package org.apereo.cas.adaptors.u2f;

import java.util.UUID;
import org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository;
import org.apereo.cas.adaptors.u2f.web.flow.BaseU2FWebflowActionTests;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.execution.RequestContextHolder;
import org.springframework.webflow.test.MockRequestContext;

@Tag("MFA")
@SpringBootTest(classes = {BaseU2FWebflowActionTests.U2FTestConfiguration.class, BaseU2FWebflowActionTests.SharedTestConfiguration.class}, properties = {"cas.authn.mfa.u2f.crypto.enabled=false", "cas.authn.mfa.u2f.json.location=file:src/test/resources/u2f-accounts.json"})
/* loaded from: input_file:org/apereo/cas/adaptors/u2f/U2FAuthenticationHandlerTests.class */
public class U2FAuthenticationHandlerTests {

    @Autowired
    @Qualifier("u2fAuthenticationHandler")
    private AuthenticationHandler u2fAuthenticationHandler;

    @Autowired
    @Qualifier("u2fDeviceRepository")
    private U2FDeviceRepository u2fDeviceRepository;

    @Test
    public void verifyOperation() throws Exception {
        this.u2fDeviceRepository.requestDeviceAuthentication("NEnAEZPOoSTvD33crTed8YENizvWZ5muFZYffYp3AeU", "casuser", "{\"appId\":\"https://mmoayyed.unicon.net:8443\",\"challenge\":\"NEnAEZPOoSTvD33crTPasswordlessAuthenticationWebflowConfigurerTestsed8YENizvWZ5muFZYffYp3AeU\",\"signRequests\":[{\"version\":\"U2F_V2\",\"challenge\":\"NEnAEZPOoSTvD33crTed8YENizvWZ5muFZYffYp3AeU\",\"appId\":\"https://mmoayyed.unicon.net:8443\",\"keyHandle\":\"2_QYgDSPYcOgYBGBe8c9PVCunjigbD-3o5HcliXhu-Up_GKckYMxxVF6AgSPWubqfWy8WmJNDYQEJ1QKZe343Q\"}]}");
        U2FTokenCredential u2FTokenCredential = new U2FTokenCredential("{\"keyHandle\":\"2_QYgDSPYcOgYBGBe8c9PVCunjigbD-3o5HcliXhu-Up_GKckYMxxVF6AgSPWubqfWy8WmJNDYQEJ1QKZe343Q\",\"clientData\":\"eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZ2V0QXNzZXJ0aW9uIiwiY2hhbGxlbmdlIjoiTkVuQUVaUE9vU1R2RDMzY3JUZWQ4WUVOaXp2V1o1bXVGWllmZllwM0FlVSIsIm9yaWdpbiI6Imh0dHBzOi8vbW1vYXl5ZWQudW5pY29uLm5ldDo4NDQzIiwiY2lkX3B1YmtleSI6InVudXNlZCJ9\",\"signatureData\":\"AQAAABQwRgIhAJ_VcJ7WFDyaW2rf2fXVqpmh7nV9G8fULDiX9cHEdjZjAiEA0zJ2_dFS42wYi062yhEYyqDnA3mDX3PKvFzo7EorZs0\"}");
        Assertions.assertTrue(this.u2fAuthenticationHandler.supports(u2FTokenCredential));
        Assertions.assertTrue(this.u2fAuthenticationHandler.supports(u2FTokenCredential.getClass()));
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), mockRequestContext);
        Assertions.assertNotNull(this.u2fAuthenticationHandler.authenticate(u2FTokenCredential));
        String uuid = UUID.randomUUID().toString();
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication(uuid), mockRequestContext);
        Assertions.assertThrows(PreventedException.class, () -> {
            this.u2fAuthenticationHandler.authenticate(u2FTokenCredential);
        });
        this.u2fDeviceRepository.requestDeviceAuthentication("NEnAEZPOoSTvD33crTed8YENizvWZ5muFZYffYp3AeU", uuid, "{\"appId\":\"https://mmoayyed.unicon.net:8443\",\"challenge\":\"NEnAEZPOoSTvD33crTPasswordlessAuthenticationWebflowConfigurerTestsed8YENizvWZ5muFZYffYp3AeU\",\"signRequests\":[{\"version\":\"U2F_V2\",\"challenge\":\"NEnAEZPOoSTvD33crTed8YENizvWZ5muFZYffYp3AeU\",\"appId\":\"https://mmoayyed.unicon.net:8443\",\"keyHandle\":\"2_QYgDSPYcOgYBGBe8c9PVCunjigbD-3o5HcliXhu-Up_GKckYMxxVF6AgSPWubqfWy8WmJNDYQEJ1QKZe343Q\"}]}");
        Assertions.assertThrows(PreventedException.class, () -> {
            this.u2fAuthenticationHandler.authenticate(u2FTokenCredential);
        });
    }

    @Test
    public void verifyNoAuthn() throws Exception {
        U2FTokenCredential u2FTokenCredential = new U2FTokenCredential("token");
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.u2fAuthenticationHandler.authenticate(u2FTokenCredential);
        });
    }

    @Test
    public void verifyBadJson() throws Exception {
        U2FTokenCredential u2FTokenCredential = new U2FTokenCredential("token");
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication("casuser"), mockRequestContext);
        Assertions.assertThrows(PreventedException.class, () -> {
            this.u2fAuthenticationHandler.authenticate(u2FTokenCredential);
        });
    }
}
