package pl.edu.icm.unity.engine.credential;

import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import pl.edu.icm.unity.base.authn.AuthenticationFlowDefinition;
import pl.edu.icm.unity.base.authn.AuthenticationOptionKey;
import pl.edu.icm.unity.base.authn.AuthenticationPolicyConfiguration;
import pl.edu.icm.unity.base.authn.CredentialDefinition;
import pl.edu.icm.unity.base.authn.CredentialPublicInformation;
import pl.edu.icm.unity.base.authn.CredentialRequirements;
import pl.edu.icm.unity.base.authn.LocalCredentialState;
import pl.edu.icm.unity.base.entity.Entity;
import pl.edu.icm.unity.base.entity.EntityParam;
import pl.edu.icm.unity.base.entity.EntityState;
import pl.edu.icm.unity.base.exceptions.EngineException;
import pl.edu.icm.unity.base.i18n.I18nString;
import pl.edu.icm.unity.base.identity.IdentityParam;
import pl.edu.icm.unity.base.identity.IdentityTaV;
import pl.edu.icm.unity.base.json.JsonUtil;
import pl.edu.icm.unity.base.registration.CredentialRegistrationParam;
import pl.edu.icm.unity.base.registration.ParameterRetrievalSettings;
import pl.edu.icm.unity.base.registration.RegistrationContext;
import pl.edu.icm.unity.base.registration.RegistrationFormBuilder;
import pl.edu.icm.unity.base.registration.RegistrationRequest;
import pl.edu.icm.unity.base.registration.RegistrationRequestBuilder;
import pl.edu.icm.unity.base.translation.ProfileType;
import pl.edu.icm.unity.base.translation.TranslationProfile;
import pl.edu.icm.unity.engine.DBIntegrationTestBase;
import pl.edu.icm.unity.engine.SecuredDBIntegrationTestBase;
import pl.edu.icm.unity.engine.api.AuthenticatorManagement;
import pl.edu.icm.unity.engine.api.authn.AuthenticationFlow;
import pl.edu.icm.unity.engine.api.authn.AuthenticatorInstance;
import pl.edu.icm.unity.engine.api.authn.AuthenticatorInstanceMetadata;
import pl.edu.icm.unity.engine.api.authn.AuthenticatorTypeDescription;
import pl.edu.icm.unity.engine.api.authn.CredentialRecentlyUsedException;
import pl.edu.icm.unity.engine.api.authn.CredentialRetrieval;
import pl.edu.icm.unity.engine.api.authn.IllegalCredentialException;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;
import pl.edu.icm.unity.engine.api.authn.LoginSession;
import pl.edu.icm.unity.engine.authn.AuthenticatorsRegistry;
import pl.edu.icm.unity.engine.mock.MockPasswordVerificatorFactory;
import pl.edu.icm.unity.stdext.credential.pass.PasswordCredential;
import pl.edu.icm.unity.stdext.credential.pass.PasswordToken;
import pl.edu.icm.unity.stdext.credential.pass.ScryptParams;
import pl.edu.icm.unity.store.api.generic.AuthenticatorConfigurationDB;
import pl.edu.icm.unity.store.api.tx.TransactionalRunner;
import pl.edu.icm.unity.store.types.AuthenticatorConfiguration;

/* loaded from: input_file:pl/edu/icm/unity/engine/credential/CredentialManagementTest.class */
public class CredentialManagementTest extends DBIntegrationTestBase {

    @Autowired
    private AuthenticatorManagement authnMan;

    @Autowired
    private AuthenticatorConfigurationDB authenticatorDB;

    @Autowired
    private AuthenticatorsRegistry authenticatorsReg;

    @Autowired
    private TransactionalRunner tx;

    @Test
    public void shouldReturnAllCredTypes() throws Exception {
        Collection credentialTypes = this.credMan.getCredentialTypes();
        Assertions.assertEquals(1 + 3, credentialTypes.size());
        Assertions.assertEquals(MockPasswordVerificatorFactory.ID, getDescObjectByName(credentialTypes, MockPasswordVerificatorFactory.ID).getName());
    }

    private CredentialDefinition addDefaultCredentialDef() throws Exception {
        CredentialDefinition credentialDefinition = new CredentialDefinition(MockPasswordVerificatorFactory.ID, SecuredDBIntegrationTestBase.CRED_MOCK, new I18nString("cred disp name"), new I18nString("cred req desc"));
        credentialDefinition.setConfiguration("8");
        this.credMan.addCredentialDefinition(credentialDefinition);
        return credentialDefinition;
    }

