package pl.edu.icm.unity.engine.session;

import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.util.Collections;
import java.util.List;
import org.assertj.core.api.Assertions;
import org.junit.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import pl.edu.icm.unity.engine.DBIntegrationTestBase;
import pl.edu.icm.unity.engine.api.authn.AuthenticationFlow;
import pl.edu.icm.unity.engine.api.authn.AuthenticatorInstance;
import pl.edu.icm.unity.engine.api.authn.CredentialRetrieval;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;
import pl.edu.icm.unity.engine.api.session.AdditionalAuthenticationRequiredException;
import pl.edu.icm.unity.engine.api.session.SessionManagement;
import pl.edu.icm.unity.stdext.credential.pass.PasswordToken;
import pl.edu.icm.unity.types.authn.AuthenticationFlowDefinition;
import pl.edu.icm.unity.types.authn.AuthenticationOptionKey;
import pl.edu.icm.unity.types.authn.AuthenticationPolicyConfiguration;
import pl.edu.icm.unity.types.authn.AuthenticatorInstanceMetadata;
import pl.edu.icm.unity.types.basic.EntityParam;
import pl.edu.icm.unity.types.basic.IdentityTaV;

/* loaded from: input_file:pl/edu/icm/unity/engine/session/AdditionalAuthenticationIntegrationTest.class */
public class AdditionalAuthenticationIntegrationTest extends DBIntegrationTestBase {

    @Autowired
    protected SessionManagement sessionMan;

    @Test
    public void shouldNotRequireAdditionalAuthnAfterItIsPerformedForCredChange() throws Exception {
        setupPasswordAuthn();
        setupPasswordAndCertAuthn();
        createCertUserNoPassword("Regular User");
        setupUserContext(this.sessionMan, this.identityResolver, "user2", null, getEndpointFlows());
        EntityParam entityParam = new EntityParam(new IdentityTaV("userName", "user2"));
        this.eCredMan.setEntityCredential(entityParam, "credential1", new PasswordToken("qw!Erty").toJson());
        this.sessionMan.recordAdditionalAuthentication(InvocationContext.getCurrent().getLoginSession().getId(), AuthenticationOptionKey.authenticatorOnlyKey("authenticator1"));
        this.eCredMan.setEntityCredential(entityParam, "credential1", new PasswordToken("qw!Erty2").toJson());
    }

    @Test
    public void shouldRequireAdditionalAuthnForCredChange() throws Exception {
        setupPasswordAuthn();
        setupPasswordAndCertAuthn();
        createCertUserNoPassword("Regular User");
        setupUserContext(this.sessionMan, this.identityResolver, "user2", null, getEndpointFlows());
        EntityParam entityParam = new EntityParam(new IdentityTaV("userName", "user2"));
        this.eCredMan.setEntityCredential(entityParam, "credential1", new PasswordToken("qw!Erty").toJson());
        Assertions.assertThat(Assertions.catchThrowable(() -> {
            this.eCredMan.setEntityCredential(entityParam, "credential1", new PasswordToken("qw!Erty2").toJson());
        })).isInstanceOf(AdditionalAuthenticationRequiredException.class);
    }

    private List<AuthenticationFlow> getEndpointFlows() {
        AuthenticatorInstanceMetadata authenticatorInstanceMetadata = (AuthenticatorInstanceMetadata) Mockito.mock(AuthenticatorInstanceMetadata.class);
        Mockito.when(authenticatorInstanceMetadata.getLocalCredentialName()).thenReturn("credential1");
        Mockito.when(authenticatorInstanceMetadata.getId()).thenReturn("authenticator1");
        CredentialRetrieval credentialRetrieval = (CredentialRetrieval) Mockito.mock(CredentialRetrieval.class);
        Mockito.when(Boolean.valueOf(credentialRetrieval.requiresRedirect())).thenReturn(false);
        AuthenticatorInstance authenticatorInstance = (AuthenticatorInstance) Mockito.mock(AuthenticatorInstance.class);
        Mockito.when(authenticatorInstance.getMetadata()).thenReturn(authenticatorInstanceMetadata);
        Mockito.when(authenticatorInstance.getRetrieval()).thenReturn(credentialRetrieval);
        return Lists.newArrayList(new AuthenticationFlow[]{new AuthenticationFlow("flow", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new AuthenticatorInstance[]{authenticatorInstance}), Collections.emptyList(), (AuthenticationPolicyConfiguration) null, 1L)});
    }
}
