package org.apereo.cas.authentication.mfa;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import org.apereo.cas.authentication.AbstractMultifactorAuthenticationProvider;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.DefaultChainingMultifactorAuthenticationProvider;
import org.apereo.cas.authentication.DefaultMultifactorAuthenticationFailureModeEvaluator;
import org.apereo.cas.authentication.MultifactorAuthenticationPrincipalResolver;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationUtils;
import org.apereo.cas.authentication.bypass.AuthenticationMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.BaseMultifactorAuthenticationProviderProperties;
import org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceMultifactorPolicy;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.spring.ApplicationContextProvider;
import org.apereo.cas.validation.Assertion;
import org.apereo.cas.validation.AuthenticationContextValidationResult;
import org.apereo.cas.validation.RequestedAuthenticationContextValidator;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.support.StaticApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("MFA")
/* loaded from: input_file:org/apereo/cas/authentication/mfa/DefaultRequestedAuthenticationContextValidatorTests.class */
class DefaultRequestedAuthenticationContextValidatorTests {
    private static final String CASUSER = "casuser";
    private static final Map<String, List<Object>> AUTH_ATTRIBUTES = CollectionUtils.wrap("givenName", "CAS");

    DefaultRequestedAuthenticationContextValidatorTests() {
    }

    private static ConfigurableApplicationContext buildApplicationContext() {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
        ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
        return staticApplicationContext;
    }

    @Test
    void verifyNoRequestedAuthenticationContext() throws Throwable {
        RequestedAuthenticationContextValidator mockRequestAuthnContextValidator = MultifactorAuthenticationTestUtils.mockRequestAuthnContextValidator((ServicesManager) Mockito.mock(ServicesManager.class), Optional.empty(), buildApplicationContext(), BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.UNDEFINED.toString());
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getPrimaryAuthentication()).thenReturn(MultifactorAuthenticationTestUtils.getAuthentication(CASUSER));
        Assertions.assertTrue(mockRequestAuthnContextValidator.validateAuthenticationContext(assertion, new MockHttpServletRequest(), new MockHttpServletResponse()).isSuccess());
    }

    @Test
    void verifyExecutionIgnoredPerService() throws Throwable {
        ConfigurableApplicationContext buildApplicationContext = buildApplicationContext();
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(buildApplicationContext);
        registerProviderIntoApplicationContext.setBypassEvaluator(new AuthenticationMultifactorAuthenticationProviderBypassEvaluator(MultifactorAuthenticationTestUtils.getAuthenticationBypassProperties(), registerProviderIntoApplicationContext.getId()));
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        RequestedAuthenticationContextValidator mockRequestAuthnContextValidator = MultifactorAuthenticationTestUtils.mockRequestAuthnContextValidator(servicesManager, Optional.of(registerProviderIntoApplicationContext), buildApplicationContext, BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.UNDEFINED.toString());
        RegisteredServiceMultifactorPolicy registeredServiceMultifactorPolicy = (RegisteredServiceMultifactorPolicy) Mockito.mock(RegisteredServiceMultifactorPolicy.class);
        Mockito.when(Boolean.valueOf(registeredServiceMultifactorPolicy.isBypassEnabled())).thenReturn(true);
        WebApplicationService service = MultifactorAuthenticationTestUtils.getService(UUID.randomUUID().toString());
        RegisteredService registeredService = MultifactorAuthenticationTestUtils.getRegisteredService(service.getId(), BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.UNDEFINED.toString());
        Mockito.when(registeredService.getMultifactorAuthenticationPolicy()).thenReturn(registeredServiceMultifactorPolicy);
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(registeredService);
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getService()).thenReturn(service);
        Mockito.when(assertion.getPrimaryAuthentication()).thenReturn(MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal(CASUSER, CollectionUtils.wrap(CASUSER, AUTH_ATTRIBUTES)), AUTH_ATTRIBUTES));
        AuthenticationContextValidationResult validateAuthenticationContext = mockRequestAuthnContextValidator.validateAuthenticationContext(assertion, new MockHttpServletRequest(), new MockHttpServletResponse());
        Assertions.assertTrue(validateAuthenticationContext.isSuccess());
        Assertions.assertTrue(validateAuthenticationContext.getContextId().isEmpty());
    }

