package org.apereo.cas.gauth.credential;

import com.warrenstrange.googleauth.IGoogleAuthenticator;
import java.util.List;
import java.util.UUID;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountNotFoundException;
import lombok.Generated;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.OneTimeToken;
import org.apereo.cas.authentication.OneTimeTokenAccount;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.gauth.BaseGoogleAuthenticatorTests;
import org.apereo.cas.gauth.token.GoogleAuthenticatorToken;
import org.apereo.cas.otp.repository.credentials.OneTimeTokenCredentialRepository;
import org.apereo.cas.otp.repository.credentials.OneTimeTokenCredentialValidator;
import org.apereo.cas.otp.repository.token.OneTimeTokenRepository;
import org.apereo.cas.util.CollectionUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.annotation.Bean;

@Tag("MFA")
@SpringBootTest(classes = {GoogleAuthenticatorOneTimeTokenCredentialValidatorTestConfiguration.class, BaseGoogleAuthenticatorTests.SharedTestConfiguration.class})
/* loaded from: input_file:org/apereo/cas/gauth/credential/GoogleAuthenticatorOneTimeTokenCredentialValidatorTests.class */
public class GoogleAuthenticatorOneTimeTokenCredentialValidatorTests {

    @Autowired
    @Qualifier("googleAuthenticatorOneTimeTokenCredentialValidator")
    private OneTimeTokenCredentialValidator<GoogleAuthenticatorTokenCredential, GoogleAuthenticatorToken> validator;

    @Autowired
    @Qualifier("googleAuthenticatorAccountRegistry")
    private OneTimeTokenCredentialRepository googleAuthenticatorAccountRegistry;

    @Autowired
    @Qualifier("oneTimeTokenAuthenticatorTokenRepository")
    private OneTimeTokenRepository oneTimeTokenAuthenticatorTokenRepository;

    @TestConfiguration("GoogleAuthenticatorOneTimeTokenCredentialValidatorTestConfiguration")
    /* loaded from: input_file:org/apereo/cas/gauth/credential/GoogleAuthenticatorOneTimeTokenCredentialValidatorTests$GoogleAuthenticatorOneTimeTokenCredentialValidatorTestConfiguration.class */
    public static class GoogleAuthenticatorOneTimeTokenCredentialValidatorTestConfiguration {
        @Bean
        public IGoogleAuthenticator googleAuthenticatorInstance() {
            IGoogleAuthenticator iGoogleAuthenticator = (IGoogleAuthenticator) Mockito.mock(IGoogleAuthenticator.class);
            Mockito.when(Boolean.valueOf(iGoogleAuthenticator.authorize(Mockito.anyString(), ArgumentMatchers.eq(123456)))).thenReturn(Boolean.TRUE);
            Mockito.when(Boolean.valueOf(iGoogleAuthenticator.authorize(Mockito.anyString(), ArgumentMatchers.eq(987654)))).thenReturn(Boolean.FALSE);
            Mockito.when(Boolean.valueOf(iGoogleAuthenticator.authorize(Mockito.anyString(), ArgumentMatchers.eq(112233)))).thenThrow(new Throwable[]{new IllegalArgumentException()});
            return iGoogleAuthenticator;
        }
    }

    @Test
    public void verifyTokenAuthz() {
        OneTimeTokenAccount build = OneTimeTokenAccount.builder().username("casuser").name(UUID.randomUUID().toString()).secretKey("secret").validationCode(123456).scratchCodes(List.of()).build();
        Assertions.assertTrue(this.validator.isTokenAuthorizedFor(123456, build));
        Assertions.assertFalse(this.validator.isTokenAuthorizedFor(987654, build));
    }

    @Test
    public void verifyStore() {
        GoogleAuthenticatorToken googleAuthenticatorToken = new GoogleAuthenticatorToken(632435, "casuser");
        Assertions.assertDoesNotThrow(() -> {
            return this.validator.store(googleAuthenticatorToken);
        });
    }