    @Test
    public void credentialCRUDTest() throws Exception {
        CredentialDefinition addDefaultCredentialDef = addDefaultCredentialDef();
        Collection credentialDefinitions = this.credMan.getCredentialDefinitions();
        Assertions.assertEquals(1 + 1, credentialDefinitions.size());
        CredentialDefinition descObjectByName = getDescObjectByName(credentialDefinitions, SecuredDBIntegrationTestBase.CRED_MOCK);
        Assertions.assertEquals(SecuredDBIntegrationTestBase.CRED_MOCK, descObjectByName.getName());
        Assertions.assertEquals(new I18nString("cred req desc"), descObjectByName.getDescription());
        Assertions.assertEquals(MockPasswordVerificatorFactory.ID, descObjectByName.getTypeId());
        Assertions.assertEquals("8", descObjectByName.getConfiguration());
        descObjectByName.setDescription(new I18nString("d2"));
        descObjectByName.setConfiguration("9");
        this.credMan.updateCredentialDefinition(descObjectByName, LocalCredentialState.correct);
        Collection credentialDefinitions2 = this.credMan.getCredentialDefinitions();
        Assertions.assertEquals(1 + 1, credentialDefinitions2.size());
        CredentialDefinition descObjectByName2 = getDescObjectByName(credentialDefinitions2, SecuredDBIntegrationTestBase.CRED_MOCK);
        Assertions.assertEquals(SecuredDBIntegrationTestBase.CRED_MOCK, descObjectByName2.getName());
        Assertions.assertEquals("d2", descObjectByName2.getDescription().getDefaultValue());
        Assertions.assertEquals(MockPasswordVerificatorFactory.ID, descObjectByName2.getTypeId());
        Assertions.assertEquals("9", descObjectByName2.getConfiguration());
        this.credMan.removeCredentialDefinition(SecuredDBIntegrationTestBase.CRED_MOCK);
        Assertions.assertEquals(1, this.credMan.getCredentialDefinitions().size());
        this.credMan.addCredentialDefinition(addDefaultCredentialDef);
    }

    @Test
    public void shouldNotRemoveCredentialUsedByAuth() throws Exception {
        addDefaultCredentialDef();
        this.authnMan.createAuthenticator("auth1", ((AuthenticatorTypeDescription) this.authenticatorsReg.getAuthenticatorTypesByBinding("web").iterator().next()).getVerificationMethod(), "bbb", SecuredDBIntegrationTestBase.CRED_MOCK);
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.credMan.removeCredentialDefinition(SecuredDBIntegrationTestBase.CRED_MOCK);
        });
    }

    @Test
    public void credRequirementCRUDTest() throws Exception {
        this.credReqMan.addCredentialRequirement(new CredentialRequirements(SecuredDBIntegrationTestBase.CR_MOCK, "mock cred req", Collections.singleton(addDefaultCredentialDef().getName())));
        Collection credentialRequirements = this.credReqMan.getCredentialRequirements();
        Assertions.assertEquals(1 + 1, credentialRequirements.size());
        CredentialRequirements descObjectByName = getDescObjectByName(credentialRequirements, SecuredDBIntegrationTestBase.CR_MOCK);
        Assertions.assertEquals(SecuredDBIntegrationTestBase.CR_MOCK, descObjectByName.getName());
        Assertions.assertEquals("mock cred req", descObjectByName.getDescription());
        Assertions.assertEquals(1, descObjectByName.getRequiredCredentials().size());
        descObjectByName.setDescription("changed");
        this.credReqMan.updateCredentialRequirement(descObjectByName);
        Collection credentialRequirements2 = this.credReqMan.getCredentialRequirements();
        Assertions.assertEquals(1 + 1, credentialRequirements2.size());
        CredentialRequirements descObjectByName2 = getDescObjectByName(credentialRequirements2, SecuredDBIntegrationTestBase.CR_MOCK);
        Assertions.assertEquals(SecuredDBIntegrationTestBase.CR_MOCK, descObjectByName2.getName());
        Assertions.assertEquals("changed", descObjectByName2.getDescription());
    }

