package pl.edu.icm.unity.engine.authn;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Date;
import java.util.Optional;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import pl.edu.icm.unity.base.authn.AuthenticationOptionKey;
import pl.edu.icm.unity.base.authn.AuthenticationRealm;
import pl.edu.icm.unity.base.authn.RememberMePolicy;
import pl.edu.icm.unity.base.token.Token;
import pl.edu.icm.unity.engine.DBIntegrationTestBase;
import pl.edu.icm.unity.engine.api.authn.DefaultUnsuccessfulAuthenticationCounter;
import pl.edu.icm.unity.engine.api.authn.LoginSession;
import pl.edu.icm.unity.engine.api.authn.RememberMeProcessor;
import pl.edu.icm.unity.engine.api.authn.RememberMeToken;
import pl.edu.icm.unity.engine.api.authn.UnsuccessfulAccessCounter;
import pl.edu.icm.unity.engine.api.token.TokensManagement;

/* loaded from: input_file:pl/edu/icm/unity/engine/authn/RememberMeTest.class */
public class RememberMeTest extends DBIntegrationTestBase {

    @Autowired
    RememberMeProcessor rememberMeProcessor;

    @Autowired
    TokensManagement tokenMan;

    private AuthenticationRealm getRealm(RememberMePolicy rememberMePolicy) {
        return new AuthenticationRealm("demo", "", 1, 1, rememberMePolicy, 1, 3);
    }

    private HttpServletRequest setupRequest(Cookie cookie) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getCookies()).thenReturn(new Cookie[]{cookie});
        return httpServletRequest;
    }

    private void addCookieAndToken(AuthenticationRealm authenticationRealm, HttpServletResponse httpServletResponse) {
        this.rememberMeProcessor.addRememberMeCookieAndUnityToken(httpServletResponse, authenticationRealm, new RememberMeToken.LoginMachineDetails("0.0.0.0", "OS", "Browser"), 1L, new Date(), new AuthenticationOptionKey("firstFactor", "o1"), new AuthenticationOptionKey("secondFactor", "o2"));
    }

    @Test
    public void shouldAddRememberMeCookieAndToken() {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Cookie.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        addCookieAndToken(getRealm(RememberMePolicy.allowForWholeAuthn), httpServletResponse);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).addCookie((Cookie) forClass.capture());
        Assertions.assertThat(((Cookie) forClass.getValue()).getValue()).containsSequence(new CharSequence[]{"|"});
        String[] split = ((Cookie) forClass.getValue()).getValue().split("\\|");
        Assertions.assertThat(split.length).isEqualTo(2);
        Token tokenById = this.tokenMan.getTokenById("rememberMe", split[0]);
        Assertions.assertThat(tokenById).isNotNull();
        RememberMeToken instanceFromJson = RememberMeToken.getInstanceFromJson(tokenById.getContents());
        Assertions.assertThat(instanceFromJson.getRememberMePolicy()).isEqualTo(RememberMePolicy.allowForWholeAuthn);
        Assertions.assertThat(instanceFromJson.getEntity()).isEqualTo(1L);
        Assertions.assertThat(instanceFromJson.getFirstFactorAuthnOptionId().getAuthenticatorKey()).isEqualTo("firstFactor");
        Assertions.assertThat(instanceFromJson.getSecondFactorAuthnOptionId().getAuthenticatorKey()).isEqualTo("secondFactor");
        Assertions.assertThat(instanceFromJson.getMachineDetails().getIp()).isEqualTo("0.0.0.0");
    }

    @Test
    public void shouldRemoveRememberMeCookieAndToken() {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Cookie.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        AuthenticationRealm realm = getRealm(RememberMePolicy.allowForWholeAuthn);
        addCookieAndToken(realm, httpServletResponse);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).addCookie((Cookie) forClass.capture());
        Assertions.assertThat(((Cookie) forClass.getValue()).getValue()).isNotNull();
        Assertions.assertThat(this.tokenMan.getAllTokens("rememberMe")).hasSize(1);
        Mockito.when(httpServletRequest.getCookies()).thenReturn(new Cookie[]{(Cookie) forClass.getValue()});
        this.rememberMeProcessor.removeRememberMeWithWholeAuthn(realm.getName(), httpServletRequest, httpServletResponse);
        Assertions.assertThat(this.tokenMan.getAllTokens("rememberMe")).hasSize(0);
    }

