package org.apereo.cas.adaptors.rest;

import java.time.Clock;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.HashMap;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.config.CasCoreAuthenticationAutoConfiguration;
import org.apereo.cas.config.CasCoreAutoConfiguration;
import org.apereo.cas.config.CasCoreLogoutAutoConfiguration;
import org.apereo.cas.config.CasCoreNotificationsAutoConfiguration;
import org.apereo.cas.config.CasCoreServicesAutoConfiguration;
import org.apereo.cas.config.CasCoreTicketsAutoConfiguration;
import org.apereo.cas.config.CasCoreUtilAutoConfiguration;
import org.apereo.cas.config.CasCoreWebAutoConfiguration;
import org.apereo.cas.config.CasPersonDirectoryAutoConfiguration;
import org.apereo.cas.config.CasRestAuthenticationAutoConfiguration;
import org.apereo.cas.util.MockWebServer;
import org.apereo.cas.util.spring.beans.BeanContainer;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.aop.AopAutoConfiguration;
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.http.HttpStatus;

@Tag("RestfulApiAuthentication")
@SpringBootTest(classes = {CasRestAuthenticationAutoConfiguration.class, AopAutoConfiguration.class, CasCoreServicesAutoConfiguration.class, CasCoreAuthenticationAutoConfiguration.class, CasCoreWebAutoConfiguration.class, CasCoreTicketsAutoConfiguration.class, RefreshAutoConfiguration.class, WebMvcAutoConfiguration.class, CasPersonDirectoryAutoConfiguration.class, CasCoreUtilAutoConfiguration.class, CasCoreLogoutAutoConfiguration.class, CasCoreNotificationsAutoConfiguration.class, CasCoreAutoConfiguration.class}, properties = {"cas.authn.rest[0].uri=http://localhost:8081/authn"})
/* loaded from: input_file:org/apereo/cas/adaptors/rest/RestAuthenticationHandlerTests.class */
class RestAuthenticationHandlerTests {

    @Autowired
    @Qualifier("restAuthenticationHandler")
    private BeanContainer<AuthenticationHandler> authenticationHandler;

    RestAuthenticationHandlerTests() {
    }

    private AuthenticationHandler getFirstHandler() {
        return (AuthenticationHandler) this.authenticationHandler.first();
    }

    @Test
    void verifySuccess() throws Throwable {
        String format = DateTimeFormatter.RFC_1123_DATE_TIME.withZone(ZoneOffset.UTC).format(Instant.now(Clock.systemUTC()).plus(10L, (TemporalUnit) ChronoUnit.DAYS));
        HashMap hashMap = new HashMap();
        hashMap.put("X-CAS-PasswordExpirationDate", format);
        hashMap.put("X-CAS-Warning", "warning1");
        MockWebServer mockWebServer = new MockWebServer(8081, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal("casuser"), hashMap, HttpStatus.OK);
        try {
            mockWebServer.start();
            Assertions.assertEquals("casuser", getFirstHandler().authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword(), (Service) Mockito.mock(Service.class)).getPrincipal().getId());
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    void verifyNoPrincipal() throws Throwable {
        MockWebServer mockWebServer = new MockWebServer(8081, "");
        try {
            mockWebServer.start();
            Assertions.assertThrows(FailedLoginException.class, () -> {
                getFirstHandler().authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword(), (Service) Mockito.mock(Service.class));
            });
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    void verifyDisabledAccount() throws Throwable {
        MockWebServer mockWebServer = new MockWebServer(8081, HttpStatus.FORBIDDEN);
        try {
            mockWebServer.start();
            Assertions.assertThrows(AccountDisabledException.class, () -> {
                getFirstHandler().authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword(), (Service) Mockito.mock(Service.class));
            });
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    void verifyUnauthorized() throws Throwable {
        MockWebServer mockWebServer = new MockWebServer(8081, HttpStatus.UNAUTHORIZED);
        try {
            mockWebServer.start();
            Assertions.assertThrows(FailedLoginException.class, () -> {
                getFirstHandler().authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword(), (Service) Mockito.mock(Service.class));
            });
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    void verifyOther() throws Throwable {
        MockWebServer mockWebServer = new MockWebServer(8081, HttpStatus.REQUEST_TIMEOUT);
        try {
            mockWebServer.start();
            Assertions.assertThrows(FailedLoginException.class, () -> {
                getFirstHandler().authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword(), (Service) Mockito.mock(Service.class));
            });
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    void verifyLocked() throws Throwable {
        MockWebServer mockWebServer = new MockWebServer(8081, HttpStatus.LOCKED);
        try {
            mockWebServer.start();
            Assertions.assertThrows(AccountLockedException.class, () -> {
                getFirstHandler().authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword(), (Service) Mockito.mock(Service.class));
            });
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    void verifyConditionReq() throws Throwable {
        MockWebServer mockWebServer = new MockWebServer(8081, HttpStatus.PRECONDITION_REQUIRED);
        try {
            mockWebServer.start();
            Assertions.assertThrows(AccountPasswordMustChangeException.class, () -> {
                getFirstHandler().authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword(), (Service) Mockito.mock(Service.class));
            });
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    void verifyConditionFail() throws Throwable {
        MockWebServer mockWebServer = new MockWebServer(8081, HttpStatus.PRECONDITION_FAILED);
        try {
            mockWebServer.start();
            Assertions.assertThrows(AccountExpiredException.class, () -> {
                getFirstHandler().authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword(), (Service) Mockito.mock(Service.class));
            });
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    void verifyNotFound() throws Throwable {
        MockWebServer mockWebServer = new MockWebServer(8081, HttpStatus.NOT_FOUND);
        try {
            mockWebServer.start();
            Assertions.assertThrows(AccountNotFoundException.class, () -> {
                getFirstHandler().authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword(), (Service) Mockito.mock(Service.class));
            });
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
