package pl.edu.icm.unity.engine.session;

import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;
import pl.edu.icm.unity.base.authn.AuthenticationFlowDefinition;
import pl.edu.icm.unity.base.authn.AuthenticationOptionKey;
import pl.edu.icm.unity.base.authn.AuthenticationPolicyConfiguration;
import pl.edu.icm.unity.base.authn.AuthenticationRealm;
import pl.edu.icm.unity.base.identity.IdentityTaV;
import pl.edu.icm.unity.engine.api.authn.AuthenticationFlow;
import pl.edu.icm.unity.engine.api.authn.AuthenticationProcessor;
import pl.edu.icm.unity.engine.api.authn.AuthenticatorInstance;
import pl.edu.icm.unity.engine.api.authn.AuthenticatorInstanceMetadata;
import pl.edu.icm.unity.engine.api.authn.CredentialRetrieval;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;
import pl.edu.icm.unity.engine.api.authn.LoginSession;
import pl.edu.icm.unity.engine.api.session.AdditionalAuthenticationMisconfiguredException;
import pl.edu.icm.unity.engine.api.session.AdditionalAuthenticationRequiredException;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:pl/edu/icm/unity/engine/session/AdditionalAuthenticationServiceTest.class */
public class AdditionalAuthenticationServiceTest {

    @Mock
    private AuthenticationProcessor authnProcessor;

    @Test
    public void shouldReturnOption_Current() {
        setupContext(new AuthenticationFlow("flow", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new AuthenticatorInstance[]{getAuthenticator("authn-1", "cred-1")}), Collections.emptyList(), (AuthenticationPolicyConfiguration) null, 1L));
        Mockito.when(Boolean.valueOf(this.authnProcessor.checkIfUserHasCredential((AuthenticatorInstanceMetadata) ArgumentMatchers.any(), ArgumentMatchers.eq(1L)))).thenReturn(true);
        AdditionalAuthenticationService additionalAuthenticationService = new AdditionalAuthenticationService(this.authnProcessor, "CURRENT", true, 1L);
        assertRequired(Assertions.catchThrowable(() -> {
            additionalAuthenticationService.checkAdditionalAuthenticationRequirements("cred-1");
        }), "authn-1");
    }

    @Test
    public void shouldNotReturnOptionRequiringRedirect() {
        AuthenticatorInstance authenticator = getAuthenticator("remote-authn", "cred-1");
        Mockito.when(Boolean.valueOf(authenticator.getRetrieval().requiresRedirect())).thenReturn(true);
        setupContext(new AuthenticationFlow("flow", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new AuthenticatorInstance[]{authenticator}), Collections.emptyList(), (AuthenticationPolicyConfiguration) null, 1L));
        AdditionalAuthenticationService additionalAuthenticationService = new AdditionalAuthenticationService(this.authnProcessor, "remote-authn", true, 1L);
        assertMisconfigured(Assertions.catchThrowable(() -> {
            additionalAuthenticationService.checkAdditionalAuthenticationRequirements("cred-1");
        }));
    }

    @Test
    public void shouldNotReturnNotMatching_Current() {
        setupContext(new AuthenticationFlow("flow", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new AuthenticatorInstance[]{getAuthenticator("authn-1", "cred-1")}), Collections.emptyList(), (AuthenticationPolicyConfiguration) null, 1L));
        Mockito.when(Boolean.valueOf(this.authnProcessor.checkIfUserHasCredential((AuthenticatorInstanceMetadata) ArgumentMatchers.any(), ArgumentMatchers.eq(1L)))).thenReturn(false);
        AdditionalAuthenticationService additionalAuthenticationService = new AdditionalAuthenticationService(this.authnProcessor, "CURRENT", true, 1L);
        assertMisconfigured(Assertions.catchThrowable(() -> {
            additionalAuthenticationService.checkAdditionalAuthenticationRequirements("cred-1");
        }));
    }

    @Test
    public void shouldReturnOption_Endpoint() {
        AuthenticatorInstance authenticator = getAuthenticator("authn-1", "cred-1");
        AuthenticatorInstance authenticator2 = getAuthenticator("authn-2", "cred-2");
        setupContext(new AuthenticationFlow("flow", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new AuthenticatorInstance[]{authenticator}), Lists.newArrayList(new AuthenticatorInstance[]{authenticator2}), (AuthenticationPolicyConfiguration) null, 1L));
        Mockito.when(this.authnProcessor.getValidAuthenticatorForEntity((Collection) ArgumentMatchers.any(), ArgumentMatchers.eq(1L))).thenReturn(authenticator2);
        AdditionalAuthenticationService additionalAuthenticationService = new AdditionalAuthenticationService(this.authnProcessor, "ENDPOINT_2F", true, 1L);
        assertRequired(Assertions.catchThrowable(() -> {
            additionalAuthenticationService.checkAdditionalAuthenticationRequirements();
        }), "authn-2");
    }

