package org.apereo.cas.validation;

import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.apereo.cas.BaseCasCoreTests;
import org.apereo.cas.TestOneTimePasswordAuthenticationHandler;
import org.apereo.cas.authentication.AcceptUsersAuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationPolicy;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.DefaultAuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.credential.OneTimePasswordCredential;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler;
import org.apereo.cas.authentication.policy.AllAuthenticationHandlersSucceededAuthenticationPolicy;
import org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy;
import org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy;
import org.apereo.cas.authentication.policy.ExcludedAuthenticationHandlerAuthenticationPolicy;
import org.apereo.cas.authentication.policy.RequiredAuthenticationHandlerAuthenticationPolicy;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.config.CasCoreAuthenticationAutoConfiguration;
import org.apereo.cas.config.CasCoreAutoConfiguration;
import org.apereo.cas.config.CasCoreLogoutAutoConfiguration;
import org.apereo.cas.config.CasCoreNotificationsAutoConfiguration;
import org.apereo.cas.config.CasCoreScriptingAutoConfiguration;
import org.apereo.cas.config.CasCoreServicesAutoConfiguration;
import org.apereo.cas.config.CasCoreTicketsAutoConfiguration;
import org.apereo.cas.config.CasCoreUtilAutoConfiguration;
import org.apereo.cas.config.CasCoreWebAutoConfiguration;
import org.apereo.cas.config.CasRegisteredServicesTestConfiguration;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.UnauthorizedServiceException;
import org.apereo.cas.test.CasTestExtension;
import org.apereo.cas.util.spring.boot.SpringBootTestAutoConfigurations;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;

@Tag("AuthenticationPolicy")
@ExtendWith({CasTestExtension.class})
@SpringBootTest(classes = {BaseCasCoreTests.SharedTestConfiguration.AttributeRepositoryTestConfiguration.class, CasRegisteredServicesTestConfiguration.class, CasCoreServicesAutoConfiguration.class, CasCoreAuthenticationAutoConfiguration.class, CasCoreWebAutoConfiguration.class, CasCoreUtilAutoConfiguration.class, CasCoreScriptingAutoConfiguration.class, CasCoreTicketsAutoConfiguration.class, CasCoreLogoutAutoConfiguration.class, CasCoreAutoConfiguration.class, CasCoreNotificationsAutoConfiguration.class})
@SpringBootTestAutoConfigurations
/* loaded from: input_file:org/apereo/cas/validation/AuthenticationPolicyAwareServiceTicketValidationAuthorizerTests.class */
class AuthenticationPolicyAwareServiceTicketValidationAuthorizerTests {

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    AuthenticationPolicyAwareServiceTicketValidationAuthorizerTests() {
    }

    private static Assertion getAssertion(Map<Credential, ? extends AuthenticationHandler> map) {
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getPrimaryAuthentication()).thenReturn(CoreAuthenticationTestUtils.getAuthenticationBuilder(CoreAuthenticationTestUtils.getPrincipal("casuser"), map, Map.of("successfulAuthenticationHandlers", (List) map.values().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toList()))).build());
        return assertion;
    }

    private static SimpleTestUsernamePasswordAuthenticationHandler getSimpleTestAuthenticationHandler() {
        return new SimpleTestUsernamePasswordAuthenticationHandler();
    }

    private static AcceptUsersAuthenticationHandler getAcceptUsersAuthenticationHandler() {
        return new AcceptUsersAuthenticationHandler(Map.of("casuser", "Mellon"));
    }

    private static OneTimePasswordCredential getOtpCredential() {
        return new OneTimePasswordCredential("test", "123456789");
    }

    private static TestOneTimePasswordAuthenticationHandler getTestOtpAuthenticationHandler() {
        return new TestOneTimePasswordAuthenticationHandler(Map.of("casuser", "123456789"));
    }

    @Test
    void verifyAllAuthenticationHandlersSucceededAuthenticationPolicy() throws Throwable {
        List<? extends AuthenticationHandler> of = List.of(getTestOtpAuthenticationHandler(), getAcceptUsersAuthenticationHandler(), getSimpleTestAuthenticationHandler());
        Service service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
        ServiceTicketValidationAuthorizer authorizer = getAuthorizer(new AllAuthenticationHandlersSucceededAuthenticationPolicy(), of);
        Assertion assertion = getAssertion(Map.of(new UsernamePasswordCredential(), getAcceptUsersAuthenticationHandler(), getOtpCredential(), getTestOtpAuthenticationHandler()));
        Assertions.assertDoesNotThrow(() -> {
            authorizer.authorize(new MockHttpServletRequest(), service, assertion);
        });
    }

    @Test
    void verifyAllCredentialsValidatedAuthenticationPolicy() throws Throwable {
        List<? extends AuthenticationHandler> of = List.of(getTestOtpAuthenticationHandler(), getAcceptUsersAuthenticationHandler(), getSimpleTestAuthenticationHandler());
        Service service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
        ServiceTicketValidationAuthorizer authorizer = getAuthorizer(new AllCredentialsValidatedAuthenticationPolicy(), of);
        Assertion assertion = getAssertion(Map.of(new UsernamePasswordCredential(), getAcceptUsersAuthenticationHandler(), getOtpCredential(), getTestOtpAuthenticationHandler()));
        Assertions.assertDoesNotThrow(() -> {
            authorizer.authorize(new MockHttpServletRequest(), service, assertion);
        });
    }

