package org.apereo.cas.adaptors.duo.web.flow.action;

import java.util.UUID;
import org.apache.hc.core5.http.NameValuePair;
import org.apache.hc.core5.net.URIBuilder;
import org.apereo.cas.BaseCasWebflowMultifactorAuthenticationTests;
import org.apereo.cas.adaptors.duo.BaseDuoSecurityTests;
import org.apereo.cas.adaptors.duo.DuoSecurityUserAccount;
import org.apereo.cas.adaptors.duo.DuoSecurityUserAccountStatus;
import org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationService;
import org.apereo.cas.adaptors.duo.authn.DuoSecurityMultifactorAuthenticationProvider;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.MultifactorAuthenticationPrincipalResolver;
import org.apereo.cas.authentication.mfa.TestMultifactorAuthenticationProvider;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.duo.DuoSecurityMultifactorAuthenticationRegistrationProperties;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.util.MockServletContext;
import org.apereo.cas.util.spring.ApplicationContextProvider;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.context.support.StaticApplicationContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.execution.Action;
import org.springframework.webflow.execution.RequestContext;
import org.springframework.webflow.test.MockRequestContext;

@Tag("DuoSecurity")
@EnableConfigurationProperties({CasConfigurationProperties.class})
@SpringBootTest(classes = {BaseDuoSecurityTests.SharedTestConfiguration.class}, properties = {"cas.authn.mfa.duo[0].duo-secret-key=1234567890", "cas.authn.mfa.duo[0].duo-application-key=abcdefghijklmnop", "cas.authn.mfa.duo[0].duo-integration-key=QRSTUVWXYZ", "cas.authn.mfa.duo[0].duo-api-host=theapi.duosecurity.com"})
/* loaded from: input_file:org/apereo/cas/adaptors/duo/web/flow/action/DuoSecurityDetermineUserAccountActionTests.class */
public class DuoSecurityDetermineUserAccountActionTests extends BaseCasWebflowMultifactorAuthenticationTests {

    @Autowired
    @Qualifier("determineDuoUserAccountAction")
    private Action determineDuoUserAccountAction;

    private RequestContext verifyOperation(DuoSecurityUserAccountStatus duoSecurityUserAccountStatus, String str) {
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
        WebUtils.putServiceIntoFlowScope(mockRequestContext, CoreAuthenticationTestUtils.getWebApplicationService());
        Authentication authentication = CoreAuthenticationTestUtils.getAuthentication();
        WebUtils.putAuthentication(authentication, mockRequestContext);
        DuoSecurityUserAccount duoSecurityUserAccount = new DuoSecurityUserAccount(authentication.getPrincipal().getId());
        duoSecurityUserAccount.setStatus(duoSecurityUserAccountStatus);
        duoSecurityUserAccount.setEnrollPortalUrl("https://example.org");
        DuoSecurityAuthenticationService duoSecurityAuthenticationService = (DuoSecurityAuthenticationService) Mockito.mock(DuoSecurityAuthenticationService.class);
        Mockito.when(duoSecurityAuthenticationService.getUserAccount(Mockito.anyString())).thenReturn(duoSecurityUserAccount);
        DuoSecurityMultifactorAuthenticationProvider duoSecurityMultifactorAuthenticationProvider = (DuoSecurityMultifactorAuthenticationProvider) Mockito.mock(DuoSecurityMultifactorAuthenticationProvider.class);
        Mockito.when(duoSecurityMultifactorAuthenticationProvider.getId()).thenReturn("mfa-duo");
        Mockito.when(duoSecurityMultifactorAuthenticationProvider.getDuoAuthenticationService()).thenReturn(duoSecurityAuthenticationService);
        DuoSecurityMultifactorAuthenticationRegistrationProperties registrationUrl = new DuoSecurityMultifactorAuthenticationRegistrationProperties().setRegistrationUrl("https://registration.duo.com");
        registrationUrl.getCrypto().setEnabled(true);
        this.servicesManager.save(RegisteredServiceTestUtils.getRegisteredService("registration.duo.com"));
        Mockito.when(duoSecurityMultifactorAuthenticationProvider.getRegistration()).thenReturn(registrationUrl);
        Mockito.when(Boolean.valueOf(duoSecurityMultifactorAuthenticationProvider.matches(Mockito.anyString()))).thenReturn(Boolean.TRUE);
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
        ApplicationContextProvider.registerBeanIntoApplicationContext(staticApplicationContext, MultifactorAuthenticationPrincipalResolver.identical(), UUID.randomUUID().toString());
        WebUtils.putMultifactorAuthenticationProviderIdIntoFlowScope(mockRequestContext, duoSecurityMultifactorAuthenticationProvider);
        TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(staticApplicationContext, duoSecurityMultifactorAuthenticationProvider);
        Assertions.assertEquals(str, this.determineDuoUserAccountAction.execute(mockRequestContext).getId());
        return mockRequestContext;
    }

    @Test
    public void verifyOperationEnroll() throws Exception {
        String str = (String) verifyOperation(DuoSecurityUserAccountStatus.ENROLL, "enroll").getFlowScope().get("duoRegistrationUrl", String.class);
        Assertions.assertNotNull(str);
        Assertions.assertTrue(((NameValuePair) new URIBuilder(str).getQueryParams().get(0)).getName().equalsIgnoreCase("principal"));
    }

    @Test
    public void verifyOperationAllow() {
        verifyOperation(DuoSecurityUserAccountStatus.ALLOW, "bypass");
    }

    @Test
    public void verifyOperationDeny() {
        verifyOperation(DuoSecurityUserAccountStatus.DENY, "deny");
    }

    @Test
    public void verifyOperationUnavailable() {
        verifyOperation(DuoSecurityUserAccountStatus.UNAVAILABLE, "unavailable");
    }

    @Test
    public void verifyOperationAuth() {
        verifyOperation(DuoSecurityUserAccountStatus.AUTH, "success");
    }
}
