package org.apereo.cas.gauth;

import com.github.benmanes.caffeine.cache.Caffeine;
import com.warrenstrange.googleauth.GoogleAuthenticator;
import com.warrenstrange.googleauth.GoogleAuthenticatorConfig;
import com.warrenstrange.googleauth.GoogleAuthenticatorKey;
import com.warrenstrange.googleauth.ICredentialRepository;
import com.warrenstrange.googleauth.IGoogleAuthenticator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountNotFoundException;
import org.apereo.cas.CipherExecutor;
import org.apereo.cas.authentication.OneTimeToken;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.gauth.credential.GoogleAuthenticatorTokenCredential;
import org.apereo.cas.gauth.credential.InMemoryGoogleAuthenticatorTokenCredentialRepository;
import org.apereo.cas.gauth.token.BaseOneTimeTokenRepositoryTests;
import org.apereo.cas.otp.repository.token.CachingOneTimeTokenRepository;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.execution.RequestContextHolder;
import org.springframework.webflow.test.MockRequestContext;

/* loaded from: input_file:org/apereo/cas/gauth/GoogleAuthenticatorAuthenticationHandlerTests.class */
public class GoogleAuthenticatorAuthenticationHandlerTests {
    private IGoogleAuthenticator googleAuthenticator;
    private GoogleAuthenticatorAuthenticationHandler handler;
    private GoogleAuthenticatorKey googleAuthenticatorAccount;

    /* loaded from: input_file:org/apereo/cas/gauth/GoogleAuthenticatorAuthenticationHandlerTests$DummyCredentialRepository.class */
    private static class DummyCredentialRepository implements ICredentialRepository {
        private final Map<String, String> accounts = new LinkedHashMap();

        private DummyCredentialRepository() {
        }

        public String getSecretKey(String str) {
            return this.accounts.get(str);
        }

        public void saveUserCredentials(String str, String str2, int i, List<Integer> list) {
            this.accounts.put(str, str2);
        }
    }

    @BeforeEach
    public void initialize() {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        this.googleAuthenticator = new GoogleAuthenticator(new GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder().build());
        this.googleAuthenticator.setCredentialRepository(new DummyCredentialRepository());
        this.handler = new GoogleAuthenticatorAuthenticationHandler("GAuth", servicesManager, PrincipalFactoryUtils.newPrincipalFactory(), this.googleAuthenticator, new CachingOneTimeTokenRepository(Caffeine.newBuilder().initialCapacity(10).build(str -> {
            return null;
        })), new InMemoryGoogleAuthenticatorTokenCredentialRepository(CipherExecutor.noOpOfStringToString(), this.googleAuthenticator), (Integer) null);
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        WebUtils.putAuthentication(RegisteredServiceTestUtils.getAuthentication(BaseOneTimeTokenRepositoryTests.CASUSER), mockRequestContext);
    }

    @Test
    public void verifySupports() {
        Assertions.assertTrue(this.handler.supports(new GoogleAuthenticatorTokenCredential()));
        Assertions.assertTrue(this.handler.supports(GoogleAuthenticatorTokenCredential.class));
    }

    @Test
    public void verifyAuthnAccountNotFound() {
        GoogleAuthenticatorTokenCredential googleAuthenticatorTokenCredential = getGoogleAuthenticatorTokenCredential();
        Assertions.assertThrows(AccountNotFoundException.class, () -> {
            this.handler.authenticate(googleAuthenticatorTokenCredential);
        });
    }

    @Test
    public void verifyAuthnFailsTokenNotFound() {
        GoogleAuthenticatorTokenCredential googleAuthenticatorTokenCredential = getGoogleAuthenticatorTokenCredential();
        this.handler.getTokenRepository().store(new OneTimeToken(Integer.valueOf(googleAuthenticatorTokenCredential.getToken()), BaseOneTimeTokenRepositoryTests.CASUSER));
        this.handler.getCredentialRepository().save(BaseOneTimeTokenRepositoryTests.CASUSER, this.googleAuthenticatorAccount.getKey(), this.googleAuthenticatorAccount.getVerificationCode(), this.googleAuthenticatorAccount.getScratchCodes());
        Assertions.assertThrows(AccountExpiredException.class, () -> {
            this.handler.authenticate(googleAuthenticatorTokenCredential);
        });
    }

    @Test
    public void verifyAuthnTokenFound() {
        GoogleAuthenticatorTokenCredential googleAuthenticatorTokenCredential = getGoogleAuthenticatorTokenCredential();
        this.handler.getCredentialRepository().save(BaseOneTimeTokenRepositoryTests.CASUSER, this.googleAuthenticatorAccount.getKey(), this.googleAuthenticatorAccount.getVerificationCode(), this.googleAuthenticatorAccount.getScratchCodes());
        Assertions.assertNotNull(this.handler.authenticate(googleAuthenticatorTokenCredential));
        Assertions.assertNotNull(this.handler.getTokenRepository().get(BaseOneTimeTokenRepositoryTests.CASUSER, Integer.valueOf(googleAuthenticatorTokenCredential.getToken())));
    }

    @Test
    public void verifyAuthnTokenScratchCode() {
        GoogleAuthenticatorTokenCredential googleAuthenticatorTokenCredential = getGoogleAuthenticatorTokenCredential();
        this.handler.getCredentialRepository().save(BaseOneTimeTokenRepositoryTests.CASUSER, this.googleAuthenticatorAccount.getKey(), this.googleAuthenticatorAccount.getVerificationCode(), this.googleAuthenticatorAccount.getScratchCodes());
        googleAuthenticatorTokenCredential.setToken(Integer.toString(((Integer) this.googleAuthenticatorAccount.getScratchCodes().get(0)).intValue()));
        Assertions.assertNotNull(this.handler.authenticate(googleAuthenticatorTokenCredential));
        Integer valueOf = Integer.valueOf(googleAuthenticatorTokenCredential.getToken());
        Assertions.assertNotNull(this.handler.getTokenRepository().get(BaseOneTimeTokenRepositoryTests.CASUSER, valueOf));
        Assertions.assertFalse(this.handler.getCredentialRepository().get(BaseOneTimeTokenRepositoryTests.CASUSER).getScratchCodes().contains(valueOf));
    }

    private GoogleAuthenticatorTokenCredential getGoogleAuthenticatorTokenCredential() {
        GoogleAuthenticatorTokenCredential googleAuthenticatorTokenCredential = new GoogleAuthenticatorTokenCredential();
        this.googleAuthenticatorAccount = this.googleAuthenticator.createCredentials(BaseOneTimeTokenRepositoryTests.CASUSER);
        googleAuthenticatorTokenCredential.setToken(Integer.toString(this.googleAuthenticator.getTotpPassword(this.googleAuthenticatorAccount.getKey())));
        return googleAuthenticatorTokenCredential;
    }
}
