package org.apereo.cas.adaptors.yubikey;

import com.yubico.client.v2.YubicoClient;
import java.util.HashMap;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import org.apereo.cas.adaptors.yubikey.registry.WhitelistYubiKeyAccountRegistry;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.principal.DefaultPrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.webflow.core.collection.LocalAttributeMap;
import org.springframework.webflow.execution.RequestContext;
import org.springframework.webflow.execution.RequestContextHolder;

/* loaded from: input_file:org/apereo/cas/adaptors/yubikey/YubiKeyAuthenticationHandlerTests.class */
public class YubiKeyAuthenticationHandlerTests {
    private static final Integer CLIENT_ID = 18421;
    private static final String SECRET_KEY = "iBIehjui12aK8x82oe5qzGeb0As=";
    private static final String OTP = "cccccccvlidcnlednilgctgcvcjtivrjidfbdgrefcvi";

    @BeforeEach
    public void before() {
        RequestContext requestContext = (RequestContext) Mockito.mock(RequestContext.class);
        Mockito.when(requestContext.getConversationScope()).thenReturn(new LocalAttributeMap());
        WebUtils.putAuthentication(CoreAuthenticationTestUtils.getAuthentication(), requestContext);
        RequestContextHolder.setRequestContext(requestContext);
    }

    @Test
    public void checkDefaultAccountRegistry() {
        Assertions.assertNotNull(new YubiKeyAuthenticationHandler(YubicoClient.getClient(CLIENT_ID, SECRET_KEY)).getRegistry());
    }

    @Test
    public void checkReplayedAuthn() {
        YubiKeyAuthenticationHandler yubiKeyAuthenticationHandler = new YubiKeyAuthenticationHandler(YubicoClient.getClient(CLIENT_ID, SECRET_KEY));
        Assertions.assertThrows(FailedLoginException.class, () -> {
            yubiKeyAuthenticationHandler.authenticate(new YubiKeyCredential(OTP));
        });
    }

    @Test
    public void checkBadConfigAuthn() {
        YubiKeyAuthenticationHandler yubiKeyAuthenticationHandler = new YubiKeyAuthenticationHandler(YubicoClient.getClient(123456, "123456"));
        Assertions.assertThrows(AccountNotFoundException.class, () -> {
            yubiKeyAuthenticationHandler.authenticate(new YubiKeyCredential("casuser"));
        });
    }

    @Test
    public void checkAccountNotFound() {
        WhitelistYubiKeyAccountRegistry whitelistYubiKeyAccountRegistry = new WhitelistYubiKeyAccountRegistry(new HashMap(), new DefaultYubiKeyAccountValidator(YubicoClient.getClient(CLIENT_ID, SECRET_KEY)));
        whitelistYubiKeyAccountRegistry.setCipherExecutor(CipherExecutor.noOpOfSerializableToString());
        YubiKeyAuthenticationHandler yubiKeyAuthenticationHandler = new YubiKeyAuthenticationHandler("", (ServicesManager) null, new DefaultPrincipalFactory(), YubicoClient.getClient(CLIENT_ID, SECRET_KEY), whitelistYubiKeyAccountRegistry, (Integer) null);
        Assertions.assertThrows(AccountNotFoundException.class, () -> {
            yubiKeyAuthenticationHandler.authenticate(new YubiKeyCredential(OTP));
        });
    }

    @Test
    public void checkEncryptedAccount() {
        WhitelistYubiKeyAccountRegistry whitelistYubiKeyAccountRegistry = new WhitelistYubiKeyAccountRegistry(new HashMap(), (str, str2) -> {
            return true;
        });
        whitelistYubiKeyAccountRegistry.setCipherExecutor(new YubikeyAccountCipherExecutor("1PbwSbnHeinpkZOSZjuSJ8yYpUrInm5aaV18J2Ar4rM", "szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dWxsOVGutZWgvmY3l5oVPO3w", 0, 0));
        Assertions.assertTrue(whitelistYubiKeyAccountRegistry.registerAccountFor("encrypteduser", OTP));
        Assertions.assertTrue(whitelistYubiKeyAccountRegistry.isYubiKeyRegisteredFor("encrypteduser", whitelistYubiKeyAccountRegistry.getAccountValidator().getTokenPublicId(OTP)));
    }
}
