package org.apereo.cas.gauth.credential;

import com.warrenstrange.googleauth.GoogleAuthenticator;
import com.warrenstrange.googleauth.GoogleAuthenticatorConfig;
import com.warrenstrange.googleauth.IGoogleAuthenticator;
import java.util.LinkedHashMap;
import java.util.Locale;
import java.util.Map;
import java.util.UUID;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.authentication.OneTimeTokenAccount;
import org.apereo.cas.config.CasCookieConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationHandlersConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationMetadataConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationPolicyConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationPrincipalConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationServiceSelectionStrategyConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationSupportConfiguration;
import org.apereo.cas.config.CasCoreConfiguration;
import org.apereo.cas.config.CasCoreHttpConfiguration;
import org.apereo.cas.config.CasCoreLogoutConfiguration;
import org.apereo.cas.config.CasCoreMultifactorAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreNotificationsConfiguration;
import org.apereo.cas.config.CasCoreServicesAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreServicesConfiguration;
import org.apereo.cas.config.CasCoreTicketCatalogConfiguration;
import org.apereo.cas.config.CasCoreTicketIdGeneratorsConfiguration;
import org.apereo.cas.config.CasCoreTicketsConfiguration;
import org.apereo.cas.config.CasCoreTicketsSerializationConfiguration;
import org.apereo.cas.config.CasCoreUtilConfiguration;
import org.apereo.cas.config.CasCoreWebConfiguration;
import org.apereo.cas.config.CasCoreWebflowConfiguration;
import org.apereo.cas.config.CasMultifactorAuthenticationWebflowConfiguration;
import org.apereo.cas.config.CasPersonDirectoryConfiguration;
import org.apereo.cas.config.CasPersonDirectoryStubConfiguration;
import org.apereo.cas.config.CasWebApplicationServiceFactoryConfiguration;
import org.apereo.cas.config.CasWebflowContextConfiguration;
import org.apereo.cas.config.GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration;
import org.apereo.cas.config.GoogleAuthenticatorAuthenticationMultifactorProviderBypassConfiguration;
import org.apereo.cas.otp.repository.credentials.OneTimeTokenCredentialRepository;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.springframework.boot.SpringBootConfiguration;
import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
import org.springframework.boot.autoconfigure.aop.AopAutoConfiguration;
import org.springframework.boot.autoconfigure.mail.MailSenderAutoConfiguration;
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.context.annotation.Import;

/* loaded from: input_file:org/apereo/cas/gauth/credential/BaseOneTimeTokenCredentialRepositoryTests.class */
public abstract class BaseOneTimeTokenCredentialRepositoryTests {
    public static final String PLAIN_SECRET = "plain_secret";
    private final Map<Pair<String, String>, OneTimeTokenAccount> accountHashMap = new LinkedHashMap();
    private IGoogleAuthenticator google;

    @Mock
    private CipherExecutor<String, String> cipherExecutor;

    @SpringBootConfiguration
    @ImportAutoConfiguration({RefreshAutoConfiguration.class, MailSenderAutoConfiguration.class, WebMvcAutoConfiguration.class, AopAutoConfiguration.class})
    @Import({CasCoreWebflowConfiguration.class, CasWebflowContextConfiguration.class, CasCoreMultifactorAuthenticationConfiguration.class, CasMultifactorAuthenticationWebflowConfiguration.class, GoogleAuthenticatorAuthenticationMultifactorProviderBypassConfiguration.class, CasCoreTicketsConfiguration.class, CasCoreTicketIdGeneratorsConfiguration.class, CasCoreTicketsSerializationConfiguration.class, CasCoreTicketCatalogConfiguration.class, CasCoreLogoutConfiguration.class, CasCoreHttpConfiguration.class, CasCoreNotificationsConfiguration.class, CasCoreServicesConfiguration.class, CasWebApplicationServiceFactoryConfiguration.class, CasCoreAuthenticationConfiguration.class, CasCoreServicesAuthenticationConfiguration.class, CasCoreAuthenticationMetadataConfiguration.class, CasCoreAuthenticationPolicyConfiguration.class, CasCoreAuthenticationPrincipalConfiguration.class, CasCoreAuthenticationHandlersConfiguration.class, CasCoreAuthenticationSupportConfiguration.class, CasPersonDirectoryConfiguration.class, CasPersonDirectoryStubConfiguration.class, GoogleAuthenticatorAuthenticationEventExecutionPlanConfiguration.class, CasCookieConfiguration.class, CasCoreConfiguration.class, CasCoreAuthenticationServiceSelectionStrategyConfiguration.class, CasCoreUtilConfiguration.class, CasCoreWebConfiguration.class})
    /* loaded from: input_file:org/apereo/cas/gauth/credential/BaseOneTimeTokenCredentialRepositoryTests$SharedTestConfiguration.class */
    static class SharedTestConfiguration {
        SharedTestConfiguration() {
        }
    }