    @Test
    void verifyRequestedAuthenticationContextChained() throws Throwable {
        ConfigurableApplicationContext buildApplicationContext = buildApplicationContext();
        CasConfigurationProperties casConfigurationProperties = new CasConfigurationProperties();
        casConfigurationProperties.getAuthn().getMfa().getCore().setGlobalFailureMode(BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.OPEN);
        DefaultChainingMultifactorAuthenticationProvider defaultChainingMultifactorAuthenticationProvider = new DefaultChainingMultifactorAuthenticationProvider(new DefaultMultifactorAuthenticationFailureModeEvaluator(casConfigurationProperties));
        TestMultifactorAuthenticationProvider testMultifactorAuthenticationProvider = new TestMultifactorAuthenticationProvider("mfa-first");
        TestMultifactorAuthenticationProvider testMultifactorAuthenticationProvider2 = new TestMultifactorAuthenticationProvider("mfa-second");
        defaultChainingMultifactorAuthenticationProvider.addMultifactorAuthenticationProvider(testMultifactorAuthenticationProvider);
        defaultChainingMultifactorAuthenticationProvider.addMultifactorAuthenticationProvider(testMultifactorAuthenticationProvider2);
        TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(buildApplicationContext, (MultifactorAuthenticationProvider) testMultifactorAuthenticationProvider);
        TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(buildApplicationContext, (MultifactorAuthenticationProvider) testMultifactorAuthenticationProvider2);
        RequestedAuthenticationContextValidator mockRequestAuthnContextValidator = MultifactorAuthenticationTestUtils.mockRequestAuthnContextValidator((ServicesManager) Mockito.mock(ServicesManager.class), Optional.of(defaultChainingMultifactorAuthenticationProvider), buildApplicationContext, BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.UNDEFINED.toString());
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Authentication authentication = MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal(CASUSER, CollectionUtils.wrap(CASUSER, AUTH_ATTRIBUTES)), AUTH_ATTRIBUTES);
        authentication.getAttributes().put("authn_method", List.of(testMultifactorAuthenticationProvider2.getId()));
        Mockito.when(assertion.getPrimaryAuthentication()).thenReturn(authentication);
        Assertions.assertTrue(mockRequestAuthnContextValidator.validateAuthenticationContext(assertion, new MockHttpServletRequest(), new MockHttpServletResponse()).isSuccess());
    }

    @Test
    void verifyRequestedAuthenticationContextBypassed() throws Throwable {
        ConfigurableApplicationContext buildApplicationContext = buildApplicationContext();
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(buildApplicationContext);
        registerProviderIntoApplicationContext.setBypassEvaluator(new AuthenticationMultifactorAuthenticationProviderBypassEvaluator(MultifactorAuthenticationTestUtils.getAuthenticationBypassProperties(), registerProviderIntoApplicationContext.getId()));
        RequestedAuthenticationContextValidator mockRequestAuthnContextValidator = MultifactorAuthenticationTestUtils.mockRequestAuthnContextValidator((ServicesManager) Mockito.mock(ServicesManager.class), Optional.of(registerProviderIntoApplicationContext), buildApplicationContext, BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.UNDEFINED.toString());
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getPrimaryAuthentication()).thenReturn(MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal(CASUSER, CollectionUtils.wrap(CASUSER, AUTH_ATTRIBUTES)), AUTH_ATTRIBUTES));
        Assertions.assertTrue(mockRequestAuthnContextValidator.validateAuthenticationContext(assertion, new MockHttpServletRequest(), new MockHttpServletResponse()).isSuccess());
    }

    @Test
    void verifyRequestedAuthenticationContextNotBypassed() throws Throwable {
        ConfigurableApplicationContext buildApplicationContext = buildApplicationContext();
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(buildApplicationContext);
        MultifactorAuthenticationProviderBypassProperties multifactorAuthenticationProviderBypassProperties = new MultifactorAuthenticationProviderBypassProperties();
        multifactorAuthenticationProviderBypassProperties.setAuthenticationAttributeName("givenName");
        multifactorAuthenticationProviderBypassProperties.setAuthenticationAttributeValue("Not Bypassed");
        registerProviderIntoApplicationContext.setBypassEvaluator(new AuthenticationMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassProperties, TestMultifactorAuthenticationProvider.ID));
        RequestedAuthenticationContextValidator mockRequestAuthnContextValidator = MultifactorAuthenticationTestUtils.mockRequestAuthnContextValidator((ServicesManager) Mockito.mock(ServicesManager.class), Optional.of(registerProviderIntoApplicationContext), buildApplicationContext, BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.UNDEFINED.toString());
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getPrimaryAuthentication()).thenReturn(MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal(CASUSER), AUTH_ATTRIBUTES));
        Assertions.assertFalse(mockRequestAuthnContextValidator.validateAuthenticationContext(assertion, new MockHttpServletRequest(), new MockHttpServletResponse()).isSuccess());
    }

