package net.shibboleth.idp.cas.flow;

import java.net.URI;
import java.security.cert.CertificateException;
import net.shibboleth.idp.cas.config.ValidateConfiguration;
import net.shibboleth.idp.cas.protocol.ProtocolError;
import net.shibboleth.idp.cas.protocol.TicketValidationRequest;
import net.shibboleth.idp.cas.protocol.TicketValidationResponse;
import net.shibboleth.idp.cas.proxy.ProxyAuthenticator;
import net.shibboleth.idp.cas.ticket.ServiceTicket;
import net.shibboleth.idp.cas.ticket.TicketService;
import org.joda.time.Instant;
import org.mockito.Mockito;
import org.opensaml.security.trust.TrustEngine;
import org.opensaml.security.x509.X509Credential;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.webflow.execution.RequestContext;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/cas/flow/ValidateProxyCallbackActionTest.class */
public class ValidateProxyCallbackActionTest extends AbstractFlowActionTest {

    @Autowired
    private TicketService ticketService;

    @Test
    public void testValidateProxySuccess() throws Exception {
        ValidateProxyCallbackAction validateProxyCallbackAction = new ValidateProxyCallbackAction(mockProxyAuthenticator(null), this.ticketService);
        validateProxyCallbackAction.initialize();
        RequestContext newRequestContext = newRequestContext("https://test.example.org/");
        Assert.assertEquals(validateProxyCallbackAction.execute(newRequestContext).getId(), Events.Success.id());
        TicketValidationResponse ticketValidationResponse = (TicketValidationResponse) validateProxyCallbackAction.getCASResponse(getProfileContext(newRequestContext));
        Assert.assertNotNull(ticketValidationResponse);
        Assert.assertNotNull(ticketValidationResponse.getPgtIou());
    }

    @Test
    public void testValidateProxyFailure() throws Exception {
        ValidateProxyCallbackAction validateProxyCallbackAction = new ValidateProxyCallbackAction(mockProxyAuthenticator(new CertificateException()), this.ticketService);
        validateProxyCallbackAction.initialize();
        Assert.assertEquals(validateProxyCallbackAction.execute(newRequestContext("https://test.example.org/")).getId(), ProtocolError.ProxyCallbackAuthenticationFailure.id());
    }

    private static ProxyAuthenticator<TrustEngine<X509Credential>> mockProxyAuthenticator(Exception exc) throws Exception {
        ProxyAuthenticator<TrustEngine<X509Credential>> proxyAuthenticator = (ProxyAuthenticator) Mockito.mock(ProxyAuthenticator.class);
        if (exc != null) {
            ((ProxyAuthenticator) Mockito.doThrow(exc).when(proxyAuthenticator)).authenticate((URI) Mockito.any(URI.class), Mockito.any(TrustEngine.class));
        }
        return proxyAuthenticator;
    }

    private static RequestContext newRequestContext(String str) {
        TicketValidationRequest ticketValidationRequest = new TicketValidationRequest("https://test.example.com/", "ST-123-ABCCEF");
        ticketValidationRequest.setPgtUrl(str);
        return new TestContextBuilder("https://www.apereo.org/cas/protocol/serviceValidate").addProtocolContext(ticketValidationRequest, new TicketValidationResponse()).addTicketContext(new ServiceTicket("ST-123-ABCCEF", "SessionID-123", "https://test.example.com/", Instant.now(), false)).addRelyingPartyContext("https://test.example.com/", true, new ValidateConfiguration()).build();
    }
}