    public OneTimeTokenAccount getAccount(String str, String str2) {
        return this.accountHashMap.computeIfAbsent(Pair.of(str, str2), pair -> {
            return getRegistry((String) pair.getLeft()).create((String) pair.getRight());
        });
    }

    @BeforeEach
    public void initialize() {
        this.google = new GoogleAuthenticator(new GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder().build());
    }

    @AfterEach
    public void afterEach() {
        getRegistry("afterEach").deleteAll();
    }

    @Test
    void verifyCreate() throws Throwable {
        String usernameUnderTest = getUsernameUnderTest();
        OneTimeTokenAccount account = getAccount("verifyCreate", usernameUnderTest);
        Assertions.assertNotNull(account);
        OneTimeTokenCredentialRepository registry = getRegistry("verifyCreate");
        OneTimeTokenAccount build = OneTimeTokenAccount.builder().username(account.getUsername()).secretKey(account.getSecretKey()).validationCode(account.getValidationCode()).scratchCodes(account.getScratchCodes()).name(usernameUnderTest).build();
        OneTimeTokenAccount save = registry.save(build);
        Assertions.assertNotNull(registry.get(save.getId()));
        Assertions.assertNotNull(registry.get(build.getUsername(), save.getId()));
        Assertions.assertEquals(1L, registry.count());
        Assertions.assertEquals(1L, registry.count(save.getUsername()));
        registry.delete(account.getUsername());
        Assertions.assertTrue(registry.load().isEmpty());
        Assertions.assertEquals(0L, registry.count());
        Assertions.assertEquals(0L, registry.count(save.getUsername()));
    }

    @Test
    void verifySaveAndUpdate() throws Throwable {
        String usernameUnderTest = getUsernameUnderTest();
        OneTimeTokenAccount account = getAccount("verifySaveAndUpdate", usernameUnderTest);
        OneTimeTokenCredentialRepository registry = getRegistry("verifySaveAndUpdate");
        registry.save(OneTimeTokenAccount.builder().username(account.getUsername()).secretKey(account.getSecretKey()).validationCode(account.getValidationCode()).scratchCodes(account.getScratchCodes()).name(usernameUnderTest).build());
        OneTimeTokenAccount oneTimeTokenAccount = (OneTimeTokenAccount) registry.get(account.getUsername()).iterator().next();
        Assertions.assertNotNull(oneTimeTokenAccount, "Account not found");
        Assertions.assertNotNull(oneTimeTokenAccount.getRegistrationDate());
        Assertions.assertEquals(account.getValidationCode(), oneTimeTokenAccount.getValidationCode());
        Assertions.assertEquals(account.getSecretKey(), oneTimeTokenAccount.getSecretKey());
        oneTimeTokenAccount.setSecretKey("newSecret");
        oneTimeTokenAccount.setValidationCode(999666);
        registry.update(oneTimeTokenAccount);
        OneTimeTokenAccount oneTimeTokenAccount2 = (OneTimeTokenAccount) registry.get(usernameUnderTest).iterator().next();
        Assertions.assertEquals(999666, oneTimeTokenAccount2.getValidationCode());
        Assertions.assertEquals("newSecret", oneTimeTokenAccount2.getSecretKey());
        registry.delete(oneTimeTokenAccount2.getId());
        Assertions.assertNull(registry.get(oneTimeTokenAccount2.getId()));
    }

