package org.apereo.cas.adaptors.duo.web.flow.action;

import com.duosecurity.Client;
import com.duosecurity.model.Token;
import java.util.Optional;
import java.util.UUID;
import org.apereo.cas.BaseCasWebflowMultifactorAuthenticationTests;
import org.apereo.cas.adaptors.duo.BaseDuoSecurityTests;
import org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationResult;
import org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationService;
import org.apereo.cas.adaptors.duo.authn.DuoSecurityMultifactorAuthenticationProvider;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationResultBuilder;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.MultifactorAuthenticationProviderBean;
import org.apereo.cas.authentication.mfa.TestMultifactorAuthenticationProvider;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.DuoSecurityMultifactorAuthenticationProperties;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.ticket.TransientSessionTicket;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.webflow.context.ExternalContextHolder;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.execution.Action;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContextHolder;
import org.springframework.webflow.test.MockRequestContext;

@Tag("WebflowMfaActions")
@EnableConfigurationProperties({CasConfigurationProperties.class})
@SpringBootTest(classes = {DuoSecurityUniversalPromptValidateLoginActionTestConfiguration.class, BaseDuoSecurityTests.SharedTestConfiguration.class}, properties = {"cas.authn.mfa.duo[0].duo-secret-key=Q2IU2i8BFNd6VYflZT8Evl6lF7oPlj3PM15BmRU7", "cas.authn.mfa.duo[0].mode=UNIVERSAL", "cas.authn.mfa.duo[0].duo-integration-key=DIOXVRZD2UMZ8XXMNFQ5", "cas.authn.mfa.duo[0].trusted-device-enabled=true", "cas.authn.mfa.duo[0].duo-api-host=theapi.duosecurity.com"})
/* loaded from: input_file:org/apereo/cas/adaptors/duo/web/flow/action/DuoSecurityUniversalPromptValidateLoginActionTests.class */
public class DuoSecurityUniversalPromptValidateLoginActionTests extends BaseCasWebflowMultifactorAuthenticationTests {

    @Autowired
    @Qualifier("duoUniversalPromptValidateLoginAction")
    private Action duoUniversalPromptValidateLoginAction;

    @Autowired
    @Qualifier("duoUniversalPromptPrepareLoginAction")
    private Action duoUniversalPromptPrepareLoginAction;

    @TestConfiguration("DuoSecurityUniversalPromptValidateLoginActionTestConfiguration")
    /* loaded from: input_file:org/apereo/cas/adaptors/duo/web/flow/action/DuoSecurityUniversalPromptValidateLoginActionTests$DuoSecurityUniversalPromptValidateLoginActionTestConfiguration.class */
    public static class DuoSecurityUniversalPromptValidateLoginActionTestConfiguration {
        @Bean
        public MultifactorAuthenticationProviderBean<DuoSecurityMultifactorAuthenticationProvider, DuoSecurityMultifactorAuthenticationProperties> duoProviderBean() throws Exception {
            Token token = new Token();
            token.setSub("casuser");
            Client client = (Client) Mockito.mock(Client.class);
            Mockito.when(client.generateState()).thenReturn(UUID.randomUUID().toString());
            Mockito.when(client.createAuthUrl(Mockito.anyString(), Mockito.anyString())).thenReturn("https://duo.com");
            Mockito.when(client.exchangeAuthorizationCodeFor2FAResult(Mockito.anyString(), Mockito.anyString())).thenReturn(token);
            DuoSecurityAuthenticationService duoSecurityAuthenticationService = (DuoSecurityAuthenticationService) Mockito.mock(DuoSecurityAuthenticationService.class);
            Mockito.when(duoSecurityAuthenticationService.getDuoClient()).thenReturn(Optional.of(client));
            Mockito.when(duoSecurityAuthenticationService.authenticate((Credential) Mockito.any())).thenReturn(DuoSecurityAuthenticationResult.builder().success(true).username("casuser").build());
            DuoSecurityMultifactorAuthenticationProvider duoSecurityMultifactorAuthenticationProvider = (DuoSecurityMultifactorAuthenticationProvider) Mockito.mock(DuoSecurityMultifactorAuthenticationProvider.class);
            Mockito.when(duoSecurityMultifactorAuthenticationProvider.getId()).thenReturn("mfa-duo");
            Mockito.when(duoSecurityMultifactorAuthenticationProvider.createUniqueId()).thenReturn("mfa-duo");
            Mockito.when(Boolean.valueOf(duoSecurityMultifactorAuthenticationProvider.validateId(Mockito.anyString()))).thenReturn(Boolean.TRUE);
            Mockito.when(duoSecurityMultifactorAuthenticationProvider.getDuoAuthenticationService()).thenReturn(duoSecurityAuthenticationService);
            MultifactorAuthenticationProviderBean<DuoSecurityMultifactorAuthenticationProvider, DuoSecurityMultifactorAuthenticationProperties> multifactorAuthenticationProviderBean = (MultifactorAuthenticationProviderBean) Mockito.mock(MultifactorAuthenticationProviderBean.class);
            Mockito.when(multifactorAuthenticationProviderBean.getProvider(Mockito.anyString())).thenReturn(duoSecurityMultifactorAuthenticationProvider);
            return multifactorAuthenticationProviderBean;
        }
    }

    @Test
    public void verifySkip() throws Exception {
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        Event execute = this.duoUniversalPromptValidateLoginAction.execute(mockRequestContext);
        Assertions.assertNotNull(execute);
        Assertions.assertEquals("skip", execute.getId());
    }

    @Test
    public void verifyError() throws Exception {
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        mockHttpServletRequest.addParameter("duo_code", "bad-code");
        mockHttpServletRequest.addParameter("state", "bad-state");
        Event execute = this.duoUniversalPromptValidateLoginAction.execute(mockRequestContext);
        Assertions.assertNotNull(execute);
        Assertions.assertEquals("error", execute.getId());
    }

    @Test
    public void verifyPass() throws Exception {
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        MultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(this.applicationContext, new TestMultifactorAuthenticationProvider(((DuoSecurityMultifactorAuthenticationProperties) this.casProperties.getAuthn().getMfa().getDuo().get(0)).getId()));
        Authentication authentication = RegisteredServiceTestUtils.getAuthentication();
        WebUtils.putAuthentication(authentication, mockRequestContext);
        WebUtils.putRegisteredService(mockRequestContext, RegisteredServiceTestUtils.getRegisteredService());
        WebUtils.putMultifactorAuthenticationProviderIdIntoFlowScope(mockRequestContext, registerProviderIntoApplicationContext);
        AuthenticationResultBuilder authenticationResultBuilder = (AuthenticationResultBuilder) Mockito.mock(AuthenticationResultBuilder.class);
        Mockito.when(authenticationResultBuilder.getInitialAuthentication()).thenReturn(Optional.of(authentication));
        Mockito.when(authenticationResultBuilder.collect((Authentication) Mockito.any(Authentication.class))).thenReturn(authenticationResultBuilder);
        WebUtils.putAuthenticationResultBuilder(authenticationResultBuilder, mockRequestContext);
        TransientSessionTicket transientSessionTicket = (TransientSessionTicket) this.duoUniversalPromptPrepareLoginAction.execute(mockRequestContext).getAttributes().get("result");
        mockHttpServletRequest.addParameter("duo_code", UUID.randomUUID().toString());
        mockHttpServletRequest.addParameter("state", transientSessionTicket.getId());
        Event execute = this.duoUniversalPromptValidateLoginAction.execute(mockRequestContext);
        Assertions.assertNotNull(execute);
        Assertions.assertEquals("success", execute.getId());
    }
}
