package org.apereo.cas.authentication;

import java.security.GeneralSecurityException;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apereo.cas.authentication.exceptions.UnresolvedPrincipalException;
import org.apereo.cas.authentication.handler.DefaultAuthenticationHandlerResolver;
import org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver;
import org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy;
import org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy;
import org.apereo.cas.authentication.policy.RequiredAuthenticationHandlerAuthenticationPolicy;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.test.annotation.DirtiesContext;

@Tag("Authentication")
@DirtiesContext(methodMode = DirtiesContext.MethodMode.AFTER_METHOD)
/* loaded from: input_file:org/apereo/cas/authentication/DefaultAuthenticationManagerTests.class */
public class DefaultAuthenticationManagerTests {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultAuthenticationManagerTests.class);
    private static final String HANDLER_A = "HandlerA";
    private static final String HANDLER_B = "HandlerB";
    private final AuthenticationTransaction transaction = new DefaultAuthenticationTransactionFactory().newTransaction(CoreAuthenticationTestUtils.getService(), new Credential[]{(Credential) Mockito.mock(Credential.class, Mockito.withSettings().serializable()), (Credential) Mockito.mock(Credential.class, Mockito.withSettings().serializable())});

    protected static ServicesManager mockServicesManager() {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        RegisteredService registeredService = CoreAuthenticationTestUtils.getRegisteredService();
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(registeredService);
        Mockito.when(servicesManager.getAllServices()).thenReturn(List.of(registeredService));
        return servicesManager;
    }

    private static AuthenticationHandler newMockHandler(boolean z) {
        return newMockHandler(z, false);
    }

    private static AuthenticationHandler newMockHandler(boolean z, boolean z2) {
        return newMockHandler("MockAuthenticationHandler" + UUID.randomUUID().toString(), z, z2);
    }

    private static AuthenticationHandler newMockHandler(String str, boolean z) {
        return newMockHandler(str, z, false);
    }

    private static AuthenticationHandler newMockHandler(String str, boolean z, boolean z2) {
        AuthenticationHandler authenticationHandler = (AuthenticationHandler) Mockito.mock(AuthenticationHandler.class);
        Mockito.when(authenticationHandler.getName()).thenReturn(str);
        Mockito.when(Boolean.valueOf(authenticationHandler.supports((Credential) Mockito.any(Credential.class)))).thenReturn(true);
        if (z) {
            Mockito.when(authenticationHandler.authenticate((Credential) Mockito.any(Credential.class))).thenReturn(new DefaultAuthenticationHandlerExecutionResult(authenticationHandler, (CredentialMetaData) Mockito.mock(CredentialMetaData.class), PrincipalFactoryUtils.newPrincipalFactory().createPrincipal("nobody")));
        } else if (z2) {
            Mockito.when(authenticationHandler.authenticate((Credential) Mockito.any(Credential.class))).thenThrow(new Throwable[]{new PreventedException("failure")});
        } else {
            Mockito.when(authenticationHandler.authenticate((Credential) Mockito.any(Credential.class))).thenThrow(new Throwable[]{new FailedLoginException()});
        }
        return authenticationHandler;
    }

    private static AuthenticationEventExecutionPlan getAuthenticationExecutionPlan(Map<AuthenticationHandler, PrincipalResolver> map) {
        DefaultAuthenticationEventExecutionPlan defaultAuthenticationEventExecutionPlan = new DefaultAuthenticationEventExecutionPlan();
        defaultAuthenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(map);
        defaultAuthenticationEventExecutionPlan.registerAuthenticationHandlerResolver(new RegisteredServiceAuthenticationHandlerResolver(mockServicesManager(), new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()})));
        defaultAuthenticationEventExecutionPlan.registerAuthenticationHandlerResolver(new DefaultAuthenticationHandlerResolver());
        defaultAuthenticationEventExecutionPlan.registerAuthenticationPostProcessor((authenticationBuilder, authenticationTransaction) -> {
            LOGGER.trace("Running authentication post processor");
        });
        return defaultAuthenticationEventExecutionPlan;
    }

