package org.apereo.cas.authentication.policy;

import java.security.GeneralSecurityException;
import java.util.LinkedHashSet;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.config.CasCoreHttpConfiguration;
import org.apereo.cas.config.CasCoreServicesConfiguration;
import org.apereo.cas.config.CasCoreTicketCatalogConfiguration;
import org.apereo.cas.config.CasCoreTicketIdGeneratorsConfiguration;
import org.apereo.cas.config.CasCoreTicketsConfiguration;
import org.apereo.cas.config.CasCoreUtilConfiguration;
import org.apereo.cas.config.CasCoreWebConfiguration;
import org.apereo.cas.config.CasDefaultServiceTicketIdGeneratorsConfiguration;
import org.apereo.cas.config.support.CasWebApplicationServiceFactoryConfiguration;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.function.Executable;
import org.mockito.MockitoAnnotations;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.web.client.MockRestServiceServer;
import org.springframework.test.web.client.match.MockRestRequestMatchers;
import org.springframework.test.web.client.response.MockRestResponseCreators;
import org.springframework.web.client.RestTemplate;

@Tag("RestfulApi")
@SpringBootTest(classes = {RefreshAutoConfiguration.class, CasCoreTicketIdGeneratorsConfiguration.class, CasDefaultServiceTicketIdGeneratorsConfiguration.class, CasCoreServicesConfiguration.class, CasCoreTicketsConfiguration.class, CasCoreWebConfiguration.class, CasCoreUtilConfiguration.class, CasCoreHttpConfiguration.class, CasWebApplicationServiceFactoryConfiguration.class, CasCoreTicketCatalogConfiguration.class})
@DirtiesContext
/* loaded from: input_file:org/apereo/cas/authentication/policy/RestfulAuthenticationPolicyTests.class */
public class RestfulAuthenticationPolicyTests {
    private static final String URI = "http://rest.endpoint.com";

    @BeforeEach
    public void initialize() {
        MockitoAnnotations.initMocks(this);
    }

    private static RestfulAuthenticationPolicy newPolicy(RestTemplate restTemplate) {
        return new RestfulAuthenticationPolicy(restTemplate, URI);
    }

    private static MockRestServiceServer newServer(RestTemplate restTemplate) {
        return MockRestServiceServer.createServer(restTemplate);
    }

    @Test
    public void verifyPolicyGood() {
        RestTemplate restTemplate = new RestTemplate();
        MockRestServiceServer newServer = newServer(restTemplate);
        RestfulAuthenticationPolicy newPolicy = newPolicy(restTemplate);
        newServer.expect(MockRestRequestMatchers.requestTo(URI)).andExpect(MockRestRequestMatchers.content().contentType(MediaType.APPLICATION_JSON_UTF8)).andExpect(MockRestRequestMatchers.method(HttpMethod.POST)).andRespond(MockRestResponseCreators.withSuccess());
        Assertions.assertTrue(newPolicy.isSatisfiedBy(CoreAuthenticationTestUtils.getAuthentication("casuser"), new LinkedHashSet()));
        newServer.verify();
    }

    @Test
    public void verifyPolicyFailsWithStatusCodes() {
        Assertions.assertAll(new Executable[]{() -> {
            assertPolicyFails(FailedLoginException.class, HttpStatus.UNAUTHORIZED);
            assertPolicyFails(AccountLockedException.class, HttpStatus.LOCKED);
            assertPolicyFails(AccountDisabledException.class, HttpStatus.METHOD_NOT_ALLOWED);
            assertPolicyFails(AccountDisabledException.class, HttpStatus.FORBIDDEN);
            assertPolicyFails(AccountNotFoundException.class, HttpStatus.NOT_FOUND);
            assertPolicyFails(AccountExpiredException.class, HttpStatus.PRECONDITION_FAILED);
            assertPolicyFails(AccountPasswordMustChangeException.class, HttpStatus.PRECONDITION_REQUIRED);
            assertPolicyFails(FailedLoginException.class, HttpStatus.INTERNAL_SERVER_ERROR);
        }});
    }

    private static void assertPolicyFails(Class<? extends Throwable> cls, HttpStatus httpStatus) {
        RestTemplate restTemplate = new RestTemplate();
        MockRestServiceServer newServer = newServer(restTemplate);
        RestfulAuthenticationPolicy newPolicy = newPolicy(restTemplate);
        newServer.expect(MockRestRequestMatchers.requestTo(URI)).andExpect(MockRestRequestMatchers.content().contentType(MediaType.APPLICATION_JSON_UTF8)).andExpect(MockRestRequestMatchers.method(HttpMethod.POST)).andRespond(MockRestResponseCreators.withStatus(httpStatus));
        org.apereo.cas.util.junit.Assertions.assertThrowsWithRootCause(GeneralSecurityException.class, cls, () -> {
            Assertions.assertTrue(newPolicy.isSatisfiedBy(CoreAuthenticationTestUtils.getAuthentication("casuser"), new LinkedHashSet()));
        });
        newServer.verify();
    }
}