    @Test
    public void shouldNotReturnNotMatching_Endpoint() {
        setupContext(new AuthenticationFlow("flow", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new AuthenticatorInstance[]{getAuthenticator("authn-1", "cred-1")}), Lists.newArrayList(new AuthenticatorInstance[]{getAuthenticator("authn-2", "cred-2")}), (AuthenticationPolicyConfiguration) null, 1L));
        Mockito.when(this.authnProcessor.getValidAuthenticatorForEntity((Collection) ArgumentMatchers.any(), ArgumentMatchers.eq(1L))).thenReturn((Object) null);
        AdditionalAuthenticationService additionalAuthenticationService = new AdditionalAuthenticationService(this.authnProcessor, "ENDPOINT_2F", true, 1L);
        assertMisconfigured(Assertions.catchThrowable(() -> {
            additionalAuthenticationService.checkAdditionalAuthenticationRequirements();
        }));
    }

    @Test
    public void shouldReturnOption_Session1() {
        setupContext(new AuthenticationFlow("flow", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new AuthenticatorInstance[]{getAuthenticator("authn-1", "cred-1")}), Lists.newArrayList(new AuthenticatorInstance[]{getAuthenticator("authn-2", "cred-2")}), (AuthenticationPolicyConfiguration) null, 1L), "authn-1", null);
        Mockito.when(Boolean.valueOf(this.authnProcessor.checkIfUserHasCredential((AuthenticatorInstanceMetadata) ArgumentMatchers.any(), ArgumentMatchers.eq(1L)))).thenReturn(true);
        AdditionalAuthenticationService additionalAuthenticationService = new AdditionalAuthenticationService(this.authnProcessor, "SESSION_1F", true, 1L);
        assertRequired(Assertions.catchThrowable(() -> {
            additionalAuthenticationService.checkAdditionalAuthenticationRequirements();
        }), "authn-1");
    }

    @Test
    public void shouldReturnOption_Session2() {
        setupContext(new AuthenticationFlow("flow", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new AuthenticatorInstance[]{getAuthenticator("authn-1", "cred-1")}), Lists.newArrayList(new AuthenticatorInstance[]{getAuthenticator("authn-2", "cred-2")}), (AuthenticationPolicyConfiguration) null, 1L), "authn-1", "authn-2");
        Mockito.when(Boolean.valueOf(this.authnProcessor.checkIfUserHasCredential((AuthenticatorInstanceMetadata) ArgumentMatchers.any(), ArgumentMatchers.eq(1L)))).thenReturn(true);
        AdditionalAuthenticationService additionalAuthenticationService = new AdditionalAuthenticationService(this.authnProcessor, "SESSION_2F", true, 1L);
        assertRequired(Assertions.catchThrowable(() -> {
            additionalAuthenticationService.checkAdditionalAuthenticationRequirements();
        }), "authn-2");
    }

    @Test
    public void shouldReturnOption_Direct() {
        setupContext(new AuthenticationFlow("flow", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new AuthenticatorInstance[]{getAuthenticator("authn-1", "cred-1")}), Lists.newArrayList(), (AuthenticationPolicyConfiguration) null, 1L), "authn-1", null);
        Mockito.when(Boolean.valueOf(this.authnProcessor.checkIfUserHasCredential((AuthenticatorInstanceMetadata) ArgumentMatchers.any(), ArgumentMatchers.eq(1L)))).thenReturn(true);
        AdditionalAuthenticationService additionalAuthenticationService = new AdditionalAuthenticationService(this.authnProcessor, "authn-1", true, 1L);
        assertRequired(Assertions.catchThrowable(() -> {
            additionalAuthenticationService.checkAdditionalAuthenticationRequirements();
        }), "authn-1");
    }

    @Test
    public void shouldNotReturnNotMatching_Session1() {
        setupContext(new AuthenticationFlow("flow", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new AuthenticatorInstance[]{getAuthenticator("authn-1", "cred-1")}), Lists.newArrayList(new AuthenticatorInstance[]{getAuthenticator("authn-2", "cred-2")}), (AuthenticationPolicyConfiguration) null, 1L), "authn-1", null);
        Mockito.when(Boolean.valueOf(this.authnProcessor.checkIfUserHasCredential((AuthenticatorInstanceMetadata) ArgumentMatchers.any(), ArgumentMatchers.eq(1L)))).thenReturn(false);
        AdditionalAuthenticationService additionalAuthenticationService = new AdditionalAuthenticationService(this.authnProcessor, "SESSION_1F", true, 1L);
        assertMisconfigured(Assertions.catchThrowable(() -> {
            additionalAuthenticationService.checkAdditionalAuthenticationRequirements();
        }));
    }

    @Test
    public void shouldNotReturnNotMatching_Session2() {
        setupContext(new AuthenticationFlow("flow", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new AuthenticatorInstance[]{getAuthenticator("authn-1", "cred-1")}), Lists.newArrayList(new AuthenticatorInstance[]{getAuthenticator("authn-2", "cred-2")}), (AuthenticationPolicyConfiguration) null, 1L), "authn-1", "authn-2");
        Mockito.when(Boolean.valueOf(this.authnProcessor.checkIfUserHasCredential((AuthenticatorInstanceMetadata) ArgumentMatchers.any(), ArgumentMatchers.eq(1L)))).thenReturn(false);
        AdditionalAuthenticationService additionalAuthenticationService = new AdditionalAuthenticationService(this.authnProcessor, "SESSION_2F", true, 1L);
        assertMisconfigured(Assertions.catchThrowable(() -> {
            additionalAuthenticationService.checkAdditionalAuthenticationRequirements();
        }));
    }

