package org.apereo.cas.authentication.policy;

import java.util.LinkedHashSet;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.category.RestfulApiCategory;
import org.apereo.cas.config.CasCoreHttpConfiguration;
import org.apereo.cas.config.CasCoreTicketCatalogConfiguration;
import org.apereo.cas.config.CasCoreTicketIdGeneratorsConfiguration;
import org.apereo.cas.config.CasCoreTicketsConfiguration;
import org.apereo.cas.config.CasCoreUtilConfiguration;
import org.apereo.cas.config.CasCoreWebConfiguration;
import org.apereo.cas.config.CasDefaultServiceTicketIdGeneratorsConfiguration;
import org.apereo.cas.config.support.CasWebApplicationServiceFactoryConfiguration;
import org.hamcrest.CustomMatcher;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.ExpectedException;
import org.mockito.MockitoAnnotations;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.junit4.rules.SpringClassRule;
import org.springframework.test.context.junit4.rules.SpringMethodRule;
import org.springframework.test.web.client.MockRestServiceServer;
import org.springframework.test.web.client.match.MockRestRequestMatchers;
import org.springframework.test.web.client.response.MockRestResponseCreators;
import org.springframework.web.client.RestTemplate;

@SpringBootTest(classes = {RefreshAutoConfiguration.class, CasCoreTicketIdGeneratorsConfiguration.class, CasDefaultServiceTicketIdGeneratorsConfiguration.class, CasCoreTicketsConfiguration.class, CasCoreWebConfiguration.class, CasCoreUtilConfiguration.class, CasCoreHttpConfiguration.class, CasWebApplicationServiceFactoryConfiguration.class, CasCoreTicketCatalogConfiguration.class})
@DirtiesContext
@Category({RestfulApiCategory.class})
/* loaded from: input_file:org/apereo/cas/authentication/policy/RestfulAuthenticationPolicyTests.class */
public class RestfulAuthenticationPolicyTests {

    @ClassRule
    public static final SpringClassRule SPRING_CLASS_RULE = new SpringClassRule();
    private static final String URI = "http://rest.endpoint.com";

    @Rule
    public final SpringMethodRule springMethodRule = new SpringMethodRule();

    @Rule
    public ExpectedException thrown = ExpectedException.none();
    private final RestTemplate restTemplate = new RestTemplate();
    private MockRestServiceServer mockServer;
    private RestfulAuthenticationPolicy policy;

    @Before
    public void initialize() {
        MockitoAnnotations.initMocks(this);
        this.mockServer = MockRestServiceServer.createServer(this.restTemplate);
        this.policy = new RestfulAuthenticationPolicy(this.restTemplate, URI);
    }

    @Test
    public void verifyPolicyGood() throws Exception {
        this.mockServer.expect(MockRestRequestMatchers.requestTo(URI)).andExpect(MockRestRequestMatchers.content().contentType(MediaType.APPLICATION_JSON_UTF8)).andExpect(MockRestRequestMatchers.method(HttpMethod.POST)).andRespond(MockRestResponseCreators.withSuccess());
        Assert.assertTrue(this.policy.isSatisfiedBy(CoreAuthenticationTestUtils.getAuthentication("casuser"), new LinkedHashSet()));
        this.mockServer.verify();
    }

    @Test
    public void verifyPolicyFailsWithStatusCodes() throws Exception {
        verifyPolicyFails(FailedLoginException.class, HttpStatus.UNAUTHORIZED);
        verifyPolicyFails(AccountLockedException.class, HttpStatus.LOCKED);
        verifyPolicyFails(AccountDisabledException.class, HttpStatus.METHOD_NOT_ALLOWED);
        verifyPolicyFails(AccountDisabledException.class, HttpStatus.FORBIDDEN);
        verifyPolicyFails(AccountNotFoundException.class, HttpStatus.NOT_FOUND);
        verifyPolicyFails(AccountExpiredException.class, HttpStatus.PRECONDITION_FAILED);
        verifyPolicyFails(AccountPasswordMustChangeException.class, HttpStatus.PRECONDITION_REQUIRED);
        verifyPolicyFails(FailedLoginException.class, HttpStatus.INTERNAL_SERVER_ERROR);
    }

    private void verifyPolicyFails(final Class cls, HttpStatus httpStatus) throws Exception {
        this.thrown.expectCause(new CustomMatcher<Throwable>("policy") { // from class: org.apereo.cas.authentication.policy.RestfulAuthenticationPolicyTests.1
            public boolean matches(Object obj) {
                return obj.getClass().equals(cls);
            }
        });
        this.mockServer.expect(MockRestRequestMatchers.requestTo(URI)).andExpect(MockRestRequestMatchers.content().contentType(MediaType.APPLICATION_JSON_UTF8)).andExpect(MockRestRequestMatchers.method(HttpMethod.POST)).andRespond(MockRestResponseCreators.withStatus(httpStatus));
        Assert.assertTrue(this.policy.isSatisfiedBy(CoreAuthenticationTestUtils.getAuthentication("casuser"), new LinkedHashSet()));
        this.mockServer.verify();
    }
}
