package pl.edu.icm.unity.engine.authn;

import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import org.assertj.core.api.Assertions;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import pl.edu.icm.unity.engine.DBIntegrationTestBase;
import pl.edu.icm.unity.engine.api.AuthenticationFlowManagement;
import pl.edu.icm.unity.engine.api.AuthenticatorManagement;
import pl.edu.icm.unity.engine.endpoint.InternalEndpointManagement;
import pl.edu.icm.unity.engine.mock.MockEndpoint;
import pl.edu.icm.unity.engine.mock.MockPasswordVerificatorFactory;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.exceptions.IllegalCredentialException;
import pl.edu.icm.unity.types.I18nString;
import pl.edu.icm.unity.types.authn.AuthenticationFlowDefinition;
import pl.edu.icm.unity.types.authn.AuthenticationRealm;
import pl.edu.icm.unity.types.authn.AuthenticatorInfo;
import pl.edu.icm.unity.types.authn.AuthenticatorTypeDescription;
import pl.edu.icm.unity.types.authn.RememberMePolicy;
import pl.edu.icm.unity.types.basic.EntityParam;
import pl.edu.icm.unity.types.basic.EntityState;
import pl.edu.icm.unity.types.basic.IdentityParam;
import pl.edu.icm.unity.types.endpoint.EndpointConfiguration;
import pl.edu.icm.unity.types.endpoint.EndpointTypeDescription;
import pl.edu.icm.unity.types.endpoint.ResolvedEndpoint;

/* loaded from: input_file:pl/edu/icm/unity/engine/authn/AuthenticatorManagementTest.class */
public class AuthenticatorManagementTest extends DBIntegrationTestBase {

    @Autowired
    private AuthenticatorManagement authnMan;

    @Autowired
    private AuthenticationFlowManagement authnFlowMan;

    @Autowired
    private InternalEndpointManagement internalEndpointMan;

    @Autowired
    private AuthenticatorsRegistry authenticatorsReg;

    @Test
    public void shouldFailAuthenticationWithIncorrectPassword() throws Exception {
        super.setupMockAuthn();
        createRealmEndpointAndAuthenticator();
        this.eCredMan.setEntityCredential(new EntityParam(this.idsMan.addEntity(new IdentityParam("x500Name", "CN=foo"), "crMock", EntityState.valid)), "credential1", "wrongpassword");
        MockEndpoint mockEndpoint = (MockEndpoint) this.internalEndpointMan.getDeployedEndpoints().iterator().next();
        Assertions.assertThat(Assertions.catchThrowable(() -> {
            mockEndpoint.authenticate();
        })).isInstanceOf(IllegalCredentialException.class);
    }

    @Test
    public void shouldAuthenticateWithCorrectPassword() throws Exception {
        super.setupMockAuthn();
        createRealmEndpointAndAuthenticator();
        EntityParam entityParam = new EntityParam(this.idsMan.addEntity(new IdentityParam("x500Name", "CN=foo"), "crMock", EntityState.valid));
        MockEndpoint mockEndpoint = (MockEndpoint) this.internalEndpointMan.getDeployedEndpoints().iterator().next();
        this.eCredMan.setEntityCredential(entityParam, "credential1", "bar");
        Assert.assertEquals(mockEndpoint.authenticate().longValue(), this.idsMan.getEntity(entityParam).getId().longValue());
    }

    private void createRealmEndpointAndAuthenticator() throws Exception {
        this.authnMan.createAuthenticator("auth1", ((AuthenticatorTypeDescription) this.authenticatorsReg.getAuthenticatorTypesByBinding("web").iterator().next()).getVerificationMethod(), "bbb", "credential1");
        this.authnFlowMan.addAuthenticationFlow(new AuthenticationFlowDefinition("flow1", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new String[]{"auth1"})));
        AuthenticationRealm authenticationRealm = new AuthenticationRealm("testr", "", 10, 10, RememberMePolicy.disallow, 1, 600);
        this.realmsMan.addRealm(authenticationRealm);
        this.endpointMan.deploy(MockEndpoint.NAME, "endpoint1", "/foo", new EndpointConfiguration(new I18nString("endpoint1"), "desc", Collections.singletonList("flow1"), "", authenticationRealm.getName()));
    }

    @Test(expected = IllegalArgumentException.class)
    public void shouldThrowExceptionWhenAddAuthFlowWithMissingAuthenticator() throws EngineException {
        this.authnFlowMan.addAuthenticationFlow(new AuthenticationFlowDefinition("flow1", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new String[]{MockEndpoint.WRONG_CONFIG})));
    }

