package org.apereo.cas.authentication;

import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.apereo.cas.authentication.mfa.TestMultifactorAuthenticationProvider;
import org.apereo.cas.authentication.mfa.trigger.AuthenticationAttributeMultifactorAuthenticationTrigger;
import org.apereo.cas.authentication.mfa.trigger.PrincipalAttributeMultifactorAuthenticationTrigger;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.config.CasCoreAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationPrincipalConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationSupportConfiguration;
import org.apereo.cas.config.CasCoreConfiguration;
import org.apereo.cas.config.CasCoreHttpConfiguration;
import org.apereo.cas.config.CasCoreMultifactorAuthenticationAuditConfiguration;
import org.apereo.cas.config.CasCoreMultifactorAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreServicesConfiguration;
import org.apereo.cas.config.CasCoreTicketIdGeneratorsConfiguration;
import org.apereo.cas.config.CasCoreTicketsConfiguration;
import org.apereo.cas.config.CasCoreUtilConfiguration;
import org.apereo.cas.config.CasCoreWebConfiguration;
import org.apereo.cas.config.CasPersonDirectoryConfiguration;
import org.apereo.cas.config.support.CasWebApplicationServiceFactoryConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.logout.config.CasCoreLogoutConfiguration;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.config.CasCookieConfiguration;
import org.apereo.cas.web.flow.config.CasCoreWebflowConfiguration;
import org.apereo.cas.web.flow.config.CasMultifactorAuthenticationWebflowConfiguration;
import org.apereo.cas.web.flow.config.CasWebflowContextConfiguration;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.binding.expression.support.LiteralExpression;
import org.springframework.boot.autoconfigure.mail.MailSenderAutoConfiguration;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.support.StaticApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.engine.Transition;
import org.springframework.webflow.engine.support.DefaultTargetStateResolver;
import org.springframework.webflow.engine.support.DefaultTransitionCriteria;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.test.MockRequestContext;

@Tag("MFA")
@SpringBootTest(classes = {RefreshAutoConfiguration.class, MailSenderAutoConfiguration.class, CasCoreAuthenticationPrincipalConfiguration.class, CasCoreServicesConfiguration.class, CasCoreHttpConfiguration.class, CasCoreWebConfiguration.class, CasCoreWebflowConfiguration.class, CasWebflowContextConfiguration.class, CasWebApplicationServiceFactoryConfiguration.class, CasCoreMultifactorAuthenticationConfiguration.class, CasCoreAuthenticationConfiguration.class, CasCoreAuthenticationSupportConfiguration.class, CasMultifactorAuthenticationWebflowConfiguration.class, CasCoreMultifactorAuthenticationAuditConfiguration.class, CasCoreConfiguration.class, CasCoreUtilConfiguration.class, CasCoreLogoutConfiguration.class, CasCoreTicketsConfiguration.class, CasCoreTicketIdGeneratorsConfiguration.class, CasCookieConfiguration.class, CasPersonDirectoryConfiguration.class})
@DirtiesContext
/* loaded from: input_file:org/apereo/cas/authentication/DefaultMultifactorAuthenticationProviderResolverTests.class */
public class DefaultMultifactorAuthenticationProviderResolverTests {
    @Test
    public void verifyMultipleProvidersWithPrincipalAttributes() {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        CasConfigurationProperties casConfigurationProperties = new CasConfigurationProperties();
        casConfigurationProperties.getAuthn().getMfa().setGlobalPrincipalAttributeNameTriggers("mfa-principal");
        assertProviderResolutionFromManyProviders(new PrincipalAttributeMultifactorAuthenticationTrigger(casConfigurationProperties, new DefaultMultifactorAuthenticationProviderResolver(), staticApplicationContext), staticApplicationContext);
    }

    @Test
    public void verifyMultipleProvidersWithAuthenticationAttributes() {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        CasConfigurationProperties casConfigurationProperties = new CasConfigurationProperties();
        casConfigurationProperties.getAuthn().getMfa().setGlobalAuthenticationAttributeNameTriggers("mfa-authn");
        assertProviderResolutionFromManyProviders(new AuthenticationAttributeMultifactorAuthenticationTrigger(casConfigurationProperties, new DefaultMultifactorAuthenticationProviderResolver(), staticApplicationContext), staticApplicationContext);
    }

    @Test
    public void verifyResolutionByAuthenticationAttribute() {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
        TestMultifactorAuthenticationProvider registerProviderInApplicationContext = registerProviderInApplicationContext(staticApplicationContext, mockRequestContext, new TestMultifactorAuthenticationProvider());
        Set resolveEventViaAuthenticationAttribute = new DefaultMultifactorAuthenticationProviderResolver().resolveEventViaAuthenticationAttribute(CoreAuthenticationTestUtils.getAuthentication("casuser", CollectionUtils.wrap("authlevel", List.of(registerProviderInApplicationContext.getId()))), List.of("authlevel"), CoreAuthenticationTestUtils.getRegisteredService(), Optional.of(mockRequestContext), List.of(registerProviderInApplicationContext), (str, multifactorAuthenticationProvider) -> {
            return str.equalsIgnoreCase(registerProviderInApplicationContext.getId());
        });
        Assertions.assertNotNull(resolveEventViaAuthenticationAttribute);
        Assertions.assertEquals(registerProviderInApplicationContext.getId(), ((Event) resolveEventViaAuthenticationAttribute.iterator().next()).getId());
    }