    @Test
    public void shouldNotRemoveCredentialUsedInCredReq() throws Exception {
        this.credReqMan.addCredentialRequirement(new CredentialRequirements(SecuredDBIntegrationTestBase.CR_MOCK, "mock cred req", Collections.singleton(addDefaultCredentialDef().getName())));
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.credMan.removeCredentialDefinition(SecuredDBIntegrationTestBase.CRED_MOCK);
        });
    }

    @Test
    public void shouldChangeEnitytCrdentialState() throws Exception {
        CredentialDefinition addDefaultCredentialDef = addDefaultCredentialDef();
        CredentialRequirements credentialRequirements = new CredentialRequirements(SecuredDBIntegrationTestBase.CR_MOCK, "mock cred req", Collections.singleton(addDefaultCredentialDef.getName()));
        this.credReqMan.addCredentialRequirement(credentialRequirements);
        EntityParam entityParam = new EntityParam(this.idsMan.addEntity(new IdentityParam("x500Name", "CN=test"), SecuredDBIntegrationTestBase.CR_MOCK, EntityState.valid));
        Assertions.assertEquals(LocalCredentialState.notSet, ((CredentialPublicInformation) this.idsMan.getEntity(entityParam).getCredentialInfo().getCredentialsState().get(SecuredDBIntegrationTestBase.CRED_MOCK)).getState());
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, "password");
        Assertions.assertEquals(LocalCredentialState.correct, ((CredentialPublicInformation) this.idsMan.getEntity(entityParam).getCredentialInfo().getCredentialsState().get(SecuredDBIntegrationTestBase.CRED_MOCK)).getState());
        credentialRequirements.setDescription("changed2");
        this.credReqMan.updateCredentialRequirement(credentialRequirements);
        Assertions.assertEquals(LocalCredentialState.correct, ((CredentialPublicInformation) this.idsMan.getEntity(entityParam).getCredentialInfo().getCredentialsState().get(SecuredDBIntegrationTestBase.CRED_MOCK)).getState());
        CredentialDefinition credentialDefinition = new CredentialDefinition(MockPasswordVerificatorFactory.ID, "credential2");
        credentialDefinition.setConfiguration("10");
        this.credMan.addCredentialDefinition(credentialDefinition);
        HashSet hashSet = new HashSet();
        Collections.addAll(hashSet, addDefaultCredentialDef.getName(), credentialDefinition.getName());
        this.credReqMan.addCredentialRequirement(new CredentialRequirements("crMock2", "mock cred req2", hashSet));
        this.eCredMan.setEntityCredentialRequirements(entityParam, "crMock2");
        Entity entity = this.idsMan.getEntity(entityParam);
        Assertions.assertEquals(LocalCredentialState.correct, ((CredentialPublicInformation) entity.getCredentialInfo().getCredentialsState().get(SecuredDBIntegrationTestBase.CRED_MOCK)).getState());
        Assertions.assertEquals(LocalCredentialState.notSet, ((CredentialPublicInformation) entity.getCredentialInfo().getCredentialsState().get("credential2")).getState());
        this.eCredMan.setEntityCredential(entityParam, "credential2", "password2");
        Entity entity2 = this.idsMan.getEntity(entityParam);
        Assertions.assertEquals(LocalCredentialState.correct, ((CredentialPublicInformation) entity2.getCredentialInfo().getCredentialsState().get(SecuredDBIntegrationTestBase.CRED_MOCK)).getState());
        Assertions.assertEquals(LocalCredentialState.correct, ((CredentialPublicInformation) entity2.getCredentialInfo().getCredentialsState().get("credential2")).getState());
        this.credReqMan.removeCredentialRequirement("crMock2", SecuredDBIntegrationTestBase.CR_MOCK);
        Assertions.assertEquals(LocalCredentialState.correct, ((CredentialPublicInformation) this.idsMan.getEntity(entityParam).getCredentialInfo().getCredentialsState().get(SecuredDBIntegrationTestBase.CRED_MOCK)).getState());
    }

