package org.eclipse.hono.service.auth.device;

import io.opentracing.SpanContext;
import io.opentracing.noop.NoopTracerFactory;
import io.vertx.core.Future;
import io.vertx.core.Promise;
import io.vertx.core.Vertx;
import io.vertx.core.json.JsonObject;
import io.vertx.junit5.Timeout;
import io.vertx.junit5.VertxExtension;
import io.vertx.junit5.VertxTestContext;
import java.time.Instant;
import java.util.concurrent.TimeUnit;
import org.assertj.core.api.Assertions;
import org.eclipse.hono.auth.HonoPasswordEncoder;
import org.eclipse.hono.client.ClientErrorException;
import org.eclipse.hono.client.CredentialsClient;
import org.eclipse.hono.client.CredentialsClientFactory;
import org.eclipse.hono.config.ServiceConfigProperties;
import org.eclipse.hono.util.CredentialsObject;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

@Timeout(value = 5, timeUnit = TimeUnit.SECONDS)
@ExtendWith({VertxExtension.class})
/* loaded from: input_file:org/eclipse/hono/service/auth/device/UsernamePasswordAuthProviderTest.class */
public class UsernamePasswordAuthProviderTest {
    private static final String PWD = "the-secret";
    private static Vertx vertx;
    private UsernamePasswordCredentials deviceCredentials = UsernamePasswordCredentials.create("device@DEFAULT_TENANT", PWD, false);
    private UsernamePasswordAuthProvider provider;
    private CredentialsClientFactory credentialsClientFactory;
    private CredentialsClient credentialsClient;
    private HonoPasswordEncoder pwdEncoder;

    @BeforeAll
    public static void init() {
        vertx = Vertx.vertx();
    }

    @BeforeEach
    public void setUp() {
        this.credentialsClient = (CredentialsClient) Mockito.mock(CredentialsClient.class);
        this.credentialsClientFactory = (CredentialsClientFactory) Mockito.mock(CredentialsClientFactory.class);
        Mockito.when(this.credentialsClientFactory.getOrCreateCredentialsClient("DEFAULT_TENANT")).thenReturn(Future.succeededFuture(this.credentialsClient));
        this.pwdEncoder = (HonoPasswordEncoder) Mockito.mock(HonoPasswordEncoder.class);
        Mockito.when(Boolean.valueOf(this.pwdEncoder.matches((String) ArgumentMatchers.eq(PWD), (JsonObject) ArgumentMatchers.any(JsonObject.class)))).thenReturn(true);
        this.provider = new UsernamePasswordAuthProvider(this.credentialsClientFactory, this.pwdEncoder, new ServiceConfigProperties(), NoopTracerFactory.create());
        givenCredentialsOnRecord(CredentialsObject.fromClearTextPassword("4711", "device", PWD, (Instant) null, (Instant) null));
    }

    @Test
    public void testAuthenticateRequiresVertxContext(VertxTestContext vertxTestContext) {
        this.provider.authenticate(this.deviceCredentials, (SpanContext) null, vertxTestContext.failing(th -> {
            vertxTestContext.verify(() -> {
                Assertions.assertThat(th).isInstanceOf(IllegalStateException.class);
            });
            vertxTestContext.completeNow();
        }));
    }

    @Test
    public void testAuthenticateSucceedsWhenRunningOnVertxContext(VertxTestContext vertxTestContext) {
        Promise promise = Promise.promise();
        vertx.runOnContext(r7 -> {
            this.provider.authenticate(this.deviceCredentials, (SpanContext) null, promise);
        });
        promise.future().setHandler(vertxTestContext.succeeding(deviceUser -> {
            vertxTestContext.verify(() -> {
                Assertions.assertThat(deviceUser.getDeviceId()).isEqualTo("4711");
                Assertions.assertThat(deviceUser.getTenantId()).isEqualTo("DEFAULT_TENANT");
            });
            vertxTestContext.completeNow();
        }));
    }

    @Test
    public void testAuthenticateFailsForWrongCredentials(VertxTestContext vertxTestContext) {
        Mockito.when(Boolean.valueOf(this.pwdEncoder.matches((String) ArgumentMatchers.eq("wrong_pwd"), (JsonObject) ArgumentMatchers.any(JsonObject.class)))).thenReturn(false);
        Promise promise = Promise.promise();
        this.deviceCredentials = UsernamePasswordCredentials.create("device@DEFAULT_TENANT", "wrong_pwd", false);
        vertx.runOnContext(r7 -> {
            this.provider.authenticate(this.deviceCredentials, (SpanContext) null, promise);
        });
        promise.future().setHandler(vertxTestContext.failing(th -> {
            vertxTestContext.verify(() -> {
                Assertions.assertThat(((ClientErrorException) th).getErrorCode()).isEqualTo(401);
            });
            vertxTestContext.completeNow();
        }));
    }

    @Test
    public void testAuthenticateFailsIfNoSecretsAreValidAnymore(VertxTestContext vertxTestContext) {
        givenCredentialsOnRecord(CredentialsObject.fromClearTextPassword("4711", "device", PWD, (Instant) null, Instant.now().minusSeconds(120L)));
        Promise promise = Promise.promise();
        vertx.runOnContext(r7 -> {
            this.provider.authenticate(this.deviceCredentials, (SpanContext) null, promise);
        });
        promise.future().setHandler(vertxTestContext.failing(th -> {
            vertxTestContext.verify(() -> {
                Assertions.assertThat(((ClientErrorException) th).getErrorCode()).isEqualTo(401);
            });
            vertxTestContext.completeNow();
        }));
    }

    @Test
    public void testAuthenticateFailsIfNoSecretsAreValidYet(VertxTestContext vertxTestContext) {
        givenCredentialsOnRecord(CredentialsObject.fromClearTextPassword("4711", "device", PWD, Instant.now().plusSeconds(120L), (Instant) null));
        Promise promise = Promise.promise();
        vertx.runOnContext(r7 -> {
            this.provider.authenticate(this.deviceCredentials, (SpanContext) null, promise);
        });
        promise.future().setHandler(vertxTestContext.failing(th -> {
            vertxTestContext.verify(() -> {
                Assertions.assertThat(((ClientErrorException) th).getErrorCode()).isEqualTo(401);
            });
            vertxTestContext.completeNow();
        }));
    }

    private void givenCredentialsOnRecord(CredentialsObject credentialsObject) {
        Mockito.when(this.credentialsClient.get((String) ArgumentMatchers.eq("hashed-password"), (String) ArgumentMatchers.eq("device"), (JsonObject) ArgumentMatchers.any(), (SpanContext) ArgumentMatchers.any())).thenReturn(Future.succeededFuture(credentialsObject));
    }
}
