package org.apereo.cas.authentication;

import java.security.GeneralSecurityException;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import javax.security.auth.login.FailedLoginException;
import lombok.Generated;
import org.apereo.cas.authentication.exceptions.UnresolvedPrincipalException;
import org.apereo.cas.authentication.handler.DefaultAuthenticationHandlerResolver;
import org.apereo.cas.authentication.handler.RegisteredServiceAuthenticationHandlerResolver;
import org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler;
import org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy;
import org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy;
import org.apereo.cas.authentication.policy.RequiredAuthenticationHandlerAuthenticationPolicy;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.services.CasModelRegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.spring.ApplicationContextProvider;
import org.apereo.cas.util.spring.DirectObjectProvider;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.support.StaticApplicationContext;

@Tag("Authentication")
/* loaded from: input_file:org/apereo/cas/authentication/DefaultAuthenticationManagerTests.class */
class DefaultAuthenticationManagerTests {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultAuthenticationManagerTests.class);
    private static final String HANDLER_A = "HandlerA";
    private static final String HANDLER_B = "HandlerB";
    private final AuthenticationTransaction transaction = CoreAuthenticationTestUtils.getAuthenticationTransactionFactory().newTransaction(CoreAuthenticationTestUtils.getService(), new Credential[]{CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword("casuser1"), CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword("casuser2")});
    private ConfigurableApplicationContext applicationContext;

    DefaultAuthenticationManagerTests() {
    }

    protected static ServicesManager mockServicesManager() {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        CasModelRegisteredService registeredService = CoreAuthenticationTestUtils.getRegisteredService();
        Mockito.when(servicesManager.findServiceBy((Service) Mockito.any(Service.class))).thenReturn(registeredService);
        Mockito.when(servicesManager.getAllServices()).thenReturn(List.of(registeredService));
        return servicesManager;
    }

    private static AuthenticationHandler newMockHandler(boolean z) throws Throwable {
        return newMockHandler(z, false);
    }

    private static AuthenticationHandler newMockHandler(boolean z, boolean z2) throws Throwable {
        return newMockHandler("MockAuthenticationHandler" + String.valueOf(UUID.randomUUID()), z, z2);
    }

    private static AuthenticationHandler newMockHandler(String str, boolean z) throws Throwable {
        return newMockHandler(str, z, false);
    }

    private static AuthenticationHandler newMockHandler(String str, boolean z, boolean z2) throws Throwable {
        AuthenticationHandler authenticationHandler = (AuthenticationHandler) Mockito.mock(AuthenticationHandler.class);
        Mockito.when(authenticationHandler.getName()).thenReturn(str);
        Mockito.when(Boolean.valueOf(authenticationHandler.supports((Credential) Mockito.any(Credential.class)))).thenReturn(true);
        Mockito.when(authenticationHandler.getState()).thenCallRealMethod();
        if (z) {
            Mockito.when(authenticationHandler.authenticate((Credential) Mockito.any(Credential.class), (Service) Mockito.any(Service.class))).thenReturn(new DefaultAuthenticationHandlerExecutionResult(authenticationHandler, CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword("nobody"), PrincipalFactoryUtils.newPrincipalFactory().createPrincipal("nobody")));
        } else if (z2) {
            Mockito.when(authenticationHandler.authenticate((Credential) Mockito.any(Credential.class), (Service) Mockito.any(Service.class))).thenThrow(new Throwable[]{new PreventedException("failure")});
        } else {
            Mockito.when(authenticationHandler.authenticate((Credential) Mockito.any(Credential.class), (Service) Mockito.any(Service.class))).thenThrow(new Throwable[]{new FailedLoginException()});
        }
        return authenticationHandler;
    }

    private static AuthenticationEventExecutionPlan getAuthenticationExecutionPlan(Map<AuthenticationHandler, PrincipalResolver> map) {
        DefaultAuthenticationEventExecutionPlan defaultAuthenticationEventExecutionPlan = new DefaultAuthenticationEventExecutionPlan();
        defaultAuthenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(map);
        defaultAuthenticationEventExecutionPlan.registerAuthenticationHandlerResolver(new RegisteredServiceAuthenticationHandlerResolver(mockServicesManager(), new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()})));
        defaultAuthenticationEventExecutionPlan.registerAuthenticationHandlerResolver(new DefaultAuthenticationHandlerResolver());
        defaultAuthenticationEventExecutionPlan.registerAuthenticationPostProcessor(AuthenticationPostProcessor.none());
        return defaultAuthenticationEventExecutionPlan;
    }