    @Test
    void verifyGet() throws Throwable {
        String usernameUnderTest = getUsernameUnderTest();
        OneTimeTokenCredentialRepository registry = getRegistry("verifyGet");
        Assertions.assertTrue(registry.get(usernameUnderTest).isEmpty());
        OneTimeTokenAccount account = getAccount("verifyGet", usernameUnderTest);
        registry.save(OneTimeTokenAccount.builder().username(account.getUsername()).secretKey(account.getSecretKey()).validationCode(account.getValidationCode()).scratchCodes(account.getScratchCodes()).name(usernameUnderTest).build());
        OneTimeTokenAccount oneTimeTokenAccount = (OneTimeTokenAccount) registry.get(usernameUnderTest).iterator().next();
        Assertions.assertNotNull(oneTimeTokenAccount, "Account not found");
        Assertions.assertEquals(account.getUsername(), oneTimeTokenAccount.getUsername());
        Assertions.assertEquals(account.getValidationCode(), oneTimeTokenAccount.getValidationCode());
        Assertions.assertEquals(account.getSecretKey(), oneTimeTokenAccount.getSecretKey());
        Assertions.assertEquals(account.getScratchCodes().stream().sorted().map((v0) -> {
            return v0.intValue();
        }).collect(Collectors.toList()), oneTimeTokenAccount.getScratchCodes().stream().sorted().map((v0) -> {
            return v0.intValue();
        }).collect(Collectors.toList()));
        registry.delete(oneTimeTokenAccount.getId());
    }

    @Test
    void verifyCaseSensitivity() throws Throwable {
        String lowerCase = getUsernameUnderTest().toLowerCase(Locale.ENGLISH);
        OneTimeTokenAccount account = getAccount("verifyCaseSensitivity", lowerCase);
        Assertions.assertNotNull(account);
        OneTimeTokenCredentialRepository registry = getRegistry("verifyCaseSensitivity");
        OneTimeTokenAccount save = registry.save(OneTimeTokenAccount.builder().username(account.getUsername()).secretKey(account.getSecretKey()).validationCode(account.getValidationCode()).scratchCodes(account.getScratchCodes()).name(lowerCase).build());
        Assertions.assertNotNull(save);
        Assertions.assertNotNull(registry.get(save.getId()));
        Assertions.assertNotNull(registry.get(save.getUsername().toUpperCase(Locale.ENGLISH), save.getId()));
        Assertions.assertEquals(1L, registry.count());
        Assertions.assertEquals(1L, registry.count(save.getUsername().toUpperCase(Locale.ENGLISH)));
        registry.delete(account.getUsername().toUpperCase(Locale.ENGLISH));
        Assertions.assertTrue(registry.load().isEmpty());
        Assertions.assertEquals(0L, registry.count());
        Assertions.assertEquals(0L, registry.count(save.getUsername().toUpperCase(Locale.ENGLISH)));
    }

    @Test
    void verifyGetWithDecodedSecret() throws Throwable {
        String usernameUnderTest = getUsernameUnderTest();
        Mockito.when((String) this.cipherExecutor.encode(PLAIN_SECRET)).thenReturn("abc321");
        Mockito.when((String) this.cipherExecutor.decode("abc321")).thenReturn(PLAIN_SECRET);
        OneTimeTokenCredentialRepository registry = getRegistry("verifyGetWithDecodedSecret");
        OneTimeTokenAccount account = getAccount("verifyGetWithDecodedSecret", usernameUnderTest);
        account.setSecretKey(PLAIN_SECRET);
        registry.save(OneTimeTokenAccount.builder().username(account.getUsername()).secretKey(account.getSecretKey()).validationCode(account.getValidationCode()).scratchCodes(account.getScratchCodes()).name(usernameUnderTest).build());
        Assertions.assertEquals(PLAIN_SECRET, ((OneTimeTokenAccount) registry.get(usernameUnderTest).iterator().next()).getSecretKey());
    }

    public OneTimeTokenCredentialRepository getRegistry(String str) {
        return getRegistry();
    }

    public abstract OneTimeTokenCredentialRepository getRegistry();

    protected String getUsernameUnderTest() throws Exception {
        return UUID.randomUUID().toString();
    }

    @Generated
    public Map<Pair<String, String>, OneTimeTokenAccount> getAccountHashMap() {
        return this.accountHashMap;
    }

    @Generated
    public IGoogleAuthenticator getGoogle() {
        return this.google;
    }

    @Generated
    public CipherExecutor<String, String> getCipherExecutor() {
        return this.cipherExecutor;
    }
}
