package org.apereo.cas.oidc.web.flow;

import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationException;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.mfa.TestMultifactorAuthenticationProvider;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.oidc.AbstractOidcTests;
import org.apereo.cas.services.BaseWebBasedRegisteredService;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.context.TestPropertySource;

@Tag("OIDC")
/* loaded from: input_file:org/apereo/cas/oidc/web/flow/OidcMultifactorAuthenticationTriggerTests.class */
public class OidcMultifactorAuthenticationTriggerTests {

    @Nested
    @TestPropertySource(properties = {"cas.authn.oidc.discovery.acr-values-supported=unknown"})
    /* loaded from: input_file:org/apereo/cas/oidc/web/flow/OidcMultifactorAuthenticationTriggerTests$NoMultifactorProvidersTests.class */
    public class NoMultifactorProvidersTests extends AbstractOidcTests {
        public NoMultifactorProvidersTests() {
        }

        @Test
        public void verifyAcrMissingMfa() {
            AbstractWebApplicationService service = RegisteredServiceTestUtils.getService();
            MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
            mockHttpServletRequest.addParameter("acr_values", "unknown");
            Authentication authentication = RegisteredServiceTestUtils.getAuthentication();
            BaseWebBasedRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService();
            Assertions.assertThrows(AuthenticationException.class, () -> {
                this.oidcMultifactorAuthenticationTrigger.isActivated(authentication, registeredService, mockHttpServletRequest, new MockHttpServletResponse(), service);
            });
        }
    }

    @TestConfiguration(value = "OidcAuthenticationContextTestConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/oidc/web/flow/OidcMultifactorAuthenticationTriggerTests$OidcAuthenticationContextTestConfiguration.class */
    public static class OidcAuthenticationContextTestConfiguration {
        @Bean
        public MultifactorAuthenticationProvider dummyProvider() {
            return new TestMultifactorAuthenticationProvider();
        }
    }

    @Nested
    @Import({OidcAuthenticationContextTestConfiguration.class})
    @TestPropertySource(properties = {"cas.authn.oidc.discovery.acr-values-supported=1,2", "cas.authn.oidc.core.authentication-context-reference-mappings=1->mfa-dummy"})
    /* loaded from: input_file:org/apereo/cas/oidc/web/flow/OidcMultifactorAuthenticationTriggerTests$WithMappedMultifactorProvidersTests.class */
    public class WithMappedMultifactorProvidersTests extends AbstractOidcTests {
        public WithMappedMultifactorProvidersTests() {
        }

        @Test
        public void verifyAcrMfa() {
            TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(this.applicationContext);
            AbstractWebApplicationService service = RegisteredServiceTestUtils.getService();
            MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
            mockHttpServletRequest.addParameter("service", String.format("https://app.org?%s=1 2", "acr_values"));
            Assertions.assertTrue(this.oidcMultifactorAuthenticationTrigger.isActivated(RegisteredServiceTestUtils.getAuthentication(), RegisteredServiceTestUtils.getRegisteredService(), mockHttpServletRequest, new MockHttpServletResponse(), service).isPresent());
        }

        @Test
        public void verifyUnsupportedAcr() {
            TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(this.applicationContext);
            AbstractWebApplicationService service = RegisteredServiceTestUtils.getService();
            MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
            mockHttpServletRequest.addParameter("service", String.format("https://app.org?%s=mfa-dummy", "acr_values"));
            Assertions.assertFalse(this.oidcMultifactorAuthenticationTrigger.isActivated(RegisteredServiceTestUtils.getAuthentication(), RegisteredServiceTestUtils.getRegisteredService(), mockHttpServletRequest, new MockHttpServletResponse(), service).isPresent());
        }
    }

    @Nested
    @Import({OidcAuthenticationContextTestConfiguration.class})
    @TestPropertySource(properties = {"cas.authn.oidc.discovery.acr-values-supported=mfa-dummy"})
    /* loaded from: input_file:org/apereo/cas/oidc/web/flow/OidcMultifactorAuthenticationTriggerTests$WithMultifactorProvidersTests.class */
    public class WithMultifactorProvidersTests extends AbstractOidcTests {
        public WithMultifactorProvidersTests() {
        }

        @Test
        public void verifyNoAcr() {
            AbstractWebApplicationService service = RegisteredServiceTestUtils.getService();
            MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
            Assertions.assertTrue(this.oidcMultifactorAuthenticationTrigger.isActivated(RegisteredServiceTestUtils.getAuthentication(), RegisteredServiceTestUtils.getRegisteredService(), mockHttpServletRequest, new MockHttpServletResponse(), service).isEmpty());
        }

        @Test
        public void verifyAcrMfa() {
            TestMultifactorAuthenticationProvider.registerProviderIntoApplicationContext(this.applicationContext);
            AbstractWebApplicationService service = RegisteredServiceTestUtils.getService();
            MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
            mockHttpServletRequest.addParameter("service", String.format("https://app.org?%s=mfa-dummy", "acr_values"));
            Assertions.assertFalse(this.oidcMultifactorAuthenticationTrigger.isActivated(RegisteredServiceTestUtils.getAuthentication(), RegisteredServiceTestUtils.getRegisteredService(), mockHttpServletRequest, new MockHttpServletResponse(), service).isEmpty());
        }

        @Test
        public void verifyUrlEncoding() {
            MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
            mockHttpServletRequest.setRequestURI("/cas/login");
            mockHttpServletRequest.addParameter("service", "https://link.test.edu/web/cas?profile=Example Primo&targetURL=abc");
            Assertions.assertTrue(this.oidcMultifactorAuthenticationTrigger.isActivated(RegisteredServiceTestUtils.getAuthentication(), RegisteredServiceTestUtils.getRegisteredService(), mockHttpServletRequest, new MockHttpServletResponse(), RegisteredServiceTestUtils.getService("https://link.test.edu/web/cas?profile=Example Primo&targetURL=abc")).isEmpty());
        }
    }
}