    @Test
    public void verifyResolutionByPrincipalAttribute() {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
        TestMultifactorAuthenticationProvider registerProviderInApplicationContext = registerProviderInApplicationContext(staticApplicationContext, mockRequestContext, new TestMultifactorAuthenticationProvider());
        DefaultMultifactorAuthenticationProviderResolver defaultMultifactorAuthenticationProviderResolver = new DefaultMultifactorAuthenticationProviderResolver();
        Principal principal = CoreAuthenticationTestUtils.getPrincipal("casuser", CollectionUtils.wrap("authlevel", List.of(registerProviderInApplicationContext.getId())));
        Set resolveEventViaPrincipalAttribute = defaultMultifactorAuthenticationProviderResolver.resolveEventViaPrincipalAttribute(principal, List.of("authlevel"), CoreAuthenticationTestUtils.getRegisteredService(), Optional.of(mockRequestContext), List.of(registerProviderInApplicationContext), (str, multifactorAuthenticationProvider) -> {
            return str.equalsIgnoreCase(registerProviderInApplicationContext.getId());
        });
        Assertions.assertNotNull(resolveEventViaPrincipalAttribute);
        Assertions.assertEquals(registerProviderInApplicationContext.getId(), ((Event) resolveEventViaPrincipalAttribute.iterator().next()).getId());
        Assertions.assertNull(defaultMultifactorAuthenticationProviderResolver.resolveEventViaPrincipalAttribute(principal, List.of("authlevel"), CoreAuthenticationTestUtils.getRegisteredService(), Optional.of(mockRequestContext), List.of(), (str2, multifactorAuthenticationProvider2) -> {
            return str2.equalsIgnoreCase(registerProviderInApplicationContext.getId());
        }));
        Assertions.assertNull(defaultMultifactorAuthenticationProviderResolver.resolveEventViaPrincipalAttribute(principal, List.of(), CoreAuthenticationTestUtils.getRegisteredService(), Optional.of(mockRequestContext), List.of(), (str3, multifactorAuthenticationProvider3) -> {
            return str3.equalsIgnoreCase(registerProviderInApplicationContext.getId());
        }));
    }

    @Test
    public void verifyNoProvider() {
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
        Assertions.assertNull(new DefaultMultifactorAuthenticationProviderResolver().resolveEventViaAttribute(CoreAuthenticationTestUtils.getPrincipal("casuser"), Map.of("authlevel", List.of("strong")), List.of(), CoreAuthenticationTestUtils.getRegisteredService(), Optional.of(mockRequestContext), List.of(), (str, multifactorAuthenticationProvider) -> {
            return false;
        }));
    }

    @Test
    public void verifyNoMatch() {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
        Assertions.assertNull(new DefaultMultifactorAuthenticationProviderResolver().resolveEventViaAttribute(CoreAuthenticationTestUtils.getPrincipal("casuser"), Map.of("authlevel", List.of("strong")), List.of(), CoreAuthenticationTestUtils.getRegisteredService(), Optional.of(mockRequestContext), List.of(TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(staticApplicationContext)), (str, multifactorAuthenticationProvider) -> {
            return false;
        }));
    }

    private static void assertProviderResolutionFromManyProviders(MultifactorAuthenticationTrigger multifactorAuthenticationTrigger, ConfigurableApplicationContext configurableApplicationContext) {
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, new MockHttpServletResponse()));
        TestMultifactorAuthenticationProvider testMultifactorAuthenticationProvider = new TestMultifactorAuthenticationProvider();
        testMultifactorAuthenticationProvider.setOrder(10);
        registerProviderInApplicationContext(configurableApplicationContext, mockRequestContext, testMultifactorAuthenticationProvider);
        TestMultifactorAuthenticationProvider testMultifactorAuthenticationProvider2 = new TestMultifactorAuthenticationProvider("mfa-other");
        testMultifactorAuthenticationProvider2.setOrder(1);
        registerProviderInApplicationContext(configurableApplicationContext, mockRequestContext, testMultifactorAuthenticationProvider2);
        Optional isActivated = multifactorAuthenticationTrigger.isActivated(CoreAuthenticationTestUtils.getAuthentication(CoreAuthenticationTestUtils.getPrincipal("casuser", CollectionUtils.wrap("mfa-principal", List.of(testMultifactorAuthenticationProvider2.getId()))), CollectionUtils.wrap("mfa-authn", List.of(testMultifactorAuthenticationProvider2.getId()))), CoreAuthenticationTestUtils.getRegisteredService(), mockHttpServletRequest, CoreAuthenticationTestUtils.getService());
        Assertions.assertTrue(isActivated.isPresent());
        Assertions.assertEquals(testMultifactorAuthenticationProvider2.getId(), ((MultifactorAuthenticationProvider) isActivated.get()).getId());
    }

    private static TestMultifactorAuthenticationProvider registerProviderInApplicationContext(ConfigurableApplicationContext configurableApplicationContext, MockRequestContext mockRequestContext, TestMultifactorAuthenticationProvider testMultifactorAuthenticationProvider) {
        TestMultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(configurableApplicationContext, testMultifactorAuthenticationProvider);
        mockRequestContext.getRootFlow().getGlobalTransitionSet().add(new Transition(new DefaultTransitionCriteria(new LiteralExpression(registerProviderIntoApplicationContext.getId())), new DefaultTargetStateResolver(registerProviderIntoApplicationContext.getId())));
        return registerProviderIntoApplicationContext;
    }
}
