package org.apereo.cas.validation;

import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apereo.cas.TestOneTimePasswordAuthenticationHandler;
import org.apereo.cas.authentication.AcceptUsersAuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationPolicy;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.credential.OneTimePasswordCredential;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler;
import org.apereo.cas.authentication.policy.AllAuthenticationHandlersSucceededAuthenticationPolicy;
import org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy;
import org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy;
import org.apereo.cas.authentication.policy.RequiredHandlerAuthenticationPolicy;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.config.CasCoreAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationHandlersConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationMetadataConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationPolicyConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationPrincipalConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationSupportConfiguration;
import org.apereo.cas.config.CasCoreConfiguration;
import org.apereo.cas.config.CasCoreHttpConfiguration;
import org.apereo.cas.config.CasCoreServicesAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreServicesConfiguration;
import org.apereo.cas.config.CasCoreTicketCatalogConfiguration;
import org.apereo.cas.config.CasCoreTicketIdGeneratorsConfiguration;
import org.apereo.cas.config.CasCoreTicketsConfiguration;
import org.apereo.cas.config.CasCoreUtilConfiguration;
import org.apereo.cas.config.CasCoreWebConfiguration;
import org.apereo.cas.config.CasPersonDirectoryTestConfiguration;
import org.apereo.cas.config.CasRegisteredServicesTestConfiguration;
import org.apereo.cas.config.support.CasWebApplicationServiceFactoryConfiguration;
import org.apereo.cas.logout.config.CasCoreLogoutConfiguration;
import org.apereo.cas.services.ServicesManager;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.function.Executable;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.mail.MailSenderAutoConfiguration;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;

@Tag("Simple")
@SpringBootTest(classes = {RefreshAutoConfiguration.class, CasPersonDirectoryTestConfiguration.class, CasRegisteredServicesTestConfiguration.class, CasCoreAuthenticationConfiguration.class, CasCoreServicesAuthenticationConfiguration.class, CasCoreAuthenticationPrincipalConfiguration.class, CasCoreAuthenticationPolicyConfiguration.class, CasCoreAuthenticationMetadataConfiguration.class, CasCoreAuthenticationSupportConfiguration.class, CasCoreAuthenticationHandlersConfiguration.class, CasCoreWebConfiguration.class, CasCoreHttpConfiguration.class, CasCoreUtilConfiguration.class, CasCoreTicketsConfiguration.class, CasCoreTicketCatalogConfiguration.class, CasCoreTicketIdGeneratorsConfiguration.class, CasCoreLogoutConfiguration.class, CasCoreConfiguration.class, CasCoreServicesConfiguration.class, CasWebApplicationServiceFactoryConfiguration.class, MailSenderAutoConfiguration.class})
/* loaded from: input_file:org/apereo/cas/validation/AuthenticationPolicyAwareServiceTicketValidationAuthorizerTests.class */
public class AuthenticationPolicyAwareServiceTicketValidationAuthorizerTests {

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    private static Assertion getAssertion(Map<Credential, ? extends AuthenticationHandler> map) {
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getPrimaryAuthentication()).thenReturn(CoreAuthenticationTestUtils.getAuthenticationBuilder(CoreAuthenticationTestUtils.getPrincipal("casuser"), map, Map.of("successfulAuthenticationHandlers", (List) map.values().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toList()))).build());
        return assertion;
    }

    private static SimpleTestUsernamePasswordAuthenticationHandler getSimpleTestAuthenticationHandler() {
        return new SimpleTestUsernamePasswordAuthenticationHandler();
    }

    private static AcceptUsersAuthenticationHandler getAcceptUsersAuthenticationHandler() {
        return new AcceptUsersAuthenticationHandler(Map.of("casuser", "Mellon"));
    }

    private static OneTimePasswordCredential getOtpCredential() {
        return new OneTimePasswordCredential("test", "123456789");
    }

    private static TestOneTimePasswordAuthenticationHandler getTestOtpAuthenticationHandler() {
        return new TestOneTimePasswordAuthenticationHandler(Map.of("casuser", "123456789"));
    }

    @Test
    public void verifyAllAuthenticationHandlersSucceededAuthenticationPolicy() {
        List<? extends AuthenticationHandler> of = List.of(getTestOtpAuthenticationHandler(), getAcceptUsersAuthenticationHandler(), getSimpleTestAuthenticationHandler());
        final Service service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
        final ServiceTicketValidationAuthorizer authorizer = getAuthorizer(new AllAuthenticationHandlersSucceededAuthenticationPolicy(), of);
        final Assertion assertion = getAssertion(Map.of(new UsernamePasswordCredential(), getAcceptUsersAuthenticationHandler(), getOtpCredential(), getTestOtpAuthenticationHandler()));
        Assertions.assertDoesNotThrow(new Executable() { // from class: org.apereo.cas.validation.AuthenticationPolicyAwareServiceTicketValidationAuthorizerTests.1
            public void execute() {
                authorizer.authorize(new MockHttpServletRequest(), service, assertion);
            }
        });
    }

