package org.apereo.cas.authentication.mfa.trigger;

import java.util.Collection;
import java.util.Optional;
import java.util.Set;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.DefaultChainingMultifactorAuthenticationProvider;
import org.apereo.cas.authentication.DefaultMultifactorAuthenticationProviderResolver;
import org.apereo.cas.authentication.MultifactorAuthenticationFailureModeEvaluator;
import org.apereo.cas.authentication.MultifactorAuthenticationPrincipalResolver;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationProviderSelector;
import org.apereo.cas.authentication.mfa.TestMultifactorAuthenticationProvider;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceMultifactorPolicy;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.support.StaticApplicationContext;

@Tag("MFATrigger")
/* loaded from: input_file:org/apereo/cas/authentication/mfa/trigger/RegisteredServicePrincipalAttributeMultifactorAuthenticationTriggerTests.class */
class RegisteredServicePrincipalAttributeMultifactorAuthenticationTriggerTests extends BaseMultifactorAuthenticationTriggerTests {
    RegisteredServicePrincipalAttributeMultifactorAuthenticationTriggerTests() {
    }

    @Test
    void verifyOperationByCompositeProvider() throws Throwable {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        MultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(staticApplicationContext);
        MultifactorAuthenticationProvider registerProviderIntoApplicationContext2 = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext((ConfigurableApplicationContext) staticApplicationContext, (MultifactorAuthenticationProvider) new TestMultifactorAuthenticationProvider("mfa-example"));
        RegisteredServiceMultifactorPolicy registeredServiceMultifactorPolicy = (RegisteredServiceMultifactorPolicy) Mockito.mock(RegisteredServiceMultifactorPolicy.class);
        Mockito.when(registeredServiceMultifactorPolicy.getPrincipalAttributeNameTrigger()).thenReturn("email");
        Mockito.when(registeredServiceMultifactorPolicy.getPrincipalAttributeValueToMatch()).thenReturn(".+@example.*");
        Mockito.when(registeredServiceMultifactorPolicy.getMultifactorAuthenticationProviders()).thenReturn(Set.of(registerProviderIntoApplicationContext.getId(), registerProviderIntoApplicationContext2.getId()));
        Mockito.when(this.registeredService.getMultifactorAuthenticationPolicy()).thenReturn(registeredServiceMultifactorPolicy);
        DefaultChainingMultifactorAuthenticationProvider defaultChainingMultifactorAuthenticationProvider = new DefaultChainingMultifactorAuthenticationProvider(staticApplicationContext, (MultifactorAuthenticationFailureModeEvaluator) Mockito.mock(MultifactorAuthenticationFailureModeEvaluator.class));
        defaultChainingMultifactorAuthenticationProvider.addMultifactorAuthenticationProviders(new MultifactorAuthenticationProvider[]{registerProviderIntoApplicationContext, registerProviderIntoApplicationContext});
        MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector = (MultifactorAuthenticationProviderSelector) Mockito.mock(MultifactorAuthenticationProviderSelector.class);
        Mockito.when(multifactorAuthenticationProviderSelector.resolve((Collection) Mockito.any(Collection.class), (RegisteredService) Mockito.any(RegisteredService.class), (Principal) Mockito.any(Principal.class))).thenReturn(defaultChainingMultifactorAuthenticationProvider);
        RegisteredServicePrincipalAttributeMultifactorAuthenticationTrigger registeredServicePrincipalAttributeMultifactorAuthenticationTrigger = new RegisteredServicePrincipalAttributeMultifactorAuthenticationTrigger(new CasConfigurationProperties(), new DefaultMultifactorAuthenticationProviderResolver(MultifactorAuthenticationPrincipalResolver.identical()), staticApplicationContext, multifactorAuthenticationProviderSelector);
        Optional isActivated = registeredServicePrincipalAttributeMultifactorAuthenticationTrigger.isActivated(this.authentication, this.registeredService, this.httpRequest, this.httpResponse, (Service) Mockito.mock(Service.class));
        Assertions.assertTrue(isActivated.isPresent());
        Assertions.assertEquals(isActivated.get(), defaultChainingMultifactorAuthenticationProvider);
        Assertions.assertNotNull(registeredServicePrincipalAttributeMultifactorAuthenticationTrigger.getApplicationContext());
        Assertions.assertNotNull(registeredServicePrincipalAttributeMultifactorAuthenticationTrigger.getCasProperties());
        Assertions.assertNotNull(registeredServicePrincipalAttributeMultifactorAuthenticationTrigger.getMultifactorAuthenticationProviderResolver());
        Assertions.assertNotNull(registeredServicePrincipalAttributeMultifactorAuthenticationTrigger.getMultifactorAuthenticationProviderSelector());
        Assertions.assertEquals(Integer.MAX_VALUE, registeredServicePrincipalAttributeMultifactorAuthenticationTrigger.getOrder());
    }

