package net.shibboleth.idp.test.flows.cas;

import java.time.Instant;
import javax.annotation.Nonnull;
import net.shibboleth.idp.cas.ticket.ProxyTicket;
import net.shibboleth.idp.cas.ticket.TicketIdentifierGenerationStrategy;
import net.shibboleth.idp.cas.ticket.TicketService;
import net.shibboleth.idp.cas.ticket.TicketState;
import net.shibboleth.idp.session.SessionManager;
import net.shibboleth.idp.test.flows.AbstractFlowTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.webflow.core.collection.MutableAttributeMap;
import org.springframework.webflow.executor.FlowExecutionResult;
import org.testng.Assert;
import org.testng.annotations.Test;

@ContextConfiguration(locations = {"/test/test-cas-beans.xml"})
/* loaded from: input_file:net/shibboleth/idp/test/flows/cas/ProxyValidateFlowTest.class */
public class ProxyValidateFlowTest extends AbstractFlowTest {

    @Nonnull
    private static String FLOW_ID = "cas/proxyValidate";

    @Autowired
    @Qualifier("shibboleth.CASTicketService")
    private TicketService ticketService;

    @Autowired
    private SessionManager sessionManager;

    @Autowired
    private TestProxyValidator testProxyValidator;

    @Test
    public void testSuccess() throws Exception {
        ProxyTicket createProxyTicket = createProxyTicket(this.sessionManager.createSession("john").getId(), "john");
        this.externalContext.getMockRequestParameterMap().put("service", createProxyTicket.getService());
        this.externalContext.getMockRequestParameterMap().put("ticket", createProxyTicket.getId());
        FlowExecutionResult launchExecution = this.flowExecutor.launchExecution(FLOW_ID, (MutableAttributeMap) null, this.externalContext);
        String contentAsString = this.response.getContentAsString();
        Assert.assertEquals(launchExecution.getOutcome().getId(), "ValidateSuccess");
        Assert.assertTrue(contentAsString.contains("<cas:authenticationSuccess>"));
        Assert.assertTrue(contentAsString.contains("<cas:user>john</cas:user>"));
        Assert.assertFalse(contentAsString.contains("<cas:proxyGrantingTicket>"));
        Assert.assertTrue(contentAsString.contains("<cas:proxy>https://service.example.org/</cas:proxy>"));
    }

    @Test
    public void testFailureTicketExpired() throws Exception {
        this.externalContext.getMockRequestParameterMap().put("service", "https://test.example.org/");
        this.externalContext.getMockRequestParameterMap().put("ticket", "PT-123-ABC");
        Assert.assertEquals(this.flowExecutor.launchExecution(FLOW_ID, (MutableAttributeMap) null, this.externalContext).getOutcome().getId(), "ProtocolErrorView");
        String contentAsString = this.response.getContentAsString();
        Assert.assertTrue(contentAsString.contains("<cas:authenticationFailure code=\"INVALID_TICKET\""));
        Assert.assertTrue(contentAsString.contains("E_TICKET_EXPIRED"));
    }

    @Test
    public void testSuccessWithProxy() throws Exception {
        ProxyTicket createProxyTicket = createProxyTicket(this.sessionManager.createSession("john").getId(), "john");
        this.externalContext.getMockRequestParameterMap().put("service", createProxyTicket.getService());
        this.externalContext.getMockRequestParameterMap().put("ticket", createProxyTicket.getId());
        this.externalContext.getMockRequestParameterMap().put("pgtUrl", "https://proxy.example.com/");
        this.testProxyValidator.setResponseCode(200);
        FlowExecutionResult launchExecution = this.flowExecutor.launchExecution(FLOW_ID, (MutableAttributeMap) null, this.externalContext);
        String contentAsString = this.response.getContentAsString();
        Assert.assertEquals(launchExecution.getOutcome().getId(), "ValidateSuccess");
        Assert.assertTrue(contentAsString.contains("<cas:authenticationSuccess>"));
        Assert.assertTrue(contentAsString.contains("<cas:user>john</cas:user>"));
        Assert.assertTrue(contentAsString.contains("<cas:proxyGrantingTicket>"));
        Assert.assertTrue(contentAsString.contains("<cas:proxy>https://service.example.org/</cas:proxy>"));
    }