    @BeforeEach
    public void setup() {
        this.applicationContext = new StaticApplicationContext();
        this.applicationContext.refresh();
        ApplicationContextProvider.registerBeanIntoApplicationContext(this.applicationContext, CoreAuthenticationTestUtils.getAuthenticationSystemSupport(), "defaultAuthenticationSystemSupport");
    }

    @Test
    void verifyAuthenticateFailsPreProcessor() throws Throwable {
        HashMap hashMap = new HashMap();
        hashMap.put(newMockHandler(true), null);
        hashMap.put(newMockHandler(false), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(hashMap);
        authenticationExecutionPlan.registerAuthenticationPreProcessor(authenticationTransaction -> {
            return false;
        });
        AuthenticationManager authenticationManager = getAuthenticationManager(authenticationExecutionPlan);
        Assertions.assertThrows(AuthenticationException.class, () -> {
            authenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    void verifyNoHandlers() throws Throwable {
        AuthenticationManager authenticationManager = getAuthenticationManager(getAuthenticationExecutionPlan(new HashMap()));
        Assertions.assertThrows(AuthenticationException.class, () -> {
            authenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    void verifyTransactionWithAuthnHistoryAndAuthnPolicy() throws Throwable {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(true), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new RequiredAuthenticationHandlerAuthenticationPolicy(SimpleTestUsernamePasswordAuthenticationHandler.class.getSimpleName()));
        AuthenticationManager authenticationManager = getAuthenticationManager(authenticationExecutionPlan);
        AuthenticationTransaction newTransaction = CoreAuthenticationTestUtils.getAuthenticationTransactionFactory().newTransaction(CoreAuthenticationTestUtils.getService(), new Credential[]{(Credential) Mockito.mock(Credential.class, Mockito.withSettings().serializable())});
        newTransaction.collect(List.of(CoreAuthenticationTestUtils.getAuthentication()));
        Assertions.assertNotNull(authenticationManager.authenticate(newTransaction));
    }

    @Test
    void verifyBlockingAuthnPolicy() throws Throwable {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(false, true), null);
        linkedHashMap.put(newMockHandler(true), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        AuthenticationPolicy authenticationPolicy = (AuthenticationPolicy) Mockito.mock(AuthenticationPolicy.class);
        Mockito.when(authenticationPolicy.isSatisfiedBy((Authentication) Mockito.any(), Mockito.anySet(), (ConfigurableApplicationContext) Mockito.any(), Mockito.anyMap())).thenReturn(AuthenticationPolicyExecutionResult.success());
        Mockito.when(Boolean.valueOf(authenticationPolicy.shouldResumeOnFailure((Throwable) Mockito.any()))).thenReturn(Boolean.FALSE);
        authenticationExecutionPlan.registerAuthenticationPolicy(authenticationPolicy);
        AuthenticationManager authenticationManager = getAuthenticationManager(authenticationExecutionPlan);
        AuthenticationTransaction newTransaction = CoreAuthenticationTestUtils.getAuthenticationTransactionFactory().newTransaction(CoreAuthenticationTestUtils.getService(), new Credential[]{(Credential) Mockito.mock(Credential.class, Mockito.withSettings().serializable())});
        Assertions.assertThrows(AuthenticationException.class, () -> {
            authenticationManager.authenticate(newTransaction);
        });
    }