    @Test
    public void verifyAuthenticateFailsPreProcessor() {
        HashMap hashMap = new HashMap();
        hashMap.put(newMockHandler(true), null);
        hashMap.put(newMockHandler(false), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(hashMap);
        authenticationExecutionPlan.registerAuthenticationPreProcessor(authenticationTransaction -> {
            return false;
        });
        DefaultAuthenticationManager defaultAuthenticationManager = new DefaultAuthenticationManager(authenticationExecutionPlan, false, (ConfigurableApplicationContext) Mockito.mock(ConfigurableApplicationContext.class));
        Assertions.assertThrows(AuthenticationException.class, () -> {
            defaultAuthenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    public void verifyNoHandlers() {
        DefaultAuthenticationManager defaultAuthenticationManager = new DefaultAuthenticationManager(getAuthenticationExecutionPlan(new HashMap()), false, (ConfigurableApplicationContext) Mockito.mock(ConfigurableApplicationContext.class));
        Assertions.assertThrows(AuthenticationException.class, () -> {
            defaultAuthenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    public void verifyBlockingAuthnPolicy() throws Exception {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(false, true), null);
        linkedHashMap.put(newMockHandler(true), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        AuthenticationPolicy authenticationPolicy = (AuthenticationPolicy) Mockito.mock(AuthenticationPolicy.class);
        Mockito.when(authenticationPolicy.isSatisfiedBy((Authentication) Mockito.any(), (Set) Mockito.any(), (ConfigurableApplicationContext) Mockito.any(), (Optional) Mockito.any())).thenReturn(AuthenticationPolicyExecutionResult.success());
        Mockito.when(Boolean.valueOf(authenticationPolicy.shouldResumeOnFailure((Throwable) Mockito.any()))).thenReturn(Boolean.FALSE);
        authenticationExecutionPlan.registerAuthenticationPolicy(authenticationPolicy);
        DefaultAuthenticationManager defaultAuthenticationManager = new DefaultAuthenticationManager(authenticationExecutionPlan, false, (ConfigurableApplicationContext) Mockito.mock(ConfigurableApplicationContext.class));
        AuthenticationTransaction newTransaction = new DefaultAuthenticationTransactionFactory().newTransaction(CoreAuthenticationTestUtils.getService(), new Credential[]{(Credential) Mockito.mock(Credential.class, Mockito.withSettings().serializable())});
        Assertions.assertThrows(AuthenticationException.class, () -> {
            defaultAuthenticationManager.authenticate(newTransaction);
        });
    }

    @Test
    public void verifyResolverFails() {
        HashMap hashMap = new HashMap();
        PrincipalResolver principalResolver = (PrincipalResolver) Mockito.mock(PrincipalResolver.class);
        Mockito.when(Boolean.valueOf(principalResolver.supports((Credential) Mockito.any()))).thenReturn(Boolean.FALSE);
        hashMap.put(newMockHandler(true), principalResolver);
        DefaultAuthenticationManager defaultAuthenticationManager = new DefaultAuthenticationManager(getAuthenticationExecutionPlan(hashMap), false, (ConfigurableApplicationContext) Mockito.mock(ConfigurableApplicationContext.class));
        Assertions.assertThrows(UnresolvedPrincipalException.class, () -> {
            defaultAuthenticationManager.authenticate(this.transaction);
        });
        Mockito.when(Boolean.valueOf(principalResolver.supports((Credential) Mockito.any()))).thenReturn(Boolean.TRUE);
        Mockito.when(principalResolver.resolve((Credential) Mockito.any(), (Optional) Mockito.any(), (Optional) Mockito.any())).thenThrow(new Throwable[]{new RuntimeException("Fails")});
        Assertions.assertThrows(UnresolvedPrincipalException.class, () -> {
            defaultAuthenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    public void verifyResolverFailsAsFatal() {
        HashMap hashMap = new HashMap();
        PrincipalResolver principalResolver = (PrincipalResolver) Mockito.mock(PrincipalResolver.class);
        Mockito.when(Boolean.valueOf(principalResolver.supports((Credential) Mockito.any()))).thenReturn(Boolean.FALSE);
        hashMap.put(newMockHandler(true), principalResolver);
        DefaultAuthenticationManager defaultAuthenticationManager = new DefaultAuthenticationManager(getAuthenticationExecutionPlan(hashMap), true, (ConfigurableApplicationContext) Mockito.mock(ConfigurableApplicationContext.class));
        Assertions.assertThrows(UnresolvedPrincipalException.class, () -> {
            defaultAuthenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    public void verifyAuthWithNoCreds() {
        HashMap hashMap = new HashMap();
        hashMap.put(newMockHandler(true), null);
        DefaultAuthenticationManager defaultAuthenticationManager = new DefaultAuthenticationManager(getAuthenticationExecutionPlan(hashMap), true, (ConfigurableApplicationContext) Mockito.mock(ConfigurableApplicationContext.class));
        Assertions.assertThrows(AuthenticationException.class, () -> {
            defaultAuthenticationManager.authenticate(new DefaultAuthenticationTransactionFactory().newTransaction(new Credential[0]));
        });
    }

