package org.apereo.cas.mfa.accepto;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.Cookie;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.configuration.model.support.mfa.AccepttoMultifactorAuthenticationProperties;
import org.apereo.cas.mfa.accepto.web.flow.AccepttoWebflowUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.util.MockServletContext;
import org.apereo.cas.util.MockWebServer;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.common.web.ClientInfo;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.core.io.ByteArrayResource;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.test.MockRequestContext;

@Tag("MFAProvider")
/* loaded from: input_file:org/apereo/cas/mfa/accepto/AccepttoApiUtilsTests.class */
public class AccepttoApiUtilsTests {
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(true).build().toObjectMapper();

    @Test
    public void verifyEmail() {
        Authentication authentication = CoreAuthenticationTestUtils.getAuthentication(CoreAuthenticationTestUtils.getPrincipal(Map.of("email", List.of("cas@example.org"))));
        AccepttoMultifactorAuthenticationProperties accepttoMultifactorAuthenticationProperties = new AccepttoMultifactorAuthenticationProperties();
        accepttoMultifactorAuthenticationProperties.setEmailAttribute("email");
        Assertions.assertNotNull(AccepttoApiUtils.getUserEmail(authentication, accepttoMultifactorAuthenticationProperties));
    }

    @Test
    public void verifyInvalidUser() {
        Authentication authentication = CoreAuthenticationTestUtils.getAuthentication(CoreAuthenticationTestUtils.getPrincipal(Map.of()));
        AccepttoMultifactorAuthenticationProperties accepttoMultifactorAuthenticationProperties = new AccepttoMultifactorAuthenticationProperties();
        accepttoMultifactorAuthenticationProperties.setEmailAttribute("email");
        Assertions.assertTrue(AccepttoApiUtils.isUserValid(authentication, accepttoMultifactorAuthenticationProperties).isEmpty());
    }

    @Test
    public void verifyGroup() {
        Authentication authentication = CoreAuthenticationTestUtils.getAuthentication(CoreAuthenticationTestUtils.getPrincipal(Map.of("group", List.of("staff"))));
        AccepttoMultifactorAuthenticationProperties accepttoMultifactorAuthenticationProperties = new AccepttoMultifactorAuthenticationProperties();
        accepttoMultifactorAuthenticationProperties.setGroupAttribute("group");
        Assertions.assertNotNull(AccepttoApiUtils.getUserGroup(authentication, accepttoMultifactorAuthenticationProperties));
    }

    @Test
    public void verifyUserValid() throws Exception {
        AccepttoMultifactorAuthenticationProperties accepttoMultifactorAuthenticationProperties = new AccepttoMultifactorAuthenticationProperties();
        accepttoMultifactorAuthenticationProperties.setGroupAttribute("group");
        accepttoMultifactorAuthenticationProperties.setEmailAttribute("email");
        accepttoMultifactorAuthenticationProperties.setApplicationId("appid");
        accepttoMultifactorAuthenticationProperties.setSecret("p@$$w0rd");
        accepttoMultifactorAuthenticationProperties.setApiUrl("http://localhost:9289");
        Authentication authentication = CoreAuthenticationTestUtils.getAuthentication(CoreAuthenticationTestUtils.getPrincipal(Map.of("email", List.of("cas@example.org"), "group", List.of("staff"))));
        MockWebServer mockWebServer = new MockWebServer(9289, new ByteArrayResource(MAPPER.writeValueAsString(Map.of("device_paired", "true")).getBytes(StandardCharsets.UTF_8), "REST Output"), "application/json");
        try {
            mockWebServer.start();
            Assertions.assertFalse(AccepttoApiUtils.isUserValid(authentication, accepttoMultifactorAuthenticationProperties).isEmpty());
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void verifyUserInvalidData() throws Exception {
        AccepttoMultifactorAuthenticationProperties accepttoMultifactorAuthenticationProperties = new AccepttoMultifactorAuthenticationProperties();
        accepttoMultifactorAuthenticationProperties.setGroupAttribute("group");
        accepttoMultifactorAuthenticationProperties.setEmailAttribute("email");
        accepttoMultifactorAuthenticationProperties.setApplicationId("appid");
        accepttoMultifactorAuthenticationProperties.setSecret("p@$$w0rd");
        accepttoMultifactorAuthenticationProperties.setApiUrl("http://localhost:9289");
        Authentication authentication = CoreAuthenticationTestUtils.getAuthentication(CoreAuthenticationTestUtils.getPrincipal(Map.of("email", List.of("cas@example.org"), "group", List.of("staff"))));
        MockWebServer mockWebServer = new MockWebServer(9289, new ByteArrayResource(MAPPER.writeValueAsString("__.. ..___$$$@@@").getBytes(StandardCharsets.UTF_8), "REST Output"), "application/json");
        try {
            mockWebServer.start();
            Assertions.assertTrue(AccepttoApiUtils.isUserValid(authentication, accepttoMultifactorAuthenticationProperties).isEmpty());
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void verifyUserDevicePaired() throws Exception {
        AccepttoMultifactorAuthenticationProperties accepttoMultifactorAuthenticationProperties = new AccepttoMultifactorAuthenticationProperties();
        accepttoMultifactorAuthenticationProperties.setGroupAttribute("group");
        accepttoMultifactorAuthenticationProperties.setEmailAttribute("email");
        accepttoMultifactorAuthenticationProperties.setApplicationId("appid");
        accepttoMultifactorAuthenticationProperties.setSecret("p@$$w0rd");
        accepttoMultifactorAuthenticationProperties.setApiUrl("http://localhost:9288");
        Authentication authentication = CoreAuthenticationTestUtils.getAuthentication(CoreAuthenticationTestUtils.getPrincipal(Map.of("email", List.of("cas@example.org"), "group", List.of("staff"))));
        MockWebServer mockWebServer = new MockWebServer(9288, new ByteArrayResource(MAPPER.writeValueAsString(Map.of("device_paired", "true")).getBytes(StandardCharsets.UTF_8), "REST Output"), "application/json");
        try {
            mockWebServer.start();
            Assertions.assertTrue(AccepttoApiUtils.isUserDevicePaired(authentication, accepttoMultifactorAuthenticationProperties));
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void verifyQR() throws Exception {
        AccepttoMultifactorAuthenticationProperties accepttoMultifactorAuthenticationProperties = new AccepttoMultifactorAuthenticationProperties();
        accepttoMultifactorAuthenticationProperties.setGroupAttribute("group");
        accepttoMultifactorAuthenticationProperties.setEmailAttribute("email");
        accepttoMultifactorAuthenticationProperties.setApplicationId("appid");
        accepttoMultifactorAuthenticationProperties.setSecret("p@$$w0rd");
        accepttoMultifactorAuthenticationProperties.setApiUrl("http://localhost:9289");
        String generateQRCodeHash = AccepttoApiUtils.generateQRCodeHash(CoreAuthenticationTestUtils.getAuthentication(CoreAuthenticationTestUtils.getPrincipal(Map.of("email", List.of("cas@example.org"), "group", List.of("staff")))), accepttoMultifactorAuthenticationProperties, UUID.randomUUID().toString());
        Assertions.assertNotNull(generateQRCodeHash);
        Assertions.assertNotNull(AccepttoApiUtils.decodeInvitationToken(generateQRCodeHash));
    }

