package org.apereo.cas.mfa.accepto;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.nio.charset.StandardCharsets;
import javax.security.auth.login.FailedLoginException;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.mfa.accepto.BaseAccepttoMultifactorAuthenticationTests;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.MockWebServer;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.core.io.ByteArrayResource;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.execution.RequestContextHolder;
import org.springframework.webflow.test.MockRequestContext;

@Tag("MFA")
@SpringBootTest(classes = {BaseAccepttoMultifactorAuthenticationTests.SharedTestConfiguration.class}, properties = {"cas.authn.mfa.acceptto.api-url=http://localhost:5002", "cas.authn.mfa.acceptto.application-id=thisisatestid", "cas.authn.mfa.acceptto.secret=thisisasecret", "cas.authn.mfa.acceptto.organization-id=thisisatestid", "cas.authn.mfa.acceptto.organization-secret=thisisasecret", "cas.authn.mfa.acceptto.registration-api-public-key.location=classpath:publickey.pem", "cas.authn.mfa.acceptto.bypass.principal-attribute-name=nothing", "cas.authn.mfa.acceptto.bypass.authentication-attribute-name=nothing", "cas.authn.mfa.acceptto.bypass.credential-class-type=UsernamePasswordCredential", "cas.authn.mfa.acceptto.bypass.http-request-remote-address=1.2.3.4", "cas.authn.mfa.acceptto.bypass.groovy.location=classpath:GroovyBypass.groovy", "cas.authn.mfa.acceptto.bypass.rest.url=http://localhost:8080/bypass"})
/* loaded from: input_file:org/apereo/cas/mfa/accepto/AccepttoMultifactorAuthenticationHandlerTests.class */
public class AccepttoMultifactorAuthenticationHandlerTests {
    private static final ObjectMapper MAPPER = new ObjectMapper().findAndRegisterModules();

    @Autowired
    private CasConfigurationProperties casProperties;

    @Test
    public void verifyOperationApproved() throws Exception {
        MockWebServer mockWebServer = new MockWebServer(5002, new ByteArrayResource(MAPPER.writeValueAsString(CollectionUtils.wrap("device_id", "deviceid-test", "status", "approved")).getBytes(StandardCharsets.UTF_8), "Output"), HttpStatus.OK);
        try {
            mockWebServer.start();
            AccepttoMultifactorAuthenticationHandler buildHandler = buildHandler();
            AccepttoMultifactorTokenCredential accepttoMultifactorTokenCredential = new AccepttoMultifactorTokenCredential("test-channel");
            Assertions.assertTrue(buildHandler.supports(accepttoMultifactorTokenCredential));
            Assertions.assertTrue(buildHandler.supports(AccepttoMultifactorTokenCredential.class));
            Assertions.assertNotNull(buildHandler.authenticate(accepttoMultifactorTokenCredential).getPrincipal());
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void verifyOperationForbidden() throws Exception {
        MockWebServer mockWebServer = new MockWebServer(5002, new ByteArrayResource(MAPPER.writeValueAsString(CollectionUtils.wrap("device_id", "deviceid-test", "status", "approved")).getBytes(StandardCharsets.UTF_8), "Output"), HttpStatus.FORBIDDEN);
        try {
            mockWebServer.start();
            AccepttoMultifactorAuthenticationHandler buildHandler = buildHandler();
            AccepttoMultifactorTokenCredential accepttoMultifactorTokenCredential = new AccepttoMultifactorTokenCredential("test-channel");
            Assertions.assertThrows(FailedLoginException.class, () -> {
                buildHandler.authenticate(accepttoMultifactorTokenCredential);
            });
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void verifyOperationUnAuthz() throws Exception {
        MockWebServer mockWebServer = new MockWebServer(5002, new ByteArrayResource(MAPPER.writeValueAsString(CollectionUtils.wrap("device_id", "deviceid-test", "status", "approved")).getBytes(StandardCharsets.UTF_8), "Output"), HttpStatus.UNAUTHORIZED);
        try {
            mockWebServer.start();
            AccepttoMultifactorAuthenticationHandler buildHandler = buildHandler();
            AccepttoMultifactorTokenCredential accepttoMultifactorTokenCredential = new AccepttoMultifactorTokenCredential("test-channel");
            Assertions.assertThrows(FailedLoginException.class, () -> {
                buildHandler.authenticate(accepttoMultifactorTokenCredential);
            });
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void verifyOperationExpired() throws Exception {
        MockWebServer mockWebServer = new MockWebServer(5002, new ByteArrayResource(MAPPER.writeValueAsString(CollectionUtils.wrap("device_id", "deviceid-test", "status", "expired")).getBytes(StandardCharsets.UTF_8), "Output"), HttpStatus.OK);
        try {
            mockWebServer.start();
            AccepttoMultifactorAuthenticationHandler buildHandler = buildHandler();
            AccepttoMultifactorTokenCredential accepttoMultifactorTokenCredential = new AccepttoMultifactorTokenCredential("test-channel");
            Assertions.assertThrows(FailedLoginException.class, () -> {
                buildHandler.authenticate(accepttoMultifactorTokenCredential);
            });
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void verifyOperationDeclined() throws Exception {
        MockWebServer mockWebServer = new MockWebServer(5002, new ByteArrayResource(MAPPER.writeValueAsString(CollectionUtils.wrap("device_id", "deviceid-test", "status", "declined")).getBytes(StandardCharsets.UTF_8), "Output"), HttpStatus.OK);
        try {
            mockWebServer.start();
            AccepttoMultifactorAuthenticationHandler buildHandler = buildHandler();
            AccepttoMultifactorTokenCredential accepttoMultifactorTokenCredential = new AccepttoMultifactorTokenCredential("test-channel");
            Assertions.assertThrows(FailedLoginException.class, () -> {
                buildHandler.authenticate(accepttoMultifactorTokenCredential);
            });
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private AccepttoMultifactorAuthenticationHandler buildHandler() {
        AccepttoMultifactorAuthenticationHandler accepttoMultifactorAuthenticationHandler = new AccepttoMultifactorAuthenticationHandler((ServicesManager) Mockito.mock(ServicesManager.class), PrincipalFactoryUtils.newPrincipalFactory(), this.casProperties.getAuthn().getMfa().getAcceptto());
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), mockRequestContext);
        RequestContextHolder.setRequestContext(mockRequestContext);
        return accepttoMultifactorAuthenticationHandler;
    }
}