    @Test(dependsOnMethods = {"testSuccessWithProxy"})
    public void testProxyCallbackAuthnFailure() throws Exception {
        ProxyTicket createProxyTicket = createProxyTicket(this.sessionManager.createSession("john").getId(), "john");
        this.externalContext.getMockRequestParameterMap().put("service", createProxyTicket.getService());
        this.externalContext.getMockRequestParameterMap().put("ticket", createProxyTicket.getId());
        this.externalContext.getMockRequestParameterMap().put("pgtUrl", "https://proxy.example.com/");
        this.testProxyValidator.setResponseCode(404);
        FlowExecutionResult launchExecution = this.flowExecutor.launchExecution(FLOW_ID, (MutableAttributeMap) null, this.externalContext);
        String contentAsString = this.response.getContentAsString();
        Assert.assertEquals(launchExecution.getOutcome().getId(), "ProtocolErrorView");
        Assert.assertTrue(contentAsString.contains("<cas:authenticationFailure code=\"INVALID_REQUEST\""));
        Assert.assertTrue(contentAsString.contains("E_PROXY_CALLBACK_AUTH_FAILURE"));
    }

    @Test
    public void testFailureBrokenProxyChain() throws Exception {
        ProxyTicket createProxyTicket = this.ticketService.createProxyTicket(new TicketIdentifierGenerationStrategy("PT", 25).generateIdentifier(), Instant.now().plusSeconds(5L), this.ticketService.createProxyGrantingTicket(new TicketIdentifierGenerationStrategy("PGT", 50).generateIdentifier(), Instant.now().plusSeconds(3600L), this.ticketService.createProxyTicket(new TicketIdentifierGenerationStrategy("PT", 25).generateIdentifier(), Instant.now().plusSeconds(5L), this.ticketService.createProxyGrantingTicket(new TicketIdentifierGenerationStrategy("PGT", 50).generateIdentifier(), Instant.now().plusMillis(20L), this.ticketService.createServiceTicket(new TicketIdentifierGenerationStrategy("ST", 25).generateIdentifier(), Instant.now().plusSeconds(5L), "https://service.example.org/", new TicketState(this.sessionManager.createSession("john").getId(), "john", Instant.now(), "Password"), false)), "https://proxy1.example.org/")), "https://proxy2.example.org/");
        this.externalContext.getMockRequestParameterMap().put("service", createProxyTicket.getService());
        this.externalContext.getMockRequestParameterMap().put("ticket", createProxyTicket.getId());
        Thread.sleep(25L);
        FlowExecutionResult launchExecution = this.flowExecutor.launchExecution(FLOW_ID, (MutableAttributeMap) null, this.externalContext);
        String contentAsString = this.response.getContentAsString();
        Assert.assertEquals(launchExecution.getOutcome().getId(), "ProtocolErrorView");
        Assert.assertTrue(contentAsString.contains("<cas:authenticationFailure code=\"INVALID_TICKET\""));
        Assert.assertTrue(contentAsString.contains("E_BROKEN_PROXY_CHAIN"));
    }

    private ProxyTicket createProxyTicket(String str, String str2) {
        return this.ticketService.createProxyTicket(new TicketIdentifierGenerationStrategy("PT", 25).generateIdentifier(), Instant.now().plusSeconds(5L), this.ticketService.createProxyGrantingTicket(new TicketIdentifierGenerationStrategy("PGT", 50).generateIdentifier(), Instant.now().plusSeconds(10L), this.ticketService.createServiceTicket(new TicketIdentifierGenerationStrategy("ST", 25).generateIdentifier(), Instant.now().plusSeconds(5L), "https://service.example.org/", new TicketState(str, str2, Instant.now(), "Password"), false)), "https://proxyA.example.org/");
    }
}
