package pl.edu.icm.unity.rest.authn;

import java.util.Collections;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageImpl;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;
import pl.edu.icm.unity.MessageSource;
import pl.edu.icm.unity.engine.api.EntityManagement;
import pl.edu.icm.unity.engine.api.authn.AuthenticatedEntity;
import pl.edu.icm.unity.engine.api.authn.AuthenticationException;
import pl.edu.icm.unity.engine.api.authn.AuthenticationFlow;
import pl.edu.icm.unity.engine.api.authn.AuthenticationProcessor;
import pl.edu.icm.unity.engine.api.authn.AuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.AuthenticatorInstance;
import pl.edu.icm.unity.engine.api.authn.LocalAuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.LoginSession;
import pl.edu.icm.unity.engine.api.authn.PartialAuthnState;
import pl.edu.icm.unity.engine.api.endpoint.BindingAuthn;
import pl.edu.icm.unity.engine.api.server.HTTPRequestContext;
import pl.edu.icm.unity.engine.api.session.SessionManagement;
import pl.edu.icm.unity.rest.authn.ext.HttpBasicRetrievalBase;
import pl.edu.icm.unity.types.authn.AuthenticationFlowDefinition;
import pl.edu.icm.unity.types.authn.AuthenticationOptionKey;
import pl.edu.icm.unity.types.authn.AuthenticationRealm;
import pl.edu.icm.unity.types.authn.AuthenticatorInstanceMetadata;
import pl.edu.icm.unity.types.authn.RememberMePolicy;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:pl/edu/icm/unity/rest/authn/AuthenticationInterceptorTest.class */
public class AuthenticationInterceptorTest {

    /* loaded from: input_file:pl/edu/icm/unity/rest/authn/AuthenticationInterceptorTest$DenyRetrieval.class */
    private static class DenyRetrieval extends HttpBasicRetrievalBase {
        public DenyRetrieval() {
            super("mock3");
        }

        public AuthenticationResult getAuthenticationResult(Properties properties) {
            return LocalAuthenticationResult.failed();
        }

        public String getAuthenticatorId() {
            return "mock3";
        }
    }

    /* loaded from: input_file:pl/edu/icm/unity/rest/authn/AuthenticationInterceptorTest$NotDefCredRetrieval.class */
    private static class NotDefCredRetrieval extends HttpBasicRetrievalBase {
        public NotDefCredRetrieval() {
            super("mock");
        }

        public AuthenticationResult getAuthenticationResult(Properties properties) {
            return LocalAuthenticationResult.failed(new AuthenticationResult.ResolvableError("", new Object[0]), AuthenticationResult.DenyReason.undefinedCredential);
        }

        public String getAuthenticatorId() {
            return "mock1";
        }
    }

    /* loaded from: input_file:pl/edu/icm/unity/rest/authn/AuthenticationInterceptorTest$SuccessRetrieval.class */
    private static class SuccessRetrieval extends HttpBasicRetrievalBase {
        public SuccessRetrieval() {
            super("mock2");
        }

        public AuthenticationResult getAuthenticationResult(Properties properties) {
            return LocalAuthenticationResult.successful(new AuthenticatedEntity(1L, "", ""));
        }

        public String getAuthenticatorId() {
            return "mock2";
        }
    }

    @Test
    public void shouldGoToOptionalPathWhenNotDefCred() throws AuthenticationException {
        AuthenticatorInstance authenticatorInstance = (AuthenticatorInstance) Mockito.mock(AuthenticatorInstance.class);
        Mockito.when(authenticatorInstance.getMetadata()).thenReturn(new AuthenticatorInstanceMetadata());
        Mockito.when(authenticatorInstance.getRetrieval()).thenReturn(new NotDefCredRetrieval());
        AuthenticationInterceptor authenticationInterceptor = new AuthenticationInterceptor((MessageSource) null, (AuthenticationProcessor) Mockito.mock(AuthenticationProcessor.class), List.of(new AuthenticationFlow("flow1", AuthenticationFlowDefinition.Policy.REQUIRE, Set.of(authenticatorInstance), Collections.emptyList(), 0L)), new AuthenticationRealm("realm1", (String) null, 0, 0, (RememberMePolicy) null, 0, 0), (SessionManagement) Mockito.mock(SessionManagement.class), Set.of("/p1"), Set.of("/optional"), (Properties) null, (EntityManagement) Mockito.mock(EntityManagement.class));
        HTTPRequestContext.setCurrent(new HTTPRequestContext("192.168.0.1", "agent"));
        MessageImpl messageImpl = new MessageImpl();
        messageImpl.put("org.apache.cxf.request.uri", "/optional");
        authenticationInterceptor.handleMessage(messageImpl);
    }