    @Test
    void verifyOperationByProvider() throws Throwable {
        RegisteredServiceMultifactorPolicy registeredServiceMultifactorPolicy = (RegisteredServiceMultifactorPolicy) Mockito.mock(RegisteredServiceMultifactorPolicy.class);
        Mockito.when(registeredServiceMultifactorPolicy.getPrincipalAttributeNameTrigger()).thenReturn("email");
        Mockito.when(registeredServiceMultifactorPolicy.getPrincipalAttributeValueToMatch()).thenReturn(".+@example.*");
        Mockito.when(registeredServiceMultifactorPolicy.getMultifactorAuthenticationProviders()).thenReturn(Set.of(TestMultifactorAuthenticationProvider.ID));
        RegisteredServicePrincipalAttributeMultifactorAuthenticationTrigger registeredServicePrincipalAttributeMultifactorAuthenticationTrigger = new RegisteredServicePrincipalAttributeMultifactorAuthenticationTrigger(new CasConfigurationProperties(), new DefaultMultifactorAuthenticationProviderResolver(MultifactorAuthenticationPrincipalResolver.identical()), this.applicationContext, (MultifactorAuthenticationProviderSelector) Mockito.mock(MultifactorAuthenticationProviderSelector.class));
        Assertions.assertTrue(registeredServicePrincipalAttributeMultifactorAuthenticationTrigger.isActivated(this.authentication, (RegisteredService) null, this.httpRequest, this.httpResponse, (Service) Mockito.mock(Service.class)).isEmpty());
        Mockito.when(this.registeredService.getMultifactorAuthenticationPolicy()).thenReturn((Object) null);
        Assertions.assertTrue(registeredServicePrincipalAttributeMultifactorAuthenticationTrigger.isActivated(this.authentication, this.registeredService, this.httpRequest, this.httpResponse, (Service) Mockito.mock(Service.class)).isEmpty());
        Mockito.when(this.registeredService.getMultifactorAuthenticationPolicy()).thenReturn(registeredServiceMultifactorPolicy);
        Assertions.assertTrue(registeredServicePrincipalAttributeMultifactorAuthenticationTrigger.isActivated(this.authentication, this.registeredService, this.httpRequest, this.httpResponse, (Service) Mockito.mock(Service.class)).isPresent());
    }

    @Test
    void verifyOperationByMultipleProviders() throws Throwable {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(staticApplicationContext);
        MultifactorAuthenticationProvider registerProviderIntoApplicationContext2 = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext((ConfigurableApplicationContext) staticApplicationContext, (MultifactorAuthenticationProvider) new TestMultifactorAuthenticationProvider("mfa-example"));
        RegisteredServiceMultifactorPolicy registeredServiceMultifactorPolicy = (RegisteredServiceMultifactorPolicy) Mockito.mock(RegisteredServiceMultifactorPolicy.class);
        Mockito.when(registeredServiceMultifactorPolicy.getPrincipalAttributeNameTrigger()).thenReturn("email");
        Mockito.when(registeredServiceMultifactorPolicy.getPrincipalAttributeValueToMatch()).thenReturn(".+@example.*");
        Mockito.when(registeredServiceMultifactorPolicy.getMultifactorAuthenticationProviders()).thenReturn(Set.of(registerProviderIntoApplicationContext.getId(), registerProviderIntoApplicationContext2.getId()));
        Mockito.when(this.registeredService.getMultifactorAuthenticationPolicy()).thenReturn(registeredServiceMultifactorPolicy);
        CasConfigurationProperties casConfigurationProperties = new CasConfigurationProperties();
        MultifactorAuthenticationProviderSelector multifactorAuthenticationProviderSelector = (MultifactorAuthenticationProviderSelector) Mockito.mock(MultifactorAuthenticationProviderSelector.class);
        Mockito.when(multifactorAuthenticationProviderSelector.resolve((Collection) Mockito.any(Collection.class), (RegisteredService) Mockito.any(), (Principal) Mockito.any())).thenReturn(registerProviderIntoApplicationContext2);
        Optional isActivated = new RegisteredServicePrincipalAttributeMultifactorAuthenticationTrigger(casConfigurationProperties, new DefaultMultifactorAuthenticationProviderResolver(MultifactorAuthenticationPrincipalResolver.identical()), staticApplicationContext, multifactorAuthenticationProviderSelector).isActivated(this.authentication, this.registeredService, this.httpRequest, this.httpResponse, (Service) Mockito.mock(Service.class));
        Assertions.assertTrue(isActivated.isPresent());
        Assertions.assertEquals(registerProviderIntoApplicationContext2.getId(), ((MultifactorAuthenticationProvider) isActivated.get()).getId());
    }