    @Test
    void verifyRequiredHandlerAuthenticationPolicy() throws Throwable {
        AcceptUsersAuthenticationHandler acceptUsersAuthenticationHandler = getAcceptUsersAuthenticationHandler();
        List<? extends AuthenticationHandler> of = List.of(getTestOtpAuthenticationHandler(), acceptUsersAuthenticationHandler, getSimpleTestAuthenticationHandler());
        Service service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
        ServiceTicketValidationAuthorizer authorizer = getAuthorizer(new RequiredAuthenticationHandlerAuthenticationPolicy(acceptUsersAuthenticationHandler.getName()), of);
        Assertion assertion = getAssertion(Map.of(new UsernamePasswordCredential(), acceptUsersAuthenticationHandler, getOtpCredential(), getTestOtpAuthenticationHandler()));
        Assertions.assertDoesNotThrow(() -> {
            authorizer.authorize(new MockHttpServletRequest(), service, assertion);
        });
    }

    @Test
    void verifyRequiredHandlerAuthenticationPolicyTryAll() throws Throwable {
        AcceptUsersAuthenticationHandler acceptUsersAuthenticationHandler = getAcceptUsersAuthenticationHandler();
        List<? extends AuthenticationHandler> of = List.of(getTestOtpAuthenticationHandler(), acceptUsersAuthenticationHandler, getSimpleTestAuthenticationHandler());
        Service service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
        ServiceTicketValidationAuthorizer authorizer = getAuthorizer(new RequiredAuthenticationHandlerAuthenticationPolicy(Set.of(acceptUsersAuthenticationHandler.getName()), true), of);
        Assertion assertion = getAssertion(Map.of(new UsernamePasswordCredential(), acceptUsersAuthenticationHandler, getOtpCredential(), getTestOtpAuthenticationHandler()));
        Assertions.assertDoesNotThrow(() -> {
            authorizer.authorize(new MockHttpServletRequest(), service, assertion);
        });
    }

    @Test
    void verifyOperationWithHandlersAndAtLeastOneCredential() throws Throwable {
        List<? extends AuthenticationHandler> of = List.of(getTestOtpAuthenticationHandler(), getAcceptUsersAuthenticationHandler(), getSimpleTestAuthenticationHandler());
        Service service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
        ServiceTicketValidationAuthorizer authorizer = getAuthorizer(new AtLeastOneCredentialValidatedAuthenticationPolicy(), of);
        Assertion assertion = getAssertion(Map.of(new UsernamePasswordCredential(), getAcceptUsersAuthenticationHandler(), getOtpCredential(), getTestOtpAuthenticationHandler()));
        Assertions.assertDoesNotThrow(() -> {
            authorizer.authorize(new MockHttpServletRequest(), service, assertion);
        });
    }

    @Test
    void verifyOperationWithHandlersAndAtLeastOneCredentialMustTryAll() throws Throwable {
        List<? extends AuthenticationHandler> of = List.of(getTestOtpAuthenticationHandler(), getAcceptUsersAuthenticationHandler(), getSimpleTestAuthenticationHandler());
        Service service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
        ServiceTicketValidationAuthorizer authorizer = getAuthorizer(new AtLeastOneCredentialValidatedAuthenticationPolicy(true), of);
        Assertion assertion = getAssertion(Map.of(new UsernamePasswordCredential(), getAcceptUsersAuthenticationHandler(), getOtpCredential(), getTestOtpAuthenticationHandler()));
        Assertions.assertDoesNotThrow(() -> {
            authorizer.authorize(new MockHttpServletRequest(), service, assertion);
        });
    }

    @Test
    void verifyOperationWithExcludedHandlers() throws Throwable {
        TestOneTimePasswordAuthenticationHandler testOtpAuthenticationHandler = getTestOtpAuthenticationHandler();
        SimpleTestUsernamePasswordAuthenticationHandler simpleTestAuthenticationHandler = getSimpleTestAuthenticationHandler();
        List<? extends AuthenticationHandler> of = List.of(testOtpAuthenticationHandler, getAcceptUsersAuthenticationHandler(), simpleTestAuthenticationHandler);
        Service service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
        ServiceTicketValidationAuthorizer authorizer = getAuthorizer(new ExcludedAuthenticationHandlerAuthenticationPolicy(Set.of(testOtpAuthenticationHandler.getName(), simpleTestAuthenticationHandler.getName()), false), of);
        Assertion assertion = getAssertion(Map.of(new UsernamePasswordCredential(), getAcceptUsersAuthenticationHandler(), getOtpCredential(), testOtpAuthenticationHandler));
        Assertions.assertThrows(UnauthorizedServiceException.class, () -> {
            authorizer.authorize(new MockHttpServletRequest(), service, assertion);
        });
    }

    private ServiceTicketValidationAuthorizer getAuthorizer(AuthenticationPolicy authenticationPolicy, List<? extends AuthenticationHandler> list) {
        DefaultAuthenticationEventExecutionPlan defaultAuthenticationEventExecutionPlan = new DefaultAuthenticationEventExecutionPlan();
        defaultAuthenticationEventExecutionPlan.registerAuthenticationHandlers(list);
        defaultAuthenticationEventExecutionPlan.registerAuthenticationPolicy(authenticationPolicy);
        return new AuthenticationPolicyAwareServiceTicketValidationAuthorizer(this.servicesManager, defaultAuthenticationEventExecutionPlan, this.applicationContext);
    }
}
