package pl.edu.icm.unity.engine.authn;

import java.io.IOException;
import java.util.Date;
import java.util.Optional;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import pl.edu.icm.unity.base.token.Token;
import pl.edu.icm.unity.engine.DBIntegrationTestBase;
import pl.edu.icm.unity.engine.api.authn.LoginSession;
import pl.edu.icm.unity.engine.api.authn.RememberMeProcessor;
import pl.edu.icm.unity.engine.api.authn.RememberMeToken;
import pl.edu.icm.unity.engine.api.authn.UnsuccessfulAuthenticationCounter;
import pl.edu.icm.unity.engine.api.token.TokensManagement;
import pl.edu.icm.unity.types.authn.AuthenticationOptionKey;
import pl.edu.icm.unity.types.authn.AuthenticationRealm;
import pl.edu.icm.unity.types.authn.RememberMePolicy;

/* loaded from: input_file:pl/edu/icm/unity/engine/authn/RememberMeTest.class */
public class RememberMeTest extends DBIntegrationTestBase {

    @Autowired
    RememberMeProcessor rememberMeProcessor;

    @Autowired
    TokensManagement tokenMan;

    private AuthenticationRealm getRealm(RememberMePolicy rememberMePolicy) {
        return new AuthenticationRealm("demo", "", 1, 1, rememberMePolicy, 1, 3);
    }

    private HttpServletRequest setupRequest(Cookie cookie) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getCookies()).thenReturn(new Cookie[]{cookie});
        return httpServletRequest;
    }

    private void addCookieAndToken(AuthenticationRealm authenticationRealm, HttpServletResponse httpServletResponse) {
        this.rememberMeProcessor.addRememberMeCookieAndUnityToken(httpServletResponse, authenticationRealm, new RememberMeToken.LoginMachineDetails("0.0.0.0", "OS", "Browser"), 1L, new Date(), new AuthenticationOptionKey("firstFactor", "o1"), new AuthenticationOptionKey("secondFactor", "o2"));
    }

    @Test
    public void shouldAddRememberMeCookieAndToken() {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Cookie.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        addCookieAndToken(getRealm(RememberMePolicy.allowForWholeAuthn), httpServletResponse);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).addCookie((Cookie) forClass.capture());
        Assert.assertThat(((Cookie) forClass.getValue()).getValue(), CoreMatchers.containsString("|"));
        String[] split = ((Cookie) forClass.getValue()).getValue().split("\\|");
        Assert.assertThat(Integer.valueOf(split.length), CoreMatchers.is(2));
        Token tokenById = this.tokenMan.getTokenById("rememberMe", split[0]);
        Assert.assertThat(tokenById, CoreMatchers.notNullValue());
        RememberMeToken instanceFromJson = RememberMeToken.getInstanceFromJson(tokenById.getContents());
        Assert.assertThat(instanceFromJson.getRememberMePolicy(), CoreMatchers.is(RememberMePolicy.allowForWholeAuthn));
        Assert.assertThat(Long.valueOf(instanceFromJson.getEntity()), CoreMatchers.is(1L));
        Assert.assertThat(instanceFromJson.getFirstFactorAuthnOptionId().getAuthenticatorKey(), CoreMatchers.is("firstFactor"));
        Assert.assertThat(instanceFromJson.getSecondFactorAuthnOptionId().getAuthenticatorKey(), CoreMatchers.is("secondFactor"));
        Assert.assertThat(instanceFromJson.getMachineDetails().getIp(), CoreMatchers.is("0.0.0.0"));
    }

    @Test
    public void shouldRemoveRememberMeCookieAndToken() {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Cookie.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        AuthenticationRealm realm = getRealm(RememberMePolicy.allowForWholeAuthn);
        addCookieAndToken(realm, httpServletResponse);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).addCookie((Cookie) forClass.capture());
        Assert.assertThat(((Cookie) forClass.getValue()).getValue(), CoreMatchers.notNullValue());
        Assert.assertThat(Integer.valueOf(this.tokenMan.getAllTokens("rememberMe").size()), CoreMatchers.is(1));
        Mockito.when(httpServletRequest.getCookies()).thenReturn(new Cookie[]{(Cookie) forClass.getValue()});
        this.rememberMeProcessor.removeRememberMeWithWholeAuthn(realm.getName(), httpServletRequest, httpServletResponse);
        Assert.assertThat(Integer.valueOf(this.tokenMan.getAllTokens("rememberMe").size()), CoreMatchers.is(0));
    }