    @Test
    void verifyResolverFails() throws Throwable {
        HashMap hashMap = new HashMap();
        PrincipalResolver principalResolver = (PrincipalResolver) Mockito.mock(PrincipalResolver.class);
        Mockito.when(Boolean.valueOf(principalResolver.supports((Credential) Mockito.any()))).thenReturn(Boolean.FALSE);
        hashMap.put(newMockHandler(true), principalResolver);
        AuthenticationManager authenticationManager = getAuthenticationManager(getAuthenticationExecutionPlan(hashMap));
        Assertions.assertThrows(UnresolvedPrincipalException.class, () -> {
            authenticationManager.authenticate(this.transaction);
        });
        Mockito.when(Boolean.valueOf(principalResolver.supports((Credential) Mockito.any()))).thenReturn(Boolean.TRUE);
        Mockito.when(principalResolver.resolve((Credential) Mockito.any(), (Optional) Mockito.any(), (Optional) Mockito.any(), (Optional) Mockito.any(Optional.class))).thenThrow(new Throwable[]{new RuntimeException("Fails")});
        Assertions.assertThrows(UnresolvedPrincipalException.class, () -> {
            authenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    void verifyResolverFailsAsFatal() throws Throwable {
        HashMap hashMap = new HashMap();
        PrincipalResolver principalResolver = (PrincipalResolver) Mockito.mock(PrincipalResolver.class);
        Mockito.when(Boolean.valueOf(principalResolver.supports((Credential) Mockito.any()))).thenReturn(Boolean.FALSE);
        hashMap.put(newMockHandler(true), principalResolver);
        AuthenticationManager authenticationManager = getAuthenticationManager(getAuthenticationExecutionPlan(hashMap));
        Assertions.assertThrows(UnresolvedPrincipalException.class, () -> {
            authenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    void verifyAuthWithNoCreds() throws Throwable {
        HashMap hashMap = new HashMap();
        hashMap.put(newMockHandler(true), null);
        AuthenticationManager authenticationManager = getAuthenticationManager(getAuthenticationExecutionPlan(hashMap));
        Assertions.assertThrows(AuthenticationException.class, () -> {
            authenticationManager.authenticate(CoreAuthenticationTestUtils.getAuthenticationTransactionFactory().newTransaction(new Credential[0]));
        });
    }

    @Test
    void verifyAuthenticateAnySuccess() throws Throwable {
        HashMap hashMap = new HashMap();
        hashMap.put(newMockHandler(true), null);
        hashMap.put(newMockHandler(false), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(hashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new AtLeastOneCredentialValidatedAuthenticationPolicy());
        Authentication authenticate = getAuthenticationManager(authenticationExecutionPlan).authenticate(this.transaction);
        Assertions.assertEquals(1, authenticate.getSuccesses().size());
        Assertions.assertEquals(2, authenticate.getCredentials().size());
    }

    @Test
    void verifyAuthenticateAnyButTryAllSuccess() throws Throwable {
        HashMap hashMap = new HashMap();
        hashMap.put(newMockHandler(true), null);
        hashMap.put(newMockHandler(false), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(hashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new AtLeastOneCredentialValidatedAuthenticationPolicy(true));
        AuthenticationManager authenticationManager = getAuthenticationManager(authenticationExecutionPlan);
        Assertions.assertThrows(AuthenticationException.class, () -> {
            authenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    void verifyAuthenticateAnyFailure() throws Throwable {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(false), null);
        linkedHashMap.put(newMockHandler(false), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new AtLeastOneCredentialValidatedAuthenticationPolicy());
        AuthenticationManager authenticationManager = getAuthenticationManager(authenticationExecutionPlan);
        Assertions.assertThrows(AuthenticationException.class, () -> {
            authenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    void verifyAuthenticateAnyFailureWithError() throws Throwable {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(false, true), null);
        linkedHashMap.put(newMockHandler(false, true), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new AtLeastOneCredentialValidatedAuthenticationPolicy());
        AuthenticationManager authenticationManager = getAuthenticationManager(authenticationExecutionPlan);
        Assertions.assertThrows(AuthenticationException.class, () -> {
            authenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    void verifyAuthenticateAllSuccess() throws Throwable {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(true), null);
        linkedHashMap.put(newMockHandler(true), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new AllCredentialsValidatedAuthenticationPolicy());
        Authentication authenticate = getAuthenticationManager(authenticationExecutionPlan).authenticate(this.transaction);
        Assertions.assertEquals(2, authenticate.getSuccesses().size());
        Assertions.assertEquals(0, authenticate.getFailures().size());
        Assertions.assertEquals(2, authenticate.getCredentials().size());
    }