    @Test
    public void verifyAllCredentialsValidatedAuthenticationPolicy() {
        List<? extends AuthenticationHandler> of = List.of(getTestOtpAuthenticationHandler(), getAcceptUsersAuthenticationHandler(), getSimpleTestAuthenticationHandler());
        final Service service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
        final ServiceTicketValidationAuthorizer authorizer = getAuthorizer(new AllCredentialsValidatedAuthenticationPolicy(), of);
        final Assertion assertion = getAssertion(Map.of(new UsernamePasswordCredential(), getAcceptUsersAuthenticationHandler(), getOtpCredential(), getTestOtpAuthenticationHandler()));
        Assertions.assertDoesNotThrow(new Executable() { // from class: org.apereo.cas.validation.AuthenticationPolicyAwareServiceTicketValidationAuthorizerTests.2
            public void execute() {
                authorizer.authorize(new MockHttpServletRequest(), service, assertion);
            }
        });
    }

    @Test
    public void verifyRequiredHandlerAuthenticationPolicy() {
        AcceptUsersAuthenticationHandler acceptUsersAuthenticationHandler = getAcceptUsersAuthenticationHandler();
        List<? extends AuthenticationHandler> of = List.of(getTestOtpAuthenticationHandler(), acceptUsersAuthenticationHandler, getSimpleTestAuthenticationHandler());
        final Service service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
        final ServiceTicketValidationAuthorizer authorizer = getAuthorizer(new RequiredHandlerAuthenticationPolicy(acceptUsersAuthenticationHandler.getName()), of);
        final Assertion assertion = getAssertion(Map.of(new UsernamePasswordCredential(), acceptUsersAuthenticationHandler, getOtpCredential(), getTestOtpAuthenticationHandler()));
        Assertions.assertDoesNotThrow(new Executable() { // from class: org.apereo.cas.validation.AuthenticationPolicyAwareServiceTicketValidationAuthorizerTests.3
            public void execute() {
                authorizer.authorize(new MockHttpServletRequest(), service, assertion);
            }
        });
    }

    @Test
    public void verifyRequiredHandlerAuthenticationPolicyTryAll() {
        AcceptUsersAuthenticationHandler acceptUsersAuthenticationHandler = getAcceptUsersAuthenticationHandler();
        List<? extends AuthenticationHandler> of = List.of(getTestOtpAuthenticationHandler(), acceptUsersAuthenticationHandler, getSimpleTestAuthenticationHandler());
        final Service service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
        final ServiceTicketValidationAuthorizer authorizer = getAuthorizer(new RequiredHandlerAuthenticationPolicy(acceptUsersAuthenticationHandler.getName(), true), of);
        final Assertion assertion = getAssertion(Map.of(new UsernamePasswordCredential(), acceptUsersAuthenticationHandler, getOtpCredential(), getTestOtpAuthenticationHandler()));
        Assertions.assertDoesNotThrow(new Executable() { // from class: org.apereo.cas.validation.AuthenticationPolicyAwareServiceTicketValidationAuthorizerTests.4
            public void execute() {
                authorizer.authorize(new MockHttpServletRequest(), service, assertion);
            }
        });
    }

    @Test
    public void verifyOperationWithHandlersAndAtLeastOneCredential() {
        List<? extends AuthenticationHandler> of = List.of(getTestOtpAuthenticationHandler(), getAcceptUsersAuthenticationHandler(), getSimpleTestAuthenticationHandler());
        final Service service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
        final ServiceTicketValidationAuthorizer authorizer = getAuthorizer(new AtLeastOneCredentialValidatedAuthenticationPolicy(), of);
        final Assertion assertion = getAssertion(Map.of(new UsernamePasswordCredential(), getAcceptUsersAuthenticationHandler(), getOtpCredential(), getTestOtpAuthenticationHandler()));
        Assertions.assertDoesNotThrow(new Executable() { // from class: org.apereo.cas.validation.AuthenticationPolicyAwareServiceTicketValidationAuthorizerTests.5
            public void execute() {
                authorizer.authorize(new MockHttpServletRequest(), service, assertion);
            }
        });
    }

    @Test
    public void verifyOperationWithHandlersAndAtLeastOneCredentialMustTryAll() {
        List<? extends AuthenticationHandler> of = List.of(getTestOtpAuthenticationHandler(), getAcceptUsersAuthenticationHandler(), getSimpleTestAuthenticationHandler());
        final Service service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
        final ServiceTicketValidationAuthorizer authorizer = getAuthorizer(new AtLeastOneCredentialValidatedAuthenticationPolicy(true), of);
        final Assertion assertion = getAssertion(Map.of(new UsernamePasswordCredential(), getAcceptUsersAuthenticationHandler(), getOtpCredential(), getTestOtpAuthenticationHandler()));
        Assertions.assertDoesNotThrow(new Executable() { // from class: org.apereo.cas.validation.AuthenticationPolicyAwareServiceTicketValidationAuthorizerTests.6
            public void execute() {
                authorizer.authorize(new MockHttpServletRequest(), service, assertion);
            }
        });
    }

    private ServiceTicketValidationAuthorizer getAuthorizer(AuthenticationPolicy authenticationPolicy, List<? extends AuthenticationHandler> list) {
        DefaultAuthenticationEventExecutionPlan defaultAuthenticationEventExecutionPlan = new DefaultAuthenticationEventExecutionPlan();
        defaultAuthenticationEventExecutionPlan.registerAuthenticationHandlers(list);
        defaultAuthenticationEventExecutionPlan.registerAuthenticationPolicy(authenticationPolicy);
        return new AuthenticationPolicyAwareServiceTicketValidationAuthorizer(this.servicesManager, defaultAuthenticationEventExecutionPlan, this.applicationContext);
    }
}
