package org.apereo.cas.mfa.accepto.web.flow;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Map;
import java.util.UUID;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.mfa.accepto.BaseAccepttoMultifactorAuthenticationTests;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.MockWebServer;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.common.web.ClientInfo;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.pac4j.core.context.session.SessionStore;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.core.io.ByteArrayResource;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.execution.RequestContextHolder;
import org.springframework.webflow.test.MockRequestContext;

@Tag("WebflowMfaActions")
@SpringBootTest(classes = {BaseAccepttoMultifactorAuthenticationTests.SharedTestConfiguration.class}, properties = {"cas.authn.mfa.acceptto.api-url=http://localhost:5001", "cas.authn.mfa.acceptto.registration-api-url=http://localhost:5002", "cas.authn.mfa.acceptto.application-id=thisisatestid", "cas.authn.mfa.acceptto.secret=thisisasecret", "cas.authn.mfa.acceptto.organization-id=thisisatestid", "cas.authn.mfa.acceptto.organization-secret=155724611137f7eb0280dd76b0546eea4bca1c7ba1", "cas.authn.mfa.acceptto.registration-api-public-key.location=classpath:publickey.pem"})
/* loaded from: input_file:org/apereo/cas/mfa/accepto/web/flow/AccepttoMultifactorFetchChannelActionTests.class */
public class AccepttoMultifactorFetchChannelActionTests {
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(true).build().toObjectMapper();

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("mfaAccepttoDistributedSessionStore")
    private SessionStore mfaAccepttoDistributedSessionStore;

    @Autowired
    @Qualifier("mfaAccepttoApiPublicKey")
    private PublicKey mfaAccepttoApiPublicKey;

    @Test
    public void verifyOperation() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRemoteAddr("185.86.151.11");
        mockHttpServletRequest.setLocalAddr("185.88.151.11");
        ClientInfoHolder.setClientInfo(new ClientInfo(mockHttpServletRequest));
        MockWebServer mockWebServer = new MockWebServer(5001, new ByteArrayResource(MAPPER.writeValueAsString(CollectionUtils.wrap("channel", "test-channel", "status", "success")).getBytes(StandardCharsets.UTF_8), "Output"), HttpStatus.OK);
        try {
            mockWebServer.start();
            AccepttoMultifactorFetchChannelAction accepttoMultifactorFetchChannelAction = new AccepttoMultifactorFetchChannelAction(this.casProperties, this.mfaAccepttoDistributedSessionStore, this.mfaAccepttoApiPublicKey);
            MockRequestContext mockRequestContext = new MockRequestContext();
            mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
            WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), mockRequestContext);
            RequestContextHolder.setRequestContext(mockRequestContext);
            AccepttoWebflowUtils.setChannel(mockRequestContext, "test-channel");
            Assertions.assertEquals("success", accepttoMultifactorFetchChannelAction.doExecute(mockRequestContext).getId());
            Assertions.assertTrue(mockRequestContext.getRequestScope().contains("accepttoRedirectUrl"));
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void verifyGetChannelFails() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRemoteAddr("185.86.151.11");
        mockHttpServletRequest.setLocalAddr("185.88.151.11");
        ClientInfoHolder.setClientInfo(new ClientInfo(mockHttpServletRequest));
        KeyPair generateKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        PublicKey publicKey = generateKeyPair.getPublic();
        MockWebServer mockWebServer = new MockWebServer(5002, new ByteArrayResource(MAPPER.writeValueAsString(Map.of("content", new String(EncodingUtils.signJwsRSASha512(privateKey, MAPPER.writeValueAsString(Map.of("success", "true", "status", "OK", "response_code", "approved")).getBytes(StandardCharsets.UTF_8), Map.of()), StandardCharsets.UTF_8))).getBytes(StandardCharsets.UTF_8), "Output"), HttpStatus.OK);
        try {
            mockWebServer.start();
            AccepttoMultifactorFetchChannelAction accepttoMultifactorFetchChannelAction = new AccepttoMultifactorFetchChannelAction(this.casProperties, this.mfaAccepttoDistributedSessionStore, publicKey);
            MockRequestContext mockRequestContext = new MockRequestContext();
            mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
            WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), mockRequestContext);
            RequestContextHolder.setRequestContext(mockRequestContext);
            Assertions.assertThrows(AuthenticationException.class, () -> {
                accepttoMultifactorFetchChannelAction.doExecute(mockRequestContext);
            });
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void verifyGetChannel() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRemoteAddr("185.86.151.11");
        mockHttpServletRequest.setLocalAddr("185.88.151.11");
        ClientInfoHolder.setClientInfo(new ClientInfo(mockHttpServletRequest));
        KeyPair generateKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        PublicKey publicKey = generateKeyPair.getPublic();
        MockWebServer mockWebServer = new MockWebServer(5002, new ByteArrayResource(MAPPER.writeValueAsString(Map.of("content", new String(EncodingUtils.signJwsRSASha512(privateKey, MAPPER.writeValueAsString(Map.of("success", "true", "status", "OK", "channel", UUID.randomUUID().toString(), "response_code", "approved")).getBytes(StandardCharsets.UTF_8), Map.of()), StandardCharsets.UTF_8))).getBytes(StandardCharsets.UTF_8), "Output"), HttpStatus.OK);
        try {
            mockWebServer.start();
            AccepttoMultifactorFetchChannelAction accepttoMultifactorFetchChannelAction = new AccepttoMultifactorFetchChannelAction(this.casProperties, this.mfaAccepttoDistributedSessionStore, publicKey);
            MockRequestContext mockRequestContext = new MockRequestContext();
            mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
            WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), mockRequestContext);
            RequestContextHolder.setRequestContext(mockRequestContext);
            Assertions.assertEquals("success", accepttoMultifactorFetchChannelAction.doExecute(mockRequestContext).getId());
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void verifyBadChannelStatus() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRemoteAddr("185.86.151.11");
        mockHttpServletRequest.setLocalAddr("185.88.151.11");
        ClientInfoHolder.setClientInfo(new ClientInfo(mockHttpServletRequest));
        KeyPair generateKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        PublicKey publicKey = generateKeyPair.getPublic();
        MockWebServer mockWebServer = new MockWebServer(5002, new ByteArrayResource(MAPPER.writeValueAsString(Map.of("content", new String(EncodingUtils.signJwsRSASha512(privateKey, MAPPER.writeValueAsString(Map.of("success", "true", "status", "rejected", "channel", UUID.randomUUID().toString(), "response_code", "approved")).getBytes(StandardCharsets.UTF_8), Map.of()), StandardCharsets.UTF_8))).getBytes(StandardCharsets.UTF_8), "Output"), HttpStatus.OK);
        try {
            mockWebServer.start();
            AccepttoMultifactorFetchChannelAction accepttoMultifactorFetchChannelAction = new AccepttoMultifactorFetchChannelAction(this.casProperties, this.mfaAccepttoDistributedSessionStore, publicKey);
            MockRequestContext mockRequestContext = new MockRequestContext();
            mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
            WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), mockRequestContext);
            RequestContextHolder.setRequestContext(mockRequestContext);
            Assertions.assertThrows(AuthenticationException.class, () -> {
                accepttoMultifactorFetchChannelAction.doExecute(mockRequestContext);
            });
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