    @Test
    public void shouldReturnAllAuthnTypes() throws Exception {
        Assert.assertEquals(1L, this.authenticatorsReg.getAuthenticatorTypesByBinding("web").size());
        Set authenticatorTypes = this.authenticatorsReg.getAuthenticatorTypes();
        Assert.assertEquals(1L, authenticatorTypes.size());
        AuthenticatorTypeDescription authenticatorTypeDescription = (AuthenticatorTypeDescription) authenticatorTypes.iterator().next();
        Assert.assertEquals(true, Boolean.valueOf(authenticatorTypeDescription.isLocal()));
        Assert.assertEquals(MockPasswordVerificatorFactory.ID, authenticatorTypeDescription.getVerificationMethod());
    }

    @Test
    public void shouldReturnCreatedAuthenticator() throws Exception {
        super.setupMockAuthn();
        AuthenticatorTypeDescription authenticatorTypeDescription = (AuthenticatorTypeDescription) this.authenticatorsReg.getAuthenticatorTypesByBinding("web").iterator().next();
        this.authnMan.createAuthenticator("auth0", authenticatorTypeDescription.getVerificationMethod(), "CONFIG", "credential1");
        Collection authenticators = this.authnMan.getAuthenticators("web");
        Assert.assertEquals(1L, authenticators.size());
        AuthenticatorInfo authenticatorInfo = (AuthenticatorInfo) authenticators.iterator().next();
        Assert.assertThat(authenticatorInfo.getId(), CoreMatchers.is("auth0"));
        Assert.assertThat(authenticatorInfo.getTypeDescription(), CoreMatchers.is(authenticatorTypeDescription));
        Assert.assertThat(authenticatorInfo.getConfiguration(), CoreMatchers.is("CONFIG"));
        Assert.assertThat((String) authenticatorInfo.getLocalCredentialName().get(), CoreMatchers.is("credential1"));
        Assert.assertThat(authenticatorInfo.getSupportedBindings(), CoreMatchers.is(Sets.newHashSet(new String[]{"web", "web2"})));
    }

    @Test
    public void shouldReturnUpdatedAuthenticator() throws Exception {
        super.setupMockAuthn();
        AuthenticatorTypeDescription authenticatorTypeDescription = (AuthenticatorTypeDescription) this.authenticatorsReg.getAuthenticatorTypesByBinding("web").iterator().next();
        this.authnMan.createAuthenticator("auth1", authenticatorTypeDescription.getVerificationMethod(), "bbb", "credential1");
        this.authnMan.updateAuthenticator("auth1", "UPDATED", "credential1");
        Collection authenticators = this.authnMan.getAuthenticators("web");
        Assert.assertEquals(1L, authenticators.size());
        AuthenticatorInfo authenticatorInfo = (AuthenticatorInfo) authenticators.iterator().next();
        Assert.assertThat(authenticatorInfo.getId(), CoreMatchers.is("auth1"));
        Assert.assertThat(authenticatorInfo.getTypeDescription(), CoreMatchers.is(authenticatorTypeDescription));
        Assert.assertThat(authenticatorInfo.getConfiguration(), CoreMatchers.is("UPDATED"));
        Assert.assertThat((String) authenticatorInfo.getLocalCredentialName().get(), CoreMatchers.is("credential1"));
        Assert.assertThat(authenticatorInfo.getSupportedBindings(), CoreMatchers.is(Sets.newHashSet(new String[]{"web", "web2"})));
    }

    @Test
    public void shouldReturnAddedFlow() throws Exception {
        super.setupMockAuthn();
        this.authnMan.createAuthenticator("auth0", ((AuthenticatorTypeDescription) this.authenticatorsReg.getAuthenticatorTypesByBinding("web").iterator().next()).getVerificationMethod(), "aaa", "credential1");
        this.authnFlowMan.addAuthenticationFlow(new AuthenticationFlowDefinition("flow1", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new String[]{"auth0"})));
        Collection authenticationFlows = this.authnFlowMan.getAuthenticationFlows();
        Assert.assertThat(Integer.valueOf(authenticationFlows.size()), CoreMatchers.is(1));
        AuthenticationFlowDefinition authenticationFlowDefinition = (AuthenticationFlowDefinition) authenticationFlows.iterator().next();
        Assert.assertThat(authenticationFlowDefinition.getFirstFactorAuthenticators(), CoreMatchers.is(Sets.newHashSet(new String[]{"auth0"})));
        Assert.assertThat(authenticationFlowDefinition.getPolicy(), CoreMatchers.is(AuthenticationFlowDefinition.Policy.NEVER));
    }