    @Test(expected = Fault.class)
    public void shouldFaultWhenGoToOptionalPathWhenInvalidCredential() throws AuthenticationException {
        AuthenticatorInstance authenticatorInstance = (AuthenticatorInstance) Mockito.mock(AuthenticatorInstance.class);
        AuthenticationProcessor authenticationProcessor = (AuthenticationProcessor) Mockito.mock(AuthenticationProcessor.class);
        AuthenticationFlow authenticationFlow = new AuthenticationFlow("flow1", AuthenticationFlowDefinition.Policy.REQUIRE, Set.of(authenticatorInstance), Collections.emptyList(), 0L);
        Mockito.when(authenticatorInstance.getMetadata()).thenReturn(new AuthenticatorInstanceMetadata());
        Mockito.when(authenticatorInstance.getRetrieval()).thenReturn(new DenyRetrieval());
        Mockito.when(authenticationProcessor.processPrimaryAuthnResult((AuthenticationResult) ArgumentMatchers.any(), (AuthenticationFlow) ArgumentMatchers.any(), (AuthenticationOptionKey) ArgumentMatchers.any())).thenThrow(new Throwable[]{new AuthenticationException("")});
        AuthenticationInterceptor authenticationInterceptor = new AuthenticationInterceptor((MessageSource) Mockito.mock(MessageSource.class), authenticationProcessor, List.of(authenticationFlow), new AuthenticationRealm("realm1", (String) null, 0, 0, (RememberMePolicy) null, 0, 0), (SessionManagement) Mockito.mock(SessionManagement.class), Set.of("/p1"), Set.of("/optional"), (Properties) null, (EntityManagement) Mockito.mock(EntityManagement.class));
        HTTPRequestContext.setCurrent(new HTTPRequestContext("192.168.0.1", "agent"));
        MessageImpl messageImpl = new MessageImpl();
        messageImpl.put("org.apache.cxf.request.uri", "/optional");
        authenticationInterceptor.handleMessage(messageImpl);
    }