    @Test
    public void shouldGetRememberedWholeAuthnLoginSession() {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Cookie.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        AuthenticationRealm realm = getRealm(RememberMePolicy.allowForWholeAuthn);
        addCookieAndToken(realm, httpServletResponse);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).addCookie((Cookie) forClass.capture());
        Optional processRememberedWholeAuthn = this.rememberMeProcessor.processRememberedWholeAuthn(setupRequest((Cookie) forClass.getValue()), httpServletResponse, "0.0.0.0", realm, new UnsuccessfulAuthenticationCounter(10, 10L));
        Assert.assertThat(Boolean.valueOf(processRememberedWholeAuthn.isPresent()), CoreMatchers.is(true));
        Assert.assertThat(((LoginSession) processRememberedWholeAuthn.get()).getLogin1stFactorOptionId().getAuthenticatorKey(), CoreMatchers.is("firstFactor"));
        Assert.assertThat(((LoginSession) processRememberedWholeAuthn.get()).getLogin2ndFactorOptionId().getAuthenticatorKey(), CoreMatchers.is("secondFactor"));
        Assert.assertThat(Boolean.valueOf(((LoginSession) processRememberedWholeAuthn.get()).getRememberMeInfo().firstFactorSkipped), CoreMatchers.is(true));
        Assert.assertThat(Boolean.valueOf(((LoginSession) processRememberedWholeAuthn.get()).getRememberMeInfo().secondFactorSkipped), CoreMatchers.is(true));
    }

    @Test
    public void shouldGetRememberedSecondFactorLoginSession() throws IOException, ServletException {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Cookie.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        AuthenticationRealm realm = getRealm(RememberMePolicy.allowFor2ndFactor);
        addCookieAndToken(realm, httpServletResponse);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).addCookie((Cookie) forClass.capture());
        Optional processRememberedSecondFactor = this.rememberMeProcessor.processRememberedSecondFactor(setupRequest((Cookie) forClass.getValue()), httpServletResponse, 1L, "0.0.0.0", realm, new UnsuccessfulAuthenticationCounter(10, 10L));
        Assert.assertThat(Boolean.valueOf(processRememberedSecondFactor.isPresent()), CoreMatchers.is(true));
        Assert.assertThat(((LoginSession) processRememberedSecondFactor.get()).getLogin1stFactorOptionId().getAuthenticatorKey(), CoreMatchers.is("firstFactor"));
        Assert.assertThat(((LoginSession) processRememberedSecondFactor.get()).getLogin2ndFactorOptionId().getAuthenticatorKey(), CoreMatchers.is("secondFactor"));
        Assert.assertThat(Boolean.valueOf(((LoginSession) processRememberedSecondFactor.get()).getRememberMeInfo().firstFactorSkipped), CoreMatchers.is(false));
        Assert.assertThat(Boolean.valueOf(((LoginSession) processRememberedSecondFactor.get()).getRememberMeInfo().secondFactorSkipped), CoreMatchers.is(true));
    }

    @Test
    public void shouldRemoveCookieIfRealmChange() {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Cookie.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        AuthenticationRealm realm = getRealm(RememberMePolicy.allowForWholeAuthn);
        addCookieAndToken(realm, httpServletResponse);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).addCookie((Cookie) forClass.capture());
        Cookie cookie = (Cookie) forClass.getValue();
        realm.setRememberMePolicy(RememberMePolicy.allowFor2ndFactor);
        HttpServletResponse httpServletResponse2 = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Assert.assertThat(Boolean.valueOf(this.rememberMeProcessor.processRememberedSecondFactor(setupRequest(cookie), httpServletResponse2, 1L, "0.0.0.0", realm, new UnsuccessfulAuthenticationCounter(10, 10L)).isPresent()), CoreMatchers.is(false));
        ArgumentCaptor forClass2 = ArgumentCaptor.forClass(Cookie.class);
        ((HttpServletResponse) Mockito.verify(httpServletResponse2)).addCookie((Cookie) forClass2.capture());
        Assert.assertThat(Integer.valueOf(((Cookie) forClass2.getValue()).getMaxAge()), CoreMatchers.is(0));
        Assert.assertThat(Integer.valueOf(this.tokenMan.getAllTokens("rememberMe").size()), CoreMatchers.is(0));
    }

    @Test
    public void shouldBlockMaliciousRememberAction() {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Cookie.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        UnsuccessfulAuthenticationCounter unsuccessfulAuthenticationCounter = (UnsuccessfulAuthenticationCounter) Mockito.mock(UnsuccessfulAuthenticationCounter.class);
        AuthenticationRealm realm = getRealm(RememberMePolicy.allowForWholeAuthn);
        addCookieAndToken(realm, httpServletResponse);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).addCookie((Cookie) forClass.capture());
        Cookie cookie = (Cookie) forClass.getValue();
        cookie.setValue(cookie.getValue() + "1");
        Assert.assertThat(Boolean.valueOf(this.rememberMeProcessor.processRememberedWholeAuthn(setupRequest(cookie), httpServletResponse, "0.0.0.0", realm, unsuccessfulAuthenticationCounter).isPresent()), CoreMatchers.is(false));
        ArgumentCaptor forClass2 = ArgumentCaptor.forClass(String.class);
        ((UnsuccessfulAuthenticationCounter) Mockito.verify(unsuccessfulAuthenticationCounter)).unsuccessfulAttempt((String) forClass2.capture());
        Assert.assertThat((String) forClass2.getValue(), CoreMatchers.is("0.0.0.0"));
        Assert.assertThat(Integer.valueOf(this.tokenMan.getAllTokens("rememberMe").size()), CoreMatchers.is(0));
    }
}