    @Test
    public void shouldReturnUpdatedFlow() throws Exception {
        super.setupMockAuthn();
        AuthenticatorTypeDescription authenticatorTypeDescription = (AuthenticatorTypeDescription) this.authenticatorsReg.getAuthenticatorTypesByBinding("web").iterator().next();
        this.authnMan.createAuthenticator("auth0", authenticatorTypeDescription.getVerificationMethod(), "aaa", "credential1");
        this.authnMan.createAuthenticator("auth1", authenticatorTypeDescription.getVerificationMethod(), "bbb", "credential1");
        this.authnFlowMan.addAuthenticationFlow(new AuthenticationFlowDefinition("flow1", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new String[]{"auth0"})));
        this.authnFlowMan.updateAuthenticationFlow(new AuthenticationFlowDefinition("flow1", AuthenticationFlowDefinition.Policy.REQUIRE, Sets.newHashSet(new String[]{"auth1"})));
        Collection authenticationFlows = this.authnFlowMan.getAuthenticationFlows();
        Assert.assertThat(Integer.valueOf(authenticationFlows.size()), CoreMatchers.is(1));
        AuthenticationFlowDefinition authenticationFlowDefinition = (AuthenticationFlowDefinition) authenticationFlows.iterator().next();
        Assert.assertThat(authenticationFlowDefinition.getFirstFactorAuthenticators(), CoreMatchers.is(Sets.newHashSet(new String[]{"auth1"})));
        Assert.assertThat(authenticationFlowDefinition.getPolicy(), CoreMatchers.is(AuthenticationFlowDefinition.Policy.REQUIRE));
    }

    @Test
    public void shouldNotRemoveUsedAutheticatorOrFlow() throws Exception {
        super.setupMockAuthn();
        AuthenticationRealm authenticationRealm = new AuthenticationRealm("testr", "", 10, 10, RememberMePolicy.disallow, 1, 600);
        this.realmsMan.addRealm(authenticationRealm);
        AuthenticatorInfo createAuthenticator = this.authnMan.createAuthenticator("auth0", ((AuthenticatorTypeDescription) this.authenticatorsReg.getAuthenticatorTypesByBinding("web").iterator().next()).getVerificationMethod(), "bbb", "credential1");
        this.authnFlowMan.addAuthenticationFlow(new AuthenticationFlowDefinition("flow1", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new String[]{"auth0"})));
        List endpointTypes = this.endpointMan.getEndpointTypes();
        Assert.assertEquals(1L, endpointTypes.size());
        this.endpointMan.deploy(((EndpointTypeDescription) endpointTypes.get(0)).getName(), "endpoint1", "/foo", new EndpointConfiguration(new I18nString("endpoint1"), "desc", new ArrayList(), "", authenticationRealm.getName()));
        List deployedEndpoints = this.endpointMan.getDeployedEndpoints();
        Assert.assertEquals(1L, deployedEndpoints.size());
        this.endpointMan.updateEndpoint(((ResolvedEndpoint) deployedEndpoints.get(0)).getEndpoint().getName(), new EndpointConfiguration(new I18nString("ada"), "ada", Collections.singletonList("flow1"), "", authenticationRealm.getName()));
        Assert.assertThat(Integer.valueOf(((ResolvedEndpoint) this.endpointMan.getDeployedEndpoints().get(0)).getEndpoint().getConfiguration().getAuthenticationOptions().size()), CoreMatchers.is(1));
        try {
            this.authnMan.removeAuthenticator(createAuthenticator.getId());
            Assert.fail("Was able to remove a used authenticator");
        } catch (IllegalArgumentException e) {
        }
        try {
            this.authnFlowMan.removeAuthenticationFlow("flow1");
            Assert.fail("Was able to remove a used authentication flow");
        } catch (IllegalArgumentException e2) {
        }
        this.endpointMan.updateEndpoint(((ResolvedEndpoint) deployedEndpoints.get(0)).getEndpoint().getName(), new EndpointConfiguration(new I18nString("ada"), "ada", new ArrayList(), "", authenticationRealm.getName()));
        this.authnFlowMan.removeAuthenticationFlow("flow1");
        Assert.assertThat(Integer.valueOf(this.authnFlowMan.getAuthenticationFlows().size()), CoreMatchers.is(0));
        this.authnMan.removeAuthenticator(createAuthenticator.getId());
        Assert.assertThat(Integer.valueOf(this.authnMan.getAuthenticators((String) null).size()), CoreMatchers.is(0));
    }
}
