package org.apereo.cas.authentication.mfa.bypass;

import java.util.HashMap;
import java.util.List;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider;
import org.apereo.cas.authentication.bypass.HttpRequestMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.MultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.NeverAllowMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.mfa.MultifactorAuthenticationTestUtils;
import org.apereo.cas.authentication.mfa.TestMultifactorAuthenticationProvider;
import org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties;
import org.apereo.cas.services.RegisteredService;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.context.support.StaticApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;

@Tag("MFATrigger")
/* loaded from: input_file:org/apereo/cas/authentication/mfa/bypass/DefaultChainingMultifactorAuthenticationBypassProviderTests.class */
class DefaultChainingMultifactorAuthenticationBypassProviderTests {
    DefaultChainingMultifactorAuthenticationBypassProviderTests() {
    }

    private static void mockRememberBypass(TestMultifactorAuthenticationProvider testMultifactorAuthenticationProvider, Authentication authentication) {
        HashMap hashMap = new HashMap();
        hashMap.put("bypassMultifactorAuthentication", List.of(Boolean.TRUE));
        hashMap.put("bypassedMultifactorAuthenticationProviderId", List.of(testMultifactorAuthenticationProvider.getId()));
        Mockito.when(authentication.getAttributes()).thenReturn(hashMap);
    }

    @Test
    void verifyChain() throws Throwable {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        DefaultChainingMultifactorAuthenticationBypassProvider defaultChainingMultifactorAuthenticationBypassProvider = new DefaultChainingMultifactorAuthenticationBypassProvider(staticApplicationContext);
        defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(new MultifactorAuthenticationProviderBypassEvaluator[]{new NeverAllowMultifactorAuthenticationProviderBypassEvaluator(staticApplicationContext)});
        Assertions.assertFalse(defaultChainingMultifactorAuthenticationBypassProvider.isEmpty());
    }

    @Test
    void verifyEmptyChainOperation() throws Throwable {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        MultifactorAuthenticationProviderBypassEvaluator filterMultifactorAuthenticationProviderBypassEvaluatorsBy = new DefaultChainingMultifactorAuthenticationBypassProvider(staticApplicationContext).filterMultifactorAuthenticationProviderBypassEvaluatorsBy("unknown");
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(staticApplicationContext);
        Authentication authentication = MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal("casuser"));
        RegisteredService registeredService = MultifactorAuthenticationTestUtils.getRegisteredService();
        Assertions.assertTrue(filterMultifactorAuthenticationProviderBypassEvaluatorsBy.shouldMultifactorAuthenticationProviderExecute(authentication, registeredService, registerProviderIntoApplicationContext, new MockHttpServletRequest(), MultifactorAuthenticationTestUtils.getService(registeredService.getServiceId())));
    }

    @Test
    void verifyOperation() throws Throwable {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addHeader("headerbypass", "true");
        MultifactorAuthenticationProviderBypassProperties multifactorAuthenticationProviderBypassProperties = new MultifactorAuthenticationProviderBypassProperties();
        multifactorAuthenticationProviderBypassProperties.setHttpRequestHeaders("headerbypass");
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(staticApplicationContext);
        Authentication authentication = MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal("casuser"));
        DefaultChainingMultifactorAuthenticationBypassProvider defaultChainingMultifactorAuthenticationBypassProvider = new DefaultChainingMultifactorAuthenticationBypassProvider(staticApplicationContext);
        defaultChainingMultifactorAuthenticationBypassProvider.addMultifactorAuthenticationProviderBypassEvaluator(new HttpRequestMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassProperties, registerProviderIntoApplicationContext.getId(), staticApplicationContext));
        Assertions.assertFalse(defaultChainingMultifactorAuthenticationBypassProvider.isEmpty());
        Assertions.assertNotNull(defaultChainingMultifactorAuthenticationBypassProvider.getId());
        Assertions.assertNotNull(defaultChainingMultifactorAuthenticationBypassProvider.getProviderId());
        Assertions.assertEquals(1, defaultChainingMultifactorAuthenticationBypassProvider.size());
        Assertions.assertFalse(defaultChainingMultifactorAuthenticationBypassProvider.isMultifactorAuthenticationBypassed(authentication, registerProviderIntoApplicationContext.getId()));
        defaultChainingMultifactorAuthenticationBypassProvider.rememberBypass(authentication, registerProviderIntoApplicationContext);
        mockRememberBypass(registerProviderIntoApplicationContext, authentication);
        Assertions.assertTrue(defaultChainingMultifactorAuthenticationBypassProvider.isMultifactorAuthenticationBypassed(authentication, registerProviderIntoApplicationContext.getId()));
        Mockito.when(authentication.getAttributes()).thenReturn(new HashMap());
        defaultChainingMultifactorAuthenticationBypassProvider.forgetBypass(authentication);
        Assertions.assertFalse(defaultChainingMultifactorAuthenticationBypassProvider.isMultifactorAuthenticationBypassed(authentication, registerProviderIntoApplicationContext.getId()));
        RegisteredService registeredService = MultifactorAuthenticationTestUtils.getRegisteredService();
        Assertions.assertFalse(defaultChainingMultifactorAuthenticationBypassProvider.shouldMultifactorAuthenticationProviderExecute(authentication, registeredService, registerProviderIntoApplicationContext, mockHttpServletRequest, MultifactorAuthenticationTestUtils.getService(registeredService.getServiceId())));
        Assertions.assertTrue(defaultChainingMultifactorAuthenticationBypassProvider.belongsToMultifactorAuthenticationProvider(registerProviderIntoApplicationContext.getId()).isPresent());
        Assertions.assertFalse(defaultChainingMultifactorAuthenticationBypassProvider.filterMultifactorAuthenticationProviderBypassEvaluatorsBy(registerProviderIntoApplicationContext.getId()).isEmpty());
    }
}