    @Test
    public void shouldGetRememberedWholeAuthnLoginSession() {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Cookie.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        AuthenticationRealm realm = getRealm(RememberMePolicy.allowForWholeAuthn);
        addCookieAndToken(realm, httpServletResponse);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).addCookie((Cookie) forClass.capture());
        Optional processRememberedWholeAuthn = this.rememberMeProcessor.processRememberedWholeAuthn(setupRequest((Cookie) forClass.getValue()), httpServletResponse, "0.0.0.0", realm, new DefaultUnsuccessfulAuthenticationCounter(10, 10L));
        Assertions.assertThat(processRememberedWholeAuthn.isPresent()).isEqualTo(true);
        Assertions.assertThat(((LoginSession) processRememberedWholeAuthn.get()).getLogin1stFactorOptionId().getAuthenticatorKey()).isEqualTo("firstFactor");
        Assertions.assertThat(((LoginSession) processRememberedWholeAuthn.get()).getLogin2ndFactorOptionId().getAuthenticatorKey()).isEqualTo("secondFactor");
        Assertions.assertThat(((LoginSession) processRememberedWholeAuthn.get()).getRememberMeInfo().firstFactorSkipped).isEqualTo(true);
        Assertions.assertThat(((LoginSession) processRememberedWholeAuthn.get()).getRememberMeInfo().secondFactorSkipped).isEqualTo(true);
    }

    @Test
    public void shouldGetRememberedSecondFactorLoginSession() throws IOException, ServletException {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Cookie.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        AuthenticationRealm realm = getRealm(RememberMePolicy.allowFor2ndFactor);
        addCookieAndToken(realm, httpServletResponse);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).addCookie((Cookie) forClass.capture());
        Optional processRememberedSecondFactor = this.rememberMeProcessor.processRememberedSecondFactor(setupRequest((Cookie) forClass.getValue()), httpServletResponse, 1L, "0.0.0.0", realm, new DefaultUnsuccessfulAuthenticationCounter(10, 10L));
        Assertions.assertThat(processRememberedSecondFactor.isPresent()).isEqualTo(true);
        Assertions.assertThat(((LoginSession) processRememberedSecondFactor.get()).getLogin1stFactorOptionId().getAuthenticatorKey()).isEqualTo("firstFactor");
        Assertions.assertThat(((LoginSession) processRememberedSecondFactor.get()).getLogin2ndFactorOptionId().getAuthenticatorKey()).isEqualTo("secondFactor");
        Assertions.assertThat(((LoginSession) processRememberedSecondFactor.get()).getRememberMeInfo().firstFactorSkipped).isEqualTo(false);
        Assertions.assertThat(((LoginSession) processRememberedSecondFactor.get()).getRememberMeInfo().secondFactorSkipped).isEqualTo(true);
    }

    @Test
    public void shouldRemoveCookieIfRealmChange() {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Cookie.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        AuthenticationRealm realm = getRealm(RememberMePolicy.allowForWholeAuthn);
        addCookieAndToken(realm, httpServletResponse);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).addCookie((Cookie) forClass.capture());
        Cookie cookie = (Cookie) forClass.getValue();
        realm.setRememberMePolicy(RememberMePolicy.allowFor2ndFactor);
        HttpServletResponse httpServletResponse2 = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Assertions.assertThat(this.rememberMeProcessor.processRememberedSecondFactor(setupRequest(cookie), httpServletResponse2, 1L, "0.0.0.0", realm, new DefaultUnsuccessfulAuthenticationCounter(10, 10L)).isPresent()).isEqualTo(false);
        ArgumentCaptor forClass2 = ArgumentCaptor.forClass(Cookie.class);
        ((HttpServletResponse) Mockito.verify(httpServletResponse2)).addCookie((Cookie) forClass2.capture());
        Assertions.assertThat(((Cookie) forClass2.getValue()).getMaxAge()).isEqualTo(0);
        Assertions.assertThat(this.tokenMan.getAllTokens("rememberMe")).isEmpty();
    }

    @Test
    public void shouldBlockMaliciousRememberAction() {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Cookie.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        UnsuccessfulAccessCounter unsuccessfulAccessCounter = (UnsuccessfulAccessCounter) Mockito.mock(UnsuccessfulAccessCounter.class);
        AuthenticationRealm realm = getRealm(RememberMePolicy.allowForWholeAuthn);
        addCookieAndToken(realm, httpServletResponse);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).addCookie((Cookie) forClass.capture());
        Cookie cookie = (Cookie) forClass.getValue();
        cookie.setValue(cookie.getValue() + "1");
        Assertions.assertThat(this.rememberMeProcessor.processRememberedWholeAuthn(setupRequest(cookie), httpServletResponse, "0.0.0.0", realm, unsuccessfulAccessCounter).isPresent()).isEqualTo(false);
        ArgumentCaptor forClass2 = ArgumentCaptor.forClass(String.class);
        ((UnsuccessfulAccessCounter) Mockito.verify(unsuccessfulAccessCounter)).unsuccessfulAttempt((String) forClass2.capture());
        Assertions.assertThat((String) forClass2.getValue()).isEqualTo("0.0.0.0");
        Assertions.assertThat(this.tokenMan.getAllTokens("rememberMe")).isEmpty();
    }
}