    @Test
    public void shouldNotRemoveCredReqWithoutReplacemant() throws Exception {
        CredentialRequirements credentialRequirements = new CredentialRequirements(SecuredDBIntegrationTestBase.CR_MOCK, "mock cred req", Collections.singleton(addDefaultCredentialDef().getName()));
        this.credReqMan.addCredentialRequirement(credentialRequirements);
        this.eCredMan.setEntityCredential(new EntityParam(this.idsMan.addEntity(new IdentityParam("x500Name", "CN=test"), SecuredDBIntegrationTestBase.CR_MOCK, EntityState.valid)), SecuredDBIntegrationTestBase.CRED_MOCK, "password");
        Assertions.assertThrows(IllegalCredentialException.class, () -> {
            this.credReqMan.removeCredentialRequirement(credentialRequirements.getName(), (String) null);
        });
    }

    @Test
    public void isAdminAllowedToChangeCredential() throws Exception {
        setupAdmin();
        setupPasswordAuthn();
        createUsernameUserWithRole("Regular User");
        this.eCredMan.setEntityCredential(new EntityParam(new IdentityTaV("userName", DBIntegrationTestBase.DEF_USER)), SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty").toJson());
    }

    @Test
    public void shouldAllowOwnerToChangePassword() throws Exception {
        setupPasswordAuthn();
        setupPasswordAndCertAuthn();
        createCertUserNoPassword("Regular User");
        setupUserContext(this.sessionMan, this.identityResolver, "user2", null, Lists.newArrayList(new AuthenticationFlow[]{new AuthenticationFlow("flow", AuthenticationFlowDefinition.Policy.NEVER, Sets.newHashSet(new AuthenticatorInstance[]{getAuthenticator("authn", SecuredDBIntegrationTestBase.CRED_MOCK)}), Collections.emptyList(), (AuthenticationPolicyConfiguration) null, 1L)}));
        EntityParam entityParam = new EntityParam(new IdentityTaV("userName", "user2"));
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty").toJson());
        InvocationContext.getCurrent().getLoginSession().setAdditionalAuthn(new LoginSession.AuthNInfo(AuthenticationOptionKey.authenticatorOnlyKey("authn"), new Date()));
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty2").toJson());
    }

    private AuthenticatorInstance getAuthenticator(String str, String str2) {
        AuthenticatorInstance authenticatorInstance = (AuthenticatorInstance) Mockito.mock(AuthenticatorInstance.class);
        AuthenticatorInstanceMetadata authenticatorInstanceMetadata = (AuthenticatorInstanceMetadata) Mockito.mock(AuthenticatorInstanceMetadata.class);
        Mockito.when(authenticatorInstanceMetadata.getLocalCredentialName()).thenReturn(str2);
        Mockito.when(authenticatorInstanceMetadata.getId()).thenReturn(str);
        Mockito.when(authenticatorInstance.getMetadata()).thenReturn(authenticatorInstanceMetadata);
        Mockito.when(authenticatorInstance.getRetrieval()).thenReturn((CredentialRetrieval) Mockito.mock(CredentialRetrieval.class));
        return authenticatorInstance;
    }

    @Test
    public void shouldAllowToSetInitialPasswordWithoutThePreviousOne() throws Exception {
        setupPasswordAuthn();
        setupPasswordAndCertAuthn();
        createCertUserNoPassword("Regular User");
        setupUserContext("user2", null);
        this.eCredMan.setEntityCredential(new EntityParam(new IdentityTaV("userName", "user2")), SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty").toJson());
    }

    @Test
    public void shouldFailToSetCurrentPasswordFromHistory() throws Exception {
        PasswordCredential passwordCredential = new PasswordCredential();
        passwordCredential.setHistorySize(1);
        passwordCredential.setScryptParams(new ScryptParams(6));
        passwordCredential.setMinScore(1);
        createPassCredentialAndCR(SecuredDBIntegrationTestBase.CRED_MOCK, passwordCredential);
        EntityParam entityParam = new EntityParam(this.idsMan.addEntity(new IdentityParam("userName", "user"), DBIntegrationTestBase.CRED_REQ_PASS, EntityState.valid));
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty1").toJson());
        org.assertj.core.api.Assertions.assertThat(org.assertj.core.api.Assertions.catchThrowable(() -> {
            this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty1").toJson());
        })).isInstanceOf(CredentialRecentlyUsedException.class);
    }