    @Test
    public void verifyAuthenticate() throws Exception {
        AccepttoMultifactorAuthenticationProperties accepttoMultifactorAuthenticationProperties = new AccepttoMultifactorAuthenticationProperties();
        accepttoMultifactorAuthenticationProperties.setGroupAttribute("group");
        accepttoMultifactorAuthenticationProperties.setEmailAttribute("email");
        accepttoMultifactorAuthenticationProperties.setApplicationId("appid");
        accepttoMultifactorAuthenticationProperties.setSecret("p@$$w0rd");
        accepttoMultifactorAuthenticationProperties.setRegistrationApiUrl("http://localhost:9285");
        accepttoMultifactorAuthenticationProperties.setOrganizationId("org-id");
        accepttoMultifactorAuthenticationProperties.setOrganizationSecret("255724611137f7eb0280dd76b0546eea4bca1c7ba1");
        Authentication authentication = CoreAuthenticationTestUtils.getAuthentication(CoreAuthenticationTestUtils.getPrincipal(Map.of("email", List.of("cas@example.org"), "group", List.of("staff"))));
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRemoteAddr("185.86.151.11");
        mockHttpServletRequest.setLocalAddr("185.88.151.11");
        mockHttpServletRequest.setCookies(new Cookie[]{new Cookie("jwt", UUID.randomUUID().toString())});
        ClientInfoHolder.setClientInfo(new ClientInfo(mockHttpServletRequest));
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, new MockHttpServletResponse()));
        AccepttoWebflowUtils.setEGuardianUserId(mockRequestContext, "eguardian-userid");
        WebUtils.putCredential(mockRequestContext, new AccepttoEmailCredential("cas@example.org"));
        KeyPair generateKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        PublicKey publicKey = generateKeyPair.getPublic();
        MockWebServer mockWebServer = new MockWebServer(9285, new ByteArrayResource(MAPPER.writeValueAsString(Map.of("content", new String(EncodingUtils.signJwsRSASha512(privateKey, MAPPER.writeValueAsString(Map.of("uid", "casuser")).getBytes(StandardCharsets.UTF_8), Map.of()), StandardCharsets.UTF_8))).getBytes(StandardCharsets.UTF_8), "REST Output"), "application/json");
        try {
            mockWebServer.start();
            Assertions.assertNotNull(AccepttoApiUtils.authenticate(authentication, accepttoMultifactorAuthenticationProperties, mockRequestContext, publicKey));
            mockWebServer.close();
            mockWebServer = new MockWebServer(9285, new ByteArrayResource("".getBytes(StandardCharsets.UTF_8), "REST Output"), "application/json");
            try {
                mockWebServer.start();
                Assertions.assertTrue(AccepttoApiUtils.authenticate(authentication, accepttoMultifactorAuthenticationProperties, mockRequestContext, publicKey).isEmpty());
                mockWebServer.close();
            } finally {
            }
        } finally {
        }
    }
}
