package org.apereo.cas.authentication.mfa;

import java.util.UUID;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.MultifactorAuthenticationPrincipalResolver;
import org.apereo.cas.authentication.bypass.AuthenticationMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.CredentialMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.HttpRequestMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.PrincipalMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.bypass.RegisteredServiceMultifactorAuthenticationProviderBypassEvaluator;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceMultifactorPolicy;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.spring.ApplicationContextProvider;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.context.support.StaticApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;

@Tag("MFATrigger")
/* loaded from: input_file:org/apereo/cas/authentication/mfa/MultifactorAuthenticationProviderBypassTests.class */
class MultifactorAuthenticationProviderBypassTests {
    MultifactorAuthenticationProviderBypassTests() {
    }

    @Test
    void verifyMultifactorAuthenticationBypassByPrincipalAttributes() throws Throwable {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
        ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MultifactorAuthenticationProviderBypassProperties multifactorAuthenticationProviderBypassProperties = new MultifactorAuthenticationProviderBypassProperties();
        multifactorAuthenticationProviderBypassProperties.setPrincipalAttributeName("givenName");
        multifactorAuthenticationProviderBypassProperties.setPrincipalAttributeValue("CAS");
        Authentication authentication = MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal("casuser", CollectionUtils.wrap("givenName", "CAS")), CollectionUtils.wrap("authnFlag", "bypass"));
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(staticApplicationContext);
        Assertions.assertFalse(new PrincipalMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassProperties, registerProviderIntoApplicationContext.getId(), staticApplicationContext).shouldMultifactorAuthenticationProviderExecute(authentication, MultifactorAuthenticationTestUtils.getRegisteredService(), registerProviderIntoApplicationContext, mockHttpServletRequest, (Service) Mockito.mock(Service.class)));
    }

    @Test
    void verifyMultifactorAuthenticationBypassByAuthenticationAttributes() throws Throwable {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
        ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MultifactorAuthenticationProviderBypassProperties multifactorAuthenticationProviderBypassProperties = new MultifactorAuthenticationProviderBypassProperties();
        multifactorAuthenticationProviderBypassProperties.setAuthenticationAttributeName("authnFlag");
        multifactorAuthenticationProviderBypassProperties.setAuthenticationAttributeValue("bypass");
        Authentication authentication = MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal("casuser", CollectionUtils.wrap("givenName", "CAS")), CollectionUtils.wrap("authnFlag", "bypass"));
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(staticApplicationContext);
        Assertions.assertFalse(new AuthenticationMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassProperties, registerProviderIntoApplicationContext.getId(), staticApplicationContext).shouldMultifactorAuthenticationProviderExecute(authentication, MultifactorAuthenticationTestUtils.getRegisteredService(), registerProviderIntoApplicationContext, mockHttpServletRequest, (Service) Mockito.mock(Service.class)));
    }

    @Test
    void verifyMultifactorAuthenticationBypassByAuthenticationMethod() throws Throwable {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
        ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MultifactorAuthenticationProviderBypassProperties multifactorAuthenticationProviderBypassProperties = new MultifactorAuthenticationProviderBypassProperties();
        multifactorAuthenticationProviderBypassProperties.setAuthenticationMethodName("simpleAuthentication");
        Authentication authentication = MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal("casuser", CollectionUtils.wrap("givenName", "CAS")), CollectionUtils.wrap("authenticationMethod", "simpleAuthentication"));
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(staticApplicationContext);
        Assertions.assertFalse(new AuthenticationMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassProperties, registerProviderIntoApplicationContext.getId(), staticApplicationContext).shouldMultifactorAuthenticationProviderExecute(authentication, MultifactorAuthenticationTestUtils.getRegisteredService(), registerProviderIntoApplicationContext, mockHttpServletRequest, (Service) Mockito.mock(Service.class)));
    }

    @Test
    void verifyMultifactorAuthenticationBypassByAuthenticationHandler() throws Throwable {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
        ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MultifactorAuthenticationProviderBypassProperties multifactorAuthenticationProviderBypassProperties = new MultifactorAuthenticationProviderBypassProperties();
        multifactorAuthenticationProviderBypassProperties.setAuthenticationHandlerName("SimpleAuthenticationHandler");
        Authentication authentication = MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal("casuser", CollectionUtils.wrap("givenName", "CAS")), CollectionUtils.wrap("successfulAuthenticationHandlers", "SimpleAuthenticationHandler"));
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(staticApplicationContext);
        Assertions.assertFalse(new AuthenticationMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassProperties, registerProviderIntoApplicationContext.getId(), staticApplicationContext).shouldMultifactorAuthenticationProviderExecute(authentication, MultifactorAuthenticationTestUtils.getRegisteredService(), registerProviderIntoApplicationContext, mockHttpServletRequest, (Service) Mockito.mock(Service.class)));
    }

    @Test
    void verifyMultifactorAuthenticationBypassByAuthenticationCredentialClass() throws Throwable {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
        ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MultifactorAuthenticationProviderBypassProperties multifactorAuthenticationProviderBypassProperties = new MultifactorAuthenticationProviderBypassProperties();
        multifactorAuthenticationProviderBypassProperties.setCredentialClassType(Credential.class.getName());
        Authentication authentication = MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal("casuser"));
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(staticApplicationContext);
        Assertions.assertFalse(new CredentialMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassProperties, registerProviderIntoApplicationContext.getId(), staticApplicationContext).shouldMultifactorAuthenticationProviderExecute(authentication, MultifactorAuthenticationTestUtils.getRegisteredService(), registerProviderIntoApplicationContext, mockHttpServletRequest, (Service) Mockito.mock(Service.class)));
    }

