package org.apereo.cas.syncope.authentication;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Date;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.config.CasCoreAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationPrincipalConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationSupportConfiguration;
import org.apereo.cas.config.CasCoreConfiguration;
import org.apereo.cas.config.CasCoreHttpConfiguration;
import org.apereo.cas.config.CasCoreNotificationsConfiguration;
import org.apereo.cas.config.CasCoreServicesConfiguration;
import org.apereo.cas.config.CasCoreTicketCatalogConfiguration;
import org.apereo.cas.config.CasCoreTicketIdGeneratorsConfiguration;
import org.apereo.cas.config.CasCoreTicketsConfiguration;
import org.apereo.cas.config.CasCoreUtilConfiguration;
import org.apereo.cas.config.CasCoreWebConfiguration;
import org.apereo.cas.config.CasPersonDirectoryTestConfiguration;
import org.apereo.cas.config.SyncopeAuthenticationConfiguration;
import org.apereo.cas.config.support.CasWebApplicationServiceFactoryConfiguration;
import org.apereo.cas.logout.config.CasCoreLogoutConfiguration;
import org.apereo.cas.util.MockWebServer;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.parallel.ResourceLock;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.mail.MailSenderAutoConfiguration;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.core.io.ByteArrayResource;

@Tag("AuthenticationHandler")
@SpringBootTest(classes = {RefreshAutoConfiguration.class, MailSenderAutoConfiguration.class, SyncopeAuthenticationConfiguration.class, CasCoreServicesConfiguration.class, CasCoreAuthenticationConfiguration.class, CasCoreAuthenticationSupportConfiguration.class, CasCoreAuthenticationPrincipalConfiguration.class, CasCoreHttpConfiguration.class, CasCoreWebConfiguration.class, CasCoreUtilConfiguration.class, CasCoreNotificationsConfiguration.class, CasCoreTicketsConfiguration.class, CasCoreTicketCatalogConfiguration.class, CasCoreTicketIdGeneratorsConfiguration.class, CasWebApplicationServiceFactoryConfiguration.class, CasCoreLogoutConfiguration.class, CasCoreConfiguration.class, CasPersonDirectoryTestConfiguration.class}, properties = {"cas.authn.syncope.url=http://localhost:8095"})
@ResourceLock("Syncope")
/* loaded from: input_file:org/apereo/cas/syncope/authentication/SyncopeAuthenticationHandlerTests.class */
public class SyncopeAuthenticationHandlerTests {
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(true).build().toObjectMapper();

    @Autowired
    @Qualifier("syncopeAuthenticationHandler")
    private AuthenticationHandler syncopeAuthenticationHandler;

    @Test
    public void verifyHandlerPasses() {
        ObjectNode createObjectNode = MAPPER.createObjectNode();
        createObjectNode.put("username", "casuser");
        createObjectNode.putArray("roles").add("role1");
        createObjectNode.putArray("dynRoles").add("DynRole1");
        createObjectNode.putArray("dynRealms").add("Realm1");
        createObjectNode.putArray("memberships").add(MAPPER.createObjectNode().put("groupName", "G1"));
        createObjectNode.putArray("dynMemberships").add(MAPPER.createObjectNode().put("groupName", "G1"));
        createObjectNode.putArray("relationships").add(MAPPER.createObjectNode().put("type", "T1").put("otherEndName", "Other1"));
        ObjectNode createObjectNode2 = MAPPER.createObjectNode();
        createObjectNode2.put("schema", "S1");
        createObjectNode2.putArray("values").add("V1");
        createObjectNode.putArray("plainAttrs").add(createObjectNode2);
        ObjectNode createObjectNode3 = MAPPER.createObjectNode();
        createObjectNode3.put("schema", "S2");
        createObjectNode3.putArray("values").add("V2");
        createObjectNode.putArray("derAttrs").add(createObjectNode3);
        ObjectNode createObjectNode4 = MAPPER.createObjectNode();
        createObjectNode4.put("schema", "S3");
        createObjectNode4.putArray("values").add("V3");
        createObjectNode.putArray("virAttrs").add(createObjectNode4);
        createObjectNode.put("securityQuestion", "Q1");
        createObjectNode.put("status", "OK");
        createObjectNode.put("realm", "Master");
        createObjectNode.put("creator", "admin");
        createObjectNode.put("creationDate", new Date().toString());
        createObjectNode.put("changePwdDate", new Date().toString());
        createObjectNode.put("lastLoginDate", new Date().toString());
        MockWebServer startMockSever = startMockSever(createObjectNode);
        try {
            Assertions.assertDoesNotThrow(() -> {
                return this.syncopeAuthenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("casuser", "password"));
            });
            if (Collections.singletonList(startMockSever).get(0) != null) {
                startMockSever.stop();
            }
        } catch (Throwable th) {
            if (Collections.singletonList(startMockSever).get(0) != null) {
                startMockSever.stop();
            }
            throw th;
        }
    }

    @Test
    public void verifyHandlerMustChangePassword() {
        ObjectNode createObjectNode = MAPPER.createObjectNode();
        createObjectNode.put("username", "casuser");
        createObjectNode.put("mustChangePassword", true);
        MockWebServer startMockSever = startMockSever(createObjectNode);
        try {
            Assertions.assertThrows(AccountPasswordMustChangeException.class, () -> {
                this.syncopeAuthenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("casuser", "password"));
            });
        } finally {
            if (Collections.singletonList(startMockSever).get(0) != null) {
                startMockSever.stop();
            }
        }
    }

    @Test
    public void verifyHandlerSuspended() {
        ObjectNode createObjectNode = MAPPER.createObjectNode();
        createObjectNode.put("username", "casuser");
        createObjectNode.put("suspended", true);
        MockWebServer startMockSever = startMockSever(createObjectNode);
        try {
            Assertions.assertThrows(AccountDisabledException.class, () -> {
                this.syncopeAuthenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("casuser", "password"));
            });
        } finally {
            if (Collections.singletonList(startMockSever).get(0) != null) {
                startMockSever.stop();
            }
        }
    }

    private static MockWebServer startMockSever(JsonNode jsonNode) {
        MockWebServer mockWebServer = new MockWebServer(8095, new ByteArrayResource(MAPPER.writeValueAsString(jsonNode).getBytes(StandardCharsets.UTF_8), "REST Output"), "application/json");
        mockWebServer.start();
        return mockWebServer;
    }
}
