package org.apereo.cas.okta;

import com.okta.authn.sdk.resource.AuthenticationResponse;
import com.okta.authn.sdk.resource.User;
import java.util.Map;
import java.util.Objects;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import org.apereo.cas.authentication.AuthenticationPasswordPolicyHandlingStrategy;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.support.password.DefaultPasswordPolicyHandlingStrategy;
import org.apereo.cas.authentication.support.password.PasswordPolicyContext;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;

@Tag("AuthenticationHandler")
/* loaded from: input_file:org/apereo/cas/okta/OktaAuthenticationStateHandlerAdapterTests.class */
public class OktaAuthenticationStateHandlerAdapterTests {
    @Test
    public void handleSuccessWithoutToken() {
        OktaAuthenticationStateHandlerAdapter oktaAuthenticationStateHandlerAdapter = new OktaAuthenticationStateHandlerAdapter(new DefaultPasswordPolicyHandlingStrategy(), new PasswordPolicyContext());
        AuthenticationResponse authenticationResponse = (AuthenticationResponse) Mockito.mock(AuthenticationResponse.class);
        Mockito.when(authenticationResponse.getSessionToken()).thenReturn((Object) null);
        oktaAuthenticationStateHandlerAdapter.handleSuccess(authenticationResponse);
        Assertions.assertNotNull(oktaAuthenticationStateHandlerAdapter.getFailureException());
        Assertions.assertNotNull(oktaAuthenticationStateHandlerAdapter.getPasswordPolicyHandlingStrategy());
        Assertions.assertNotNull(oktaAuthenticationStateHandlerAdapter.getPasswordPolicyConfiguration());
        Objects.requireNonNull(oktaAuthenticationStateHandlerAdapter);
        Assertions.assertThrows(FailedLoginException.class, oktaAuthenticationStateHandlerAdapter::throwExceptionIfNecessary);
    }

    @Test
    public void handleSuccess() {
        OktaAuthenticationStateHandlerAdapter oktaAuthenticationStateHandlerAdapter = new OktaAuthenticationStateHandlerAdapter(new DefaultPasswordPolicyHandlingStrategy(), new PasswordPolicyContext());
        AuthenticationResponse authenticationResponse = (AuthenticationResponse) Mockito.mock(AuthenticationResponse.class);
        Mockito.when(authenticationResponse.getSessionToken()).thenReturn("token");
        Mockito.when(authenticationResponse.getStatusString()).thenReturn("error");
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getLogin()).thenReturn("cas");
        Mockito.when(user.getId()).thenReturn("cas-id");
        Mockito.when(user.getProfile()).thenReturn(Map.of("name", "something", "lastName", "something-else"));
        Mockito.when(authenticationResponse.getUser()).thenReturn(user);
        oktaAuthenticationStateHandlerAdapter.handleSuccess(authenticationResponse);
        Objects.requireNonNull(oktaAuthenticationStateHandlerAdapter);
        Assertions.assertDoesNotThrow(oktaAuthenticationStateHandlerAdapter::throwExceptionIfNecessary);
        Assertions.assertEquals("cas", oktaAuthenticationStateHandlerAdapter.getUsername());
        Assertions.assertFalse(oktaAuthenticationStateHandlerAdapter.getUserAttributes().isEmpty());
    }

    @Test
    public void handlePasswordWarning() {
        OktaAuthenticationStateHandlerAdapter oktaAuthenticationStateHandlerAdapter = new OktaAuthenticationStateHandlerAdapter(new DefaultPasswordPolicyHandlingStrategy(), new PasswordPolicyContext());
        AuthenticationResponse authenticationResponse = (AuthenticationResponse) Mockito.mock(AuthenticationResponse.class);
        Mockito.when(authenticationResponse.getSessionToken()).thenReturn("token");
        oktaAuthenticationStateHandlerAdapter.handlePasswordWarning(authenticationResponse);
        Objects.requireNonNull(oktaAuthenticationStateHandlerAdapter);
        Assertions.assertThrows(AccountNotFoundException.class, oktaAuthenticationStateHandlerAdapter::throwExceptionIfNecessary);
        Assertions.assertTrue(oktaAuthenticationStateHandlerAdapter.getWarnings().isEmpty());
    }