    @Test
    public void shouldFailToSetOldPasswordFromHistory() throws Exception {
        PasswordCredential passwordCredential = new PasswordCredential();
        passwordCredential.setHistorySize(2);
        passwordCredential.setScryptParams(new ScryptParams(6));
        passwordCredential.setMinScore(1);
        createPassCredentialAndCR(SecuredDBIntegrationTestBase.CRED_MOCK, passwordCredential);
        EntityParam entityParam = new EntityParam(this.idsMan.addEntity(new IdentityParam("userName", "user"), DBIntegrationTestBase.CRED_REQ_PASS, EntityState.valid));
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty1").toJson());
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty2").toJson());
        org.assertj.core.api.Assertions.assertThat(org.assertj.core.api.Assertions.catchThrowable(() -> {
            this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty1").toJson());
        })).isInstanceOf(CredentialRecentlyUsedException.class);
    }

    @Test
    public void shouldSetOldPasswordPushedOutFromHistory() throws Exception {
        PasswordCredential passwordCredential = new PasswordCredential();
        passwordCredential.setHistorySize(1);
        passwordCredential.setScryptParams(new ScryptParams(6));
        passwordCredential.setMinScore(1);
        createPassCredentialAndCR(SecuredDBIntegrationTestBase.CRED_MOCK, passwordCredential);
        EntityParam entityParam = new EntityParam(this.idsMan.addEntity(new IdentityParam("userName", "user"), DBIntegrationTestBase.CRED_REQ_PASS, EntityState.valid));
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty1").toJson());
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty2").toJson());
        org.assertj.core.api.Assertions.assertThat(org.assertj.core.api.Assertions.catchThrowable(() -> {
            this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty1").toJson());
        })).isNull();
    }

    @Test
    public void shouldClearAllHistoricalPasswordsAfterStorageSchemeReconfiguration() throws Exception {
        PasswordCredential passwordCredential = new PasswordCredential();
        passwordCredential.setHistorySize(2);
        passwordCredential.setScryptParams(new ScryptParams(6));
        passwordCredential.setMinScore(1);
        createPassCredentialAndCR(SecuredDBIntegrationTestBase.CRED_MOCK, passwordCredential);
        EntityParam entityParam = new EntityParam(this.idsMan.addEntity(new IdentityParam("userName", "user"), DBIntegrationTestBase.CRED_REQ_PASS, EntityState.valid));
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty1").toJson());
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty2").toJson());
        passwordCredential.setScryptParams(new ScryptParams(7));
        updatePassCredential(SecuredDBIntegrationTestBase.CRED_MOCK, passwordCredential);
        org.assertj.core.api.Assertions.assertThat(org.assertj.core.api.Assertions.catchThrowable(() -> {
            this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty1").toJson());
        })).isNull();
    }

    @Test
    public void shouldNotTrimHistoricalPasswordsAfterNotAffectingReconfiguration() throws Exception {
        PasswordCredential passwordCredential = new PasswordCredential();
        passwordCredential.setHistorySize(2);
        passwordCredential.setScryptParams(new ScryptParams(6));
        passwordCredential.setMinScore(1);
        createPassCredentialAndCR(SecuredDBIntegrationTestBase.CRED_MOCK, passwordCredential);
        EntityParam entityParam = new EntityParam(this.idsMan.addEntity(new IdentityParam("userName", "user"), DBIntegrationTestBase.CRED_REQ_PASS, EntityState.valid));
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty1").toJson());
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty2").toJson());
        passwordCredential.setMinScore(2);
        updatePassCredential(SecuredDBIntegrationTestBase.CRED_MOCK, passwordCredential);
        org.assertj.core.api.Assertions.assertThat(org.assertj.core.api.Assertions.catchThrowable(() -> {
            this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty1").toJson());
        })).isInstanceOf(CredentialRecentlyUsedException.class);
    }

