package org.apereo.cas.gauth.web.flow;

import com.warrenstrange.googleauth.IGoogleAuthenticator;
import java.util.List;
import java.util.UUID;
import org.apereo.cas.gauth.BaseGoogleAuthenticatorTests;
import org.apereo.cas.gauth.credential.GoogleAuthenticatorAccount;
import org.apereo.cas.otp.repository.credentials.OneTimeTokenCredentialRepository;
import org.apereo.cas.test.CasTestExtension;
import org.apereo.cas.util.MockRequestContext;
import org.apereo.cas.util.RandomUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.junit.jupiter.api.parallel.Execution;
import org.junit.jupiter.api.parallel.ExecutionMode;
import org.junit.jupiter.api.parallel.ResourceAccessMode;
import org.junit.jupiter.api.parallel.ResourceLock;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpStatus;
import org.springframework.test.context.TestPropertySource;
import org.springframework.webflow.execution.Action;

@Tag("WebflowMfaActions")
@Execution(ExecutionMode.SAME_THREAD)
@ExtendWith({CasTestExtension.class})
@SpringBootTest(classes = {GoogleAuthenticatorSaveRegistrationActionTestConfiguration.class, BaseGoogleAuthenticatorTests.SharedTestConfiguration.class})
@ResourceLock(value = "googleAuthenticatorAccountRegistry", mode = ResourceAccessMode.READ_WRITE)
/* loaded from: input_file:org/apereo/cas/gauth/web/flow/GoogleAuthenticatorSaveRegistrationActionTests.class */
class GoogleAuthenticatorSaveRegistrationActionTests {

    @Autowired
    @Qualifier("googleSaveAccountRegistrationAction")
    private Action googleSaveAccountRegistrationAction;

    @Autowired
    @Qualifier("googleAuthenticatorAccountRegistry")
    private OneTimeTokenCredentialRepository googleAuthenticatorAccountRegistry;

    @Nested
    @TestPropertySource(properties = {"cas.authn.mfa.gauth.core.multiple-device-registration-enabled=true"})
    /* loaded from: input_file:org/apereo/cas/gauth/web/flow/GoogleAuthenticatorSaveRegistrationActionTests$DefaultTests.class */
    class DefaultTests {
        DefaultTests() {
        }

        @Test
        void verifyAccountValidationFails() throws Throwable {
            GoogleAuthenticatorAccount build = GoogleAuthenticatorAccount.builder().username(UUID.randomUUID().toString()).name(UUID.randomUUID().toString()).secretKey("secret").validationCode(123456).scratchCodes(List.of()).id(RandomUtils.nextLong()).build();
            MockRequestContext create = MockRequestContext.create();
            create.setParameter("token", "918273");
            create.setParameter("accountName", build.getName());
            create.getFlowScope().put("key", build);
            Assertions.assertEquals("error", GoogleAuthenticatorSaveRegistrationActionTests.this.googleSaveAccountRegistrationAction.execute(create).getId());
        }

        @Test
        void verifyAccountValidationOnly() throws Throwable {
            GoogleAuthenticatorAccount build = GoogleAuthenticatorAccount.builder().username(UUID.randomUUID().toString()).name(UUID.randomUUID().toString()).secretKey("secret").validationCode(123456).scratchCodes(List.of()).id(RandomUtils.nextLong()).build();
            MockRequestContext create = MockRequestContext.create();
            create.setParameter("token", String.valueOf(build.getValidationCode()));
            create.setParameter("accountName", build.getName());
            create.setParameter("validate", "true");
            create.getFlowScope().put("key", build);
            Assertions.assertEquals("success", GoogleAuthenticatorSaveRegistrationActionTests.this.googleSaveAccountRegistrationAction.execute(create).getId());
            MockRequestContext create2 = MockRequestContext.create();
            create2.setParameter("token", "987654");
            Assertions.assertEquals("error", GoogleAuthenticatorSaveRegistrationActionTests.this.googleSaveAccountRegistrationAction.execute(create2).getId());
            Assertions.assertEquals(HttpStatus.UNAUTHORIZED.value(), create2.getHttpServletResponse().getStatus());
            MockRequestContext create3 = MockRequestContext.create();
            create3.setParameter("token", "112233");
            Assertions.assertEquals("error", GoogleAuthenticatorSaveRegistrationActionTests.this.googleSaveAccountRegistrationAction.execute(create3).getId());
            Assertions.assertEquals(HttpStatus.UNAUTHORIZED.value(), create3.getHttpServletResponse().getStatus());
        }
    }

    @TestConfiguration(value = "GoogleAuthenticatorSaveRegistrationActionTests", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/gauth/web/flow/GoogleAuthenticatorSaveRegistrationActionTests$GoogleAuthenticatorSaveRegistrationActionTestConfiguration.class */
    static class GoogleAuthenticatorSaveRegistrationActionTestConfiguration {
        GoogleAuthenticatorSaveRegistrationActionTestConfiguration() {
        }

        @Bean
        public IGoogleAuthenticator googleAuthenticatorInstance() {
            IGoogleAuthenticator iGoogleAuthenticator = (IGoogleAuthenticator) Mockito.mock(IGoogleAuthenticator.class);
            Mockito.when(Boolean.valueOf(iGoogleAuthenticator.authorize(Mockito.anyString(), ArgumentMatchers.eq(123456)))).thenReturn(Boolean.TRUE);
            Mockito.when(Boolean.valueOf(iGoogleAuthenticator.authorize(Mockito.anyString(), ArgumentMatchers.eq(987654)))).thenReturn(Boolean.FALSE);
            Mockito.when(Boolean.valueOf(iGoogleAuthenticator.authorize(Mockito.anyString(), ArgumentMatchers.eq(112233)))).thenThrow(new Throwable[]{new IllegalArgumentException()});
            return iGoogleAuthenticator;
        }
    }

    @Nested
    @TestPropertySource(properties = {"cas.authn.mfa.gauth.core.multiple-device-registration-enabled=false"})
    /* loaded from: input_file:org/apereo/cas/gauth/web/flow/GoogleAuthenticatorSaveRegistrationActionTests$MultipleRegistrationTests.class */
    class MultipleRegistrationTests {
        MultipleRegistrationTests() {
        }

        @Test
        void verifyMultipleRegDisabled() throws Exception {
            MockRequestContext create = MockRequestContext.create();
            GoogleAuthenticatorAccount build = GoogleAuthenticatorAccount.builder().username(UUID.randomUUID().toString()).name(UUID.randomUUID().toString()).secretKey("secret").validationCode(123456).scratchCodes(List.of()).id(RandomUtils.nextLong()).build();
            GoogleAuthenticatorSaveRegistrationActionTests.this.googleAuthenticatorAccountRegistry.save(build);
            create.getFlowScope().put("key", build);
            Assertions.assertEquals("error", GoogleAuthenticatorSaveRegistrationActionTests.this.googleSaveAccountRegistrationAction.execute(create).getId());
        }
    }

    GoogleAuthenticatorSaveRegistrationActionTests() {
    }
}