    @Test
    public void verifyAcctValidation() throws Exception {
        GoogleAuthenticatorAccount build = GoogleAuthenticatorAccount.builder().username("casuser").name(UUID.randomUUID().toString()).secretKey("secret").validationCode(123456).scratchCodes(List.of()).build();
        this.googleAuthenticatorAccountRegistry.save(build);
        Assertions.assertNotNull(this.validator.validate(CoreAuthenticationTestUtils.getAuthentication(build.getUsername()), new GoogleAuthenticatorTokenCredential("123456", Long.valueOf(build.getId()))));
    }

    @Test
    public void verifyAcctValidationScratchCode() throws Exception {
        GoogleAuthenticatorAccount build = GoogleAuthenticatorAccount.builder().username("casuser").name(UUID.randomUUID().toString()).secretKey("secret").validationCode(123456).scratchCodes(CollectionUtils.wrapList(new Integer[]{834251})).build();
        this.googleAuthenticatorAccountRegistry.save(build);
        Assertions.assertNotNull(this.validator.validate(CoreAuthenticationTestUtils.getAuthentication(build.getUsername()), new GoogleAuthenticatorTokenCredential("834251", Long.valueOf(build.getId()))));
        Assertions.assertTrue(this.googleAuthenticatorAccountRegistry.get(build.getId()).getScratchCodes().isEmpty());
    }

    @Test
    public void verifyTokenReuse() {
        this.googleAuthenticatorAccountRegistry.save(GoogleAuthenticatorAccount.builder().username("casuser").name(UUID.randomUUID().toString()).secretKey("secret").validationCode(123456).scratchCodes(List.of()).build());
        this.oneTimeTokenAuthenticatorTokenRepository.store(new OneTimeToken(556644, "casuser"));
        Assertions.assertThrows(AccountExpiredException.class, () -> {
            this.validator.validate(CoreAuthenticationTestUtils.getAuthentication("casuser"), new GoogleAuthenticatorTokenCredential("556644", 123456L));
        });
    }

    @Test
    public void verifyBadToken() {
        Assertions.assertThrows(PreventedException.class, () -> {
            this.validator.validate(CoreAuthenticationTestUtils.getAuthentication("casuser"), new GoogleAuthenticatorTokenCredential("abcdefg", 123456L));
        });
        Assertions.assertThrows(AccountNotFoundException.class, () -> {
            this.validator.validate(CoreAuthenticationTestUtils.getAuthentication("unknown-user"), new GoogleAuthenticatorTokenCredential("112233", 123456L));
        });
    }

    @Test
    public void verifyMultipleAccountsWithNoId() {
        for (int i = 0; i < 2; i++) {
            this.googleAuthenticatorAccountRegistry.save(GoogleAuthenticatorAccount.builder().username("casuser").name(String.format("account-%s", Integer.valueOf(i))).secretKey("secret").validationCode(123456).scratchCodes(List.of(222222, 333333)).build());
        }
        GoogleAuthenticatorTokenCredential googleAuthenticatorTokenCredential = new GoogleAuthenticatorTokenCredential("112233", (Long) null);
        Assertions.assertThrows(PreventedException.class, () -> {
            this.validator.validate(CoreAuthenticationTestUtils.getAuthentication("casuser"), googleAuthenticatorTokenCredential);
        });
    }

    @Generated
    public OneTimeTokenCredentialValidator<GoogleAuthenticatorTokenCredential, GoogleAuthenticatorToken> getValidator() {
        return this.validator;
    }

    @Generated
    public OneTimeTokenCredentialRepository getGoogleAuthenticatorAccountRegistry() {
        return this.googleAuthenticatorAccountRegistry;
    }

    @Generated
    public OneTimeTokenRepository getOneTimeTokenAuthenticatorTokenRepository() {
        return this.oneTimeTokenAuthenticatorTokenRepository;
    }
}