    @Test
    public void shouldTrimHistoricalPasswordsAfterHistoryDecrease() throws Exception {
        PasswordCredential passwordCredential = new PasswordCredential();
        passwordCredential.setHistorySize(3);
        passwordCredential.setScryptParams(new ScryptParams(6));
        passwordCredential.setMinScore(1);
        createPassCredentialAndCR(SecuredDBIntegrationTestBase.CRED_MOCK, passwordCredential);
        EntityParam entityParam = new EntityParam(this.idsMan.addEntity(new IdentityParam("userName", "user"), DBIntegrationTestBase.CRED_REQ_PASS, EntityState.valid));
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty1").toJson());
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty2").toJson());
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty3").toJson());
        passwordCredential.setHistorySize(2);
        updatePassCredential(SecuredDBIntegrationTestBase.CRED_MOCK, passwordCredential);
        org.assertj.core.api.Assertions.assertThat(org.assertj.core.api.Assertions.catchThrowable(() -> {
            this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty1").toJson());
        })).isNull();
    }

    @Test
    public void shouldNotStoreHistoryBeyondChangedLimit() throws Exception {
        PasswordCredential passwordCredential = new PasswordCredential();
        passwordCredential.setHistorySize(3);
        passwordCredential.setScryptParams(new ScryptParams(6));
        passwordCredential.setMinScore(1);
        createPassCredentialAndCR(SecuredDBIntegrationTestBase.CRED_MOCK, passwordCredential);
        EntityParam entityParam = new EntityParam(this.idsMan.addEntity(new IdentityParam("userName", "user"), DBIntegrationTestBase.CRED_REQ_PASS, EntityState.valid));
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty1").toJson());
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty2").toJson());
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty3").toJson());
        passwordCredential.setHistorySize(2);
        updatePassCredential(SecuredDBIntegrationTestBase.CRED_MOCK, passwordCredential);
        passwordCredential.setHistorySize(3);
        updatePassCredential(SecuredDBIntegrationTestBase.CRED_MOCK, passwordCredential);
        org.assertj.core.api.Assertions.assertThat(org.assertj.core.api.Assertions.catchThrowable(() -> {
            this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty1").toJson());
        })).isNull();
        org.assertj.core.api.Assertions.assertThat(org.assertj.core.api.Assertions.catchThrowable(() -> {
            this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty2").toJson());
        })).isInstanceOf(CredentialRecentlyUsedException.class);
    }

    @Test
    public void shouldNeverTrimCurrentPassword() throws Exception {
        PasswordCredential passwordCredential = new PasswordCredential();
        passwordCredential.setHistorySize(1);
        passwordCredential.setScryptParams(new ScryptParams(6));
        passwordCredential.setMinScore(1);
        createPassCredentialAndCR(SecuredDBIntegrationTestBase.CRED_MOCK, passwordCredential);
        EntityParam entityParam = new EntityParam(this.idsMan.addEntity(new IdentityParam("userName", "user"), DBIntegrationTestBase.CRED_REQ_PASS, EntityState.valid));
        this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty1").toJson());
        passwordCredential.setHistorySize(0);
        updatePassCredential(SecuredDBIntegrationTestBase.CRED_MOCK, passwordCredential);
        passwordCredential.setHistorySize(1);
        updatePassCredential(SecuredDBIntegrationTestBase.CRED_MOCK, passwordCredential);
        org.assertj.core.api.Assertions.assertThat(org.assertj.core.api.Assertions.catchThrowable(() -> {
            this.eCredMan.setEntityCredential(entityParam, SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("qw!Erty1").toJson());
        })).isInstanceOf(CredentialRecentlyUsedException.class);
    }

    @Test
    public void shouldRefreshAuthenticatorAfterItsCredentialChange() throws Exception {
        addDefaultCredentialDef();
        this.authnMan.createAuthenticator("auth1", ((AuthenticatorTypeDescription) this.authenticatorsReg.getAuthenticatorTypesByBinding("web").iterator().next()).getVerificationMethod(), "bbb", SecuredDBIntegrationTestBase.CRED_MOCK);
        AuthenticatorConfiguration authenticatorConfiguration = (AuthenticatorConfiguration) this.tx.runInTransactionRet(() -> {
            return this.authenticatorDB.get("auth1");
        });
        CredentialDefinition credentialDefinition = new CredentialDefinition(MockPasswordVerificatorFactory.ID, SecuredDBIntegrationTestBase.CRED_MOCK, new I18nString("cred disp name"), new I18nString("cred req desc"));
        credentialDefinition.setConfiguration("888");
        this.credMan.updateCredentialDefinition(credentialDefinition, LocalCredentialState.outdated);
        org.assertj.core.api.Assertions.assertThat(((AuthenticatorConfiguration) this.tx.runInTransactionRet(() -> {
            return this.authenticatorDB.get("auth1");
        })).getRevision()).isEqualTo(authenticatorConfiguration.getRevision() + 1);
    }