    @Test
    void verifyMultifactorAuthenticationBypassByHttpRequestHeader() throws Throwable {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
        ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addHeader("headerbypass", "true");
        MultifactorAuthenticationProviderBypassProperties multifactorAuthenticationProviderBypassProperties = new MultifactorAuthenticationProviderBypassProperties();
        multifactorAuthenticationProviderBypassProperties.setHttpRequestHeaders("headerbypass");
        Authentication authentication = MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal("casuser"));
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(staticApplicationContext);
        Assertions.assertFalse(new HttpRequestMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassProperties, registerProviderIntoApplicationContext.getId(), staticApplicationContext).shouldMultifactorAuthenticationProviderExecute(authentication, MultifactorAuthenticationTestUtils.getRegisteredService(), registerProviderIntoApplicationContext, mockHttpServletRequest, (Service) Mockito.mock(Service.class)));
    }

    @Test
    void verifyMultifactorAuthenticationBypassByHttpRequestRemoteAddress() throws Throwable {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
        ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRemoteAddr("123.456.789.000");
        MultifactorAuthenticationProviderBypassProperties multifactorAuthenticationProviderBypassProperties = new MultifactorAuthenticationProviderBypassProperties();
        multifactorAuthenticationProviderBypassProperties.setHttpRequestRemoteAddress("123.+");
        Authentication authentication = MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal("casuser"));
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(staticApplicationContext);
        Assertions.assertFalse(new HttpRequestMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassProperties, registerProviderIntoApplicationContext.getId(), staticApplicationContext).shouldMultifactorAuthenticationProviderExecute(authentication, MultifactorAuthenticationTestUtils.getRegisteredService(), registerProviderIntoApplicationContext, mockHttpServletRequest, (Service) Mockito.mock(Service.class)));
    }

    @Test
    void verifyMultifactorAuthenticationBypassByHttpRequestRemoteHost() throws Throwable {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
        ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRemoteHost("somewhere.example.org");
        MultifactorAuthenticationProviderBypassProperties multifactorAuthenticationProviderBypassProperties = new MultifactorAuthenticationProviderBypassProperties();
        multifactorAuthenticationProviderBypassProperties.setHttpRequestRemoteAddress(".+example\\.org");
        Authentication authentication = MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal("casuser"));
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(staticApplicationContext);
        Assertions.assertFalse(new HttpRequestMultifactorAuthenticationProviderBypassEvaluator(multifactorAuthenticationProviderBypassProperties, registerProviderIntoApplicationContext.getId(), staticApplicationContext).shouldMultifactorAuthenticationProviderExecute(authentication, MultifactorAuthenticationTestUtils.getRegisteredService(), registerProviderIntoApplicationContext, mockHttpServletRequest, (Service) Mockito.mock(Service.class)));
    }

    @Test
    void verifyMultifactorAuthenticationBypassByService() throws Throwable {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
        ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        Authentication authentication = MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal("casuser"));
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(staticApplicationContext);
        RegisteredServiceMultifactorAuthenticationProviderBypassEvaluator registeredServiceMultifactorAuthenticationProviderBypassEvaluator = new RegisteredServiceMultifactorAuthenticationProviderBypassEvaluator(registerProviderIntoApplicationContext.getId(), staticApplicationContext);
        RegisteredService registeredService = MultifactorAuthenticationTestUtils.getRegisteredService();
        RegisteredServiceMultifactorPolicy registeredServiceMultifactorPolicy = (RegisteredServiceMultifactorPolicy) Mockito.mock(RegisteredServiceMultifactorPolicy.class);
        Mockito.when(Boolean.valueOf(registeredServiceMultifactorPolicy.isBypassEnabled())).thenReturn(true);
        Mockito.when(registeredService.getMultifactorAuthenticationPolicy()).thenReturn(registeredServiceMultifactorPolicy);
        Assertions.assertFalse(registeredServiceMultifactorAuthenticationProviderBypassEvaluator.shouldMultifactorAuthenticationProviderExecute(authentication, registeredService, registerProviderIntoApplicationContext, mockHttpServletRequest, (Service) Mockito.mock(Service.class)));
    }

    @Test
    void verifyMultifactorAuthenticationBypassIgnored() throws Throwable {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
        ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        Authentication authentication = MultifactorAuthenticationTestUtils.getAuthentication(MultifactorAuthenticationTestUtils.getPrincipal("casuser"));
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(staticApplicationContext);
        Assertions.assertTrue(new RegisteredServiceMultifactorAuthenticationProviderBypassEvaluator(registerProviderIntoApplicationContext.getId(), staticApplicationContext).shouldMultifactorAuthenticationProviderExecute(authentication, MultifactorAuthenticationTestUtils.getRegisteredService(), registerProviderIntoApplicationContext, mockHttpServletRequest, (Service) Mockito.mock(Service.class)));
    }
}
