package org.apereo.cas.adaptors.rest;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.time.Clock;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Map;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import org.apache.commons.io.IOUtils;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.config.CasCoreAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationHandlersConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationMetadataConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationPolicyConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationPrincipalConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationSupportConfiguration;
import org.apereo.cas.config.CasCoreConfiguration;
import org.apereo.cas.config.CasCoreHttpConfiguration;
import org.apereo.cas.config.CasCoreNotificationsConfiguration;
import org.apereo.cas.config.CasCoreServicesAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreServicesConfiguration;
import org.apereo.cas.config.CasCoreTicketCatalogConfiguration;
import org.apereo.cas.config.CasCoreTicketIdGeneratorsConfiguration;
import org.apereo.cas.config.CasCoreTicketsConfiguration;
import org.apereo.cas.config.CasCoreUtilConfiguration;
import org.apereo.cas.config.CasCoreWebConfiguration;
import org.apereo.cas.config.CasPersonDirectoryConfiguration;
import org.apereo.cas.config.CasRestAuthenticationConfiguration;
import org.apereo.cas.config.support.CasWebApplicationServiceFactoryConfiguration;
import org.apereo.cas.logout.config.CasCoreLogoutConfiguration;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.aop.AopAutoConfiguration;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
import org.springframework.core.io.ClassPathResource;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.scheduling.annotation.EnableScheduling;
import org.springframework.test.web.client.ExpectedCount;
import org.springframework.test.web.client.MockRestServiceServer;
import org.springframework.test.web.client.ResponseActions;
import org.springframework.test.web.client.match.MockRestRequestMatchers;
import org.springframework.test.web.client.response.MockRestResponseCreators;
import org.springframework.transaction.annotation.EnableTransactionManagement;
import org.springframework.web.client.RestTemplate;

@Tag("RestfulApi")
@EnableScheduling
@EnableAspectJAutoProxy(proxyTargetClass = true)
@SpringBootTest(classes = {CasRestAuthenticationConfiguration.class, CasCoreAuthenticationConfiguration.class, AopAutoConfiguration.class, CasCoreServicesAuthenticationConfiguration.class, CasCoreAuthenticationPrincipalConfiguration.class, CasCoreAuthenticationPolicyConfiguration.class, CasCoreAuthenticationMetadataConfiguration.class, CasCoreAuthenticationSupportConfiguration.class, CasCoreAuthenticationHandlersConfiguration.class, CasCoreHttpConfiguration.class, CasCoreWebConfiguration.class, CasWebApplicationServiceFactoryConfiguration.class, CasCoreTicketCatalogConfiguration.class, CasCoreTicketsConfiguration.class, CasCoreServicesConfiguration.class, RefreshAutoConfiguration.class, CasPersonDirectoryConfiguration.class, CasCoreTicketIdGeneratorsConfiguration.class, CasCoreUtilConfiguration.class, CasCoreLogoutConfiguration.class, CasCoreNotificationsConfiguration.class, CasCoreConfiguration.class}, properties = {"cas.authn.rest.uri=http://localhost:8081/authn"})
@EnableTransactionManagement(proxyTargetClass = true)
/* loaded from: input_file:org/apereo/cas/adaptors/rest/RestAuthenticationHandlerTests.class */
public class RestAuthenticationHandlerTests {
    private static final ObjectMapper MAPPER = new ObjectMapper().findAndRegisterModules();

    @Autowired
    @Qualifier("restAuthenticationHandler")
    private AuthenticationHandler authenticationHandler;

    @Autowired
    @Qualifier("restAuthenticationTemplate")
    private RestTemplate restAuthenticationTemplate;
    private ResponseActions server;

    @BeforeEach
    public void initialize() {
        this.server = MockRestServiceServer.bindTo(this.restAuthenticationTemplate).build().expect(ExpectedCount.manyTimes(), MockRestRequestMatchers.requestTo("http://localhost:8081/authn")).andExpect(MockRestRequestMatchers.method(HttpMethod.POST));
    }