    @Test
    public void verifyAuthenticateAnySuccess() {
        HashMap hashMap = new HashMap();
        hashMap.put(newMockHandler(true), null);
        hashMap.put(newMockHandler(false), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(hashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new AtLeastOneCredentialValidatedAuthenticationPolicy());
        Authentication authenticate = new DefaultAuthenticationManager(authenticationExecutionPlan, false, (ConfigurableApplicationContext) Mockito.mock(ConfigurableApplicationContext.class)).authenticate(this.transaction);
        Assertions.assertEquals(1, authenticate.getSuccesses().size());
        Assertions.assertEquals(2, authenticate.getCredentials().size());
    }

    @Test
    public void verifyAuthenticateAnyButTryAllSuccess() {
        HashMap hashMap = new HashMap();
        hashMap.put(newMockHandler(true), null);
        hashMap.put(newMockHandler(false), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(hashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new AtLeastOneCredentialValidatedAuthenticationPolicy(true));
        Authentication authenticate = new DefaultAuthenticationManager(authenticationExecutionPlan, false, (ConfigurableApplicationContext) Mockito.mock(ConfigurableApplicationContext.class)).authenticate(this.transaction);
        Assertions.assertEquals(1, authenticate.getSuccesses().size());
        Assertions.assertEquals(1, authenticate.getFailures().size());
        Assertions.assertEquals(2, hashMap.size());
    }

    @Test
    public void verifyAuthenticateAnyFailure() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(false), null);
        linkedHashMap.put(newMockHandler(false), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new AtLeastOneCredentialValidatedAuthenticationPolicy());
        DefaultAuthenticationManager defaultAuthenticationManager = new DefaultAuthenticationManager(authenticationExecutionPlan, false, (ConfigurableApplicationContext) Mockito.mock(ConfigurableApplicationContext.class));
        Assertions.assertThrows(AuthenticationException.class, () -> {
            defaultAuthenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    public void verifyAuthenticateAnyFailureWithError() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(false, true), null);
        linkedHashMap.put(newMockHandler(false, true), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new AtLeastOneCredentialValidatedAuthenticationPolicy());
        DefaultAuthenticationManager defaultAuthenticationManager = new DefaultAuthenticationManager(authenticationExecutionPlan, false, (ConfigurableApplicationContext) Mockito.mock(ConfigurableApplicationContext.class));
        Assertions.assertThrows(AuthenticationException.class, () -> {
            defaultAuthenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    public void verifyAuthenticateAllSuccess() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(true), null);
        linkedHashMap.put(newMockHandler(true), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new AllCredentialsValidatedAuthenticationPolicy());
        Authentication authenticate = new DefaultAuthenticationManager(authenticationExecutionPlan, false, (ConfigurableApplicationContext) Mockito.mock(ConfigurableApplicationContext.class)).authenticate(this.transaction);
        Assertions.assertEquals(2, authenticate.getSuccesses().size());
        Assertions.assertEquals(0, authenticate.getFailures().size());
        Assertions.assertEquals(2, authenticate.getCredentials().size());
    }

