package org.apereo.cas.authentication.sync;

import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.AuthenticationPostProcessor;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.LdapPasswordSynchronizationAuthenticationPostProcessor;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.configuration.model.core.authentication.passwordsync.LdapPasswordSynchronizationProperties;
import org.apereo.cas.util.junit.EnabledIfListeningOnPort;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.test.context.TestPropertySource;

@Tag("Ldap")
@EnabledIfListeningOnPort(port = {10389})
/* loaded from: input_file:org/apereo/cas/authentication/sync/LdapPasswordSynchronizationAuthenticationPostProcessorTests.class */
class LdapPasswordSynchronizationAuthenticationPostProcessorTests {

    @Nested
    /* loaded from: input_file:org/apereo/cas/authentication/sync/LdapPasswordSynchronizationAuthenticationPostProcessorTests$DefaultTests.class */
    class DefaultTests extends BaseLdapPasswordSynchronizationTests {
        DefaultTests(LdapPasswordSynchronizationAuthenticationPostProcessorTests ldapPasswordSynchronizationAuthenticationPostProcessorTests) {
        }

        @Test
        void verifySyncFindsNoUser() throws Throwable {
            Assertions.assertThrows(AuthenticationException.class, () -> {
                AuthenticationPostProcessor authenticationPostProcessor = (AuthenticationPostProcessor) this.ldapPasswordSynchronizers.first();
                authenticationPostProcessor.process(CoreAuthenticationTestUtils.getAuthenticationBuilder(), CoreAuthenticationTestUtils.getAuthenticationTransactionFactory().newTransaction(new Credential[]{CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("unknown123456", "password")}));
                authenticationPostProcessor.destroy();
            });
        }

        @Test
        void verifyBadCredential() throws Throwable {
            Assertions.assertThrows(AuthenticationException.class, () -> {
                LdapPasswordSynchronizationAuthenticationPostProcessor ldapPasswordSynchronizationAuthenticationPostProcessor = new LdapPasswordSynchronizationAuthenticationPostProcessor((LdapPasswordSynchronizationProperties) this.casProperties.getAuthn().getPasswordSync().getLdap().getFirst());
                Credential credential = (Credential) Mockito.mock(Credential.class);
                Assertions.assertFalse(ldapPasswordSynchronizationAuthenticationPostProcessor.supports(credential));
                ldapPasswordSynchronizationAuthenticationPostProcessor.process(CoreAuthenticationTestUtils.getAuthenticationBuilder(), CoreAuthenticationTestUtils.getAuthenticationTransactionFactory().newTransaction(new Credential[]{credential}));
                ldapPasswordSynchronizationAuthenticationPostProcessor.destroy();
            });
        }
    }

    @Nested
    @TestPropertySource(properties = {"cas.authn.password-sync.ldap[0].password-synchronization-failure-fatal=false", "cas.authn.password-sync.ldap[0].password-attribute=unicodePwd"})
    /* loaded from: input_file:org/apereo/cas/authentication/sync/LdapPasswordSynchronizationAuthenticationPostProcessorTests$UnicodeAttributeTests.class */
    class UnicodeAttributeTests extends BaseLdapPasswordSynchronizationTests {
        UnicodeAttributeTests(LdapPasswordSynchronizationAuthenticationPostProcessorTests ldapPasswordSynchronizationAuthenticationPostProcessorTests) {
        }

        @Test
        void verifySyncFailsWithUnicodePswd() throws Throwable {
            Assertions.assertDoesNotThrow(() -> {
                ((AuthenticationPostProcessor) this.ldapPasswordSynchronizers.first()).process(CoreAuthenticationTestUtils.getAuthenticationBuilder(), CoreAuthenticationTestUtils.getAuthenticationTransactionFactory().newTransaction(new Credential[]{CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("casTest", "password")}));
            });
        }
    }

    @Nested
    @TestPropertySource(properties = {"cas.authn.password-sync.ldap[0].password-attribute=st"})
    /* loaded from: input_file:org/apereo/cas/authentication/sync/LdapPasswordSynchronizationAuthenticationPostProcessorTests$UnknownAttributeTests.class */
    class UnknownAttributeTests extends BaseLdapPasswordSynchronizationTests {
        UnknownAttributeTests(LdapPasswordSynchronizationAuthenticationPostProcessorTests ldapPasswordSynchronizationAuthenticationPostProcessorTests) {
        }

        @Test
        void verifyOperation() throws Throwable {
            AuthenticationPostProcessor authenticationPostProcessor = (AuthenticationPostProcessor) this.ldapPasswordSynchronizers.first();
            UsernamePasswordCredential credentialsWithDifferentUsernameAndPassword = CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("admin", "password");
            Assertions.assertTrue(authenticationPostProcessor.supports(credentialsWithDifferentUsernameAndPassword));
            Assertions.assertDoesNotThrow(() -> {
                authenticationPostProcessor.process(CoreAuthenticationTestUtils.getAuthenticationBuilder(), CoreAuthenticationTestUtils.getAuthenticationTransactionFactory().newTransaction(new Credential[0]));
                authenticationPostProcessor.process(CoreAuthenticationTestUtils.getAuthenticationBuilder(), CoreAuthenticationTestUtils.getAuthenticationTransactionFactory().newTransaction(new Credential[]{credentialsWithDifferentUsernameAndPassword}));
            });
        }
    }

    LdapPasswordSynchronizationAuthenticationPostProcessorTests() {
    }
}
