package org.apereo.cas.authentication.policy;

import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.LinkedHashSet;
import java.util.Optional;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.util.MockWebServer;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.context.support.StaticApplicationContext;
import org.springframework.core.io.ByteArrayResource;
import org.springframework.http.HttpStatus;

@Tag("RestfulApi")
/* loaded from: input_file:org/apereo/cas/authentication/policy/RestfulAuthenticationPolicyTests.class */
public class RestfulAuthenticationPolicyTests {
    @Test
    public void verifyAllowedOperation() {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        try {
            MockWebServer mockWebServer = new MockWebServer(9200, new ByteArrayResource("".getBytes(StandardCharsets.UTF_8), "Output"), HttpStatus.OK);
            try {
                mockWebServer.start();
                Assertions.assertTrue(new RestfulAuthenticationPolicy("http://localhost:9200").isSatisfiedBy(CoreAuthenticationTestUtils.getAuthentication("casuser"), new LinkedHashSet(), staticApplicationContext, Optional.empty()));
                mockWebServer.close();
            } finally {
            }
        } catch (Exception e) {
            throw new AssertionError(e.getMessage(), e);
        }
    }

    @Test
    public void verifyStatusCodeUnAuthz() {
        assertPolicyFails(9201, HttpStatus.UNAUTHORIZED, FailedLoginException.class);
        assertPolicyFails(9202, HttpStatus.LOCKED, AccountLockedException.class);
        assertPolicyFails(9203, HttpStatus.METHOD_NOT_ALLOWED, AccountDisabledException.class);
        assertPolicyFails(9204, HttpStatus.FORBIDDEN, AccountDisabledException.class);
        assertPolicyFails(9205, HttpStatus.NOT_FOUND, AccountNotFoundException.class);
        assertPolicyFails(9206, HttpStatus.PRECONDITION_FAILED, AccountExpiredException.class);
        assertPolicyFails(9207, HttpStatus.PRECONDITION_REQUIRED, AccountPasswordMustChangeException.class);
        assertPolicyFails(9208, HttpStatus.INTERNAL_SERVER_ERROR, FailedLoginException.class);
    }

    private static void assertPolicyFails(int i, HttpStatus httpStatus, Class<? extends Throwable> cls) {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        try {
            MockWebServer mockWebServer = new MockWebServer(i, new ByteArrayResource("".getBytes(StandardCharsets.UTF_8), "Output"), httpStatus);
            try {
                mockWebServer.start();
                RestfulAuthenticationPolicy restfulAuthenticationPolicy = new RestfulAuthenticationPolicy("http://localhost:" + i);
                org.apereo.cas.util.junit.Assertions.assertThrowsWithRootCause(GeneralSecurityException.class, cls, () -> {
                    restfulAuthenticationPolicy.isSatisfiedBy(CoreAuthenticationTestUtils.getAuthentication("casuser"), new LinkedHashSet(), staticApplicationContext, Optional.empty());
                });
                mockWebServer.close();
            } finally {
            }
        } catch (Exception e) {
            throw new AssertionError(e.getMessage(), e);
        }
    }
}