    @Test
    public void verifyAuthenticatePolicyFailsGeneric() throws Exception {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(true), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        AuthenticationPolicy authenticationPolicy = (AuthenticationPolicy) Mockito.mock(AuthenticationPolicy.class);
        Mockito.when(authenticationPolicy.isSatisfiedBy((Authentication) Mockito.any(), (Set) Mockito.any(), (ConfigurableApplicationContext) Mockito.any(), (Optional) Mockito.any())).thenThrow(new Throwable[]{new GeneralSecurityException((Throwable) new FailedLoginException())});
        authenticationExecutionPlan.registerAuthenticationPolicy(authenticationPolicy);
        DefaultAuthenticationManager defaultAuthenticationManager = new DefaultAuthenticationManager(authenticationExecutionPlan, false, (ConfigurableApplicationContext) Mockito.mock(ConfigurableApplicationContext.class));
        Assertions.assertThrows(AuthenticationException.class, () -> {
            defaultAuthenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    public void verifyAuthenticatePolicyFails() throws Exception {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(true), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        AuthenticationPolicy authenticationPolicy = (AuthenticationPolicy) Mockito.mock(AuthenticationPolicy.class);
        Mockito.when(authenticationPolicy.isSatisfiedBy((Authentication) Mockito.any(), (Set) Mockito.any(), (ConfigurableApplicationContext) Mockito.any(), (Optional) Mockito.any())).thenThrow(new Throwable[]{new IllegalArgumentException()});
        authenticationExecutionPlan.registerAuthenticationPolicy(authenticationPolicy);
        DefaultAuthenticationManager defaultAuthenticationManager = new DefaultAuthenticationManager(authenticationExecutionPlan, false, (ConfigurableApplicationContext) Mockito.mock(ConfigurableApplicationContext.class));
        Assertions.assertThrows(AuthenticationException.class, () -> {
            defaultAuthenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    public void verifyAuthenticateAllFailure() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(false), null);
        linkedHashMap.put(newMockHandler(false), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new AllCredentialsValidatedAuthenticationPolicy());
        DefaultAuthenticationManager defaultAuthenticationManager = new DefaultAuthenticationManager(authenticationExecutionPlan, false, (ConfigurableApplicationContext) Mockito.mock(ConfigurableApplicationContext.class));
        Assertions.assertThrows(AuthenticationException.class, () -> {
            defaultAuthenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    public void verifyAuthenticateRequiredHandlerSuccess() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(HANDLER_A, true), null);
        linkedHashMap.put(newMockHandler(HANDLER_B, false), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new RequiredAuthenticationHandlerAuthenticationPolicy(HANDLER_A));
        Authentication authenticate = new DefaultAuthenticationManager(authenticationExecutionPlan, false, (ConfigurableApplicationContext) Mockito.mock(ConfigurableApplicationContext.class)).authenticate(this.transaction);
        Assertions.assertEquals(1, authenticate.getSuccesses().size());
        Assertions.assertEquals(2, authenticate.getCredentials().size());
    }

    @Test
    public void verifyAuthenticateRequiredHandlerFailure() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(HANDLER_A, true), null);
        linkedHashMap.put(newMockHandler(HANDLER_B, false), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new RequiredAuthenticationHandlerAuthenticationPolicy(HANDLER_B));
        DefaultAuthenticationManager defaultAuthenticationManager = new DefaultAuthenticationManager(authenticationExecutionPlan, false, (ConfigurableApplicationContext) Mockito.mock(ConfigurableApplicationContext.class));
        Assertions.assertThrows(AuthenticationException.class, () -> {
            defaultAuthenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    public void verifyAuthenticateRequiredHandlerTryAllSuccess() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(HANDLER_A, true), null);
        linkedHashMap.put(newMockHandler(HANDLER_B, false), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new RequiredAuthenticationHandlerAuthenticationPolicy(Set.of(HANDLER_A), true));
        Authentication authenticate = new DefaultAuthenticationManager(authenticationExecutionPlan, false, (ConfigurableApplicationContext) Mockito.mock(ConfigurableApplicationContext.class)).authenticate(this.transaction);
        Assertions.assertEquals(1, authenticate.getSuccesses().size());
        Assertions.assertEquals(1, authenticate.getFailures().size());
        Assertions.assertEquals(2, authenticate.getCredentials().size());
    }
}
