package net.shibboleth.idp.plugin.authn.duo.impl;

import java.util.Set;
import net.shibboleth.idp.plugin.authn.duo.DynamicDuoOIDCIntegration;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
import org.springframework.mock.web.MockHttpServletRequest;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/impl/DefaultRedirectURICreationStrategyTest.class */
public class DefaultRedirectURICreationStrategyTest {
    private static final String CALLBACK_PATH = "/Authn/Duo/2FA//duo-callback";
    private DefaultRedirectURICreationStrategy strategy;

    @Mock
    private DynamicDuoOIDCIntegration integration;
    private MockHttpServletRequest request;

    @BeforeMethod
    public void setUp() throws Exception {
        this.request = new MockHttpServletRequest();
        MockitoAnnotations.openMocks(this);
    }

    @Test
    public final void testComputedRedirectAllowed() throws Exception {
        this.strategy = new DefaultRedirectURICreationStrategy(CALLBACK_PATH);
        this.request.addHeader("Host", "allowed.com");
        this.request.setServerPort(443);
        this.request.setScheme("https");
        Mockito.when(this.integration.getAllowedOrigins()).thenReturn(Set.of("https://allowed.com"));
        Mockito.when(this.integration.getRegisteredRedirectURI()).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(this.integration.isRedirectURIPreregistered())).thenReturn(false);
        Assert.assertEquals(this.strategy.apply(this.request, this.integration), "https://allowed.com/Authn/Duo/2FA//duo-callback");
    }

    @Test
    public final void testComputedRedirectDisallowed() throws Exception {
        this.strategy = new DefaultRedirectURICreationStrategy(CALLBACK_PATH);
        this.request.addHeader("Host", "not-allowed.com");
        this.request.setServerPort(443);
        this.request.setScheme("https");
        Mockito.when(this.integration.getAllowedOrigins()).thenReturn(Set.of("https://allowed.com"));
        Mockito.when(this.integration.getRegisteredRedirectURI()).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(this.integration.isRedirectURIPreregistered())).thenReturn(false);
        Assert.assertEquals(this.strategy.apply(this.request, this.integration), (String) null);
    }

    @Test
    public final void testComputedRedirectAllowedHTTPSCustomPort() throws Exception {
        this.strategy = new DefaultRedirectURICreationStrategy(CALLBACK_PATH);
        this.request.addHeader("Host", "allowed.com");
        this.request.setServerPort(8443);
        this.request.setScheme("https");
        Mockito.when(this.integration.getAllowedOrigins()).thenReturn(Set.of("https://allowed.com:8443"));
        Mockito.when(this.integration.getRegisteredRedirectURI()).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(this.integration.isRedirectURIPreregistered())).thenReturn(false);
        Assert.assertEquals(this.strategy.apply(this.request, this.integration), "https://allowed.com:8443/Authn/Duo/2FA//duo-callback");
    }

    @Test
    public final void testComputedRedirectAllowedHTTPCustomPort() throws Exception {
        this.strategy = new DefaultRedirectURICreationStrategy(CALLBACK_PATH);
        this.request.addHeader("Host", "allowed.com");
        this.request.setServerPort(8080);
        this.request.setScheme("http");
        Mockito.when(this.integration.getAllowedOrigins()).thenReturn(Set.of("http://allowed.com:8080"));
        Mockito.when(this.integration.getRegisteredRedirectURI()).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(this.integration.isRedirectURIPreregistered())).thenReturn(false);
        Assert.assertEquals(this.strategy.apply(this.request, this.integration), "http://allowed.com:8080/Authn/Duo/2FA//duo-callback");
    }

    @Test
    public final void testComputedRedirectAllowedNullPort() throws Exception {
        this.strategy = new DefaultRedirectURICreationStrategy(CALLBACK_PATH);
        this.request.addHeader("Host", "allowed.com");
        this.request.setServerPort(-1);
        this.request.setScheme("http");
        Mockito.when(this.integration.getAllowedOrigins()).thenReturn(Set.of("http://allowed.com"));
        Mockito.when(this.integration.getRegisteredRedirectURI()).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(this.integration.isRedirectURIPreregistered())).thenReturn(false);
        Assert.assertEquals(this.strategy.apply(this.request, this.integration), "http://allowed.com/Authn/Duo/2FA//duo-callback");
    }

    @Test
    public final void testComputedRedirectDisallowedOnPort() throws Exception {
        this.strategy = new DefaultRedirectURICreationStrategy(CALLBACK_PATH);
        this.request.addHeader("Host", "allowed.com");
        this.request.setServerPort(443);
        this.request.setScheme("https");
        Mockito.when(this.integration.getAllowedOrigins()).thenReturn(Set.of("https://allowed.com:8443"));
        Mockito.when(this.integration.getRegisteredRedirectURI()).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(this.integration.isRedirectURIPreregistered())).thenReturn(false);
        Assert.assertEquals(this.strategy.apply(this.request, this.integration), (String) null);
    }

    @Test
    public final void testPreregisteredURL() throws Exception {
        this.strategy = new DefaultRedirectURICreationStrategy(CALLBACK_PATH);
        this.request.addHeader("Host", "notused.com");
        this.request.setServerPort(443);
        this.request.setScheme("https");
        Mockito.when(this.integration.getRegisteredRedirectURI()).thenReturn("https://registered.com/Authn/Duo/2FA//duo-callback");
        Mockito.when(Boolean.valueOf(this.integration.isRedirectURIPreregistered())).thenReturn(true);
        Assert.assertEquals(this.strategy.apply(this.request, this.integration), "https://registered.com/Authn/Duo/2FA//duo-callback");
    }

    @Test
    public final void testComputedRedirectBadHostname() throws Exception {
        this.strategy = new DefaultRedirectURICreationStrategy(CALLBACK_PATH);
        this.request.addHeader("Host", "<script>inject</script>");
        this.request.setServerPort(80);
        this.request.setScheme("http");
        Mockito.when(this.integration.getAllowedOrigins()).thenReturn(Set.of("http://allowed.com"));
        Mockito.when(this.integration.getRegisteredRedirectURI()).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(this.integration.isRedirectURIPreregistered())).thenReturn(false);
        Assert.assertEquals(this.strategy.apply(this.request, this.integration), (String) null);
    }
}