    @Test
    public void shouldGoToSecodFlowWhenNotDefinedCredentialOnFirstFlow() throws AuthenticationException {
        AuthenticatorInstance authenticatorInstance = (AuthenticatorInstance) Mockito.mock(AuthenticatorInstance.class);
        AuthenticatorInstance authenticatorInstance2 = (AuthenticatorInstance) Mockito.mock(AuthenticatorInstance.class);
        AuthenticationProcessor authenticationProcessor = (AuthenticationProcessor) Mockito.mock(AuthenticationProcessor.class);
        AuthenticationFlow authenticationFlow = new AuthenticationFlow("flow1", AuthenticationFlowDefinition.Policy.REQUIRE, Set.of(authenticatorInstance), Collections.emptyList(), 0L);
        AuthenticationFlow authenticationFlow2 = new AuthenticationFlow("flow2", AuthenticationFlowDefinition.Policy.REQUIRE, Set.of(authenticatorInstance2), Collections.emptyList(), 0L);
        SessionManagement sessionManagement = (SessionManagement) Mockito.mock(SessionManagement.class);
        Mockito.when(authenticatorInstance.getMetadata()).thenReturn(new AuthenticatorInstanceMetadata());
        Mockito.when(authenticatorInstance2.getMetadata()).thenReturn(new AuthenticatorInstanceMetadata());
        Mockito.when(authenticatorInstance.getRetrieval()).thenReturn(new NotDefCredRetrieval());
        Mockito.when(authenticatorInstance2.getRetrieval()).thenReturn(new SuccessRetrieval());
        Mockito.when(authenticationProcessor.processPrimaryAuthnResult((AuthenticationResult) ArgumentMatchers.any(), (AuthenticationFlow) ArgumentMatchers.any(), (AuthenticationOptionKey) ArgumentMatchers.any())).thenReturn(new PartialAuthnState(AuthenticationOptionKey.authenticatorOnlyKey("x"), (BindingAuthn) null, LocalAuthenticationResult.successful(new AuthenticatedEntity(1L, "", "")), authenticationFlow2));
        Mockito.when(authenticationProcessor.finalizeAfterPrimaryAuthentication((PartialAuthnState) ArgumentMatchers.any(), ArgumentMatchers.eq(false))).thenReturn(new AuthenticatedEntity(1L, "", ""));
        Mockito.when(sessionManagement.getCreateSession(ArgumentMatchers.eq(1L), (AuthenticationRealm) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (LoginSession.RememberMeInfo) ArgumentMatchers.any(), (AuthenticationOptionKey) ArgumentMatchers.any(), (AuthenticationOptionKey) ArgumentMatchers.any())).thenReturn(new LoginSession());
        AuthenticationInterceptor authenticationInterceptor = new AuthenticationInterceptor((MessageSource) Mockito.mock(MessageSource.class), authenticationProcessor, List.of(authenticationFlow, authenticationFlow2), new AuthenticationRealm("realm1", (String) null, 0, 0, (RememberMePolicy) null, 0, 0), sessionManagement, Set.of("/p1"), Set.of("/optional"), (Properties) null, (EntityManagement) Mockito.mock(EntityManagement.class));
        HTTPRequestContext.setCurrent(new HTTPRequestContext("192.168.0.1", "agent"));
        authenticationInterceptor.handleMessage(new MessageImpl());
    }

    @Test(expected = Fault.class)
    public void shouldThrowFaultWhenFirstFlowFail() throws AuthenticationException {
        AuthenticatorInstance authenticatorInstance = (AuthenticatorInstance) Mockito.mock(AuthenticatorInstance.class);
        AuthenticatorInstance authenticatorInstance2 = (AuthenticatorInstance) Mockito.mock(AuthenticatorInstance.class);
        AuthenticationProcessor authenticationProcessor = (AuthenticationProcessor) Mockito.mock(AuthenticationProcessor.class);
        AuthenticationFlow authenticationFlow = new AuthenticationFlow("flow1", AuthenticationFlowDefinition.Policy.REQUIRE, Set.of(authenticatorInstance), Collections.emptyList(), 0L);
        AuthenticationFlow authenticationFlow2 = new AuthenticationFlow("flow2", AuthenticationFlowDefinition.Policy.REQUIRE, Set.of(authenticatorInstance2), Collections.emptyList(), 0L);
        Mockito.when(authenticatorInstance.getMetadata()).thenReturn(new AuthenticatorInstanceMetadata());
        Mockito.when(authenticatorInstance.getRetrieval()).thenReturn(new DenyRetrieval());
        Mockito.when(authenticationProcessor.processPrimaryAuthnResult((AuthenticationResult) ArgumentMatchers.any(), (AuthenticationFlow) ArgumentMatchers.any(), (AuthenticationOptionKey) ArgumentMatchers.any())).thenThrow(new Throwable[]{new AuthenticationException("")});
        AuthenticationInterceptor authenticationInterceptor = new AuthenticationInterceptor((MessageSource) Mockito.mock(MessageSource.class), authenticationProcessor, List.of(authenticationFlow, authenticationFlow2), new AuthenticationRealm("realm1", (String) null, 0, 0, (RememberMePolicy) null, 0, 0), (SessionManagement) Mockito.mock(SessionManagement.class), Set.of("/p1"), Set.of("/optional"), (Properties) null, (EntityManagement) Mockito.mock(EntityManagement.class));
        HTTPRequestContext.setCurrent(new HTTPRequestContext("192.168.0.1", "agent"));
        authenticationInterceptor.handleMessage(new MessageImpl());
    }
}