    @Test
    void verifyMismatchAttributesMustDeny() throws Throwable {
        RegisteredServiceMultifactorPolicy registeredServiceMultifactorPolicy = (RegisteredServiceMultifactorPolicy) Mockito.mock(RegisteredServiceMultifactorPolicy.class);
        Mockito.when(registeredServiceMultifactorPolicy.getPrincipalAttributeNameTrigger()).thenReturn("bad-attribute");
        Mockito.when(registeredServiceMultifactorPolicy.getPrincipalAttributeValueToMatch()).thenReturn(".+@example.*");
        Mockito.when(registeredServiceMultifactorPolicy.getMultifactorAuthenticationProviders()).thenReturn(Set.of(TestMultifactorAuthenticationProvider.ID));
        Mockito.when(this.registeredService.getMultifactorAuthenticationPolicy()).thenReturn(registeredServiceMultifactorPolicy);
        CasConfigurationProperties casConfigurationProperties = new CasConfigurationProperties();
        casConfigurationProperties.getAuthn().getMfa().getTriggers().getPrincipal().setDenyIfUnmatched(true);
        RegisteredServicePrincipalAttributeMultifactorAuthenticationTrigger registeredServicePrincipalAttributeMultifactorAuthenticationTrigger = new RegisteredServicePrincipalAttributeMultifactorAuthenticationTrigger(casConfigurationProperties, new DefaultMultifactorAuthenticationProviderResolver(MultifactorAuthenticationPrincipalResolver.identical()), this.applicationContext, (MultifactorAuthenticationProviderSelector) Mockito.mock(MultifactorAuthenticationProviderSelector.class));
        Assertions.assertThrows(AuthenticationException.class, () -> {
            registeredServicePrincipalAttributeMultifactorAuthenticationTrigger.isActivated(this.authentication, this.registeredService, this.httpRequest, this.httpResponse, (Service) Mockito.mock(Service.class));
        });
    }

    @Test
    void verifyMismatchAttributes() throws Throwable {
        RegisteredServiceMultifactorPolicy registeredServiceMultifactorPolicy = (RegisteredServiceMultifactorPolicy) Mockito.mock(RegisteredServiceMultifactorPolicy.class);
        Mockito.when(registeredServiceMultifactorPolicy.getPrincipalAttributeNameTrigger()).thenReturn("bad-attribute");
        Mockito.when(registeredServiceMultifactorPolicy.getPrincipalAttributeValueToMatch()).thenReturn(".+@example.*");
        Mockito.when(registeredServiceMultifactorPolicy.getMultifactorAuthenticationProviders()).thenReturn(Set.of(TestMultifactorAuthenticationProvider.ID));
        Mockito.when(this.registeredService.getMultifactorAuthenticationPolicy()).thenReturn(registeredServiceMultifactorPolicy);
        Assertions.assertFalse(new RegisteredServicePrincipalAttributeMultifactorAuthenticationTrigger(new CasConfigurationProperties(), new DefaultMultifactorAuthenticationProviderResolver(MultifactorAuthenticationPrincipalResolver.identical()), this.applicationContext, (MultifactorAuthenticationProviderSelector) Mockito.mock(MultifactorAuthenticationProviderSelector.class)).isActivated(this.authentication, this.registeredService, this.httpRequest, this.httpResponse, (Service) Mockito.mock(Service.class)).isPresent());
    }

    @Test
    void verifyPolicyNoAttributes() throws Throwable {
        RegisteredServiceMultifactorPolicy registeredServiceMultifactorPolicy = (RegisteredServiceMultifactorPolicy) Mockito.mock(RegisteredServiceMultifactorPolicy.class);
        Mockito.when(registeredServiceMultifactorPolicy.getPrincipalAttributeNameTrigger()).thenReturn("email");
        Mockito.when(registeredServiceMultifactorPolicy.getPrincipalAttributeValueToMatch()).thenReturn("");
        Mockito.when(registeredServiceMultifactorPolicy.getMultifactorAuthenticationProviders()).thenReturn(Set.of(TestMultifactorAuthenticationProvider.ID));
        Mockito.when(this.registeredService.getMultifactorAuthenticationPolicy()).thenReturn(registeredServiceMultifactorPolicy);
        Assertions.assertTrue(new RegisteredServicePrincipalAttributeMultifactorAuthenticationTrigger(new CasConfigurationProperties(), new DefaultMultifactorAuthenticationProviderResolver(MultifactorAuthenticationPrincipalResolver.identical()), this.applicationContext, (MultifactorAuthenticationProviderSelector) Mockito.mock(MultifactorAuthenticationProviderSelector.class)).isActivated(this.authentication, this.registeredService, this.httpRequest, this.httpResponse, (Service) Mockito.mock(Service.class)).isEmpty());
    }
}