    @Test
    void verifyRequestedAuthenticationIsAlreadyBypass() throws Throwable {
        ConfigurableApplicationContext buildApplicationContext = buildApplicationContext();
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(buildApplicationContext);
        MultifactorAuthenticationProviderBypassProperties multifactorAuthenticationProviderBypassProperties = new MultifactorAuthenticationProviderBypassProperties();
        multifactorAuthenticationProviderBypassProperties.setAuthenticationAttributeName("givenName");
        multifactorAuthenticationProviderBypassProperties.setAuthenticationAttributeValue("Not Bypassed");
        registerProviderIntoApplicationContext.setBypassEvaluator(new AuthenticationMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassProperties, TestMultifactorAuthenticationProvider.ID));
        RequestedAuthenticationContextValidator mockRequestAuthnContextValidator = MultifactorAuthenticationTestUtils.mockRequestAuthnContextValidator((ServicesManager) Mockito.mock(ServicesManager.class), Optional.of(registerProviderIntoApplicationContext), buildApplicationContext, BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.UNDEFINED.toString());
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Principal principal = MultifactorAuthenticationTestUtils.getPrincipal(CASUSER);
        HashMap hashMap = new HashMap();
        hashMap.put("bypassMultifactorAuthentication", List.of(true));
        hashMap.put("bypassedMultifactorAuthenticationProviderId", List.of(TestMultifactorAuthenticationProvider.ID));
        Mockito.when(assertion.getPrimaryAuthentication()).thenReturn(MultifactorAuthenticationTestUtils.getAuthentication(principal, hashMap));
        Assertions.assertTrue(mockRequestAuthnContextValidator.validateAuthenticationContext(assertion, new MockHttpServletRequest(), new MockHttpServletResponse()).isSuccess());
    }

    @Test
    void verifyRequestedAuthenticationContextNoProvider() throws Throwable {
        RequestedAuthenticationContextValidator mockRequestAuthnContextValidator = MultifactorAuthenticationTestUtils.mockRequestAuthnContextValidator((ServicesManager) Mockito.mock(ServicesManager.class), Optional.of(new TestMultifactorAuthenticationProvider()), buildApplicationContext(), BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.UNDEFINED.toString());
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getPrimaryAuthentication()).thenReturn(MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal(CASUSER), AUTH_ATTRIBUTES));
        Assertions.assertFalse(mockRequestAuthnContextValidator.validateAuthenticationContext(assertion, new MockHttpServletRequest(), new MockHttpServletResponse()).isSuccess());
    }

    @Test
    void verifyGlobalFailureModeFailsOpen() throws Throwable {
        ConfigurableApplicationContext buildApplicationContext = buildApplicationContext();
        TestUnavailableMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestUnavailableMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(buildApplicationContext);
        CasConfigurationProperties casConfigurationProperties = new CasConfigurationProperties();
        casConfigurationProperties.getAuthn().getMfa().getCore().setGlobalFailureMode(BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.OPEN);
        registerProviderIntoApplicationContext.setFailureModeEvaluator(new DefaultMultifactorAuthenticationFailureModeEvaluator(casConfigurationProperties));
        RequestedAuthenticationContextValidator mockRequestAuthnContextValidator = MultifactorAuthenticationTestUtils.mockRequestAuthnContextValidator((ServicesManager) Mockito.mock(ServicesManager.class), Optional.of(registerProviderIntoApplicationContext), buildApplicationContext, BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.UNDEFINED.toString());
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getPrimaryAuthentication()).thenReturn(MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal(CASUSER), AUTH_ATTRIBUTES));
        Assertions.assertTrue(mockRequestAuthnContextValidator.validateAuthenticationContext(assertion, new MockHttpServletRequest(), new MockHttpServletResponse()).isSuccess());
    }

