.cas.support.saml.web.idp.delegation;

import java.util.Arrays;
import java.util.UUID;
import org.apache.commons.lang3.RandomUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.config.SamlIdPDelegatedAuthenticationConfiguration;
import org.apereo.cas.pac4j.client.DelegatedClientAuthenticationRequestCustomizer;
import org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests;
import org.apereo.cas.support.saml.SamlIdPTestUtils;
import org.apereo.cas.support.saml.SamlIdPUtils;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.function.Executable;
import org.mockito.Mockito;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.IDPEntry;
import org.opensaml.saml.saml2.core.IDPList;
import org.opensaml.saml.saml2.core.Scoping;
import org.pac4j.cas.client.CasClient;
import org.pac4j.core.context.JEEContext;
import org.pac4j.saml.client.SAML2Client;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Import;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("SAML2")
@Import({SamlIdPDelegatedAuthenticationConfiguration.class})
/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/delegation/SamlIdPDelegatedClientAuthenticationRequestCustomizerTests.class */
public class SamlIdPDelegatedClientAuthenticationRequestCustomizerTests extends BaseSamlIdPConfigurationTests {

    @Autowired
    @Qualifier("saml2DelegatedClientAuthenticationRequestCustomizer")
    private DelegatedClientAuthenticationRequestCustomizer customizer;

    @Test
    public void verifyAuthorization() throws Exception {
        final SAML2Client sAML2Client = (SAML2Client) Mockito.mock(SAML2Client.class);
        final JEEContext jEEContext = new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse());
        WebApplicationService webApplicationService = CoreAuthenticationTestUtils.getWebApplicationService();
        Assertions.assertDoesNotThrow(new Executable() { // from class: org.apereo.cas.support.saml.web.idp.delegation.SamlIdPDelegatedClientAuthenticationRequestCustomizerTests.1
            public void execute() throws Throwable {
                SamlIdPDelegatedClientAuthenticationRequestCustomizerTests.this.customizer.customize(sAML2Client, jEEContext);
            }
        });
        Assertions.assertTrue(this.customizer.isAuthorized(jEEContext, sAML2Client, webApplicationService));
        setAuthnRequestFor(jEEContext, new String[0]);
        Assertions.assertTrue(this.customizer.isAuthorized(jEEContext, sAML2Client, webApplicationService));
        setAuthnRequestFor(jEEContext, UUID.randomUUID().toString());
        Assertions.assertFalse(this.customizer.isAuthorized(jEEContext, sAML2Client, webApplicationService));
        String uuid = UUID.randomUUID().toString();
        Mockito.when(sAML2Client.getIdentityProviderResolvedEntityId()).thenReturn(uuid);
        setAuthnRequestFor(jEEContext, uuid);
        Assertions.assertTrue(this.customizer.isAuthorized(jEEContext, sAML2Client, webApplicationService));
        Assertions.assertTrue(this.customizer.isAuthorized(jEEContext, new CasClient(), webApplicationService));
    }

    private void storeRequest(AuthnRequest authnRequest, JEEContext jEEContext) throws Exception {
        MessageContext messageContext = new MessageContext();
        messageContext.setMessage(authnRequest);
        SamlIdPUtils.storeSamlRequest(jEEContext, this.openSamlConfigBean, this.samlIdPDistributedSessionStore, Pair.of(authnRequest, messageContext));
    }

    private void setAuthnRequestFor(JEEContext jEEContext, String... strArr) throws Exception {
        SamlRegisteredService samlRegisteredServiceFor = getSamlRegisteredServiceFor("https://cassp.example.org");
        samlRegisteredServiceFor.setId(RandomUtils.nextInt());
        AuthnRequest authnRequest = SamlIdPTestUtils.getAuthnRequest(this.openSamlConfigBean, samlRegisteredServiceFor);
        Scoping buildObject = this.openSamlConfigBean.getBuilderFactory().getBuilder(Scoping.DEFAULT_ELEMENT_NAME).buildObject(Scoping.DEFAULT_ELEMENT_NAME);
        IDPList buildObject2 = this.openSamlConfigBean.getBuilderFactory().getBuilder(IDPList.DEFAULT_ELEMENT_NAME).buildObject(IDPList.DEFAULT_ELEMENT_NAME);
        Arrays.stream(strArr).forEach(str -> {
            IDPEntry buildObject3 = this.openSamlConfigBean.getBuilderFactory().getBuilder(IDPEntry.DEFAULT_ELEMENT_NAME).buildObject(IDPEntry.DEFAULT_ELEMENT_NAME);
            buildObject3.setProviderID(str);
            buildObject2.getIDPEntrys().add(buildObject3);
        });
        buildObject.setIDPList(buildObject2);
        authnRequest.setScoping(buildObject);
        storeRequest(authnRequest, jEEContext);
    }
}