    @Test
    public void increaseOfCredentialStrengthUsedInPendingRegistrationRequestIsBlocked() throws Exception {
        addDefaultCredentialDef();
        initAndCreateForm();
        this.registrationsMan.submitRegistrationRequest(getRequest(), new RegistrationContext(false, RegistrationContext.TriggeringMode.manualStandalone));
        CredentialDefinition credentialDefinition = new CredentialDefinition(MockPasswordVerificatorFactory.ID, SecuredDBIntegrationTestBase.CRED_MOCK, new I18nString("cred disp name"), new I18nString("cred req desc"));
        credentialDefinition.setConfiguration("9");
        org.assertj.core.api.Assertions.assertThat(org.assertj.core.api.Assertions.catchThrowable(() -> {
            this.credMan.updateCredentialDefinition(credentialDefinition, LocalCredentialState.correct);
        })).isNotNull().isInstanceOf(IllegalArgumentException.class).hasMessageContaining("pending registration request");
    }

    @Test
    public void shouldAllowToDecreaseCredentialStrenghtUsedInPendingRegistrationRequest() throws Exception {
        addDefaultCredentialDef();
        initAndCreateForm();
        this.registrationsMan.submitRegistrationRequest(getRequest(), new RegistrationContext(false, RegistrationContext.TriggeringMode.manualStandalone));
        CredentialDefinition credentialDefinition = new CredentialDefinition(MockPasswordVerificatorFactory.ID, SecuredDBIntegrationTestBase.CRED_MOCK, new I18nString("cred disp name"), new I18nString("cred req desc"));
        credentialDefinition.setConfiguration("7");
        org.assertj.core.api.Assertions.assertThat(org.assertj.core.api.Assertions.catchThrowable(() -> {
            this.credMan.updateCredentialDefinition(credentialDefinition, LocalCredentialState.correct);
        })).isNull();
    }

    private void initAndCreateForm() throws EngineException {
        this.registrationsMan.addForm(new RegistrationFormBuilder().withName("f1").withDefaultCredentialRequirement("sys:all").withTranslationProfile(new TranslationProfile("form", "", ProfileType.REGISTRATION, Collections.emptyList())).withAddedCredentialParam(new CredentialRegistrationParam("sys:password", (String) null, (String) null)).withAddedIdentityParam().withIdentityType("userName").withRetrievalSettings(ParameterRetrievalSettings.automaticHidden).endIdentityParam().build());
    }

    private RegistrationRequest getRequest() {
        return new RegistrationRequestBuilder().withFormId("f1").withAddedCredential().withCredentialId(SecuredDBIntegrationTestBase.CRED_MOCK).withSecrets(new PasswordToken("abc").toJson()).endCredential().withAddedIdentity(new IdentityParam("userName", "test-user")).build();
    }

    private void createPassCredentialAndCR(String str, PasswordCredential passwordCredential) throws Exception {
        CredentialDefinition credentialDefinition = new CredentialDefinition("password", str);
        credentialDefinition.setConfiguration(JsonUtil.serialize(passwordCredential.getSerializedConfiguration()));
        this.credMan.addCredentialDefinition(credentialDefinition);
        this.credReqMan.addCredentialRequirement(new CredentialRequirements(DBIntegrationTestBase.CRED_REQ_PASS, "", Collections.singleton(credentialDefinition.getName())));
    }

    private void updatePassCredential(String str, PasswordCredential passwordCredential) throws Exception {
        CredentialDefinition credentialDefinition = new CredentialDefinition("password", str);
        credentialDefinition.setConfiguration(JsonUtil.serialize(passwordCredential.getSerializedConfiguration()));
        this.credMan.updateCredentialDefinition(credentialDefinition, LocalCredentialState.outdated);
    }
}
