package org.apereo.cas.authentication.support;

import java.util.Map;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.CredentialExpiredException;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.exceptions.InvalidLoginTimeException;
import org.apereo.cas.authentication.support.password.PasswordPolicyContext;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.auth.AccountState;
import org.ldaptive.auth.AuthenticationResponse;
import org.mockito.Mockito;

@Tag("Ldap")
/* loaded from: input_file:org/apereo/cas/authentication/support/DefaultLdapAccountStateHandlerTests.class */
public class DefaultLdapAccountStateHandlerTests {
    @Test
    public void verifyActiveDirectoryErrors() {
        DefaultLdapAccountStateHandler defaultLdapAccountStateHandler = new DefaultLdapAccountStateHandler();
        AuthenticationResponse authenticationResponse = (AuthenticationResponse) Mockito.mock(AuthenticationResponse.class);
        Mockito.when(Boolean.valueOf(authenticationResponse.isSuccess())).thenReturn(false);
        Mockito.when(authenticationResponse.getDiagnosticMessage()).thenReturn("error data 533");
        Assertions.assertThrows(AccountDisabledException.class, () -> {
            defaultLdapAccountStateHandler.handle(authenticationResponse, new PasswordPolicyContext());
        });
        Mockito.when(authenticationResponse.getDiagnosticMessage()).thenReturn("error data 532");
        Assertions.assertThrows(CredentialExpiredException.class, () -> {
            defaultLdapAccountStateHandler.handle(authenticationResponse, new PasswordPolicyContext());
        });
        Mockito.when(authenticationResponse.getDiagnosticMessage()).thenReturn("error data 530");
        Assertions.assertThrows(InvalidLoginTimeException.class, () -> {
            defaultLdapAccountStateHandler.handle(authenticationResponse, new PasswordPolicyContext());
        });
        Mockito.when(authenticationResponse.getDiagnosticMessage()).thenReturn("error data 701");
        Assertions.assertThrows(AccountExpiredException.class, () -> {
            defaultLdapAccountStateHandler.handle(authenticationResponse, new PasswordPolicyContext());
        });
        Mockito.when(authenticationResponse.getDiagnosticMessage()).thenReturn("error data 773");
        Assertions.assertThrows(AccountPasswordMustChangeException.class, () -> {
            defaultLdapAccountStateHandler.handle(authenticationResponse, new PasswordPolicyContext());
        });
        Mockito.when(authenticationResponse.getDiagnosticMessage()).thenReturn("error data 775");
        Assertions.assertThrows(AccountLockedException.class, () -> {
            defaultLdapAccountStateHandler.handle(authenticationResponse, new PasswordPolicyContext());
        });
        Mockito.when(authenticationResponse.getDiagnosticMessage()).thenReturn("error unknown");
        Assertions.assertDoesNotThrow(() -> {
            defaultLdapAccountStateHandler.handle(authenticationResponse, new PasswordPolicyContext());
        });
    }

    @Test
    public void verifyOperation() {
        DefaultLdapAccountStateHandler defaultLdapAccountStateHandler = new DefaultLdapAccountStateHandler();
        defaultLdapAccountStateHandler.setAttributesToErrorMap(Map.of("attr1", AccountLockedException.class));
        AuthenticationResponse authenticationResponse = (AuthenticationResponse) Mockito.mock(AuthenticationResponse.class);
        LdapEntry ldapEntry = new LdapEntry();
        ldapEntry.addAttributes(new LdapAttribute[]{new LdapAttribute("attr1", new String[]{"true"})});
        Mockito.when(authenticationResponse.getLdapEntry()).thenReturn(ldapEntry);
        Assertions.assertThrows(AccountLockedException.class, () -> {
            defaultLdapAccountStateHandler.handlePolicyAttributes(authenticationResponse);
        });
    }

    @Test
    public void verifyNoAttrs() {
        DefaultLdapAccountStateHandler defaultLdapAccountStateHandler = new DefaultLdapAccountStateHandler();
        AuthenticationResponse authenticationResponse = (AuthenticationResponse) Mockito.mock(AuthenticationResponse.class);
        defaultLdapAccountStateHandler.setAttributesToErrorMap(Map.of("attr1", AccountLockedException.class));
        Mockito.when(authenticationResponse.getLdapEntry()).thenReturn(new LdapEntry());
        Mockito.when(Boolean.valueOf(authenticationResponse.isSuccess())).thenReturn(Boolean.TRUE);
        Assertions.assertDoesNotThrow(() -> {
            defaultLdapAccountStateHandler.handle(authenticationResponse, new PasswordPolicyContext());
        });
    }

    @Test
    public void verifyNoWarning() {
        DefaultLdapAccountStateHandler defaultLdapAccountStateHandler = new DefaultLdapAccountStateHandler();
        AuthenticationResponse authenticationResponse = (AuthenticationResponse) Mockito.mock(AuthenticationResponse.class);
        defaultLdapAccountStateHandler.setAttributesToErrorMap(Map.of("attr1", AccountLockedException.class));
        LdapEntry ldapEntry = new LdapEntry();
        AccountState accountState = (AccountState) Mockito.mock(AccountState.class);
        Mockito.when(authenticationResponse.getAccountState()).thenReturn(accountState);
        Mockito.when(authenticationResponse.getLdapEntry()).thenReturn(ldapEntry);
        Mockito.when(Boolean.valueOf(authenticationResponse.isSuccess())).thenReturn(Boolean.TRUE);
        Assertions.assertDoesNotThrow(() -> {
            defaultLdapAccountStateHandler.handle(authenticationResponse, new PasswordPolicyContext());
        });
        Mockito.when(accountState.getWarning()).thenReturn((AccountState.Warning) Mockito.mock(AccountState.Warning.class));
        Mockito.when(authenticationResponse.getAccountState()).thenReturn(accountState);
        Assertions.assertDoesNotThrow(() -> {
            defaultLdapAccountStateHandler.handle(authenticationResponse, new PasswordPolicyContext());
        });
    }
}