    @Test
    void verifyAuthenticatePolicyFailsGeneric() throws Throwable {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(true), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        AuthenticationPolicy authenticationPolicy = (AuthenticationPolicy) Mockito.mock(AuthenticationPolicy.class);
        Mockito.when(authenticationPolicy.isSatisfiedBy((Authentication) Mockito.any(), (Set) Mockito.any(), (ConfigurableApplicationContext) Mockito.any(), (Map) Mockito.any())).thenThrow(new Throwable[]{new GeneralSecurityException((Throwable) new FailedLoginException())});
        authenticationExecutionPlan.registerAuthenticationPolicy(authenticationPolicy);
        AuthenticationManager authenticationManager = getAuthenticationManager(authenticationExecutionPlan);
        Assertions.assertThrows(AuthenticationException.class, () -> {
            authenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    void verifyAuthenticatePolicyFails() throws Throwable {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(true), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        AuthenticationPolicy authenticationPolicy = (AuthenticationPolicy) Mockito.mock(AuthenticationPolicy.class);
        Mockito.when(authenticationPolicy.isSatisfiedBy((Authentication) Mockito.any(), (Set) Mockito.any(), (ConfigurableApplicationContext) Mockito.any(), (Map) Mockito.any())).thenThrow(new Throwable[]{new IllegalArgumentException()});
        authenticationExecutionPlan.registerAuthenticationPolicy(authenticationPolicy);
        AuthenticationManager authenticationManager = getAuthenticationManager(authenticationExecutionPlan);
        Assertions.assertThrows(AuthenticationException.class, () -> {
            authenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    void verifyAuthenticateAllFailure() throws Throwable {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(false), null);
        linkedHashMap.put(newMockHandler(false), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new AllCredentialsValidatedAuthenticationPolicy());
        AuthenticationManager authenticationManager = getAuthenticationManager(authenticationExecutionPlan);
        Assertions.assertThrows(AuthenticationException.class, () -> {
            authenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    void verifyAuthenticateRequiredHandlerSuccess() throws Throwable {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(HANDLER_A, true), null);
        linkedHashMap.put(newMockHandler(HANDLER_B, false), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new RequiredAuthenticationHandlerAuthenticationPolicy(HANDLER_A));
        Authentication authenticate = getAuthenticationManager(authenticationExecutionPlan).authenticate(this.transaction);
        Assertions.assertEquals(1, authenticate.getSuccesses().size());
        Assertions.assertEquals(2, authenticate.getCredentials().size());
    }

    @Test
    void verifyAuthenticateRequiredHandlerFailure() throws Throwable {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(HANDLER_A, true), null);
        linkedHashMap.put(newMockHandler(HANDLER_B, false), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new RequiredAuthenticationHandlerAuthenticationPolicy(HANDLER_B));
        AuthenticationManager authenticationManager = getAuthenticationManager(authenticationExecutionPlan);
        Assertions.assertThrows(AuthenticationException.class, () -> {
            authenticationManager.authenticate(this.transaction);
        });
    }

    @Test
    void verifyAuthenticateRequiredHandlerTryAllSuccess() throws Throwable {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(newMockHandler(HANDLER_A, true), null);
        linkedHashMap.put(newMockHandler(HANDLER_B, false), null);
        AuthenticationEventExecutionPlan authenticationExecutionPlan = getAuthenticationExecutionPlan(linkedHashMap);
        authenticationExecutionPlan.registerAuthenticationPolicy(new RequiredAuthenticationHandlerAuthenticationPolicy(Set.of(HANDLER_A), true));
        Authentication authenticate = getAuthenticationManager(authenticationExecutionPlan).authenticate(this.transaction);
        Assertions.assertEquals(1, authenticate.getSuccesses().size());
        Assertions.assertEquals(1, authenticate.getFailures().size());
        Assertions.assertEquals(2, authenticate.getCredentials().size());
    }

    private AuthenticationManager getAuthenticationManager(AuthenticationEventExecutionPlan authenticationEventExecutionPlan) {
        return new DefaultAuthenticationManager(authenticationEventExecutionPlan, new DirectObjectProvider(CoreAuthenticationTestUtils.getAuthenticationSystemSupport()), false, this.applicationContext);
    }
}
