package org.apereo.cas.authentication.mfa.trigger;

import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.DefaultMultifactorAuthenticationProviderResolver;
import org.apereo.cas.authentication.MultifactorAuthenticationPrincipalResolver;
import org.apereo.cas.authentication.MultifactorAuthenticationRequiredException;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.PrincipalAttributeMultifactorAuthenticationProperties;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;

@Tag("MFATrigger")
/* loaded from: input_file:org/apereo/cas/authentication/mfa/trigger/PrincipalAttributeMultifactorAuthenticationTriggerTests.class */
class PrincipalAttributeMultifactorAuthenticationTriggerTests extends BaseMultifactorAuthenticationTriggerTests {
    PrincipalAttributeMultifactorAuthenticationTriggerTests() {
    }

    @Test
    void verifyOperationByProvider() throws Throwable {
        CasConfigurationProperties casConfigurationProperties = new CasConfigurationProperties();
        PrincipalAttributeMultifactorAuthenticationProperties principal = casConfigurationProperties.getAuthn().getMfa().getTriggers().getPrincipal();
        principal.setGlobalPrincipalAttributeNameTriggers("email");
        principal.setGlobalPrincipalAttributeValueRegex(".+@example.*");
        Assertions.assertTrue(new PrincipalAttributeMultifactorAuthenticationTrigger(casConfigurationProperties, new DefaultMultifactorAuthenticationProviderResolver(MultifactorAuthenticationPrincipalResolver.identical()), this.applicationContext).isActivated(this.authentication, this.registeredService, this.httpRequest, this.httpResponse, (Service) Mockito.mock(Service.class)).isPresent());
    }

    @Test
    void verifyDenyWhenUnmatched() throws Throwable {
        CasConfigurationProperties casConfigurationProperties = new CasConfigurationProperties();
        PrincipalAttributeMultifactorAuthenticationProperties principal = casConfigurationProperties.getAuthn().getMfa().getTriggers().getPrincipal();
        principal.setGlobalPrincipalAttributeNameTriggers("email");
        principal.setGlobalPrincipalAttributeValueRegex("-nothing-");
        principal.setDenyIfUnmatched(true);
        PrincipalAttributeMultifactorAuthenticationTrigger principalAttributeMultifactorAuthenticationTrigger = new PrincipalAttributeMultifactorAuthenticationTrigger(casConfigurationProperties, new DefaultMultifactorAuthenticationProviderResolver(MultifactorAuthenticationPrincipalResolver.identical()), this.applicationContext);
        AuthenticationException assertThrows = Assertions.assertThrows(AuthenticationException.class, () -> {
            principalAttributeMultifactorAuthenticationTrigger.isActivated(this.authentication, this.registeredService, this.httpRequest, this.httpResponse, (Service) Mockito.mock(Service.class));
        });
        Assertions.assertNotNull(assertThrows.getCode());
        Assertions.assertTrue(assertThrows.getHandlerErrors().containsKey(MultifactorAuthenticationRequiredException.class.getSimpleName()));
    }
}
