package org.apereo.cas.adaptors.duo.web.flow.action;

import com.duosecurity.Client;
import com.duosecurity.model.AccessDevice;
import com.duosecurity.model.Application;
import com.duosecurity.model.AuthContext;
import com.duosecurity.model.AuthDevice;
import com.duosecurity.model.AuthResult;
import com.duosecurity.model.Location;
import com.duosecurity.model.Token;
import com.duosecurity.model.User;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import org.apereo.cas.BaseCasWebflowMultifactorAuthenticationTests;
import org.apereo.cas.adaptors.duo.BaseDuoSecurityTests;
import org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationService;
import org.apereo.cas.authentication.DefaultAuthenticationResultBuilder;
import org.apereo.cas.authentication.MultifactorAuthenticationPrincipalResolver;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.mfa.TestMultifactorAuthenticationProvider;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.duo.DuoSecurityMultifactorAuthenticationProperties;
import org.apereo.cas.pac4j.BrowserWebStorageSessionStore;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.util.spring.ApplicationContextProvider;
import org.apereo.cas.web.BrowserSessionStorage;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.pac4j.jee.context.JEEContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.webflow.context.ExternalContextHolder;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.execution.Action;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContextHolder;
import org.springframework.webflow.test.MockRequestContext;

@Tag("DuoSecurity")
@EnableConfigurationProperties({CasConfigurationProperties.class})
@SpringBootTest(classes = {DuoSecurityUniversalPromptValidateLoginActionTestConfiguration.class, BaseDuoSecurityTests.SharedTestConfiguration.class}, properties = {"cas.authn.mfa.duo[0].duo-secret-key=Q2IU2i8BFNd6VYflZT8Evl6lF7oPlj3PM15BmRU7", "cas.authn.mfa.duo[0].duo-integration-key=DIOXVRZD2UMZ8XXMNFQ5", "cas.authn.mfa.duo[0].trusted-device-enabled=true", "cas.authn.mfa.duo[0].duo-api-host=theapi.duosecurity.com"})
/* loaded from: input_file:org/apereo/cas/adaptors/duo/web/flow/action/DuoSecurityUniversalPromptValidateLoginActionTests.class */
class DuoSecurityUniversalPromptValidateLoginActionTests extends BaseCasWebflowMultifactorAuthenticationTests {

    @Autowired
    @Qualifier("duoUniversalPromptSessionStore")
    private BrowserWebStorageSessionStore duoUniversalPromptSessionStore;

    @Autowired
    @Qualifier("duoUniversalPromptValidateLoginAction")
    private Action duoUniversalPromptValidateLoginAction;

    @Autowired
    @Qualifier("duoUniversalPromptPrepareLoginAction")
    private Action duoUniversalPromptPrepareLoginAction;

    @Autowired
    private ConfigurableApplicationContext configurableApplicationContext;

    @TestConfiguration(value = "DuoSecurityUniversalPromptValidateLoginActionTestConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/adaptors/duo/web/flow/action/DuoSecurityUniversalPromptValidateLoginActionTests$DuoSecurityUniversalPromptValidateLoginActionTestConfiguration.class */
    static class DuoSecurityUniversalPromptValidateLoginActionTestConfiguration {
        DuoSecurityUniversalPromptValidateLoginActionTestConfiguration() {
        }

        @Bean
        public Client duoUniversalPromptAuthenticationClient() throws Exception {
            Token token = new Token();
            token.setSub("casuser");
            User user = new User();
            user.setKey(UUID.randomUUID().toString());
            user.setName("casuser");
            AuthContext authContext = new AuthContext();
            Application application = new Application();
            application.setKey(UUID.randomUUID().toString());
            application.setName("CAS");
            authContext.setApplication(application);
            authContext.setUser(user);
            authContext.setEvent_type("auth");
            AccessDevice accessDevice = new AccessDevice();
            accessDevice.setIp("1.2.3.4");
            Location location = new Location();
            location.setCity("London");
            location.setCountry("UK");
            accessDevice.setLocation(location);
            authContext.setAccess_device(accessDevice);
            AuthDevice authDevice = new AuthDevice();
            authDevice.setLocation(location);
            authDevice.setIp("1.2.3.4");
            authContext.setAuth_device(authDevice);
            token.setAuth_context(authContext);
            AuthResult authResult = new AuthResult();
            authResult.setResult("OK");
            token.setAuth_result(authResult);
            Client client = (Client) Mockito.mock(Client.class);
            Mockito.when(client.generateState()).thenReturn(UUID.randomUUID().toString());
            Mockito.when(client.createAuthUrl(Mockito.anyString(), Mockito.anyString())).thenReturn("https://duo.com");
            Mockito.when(client.exchangeAuthorizationCodeFor2FAResult(Mockito.anyString(), Mockito.anyString())).thenReturn(token);
            return client;
        }
    }

