package org.apereo.cas.adaptors.duo.authn.passwordless;

import com.duosecurity.Client;
import java.net.URI;
import java.util.Map;
import org.apereo.cas.adaptors.duo.BaseDuoSecurityTests;
import org.apereo.cas.api.PasswordlessAuthenticationRequest;
import org.apereo.cas.api.PasswordlessUserAccount;
import org.apereo.cas.api.PasswordlessUserAccountStore;
import org.apereo.cas.config.CasPasswordlessAuthenticationAutoConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.duo.DuoSecurityMultifactorAuthenticationProperties;
import org.apereo.cas.test.CasTestExtension;
import org.apereo.cas.util.MockRequestContext;
import org.apereo.cas.util.MockWebServer;
import org.apereo.cas.web.flow.PasswordlessWebflowUtils;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.core.io.ClassPathResource;
import org.springframework.webflow.execution.Action;

@Tag("DuoSecurity")
@ExtendWith({CasTestExtension.class})
@EnableConfigurationProperties({CasConfigurationProperties.class})
@SpringBootTest(classes = {DuoSecurityTestConfiguration.class, BaseDuoSecurityTests.SharedTestConfiguration.class, CasPasswordlessAuthenticationAutoConfiguration.class}, properties = {"cas.http-client.host-name-verifier=none", "cas.authn.mfa.duo[0].duo-admin-secret-key=SIOXVQQD3UMZ8XXMNZQ8", "cas.authn.mfa.duo[0].duo-admin-integration-key=SIOXVQQD3UMZ8XXMNZQ8", "cas.authn.mfa.duo[0].duo-secret-key=aGKL0OndjtknbnVOWaFKosiqinNFEKXHxgXCJEBr", "cas.authn.mfa.duo[0].duo-integration-key=SIOXVQQD3UMZ8XXMNZQ8", "cas.authn.mfa.duo[0].duo-api-host=https://localhost:${random.int[3000,9999]}", "cas.authn.mfa.duo[0].passwordless-authentication-enabled=true"})
/* loaded from: input_file:org/apereo/cas/adaptors/duo/authn/passwordless/DuoSecurityPasswordlessUserAccountStoreTests.class */
class DuoSecurityPasswordlessUserAccountStoreTests {

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("passwordlessUserAccountStore")
    private PasswordlessUserAccountStore passwordlessUserAccountStore;

    @Autowired
    @Qualifier("duoSecurityVerifyPasswordlessAuthenticationAction")
    private Action duoSecurityVerifyPasswordlessAuthenticationAction;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    @TestConfiguration(value = "DuoSecurityTestConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/adaptors/duo/authn/passwordless/DuoSecurityPasswordlessUserAccountStoreTests$DuoSecurityTestConfiguration.class */
    static class DuoSecurityTestConfiguration {
        DuoSecurityTestConfiguration() {
        }

        @Bean
        public Client duoUniversalPromptAuthenticationClient() throws Exception {
            return (Client) Mockito.mock(Client.class);
        }
    }

    DuoSecurityPasswordlessUserAccountStoreTests() {
    }

    @Test
    void verifyOperation() throws Throwable {
        DuoSecurityMultifactorAuthenticationProperties duoSecurityMultifactorAuthenticationProperties = (DuoSecurityMultifactorAuthenticationProperties) this.casProperties.getAuthn().getMfa().getDuo().getFirst();
        MockWebServer mockWebServer = new MockWebServer(true, URI.create(duoSecurityMultifactorAuthenticationProperties.getDuoApiHost()).getPort(), new ClassPathResource("duo-adminapi-user.json"));
        try {
            mockWebServer.start();
            PasswordlessUserAccount passwordlessUserAccount = (PasswordlessUserAccount) this.passwordlessUserAccountStore.findUser(PasswordlessAuthenticationRequest.builder().username("casuser").build()).orElseThrow();
            Assertions.assertEquals("jsmith", passwordlessUserAccount.getUsername());
            Assertions.assertEquals("jsmith@example.com", passwordlessUserAccount.getEmail());
            Assertions.assertEquals(duoSecurityMultifactorAuthenticationProperties.getId(), passwordlessUserAccount.getSource());
            Assertions.assertNotNull(this.duoSecurityVerifyPasswordlessAuthenticationAction);
            mockWebServer.responseBodyJson(Map.of("stat", "OK", "response", Map.of("result", "allow", "status", "allow")));
            MockRequestContext create = MockRequestContext.create(this.applicationContext);
            PasswordlessWebflowUtils.putPasswordlessAuthenticationAccount(create, passwordlessUserAccount);
            Assertions.assertEquals("success", this.duoSecurityVerifyPasswordlessAuthenticationAction.execute(create).getId());
            Assertions.assertNotNull(WebUtils.getAuthentication(create));
            Assertions.assertNotNull(WebUtils.getCredential(create));
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