    @Test
    public void shouldNotReturnNotMatching_Direct() {
        setupContext(new AuthenticationFlow("flow", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new AuthenticatorInstance[]{getAuthenticator("authn-1", "cred-1")}), Lists.newArrayList(), (AuthenticationPolicyConfiguration) null, 1L), "authn-1", null);
        Mockito.when(Boolean.valueOf(this.authnProcessor.checkIfUserHasCredential((AuthenticatorInstanceMetadata) ArgumentMatchers.any(), ArgumentMatchers.eq(1L)))).thenReturn(false);
        AdditionalAuthenticationService additionalAuthenticationService = new AdditionalAuthenticationService(this.authnProcessor, "authn-1", true, 1L);
        assertMisconfigured(Assertions.catchThrowable(() -> {
            additionalAuthenticationService.checkAdditionalAuthenticationRequirements();
        }));
    }

    @Test
    public void shouldNotThrowWhenNoMatchAndConfiguredToIgnore() {
        setupContext(new AuthenticationFlow("flow", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new AuthenticatorInstance[]{getAuthenticator("authn-1", "cred-1")}), Lists.newArrayList(), (AuthenticationPolicyConfiguration) null, 1L), "authn-1", null);
        AdditionalAuthenticationService additionalAuthenticationService = new AdditionalAuthenticationService(this.authnProcessor, "", false, 1L);
        Assertions.assertThat(Assertions.catchThrowable(() -> {
            additionalAuthenticationService.checkAdditionalAuthenticationRequirements();
        })).isNull();
    }

    @Test
    public void shouldReturnWhenSecondIsMatching() {
        setupContext(new AuthenticationFlow("flow", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new AuthenticatorInstance[]{getAuthenticator("authn-1", "cred-1")}), Lists.newArrayList(new AuthenticatorInstance[]{getAuthenticator("authn-2", "cred-2")}), (AuthenticationPolicyConfiguration) null, 1L), "authn-1", null);
        Mockito.when(Boolean.valueOf(this.authnProcessor.checkIfUserHasCredential((AuthenticatorInstanceMetadata) ArgumentMatchers.any(), ArgumentMatchers.eq(1L)))).thenReturn(true);
        AdditionalAuthenticationService additionalAuthenticationService = new AdditionalAuthenticationService(this.authnProcessor, "CURRENT  SESSION_1F", true, 1L);
        assertRequired(Assertions.catchThrowable(() -> {
            additionalAuthenticationService.checkAdditionalAuthenticationRequirements();
        }), "authn-1");
    }

    private AuthenticatorInstance getAuthenticator(String str, String str2) {
        AuthenticatorInstance authenticatorInstance = (AuthenticatorInstance) Mockito.mock(AuthenticatorInstance.class);
        AuthenticatorInstanceMetadata authenticatorInstanceMetadata = (AuthenticatorInstanceMetadata) Mockito.mock(AuthenticatorInstanceMetadata.class);
        Mockito.lenient().when(authenticatorInstanceMetadata.getLocalCredentialName()).thenReturn(str2);
        Mockito.lenient().when(authenticatorInstanceMetadata.getId()).thenReturn(str);
        Mockito.lenient().when(authenticatorInstance.getMetadata()).thenReturn(authenticatorInstanceMetadata);
        Mockito.lenient().when(authenticatorInstance.getRetrieval()).thenReturn((CredentialRetrieval) Mockito.mock(CredentialRetrieval.class));
        return authenticatorInstance;
    }

    private void setupContext(AuthenticationFlow authenticationFlow) {
        setupContext(authenticationFlow, "sessionAuthn", null);
    }

    private void setupContext(AuthenticationFlow authenticationFlow, String str, String str2) {
        InvocationContext invocationContext = new InvocationContext((IdentityTaV) null, (AuthenticationRealm) null, Lists.newArrayList(new AuthenticationFlow[]{authenticationFlow}));
        invocationContext.setLoginSession(new LoginSession("id", new Date(200L), 10L, 1L, "realm", new LoginSession.RememberMeInfo(false, false), new LoginSession.AuthNInfo(new AuthenticationOptionKey(str, "password"), new Date(200L)), str2 != null ? new LoginSession.AuthNInfo(new AuthenticationOptionKey(str2, "sms"), new Date(200L)) : null));
        InvocationContext.setCurrent(invocationContext);
    }

    private void assertMisconfigured(Throwable th) {
        Assertions.assertThat(th).isNotNull().isInstanceOf(AdditionalAuthenticationMisconfiguredException.class);
    }

    private void assertRequired(Throwable th, String str) {
        Assertions.assertThat(th).isNotNull().isInstanceOf(AdditionalAuthenticationRequiredException.class);
        Assertions.assertThat(((AdditionalAuthenticationRequiredException) th).authenticationOption).isEqualTo(str);
    }
}