    @Test
    void verifyGlobalFailureModeFailsClosed() throws Throwable {
        ConfigurableApplicationContext buildApplicationContext = buildApplicationContext();
        TestUnavailableMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(buildApplicationContext);
        Optional multifactorAuthenticationProviderById = MultifactorAuthenticationUtils.getMultifactorAuthenticationProviderById(TestUnavailableMultifactorAuthenticationProvider.ID, buildApplicationContext);
        CasConfigurationProperties casConfigurationProperties = new CasConfigurationProperties();
        casConfigurationProperties.getAuthn().getMfa().getCore().setGlobalFailureMode(BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.CLOSED);
        ((AbstractMultifactorAuthenticationProvider) multifactorAuthenticationProviderById.get()).setFailureModeEvaluator(new DefaultMultifactorAuthenticationFailureModeEvaluator(casConfigurationProperties));
        RequestedAuthenticationContextValidator mockRequestAuthnContextValidator = MultifactorAuthenticationTestUtils.mockRequestAuthnContextValidator((ServicesManager) Mockito.mock(ServicesManager.class), Optional.of(new TestMultifactorAuthenticationProvider()), buildApplicationContext, BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.UNDEFINED.toString());
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getPrimaryAuthentication()).thenReturn(MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal(CASUSER), AUTH_ATTRIBUTES));
        Assertions.assertFalse(mockRequestAuthnContextValidator.validateAuthenticationContext(assertion, new MockHttpServletRequest(), new MockHttpServletResponse()).isSuccess());
    }

    @Test
    void verifyServiceFailureModeFailsOpen() throws Throwable {
        ConfigurableApplicationContext buildApplicationContext = buildApplicationContext();
        TestUnavailableMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestUnavailableMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(buildApplicationContext);
        CasConfigurationProperties casConfigurationProperties = new CasConfigurationProperties();
        casConfigurationProperties.getAuthn().getMfa().getCore().setGlobalFailureMode(BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.CLOSED);
        registerProviderIntoApplicationContext.setFailureModeEvaluator(new DefaultMultifactorAuthenticationFailureModeEvaluator(casConfigurationProperties));
        RequestedAuthenticationContextValidator mockRequestAuthnContextValidator = MultifactorAuthenticationTestUtils.mockRequestAuthnContextValidator((ServicesManager) Mockito.mock(ServicesManager.class), Optional.of(registerProviderIntoApplicationContext), buildApplicationContext, BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.OPEN.toString());
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getService()).thenReturn(MultifactorAuthenticationTestUtils.getService("service"));
        Mockito.when(assertion.getPrimaryAuthentication()).thenReturn(MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal(CASUSER), AUTH_ATTRIBUTES));
        Assertions.assertTrue(mockRequestAuthnContextValidator.validateAuthenticationContext(assertion, new MockHttpServletRequest(), new MockHttpServletResponse()).isSuccess());
    }

    @Test
    void verifyServiceFailureModeFailsClosed() throws Throwable {
        ConfigurableApplicationContext buildApplicationContext = buildApplicationContext();
        TestUnavailableMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestUnavailableMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(buildApplicationContext);
        CasConfigurationProperties casConfigurationProperties = new CasConfigurationProperties();
        casConfigurationProperties.getAuthn().getMfa().getCore().setGlobalFailureMode(BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.OPEN);
        registerProviderIntoApplicationContext.setFailureModeEvaluator(new DefaultMultifactorAuthenticationFailureModeEvaluator(casConfigurationProperties));
        RequestedAuthenticationContextValidator mockRequestAuthnContextValidator = MultifactorAuthenticationTestUtils.mockRequestAuthnContextValidator((ServicesManager) Mockito.mock(ServicesManager.class), Optional.of(registerProviderIntoApplicationContext), buildApplicationContext, BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes.CLOSED.toString());
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getService()).thenReturn(MultifactorAuthenticationTestUtils.getService("service"));
        Mockito.when(assertion.getPrimaryAuthentication()).thenReturn(MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal(CASUSER), AUTH_ATTRIBUTES));
        Assertions.assertFalse(mockRequestAuthnContextValidator.validateAuthenticationContext(assertion, new MockHttpServletRequest(), new MockHttpServletResponse()).isSuccess());
    }
}