    @Test
    public void verifySuccess() throws Exception {
        Principal createPrincipal = PrincipalFactoryUtils.newPrincipalFactory().createPrincipal("casuser");
        StringWriter stringWriter = new StringWriter();
        MAPPER.writeValue(stringWriter, createPrincipal);
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add("X-CAS-PasswordExpirationDate", DateTimeFormatter.RFC_1123_DATE_TIME.withZone(ZoneOffset.UTC).format(Instant.now(Clock.systemUTC()).plus(10L, (TemporalUnit) ChronoUnit.DAYS)));
        httpHeaders.add("X-CAS-Warning", "warning1");
        httpHeaders.add("X-CAS-Warning", "warning2");
        this.server.andRespond(MockRestResponseCreators.withSuccess(stringWriter.toString(), MediaType.APPLICATION_JSON).headers(httpHeaders));
        Assertions.assertEquals("casuser", this.authenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword()).getPrincipal().getId());
    }

    @Test
    public void verifyNoPrincipal() {
        this.server.andRespond(MockRestResponseCreators.withSuccess("", MediaType.APPLICATION_JSON));
        Assertions.assertThrows(FailedLoginException.class, () -> {
            this.authenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword());
        });
    }

    @Test
    public void verifySuccessRaw() throws Exception {
        this.server.andRespond(MockRestResponseCreators.withSuccess(IOUtils.toString(new ClassPathResource("rest-authn-response.json").getInputStream(), StandardCharsets.UTF_8), MediaType.APPLICATION_JSON));
        AuthenticationHandlerExecutionResult authenticate = this.authenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword());
        Assertions.assertEquals("casuser", authenticate.getPrincipal().getId());
        Map attributes = authenticate.getPrincipal().getAttributes();
        Assertions.assertEquals(6, attributes.size());
        Assertions.assertTrue(attributes.containsKey("mail"));
        Assertions.assertTrue(attributes.containsKey("givenName"));
        Assertions.assertTrue(attributes.containsKey("displayName"));
        Assertions.assertTrue(attributes.containsKey("eduPersonAffiliation"));
    }

    @Test
    public void verifyDisabledAccount() {
        this.server.andRespond(MockRestResponseCreators.withStatus(HttpStatus.FORBIDDEN).contentType(MediaType.APPLICATION_JSON));
        Assertions.assertThrows(AccountDisabledException.class, () -> {
            this.authenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword());
        });
    }

    @Test
    public void verifyUnauthorized() {
        this.server.andRespond(MockRestResponseCreators.withStatus(HttpStatus.UNAUTHORIZED));
        Assertions.assertThrows(FailedLoginException.class, () -> {
            this.authenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword());
        });
    }

    @Test
    public void verifyOther() {
        this.server.andRespond(MockRestResponseCreators.withStatus(HttpStatus.REQUEST_TIMEOUT));
        Assertions.assertThrows(FailedLoginException.class, () -> {
            this.authenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword());
        });
    }

    @Test
    public void verifyLocked() {
        this.server.andRespond(MockRestResponseCreators.withStatus(HttpStatus.LOCKED));
        Assertions.assertThrows(AccountLockedException.class, () -> {
            this.authenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword());
        });
    }

    @Test
    public void verifyConditionReq() {
        this.server.andRespond(MockRestResponseCreators.withStatus(HttpStatus.PRECONDITION_REQUIRED));
        Assertions.assertThrows(AccountPasswordMustChangeException.class, () -> {
            this.authenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword());
        });
    }

    @Test
    public void verifyConditionFail() {
        this.server.andRespond(MockRestResponseCreators.withStatus(HttpStatus.PRECONDITION_FAILED));
        Assertions.assertThrows(AccountExpiredException.class, () -> {
            this.authenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword());
        });
    }

    @Test
    public void verifyNotFound() {
        this.server.andRespond(MockRestResponseCreators.withStatus(HttpStatus.NOT_FOUND));
        Assertions.assertThrows(AccountNotFoundException.class, () -> {
            this.authenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword());
        });
    }
}
