package org.apereo.cas.gauth;

import com.github.benmanes.caffeine.cache.Caffeine;
import com.warrenstrange.googleauth.GoogleAuthenticator;
import com.warrenstrange.googleauth.GoogleAuthenticatorConfig;
import com.warrenstrange.googleauth.GoogleAuthenticatorKey;
import com.warrenstrange.googleauth.IGoogleAuthenticator;
import java.util.ArrayList;
import java.util.UUID;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountNotFoundException;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.authentication.OneTimeTokenAccount;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.gauth.credential.DummyCredentialRepository;
import org.apereo.cas.gauth.credential.GoogleAuthenticatorAccount;
import org.apereo.cas.gauth.credential.GoogleAuthenticatorOneTimeTokenCredentialValidator;
import org.apereo.cas.gauth.credential.GoogleAuthenticatorTokenCredential;
import org.apereo.cas.gauth.credential.InMemoryGoogleAuthenticatorTokenCredentialRepository;
import org.apereo.cas.gauth.token.GoogleAuthenticatorToken;
import org.apereo.cas.otp.repository.credentials.OneTimeTokenCredentialRepository;
import org.apereo.cas.otp.repository.token.CachingOneTimeTokenRepository;
import org.apereo.cas.otp.repository.token.OneTimeTokenRepository;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.MockRequestContext;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.spring.DirectObjectProvider;
import org.apereo.cas.web.support.WebUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;

@Tag("MFAProvider")
/* loaded from: input_file:org/apereo/cas/gauth/GoogleAuthenticatorAuthenticationHandlerTests.class */
class GoogleAuthenticatorAuthenticationHandlerTests {
    private IGoogleAuthenticator googleAuthenticator;
    private GoogleAuthenticatorAuthenticationHandler handler;
    private GoogleAuthenticatorKey account;
    private OneTimeTokenRepository tokenRepository;
    private OneTimeTokenCredentialRepository tokenCredentialRepository;

    GoogleAuthenticatorAuthenticationHandlerTests() {
    }

    @BeforeEach
    public void initialize() throws Exception {
        ServicesManager servicesManager = (ServicesManager) Mockito.mock(ServicesManager.class);
        this.googleAuthenticator = new GoogleAuthenticator(new GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder().build());
        this.tokenRepository = new CachingOneTimeTokenRepository(Caffeine.newBuilder().initialCapacity(10).build(str -> {
            return null;
        }));
        this.tokenCredentialRepository = new InMemoryGoogleAuthenticatorTokenCredentialRepository(CipherExecutor.noOpOfStringToString(), CipherExecutor.noOpOfNumberToNumber(), this.googleAuthenticator);
        this.googleAuthenticator.setCredentialRepository(new DummyCredentialRepository());
        this.handler = new GoogleAuthenticatorAuthenticationHandler("GAuth", servicesManager, PrincipalFactoryUtils.newPrincipalFactory(), new GoogleAuthenticatorOneTimeTokenCredentialValidator(this.googleAuthenticator, this.tokenRepository, this.tokenCredentialRepository), (Integer) null, new DirectObjectProvider((MultifactorAuthenticationProvider) Mockito.mock(MultifactorAuthenticationProvider.class)));
        WebUtils.putAuthentication(RegisteredServiceTestUtils.getAuthentication("casuser"), MockRequestContext.create());
    }

    @Test
    void verifySupports() throws Throwable {
        Assertions.assertTrue(this.handler.supports(new GoogleAuthenticatorTokenCredential()));
        Assertions.assertTrue(this.handler.supports(GoogleAuthenticatorTokenCredential.class));
    }

    @Test
    void verifyAuthnAccountNotFound() throws Throwable {
        GoogleAuthenticatorTokenCredential googleAuthenticatorTokenCredential = getGoogleAuthenticatorTokenCredential();
        Assertions.assertThrows(AccountNotFoundException.class, () -> {
            this.handler.authenticate(googleAuthenticatorTokenCredential, (Service) Mockito.mock(Service.class));
        });
    }

    @Test
    void verifyAuthnFailsTokenUsed() throws Throwable {
        GoogleAuthenticatorTokenCredential googleAuthenticatorTokenCredential = getGoogleAuthenticatorTokenCredential();
        this.handler.getValidator().store(new GoogleAuthenticatorToken(Integer.valueOf(googleAuthenticatorTokenCredential.getToken()), "casuser"));
        OneTimeTokenAccount build = OneTimeTokenAccount.builder().username("casuser").name(UUID.randomUUID().toString()).secretKey(this.account.getKey()).validationCode(this.account.getVerificationCode()).scratchCodes(new ArrayList(this.account.getScratchCodes())).build();
        this.tokenCredentialRepository.save(build);
        googleAuthenticatorTokenCredential.setAccountId(Long.valueOf(build.getId()));
        Assertions.assertThrows(AccountExpiredException.class, () -> {
            this.handler.authenticate(googleAuthenticatorTokenCredential, (Service) Mockito.mock(Service.class));
        });
    }