    DuoSecurityUniversalPromptValidateLoginActionTests() {
    }

    @Test
    void verifySkip() throws Exception {
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        Event execute = this.duoUniversalPromptValidateLoginAction.execute(mockRequestContext);
        Assertions.assertNotNull(execute);
        Assertions.assertEquals("skip", execute.getId());
    }

    @Test
    void verifyError() throws Exception {
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        mockHttpServletRequest.addParameter("duo_code", "bad-code");
        mockHttpServletRequest.addParameter("state", "bad-state");
        Event execute = this.duoUniversalPromptValidateLoginAction.execute(mockRequestContext);
        Assertions.assertNotNull(execute);
        Assertions.assertEquals("restore", execute.getId());
    }

    @Test
    void verifyPass() throws Exception {
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        JEEContext jEEContext = new JEEContext(mockHttpServletRequest, mockHttpServletResponse);
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, mockHttpServletResponse));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        MultifactorAuthenticationProvider registerProviderIntoApplicationContext = TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(this.applicationContext, new TestMultifactorAuthenticationProvider(((DuoSecurityMultifactorAuthenticationProperties) this.casProperties.getAuthn().getMfa().getDuo().get(0)).getId()));
        this.configurableApplicationContext.getBeansOfType(MultifactorAuthenticationPrincipalResolver.class).forEach((str, multifactorAuthenticationPrincipalResolver) -> {
            ApplicationContextProvider.registerBeanIntoApplicationContext(this.applicationContext, multifactorAuthenticationPrincipalResolver, str);
        });
        WebUtils.putAuthentication(RegisteredServiceTestUtils.getAuthentication(), mockRequestContext);
        WebUtils.putRegisteredService(mockRequestContext, RegisteredServiceTestUtils.getRegisteredService());
        WebUtils.putMultifactorAuthenticationProvider(mockRequestContext, registerProviderIntoApplicationContext);
        WebUtils.putTargetTransition(mockRequestContext, "targetDestination");
        WebUtils.putAuthenticationResultBuilder(new DefaultAuthenticationResultBuilder().collect(RegisteredServiceTestUtils.getAuthentication()), mockRequestContext);
        mockRequestContext.getFlashScope().put("name", "value");
        mockRequestContext.getConversationScope().put("name", "value");
        mockRequestContext.getRequestScope().put("name", "value");
        BrowserSessionStorage browserSessionStorage = (BrowserSessionStorage) this.duoUniversalPromptPrepareLoginAction.execute(mockRequestContext).getAttributes().get("result");
        Optional buildFromTrackableSession = this.duoUniversalPromptSessionStore.buildFromTrackableSession(jEEContext, browserSessionStorage);
        Class<BrowserWebStorageSessionStore> cls = BrowserWebStorageSessionStore.class;
        Objects.requireNonNull(BrowserWebStorageSessionStore.class);
        Map sessionAttributes = ((BrowserWebStorageSessionStore) buildFromTrackableSession.map((v1) -> {
            return r1.cast(v1);
        }).orElseThrow()).getSessionAttributes();
        mockHttpServletRequest.addParameter("duo_code", UUID.randomUUID().toString());
        mockHttpServletRequest.addParameter("state", sessionAttributes.get(DuoSecurityAuthenticationService.class.getSimpleName()).toString());
        mockHttpServletRequest.addParameter("sessionStorage", browserSessionStorage.getPayload());
        Event execute = this.duoUniversalPromptValidateLoginAction.execute(mockRequestContext);
        Assertions.assertNotNull(execute);
        Assertions.assertEquals("targetDestination", execute.getId());
        Assertions.assertNotNull(WebUtils.getAuthentication(mockRequestContext));
        Assertions.assertNotNull(WebUtils.getRegisteredService(mockRequestContext));
        Assertions.assertNotNull(WebUtils.getAuthenticationResult(mockRequestContext));
    }
}