    @Test
    void verifyAuthnTokenFound() throws Throwable {
        GoogleAuthenticatorTokenCredential googleAuthenticatorTokenCredential = getGoogleAuthenticatorTokenCredential();
        GoogleAuthenticatorAccount build = GoogleAuthenticatorAccount.builder().username("casuser").name(UUID.randomUUID().toString()).secretKey(this.account.getKey()).validationCode(this.account.getVerificationCode()).scratchCodes(new ArrayList(this.account.getScratchCodes())).build();
        googleAuthenticatorTokenCredential.setAccountId(Long.valueOf(build.getId()));
        this.tokenCredentialRepository.save(build);
        Assertions.assertNotNull(this.handler.authenticate(googleAuthenticatorTokenCredential, (Service) Mockito.mock(Service.class)));
        Assertions.assertNotNull(this.tokenRepository.get("casuser", Integer.valueOf(googleAuthenticatorTokenCredential.getToken())));
    }

    @Test
    void verifyAuthnTokenScratchCode() throws Throwable {
        GoogleAuthenticatorTokenCredential googleAuthenticatorTokenCredential = getGoogleAuthenticatorTokenCredential();
        GoogleAuthenticatorAccount build = GoogleAuthenticatorAccount.builder().username("casuser").name(UUID.randomUUID().toString()).secretKey(this.account.getKey()).validationCode(this.account.getVerificationCode()).scratchCodes(new ArrayList(this.account.getScratchCodes())).build();
        this.tokenCredentialRepository.save(build);
        googleAuthenticatorTokenCredential.setAccountId(Long.valueOf(build.getId()));
        googleAuthenticatorTokenCredential.setToken(Integer.toString(((Integer) this.account.getScratchCodes().getFirst()).intValue()));
        Assertions.assertNotNull(this.handler.authenticate(googleAuthenticatorTokenCredential, (Service) Mockito.mock(Service.class)));
        Integer valueOf = Integer.valueOf(googleAuthenticatorTokenCredential.getToken());
        Assertions.assertNotNull(this.tokenRepository.get("casuser", valueOf));
        Assertions.assertFalse(((OneTimeTokenAccount) this.tokenCredentialRepository.get("casuser").iterator().next()).getScratchCodes().contains(valueOf));
    }

    @Test
    void verifyMultipleDevices() throws Throwable {
        GoogleAuthenticatorTokenCredential googleAuthenticatorTokenCredential = getGoogleAuthenticatorTokenCredential();
        for (int i = 0; i < 2; i++) {
            this.tokenCredentialRepository.save(GoogleAuthenticatorAccount.builder().username("casuser").name(String.format("deviceName-%s", Integer.valueOf(i))).secretKey(this.account.getKey()).validationCode(this.account.getVerificationCode()).scratchCodes(new ArrayList(this.account.getScratchCodes())).build());
        }
        googleAuthenticatorTokenCredential.setAccountId((Long) null);
        Assertions.assertThrows(PreventedException.class, () -> {
            this.handler.authenticate(googleAuthenticatorTokenCredential, (Service) Mockito.mock(Service.class));
        });
        googleAuthenticatorTokenCredential.setAccountId(Long.valueOf(((OneTimeTokenAccount) this.tokenCredentialRepository.get("casuser").iterator().next()).getId()));
        Assertions.assertNotNull(this.handler.authenticate(googleAuthenticatorTokenCredential, (Service) Mockito.mock(Service.class)));
    }

    @Test
    void verifySingleDevicesNoAcctId() throws Throwable {
        GoogleAuthenticatorTokenCredential googleAuthenticatorTokenCredential = getGoogleAuthenticatorTokenCredential();
        this.tokenCredentialRepository.save(GoogleAuthenticatorAccount.builder().username("casuser").name(UUID.randomUUID().toString()).secretKey(this.account.getKey()).validationCode(this.account.getVerificationCode()).scratchCodes(new ArrayList(this.account.getScratchCodes())).build());
        googleAuthenticatorTokenCredential.setAccountId((Long) null);
        Assertions.assertNotNull(this.handler.authenticate(googleAuthenticatorTokenCredential, (Service) Mockito.mock(Service.class)));
    }

    private GoogleAuthenticatorTokenCredential getGoogleAuthenticatorTokenCredential() {
        GoogleAuthenticatorTokenCredential googleAuthenticatorTokenCredential = new GoogleAuthenticatorTokenCredential();
        this.account = this.googleAuthenticator.createCredentials("casuser");
        googleAuthenticatorTokenCredential.setToken(Integer.toString(this.googleAuthenticator.getTotpPassword(this.account.getKey())));
        return googleAuthenticatorTokenCredential;
    }
}