    @Test
    public void handleUnknownPasswordPolicy() throws Exception {
        AuthenticationPasswordPolicyHandlingStrategy authenticationPasswordPolicyHandlingStrategy = (AuthenticationPasswordPolicyHandlingStrategy) Mockito.mock(AuthenticationPasswordPolicyHandlingStrategy.class);
        Mockito.when(Boolean.valueOf(authenticationPasswordPolicyHandlingStrategy.supports(Mockito.any()))).thenReturn(Boolean.TRUE);
        Mockito.when(authenticationPasswordPolicyHandlingStrategy.handle(Mockito.any(), Mockito.any())).thenThrow(new Throwable[]{new RuntimeException()});
        OktaAuthenticationStateHandlerAdapter oktaAuthenticationStateHandlerAdapter = new OktaAuthenticationStateHandlerAdapter(authenticationPasswordPolicyHandlingStrategy, new PasswordPolicyContext());
        AuthenticationResponse authenticationResponse = (AuthenticationResponse) Mockito.mock(AuthenticationResponse.class);
        Mockito.when(authenticationResponse.getSessionToken()).thenReturn("token");
        oktaAuthenticationStateHandlerAdapter.handlePasswordWarning(authenticationResponse);
        Objects.requireNonNull(oktaAuthenticationStateHandlerAdapter);
        Assertions.assertThrows(AccountNotFoundException.class, oktaAuthenticationStateHandlerAdapter::throwExceptionIfNecessary);
        Assertions.assertTrue(oktaAuthenticationStateHandlerAdapter.getWarnings().isEmpty());
    }

    @Test
    public void verifyLockout() {
        OktaAuthenticationStateHandlerAdapter oktaAuthenticationStateHandlerAdapter = new OktaAuthenticationStateHandlerAdapter(new DefaultPasswordPolicyHandlingStrategy(), new PasswordPolicyContext());
        AuthenticationResponse authenticationResponse = (AuthenticationResponse) Mockito.mock(AuthenticationResponse.class);
        Mockito.when(authenticationResponse.getStatusString()).thenReturn("error");
        oktaAuthenticationStateHandlerAdapter.handleLockedOut(authenticationResponse);
        Objects.requireNonNull(oktaAuthenticationStateHandlerAdapter);
        Assertions.assertThrows(AccountLockedException.class, oktaAuthenticationStateHandlerAdapter::throwExceptionIfNecessary);
    }

    @Test
    public void verifyUnknown() {
        OktaAuthenticationStateHandlerAdapter oktaAuthenticationStateHandlerAdapter = new OktaAuthenticationStateHandlerAdapter(new DefaultPasswordPolicyHandlingStrategy(), new PasswordPolicyContext());
        AuthenticationResponse authenticationResponse = (AuthenticationResponse) Mockito.mock(AuthenticationResponse.class);
        Mockito.when(authenticationResponse.getStatusString()).thenReturn("error");
        oktaAuthenticationStateHandlerAdapter.handleUnknown(authenticationResponse);
        Objects.requireNonNull(oktaAuthenticationStateHandlerAdapter);
        Assertions.assertThrows(AccountNotFoundException.class, oktaAuthenticationStateHandlerAdapter::throwExceptionIfNecessary);
    }

    @Test
    public void handleUnauthenticated() {
        OktaAuthenticationStateHandlerAdapter oktaAuthenticationStateHandlerAdapter = new OktaAuthenticationStateHandlerAdapter(new DefaultPasswordPolicyHandlingStrategy(), new PasswordPolicyContext());
        AuthenticationResponse authenticationResponse = (AuthenticationResponse) Mockito.mock(AuthenticationResponse.class);
        Mockito.when(authenticationResponse.getStatusString()).thenReturn("error");
        oktaAuthenticationStateHandlerAdapter.handleUnauthenticated(authenticationResponse);
        Objects.requireNonNull(oktaAuthenticationStateHandlerAdapter);
        Assertions.assertThrows(FailedLoginException.class, oktaAuthenticationStateHandlerAdapter::throwExceptionIfNecessary);
    }

    @Test
    public void handlePasswordExpired() {
        OktaAuthenticationStateHandlerAdapter oktaAuthenticationStateHandlerAdapter = new OktaAuthenticationStateHandlerAdapter(new DefaultPasswordPolicyHandlingStrategy(), new PasswordPolicyContext());
        AuthenticationResponse authenticationResponse = (AuthenticationResponse) Mockito.mock(AuthenticationResponse.class);
        Mockito.when(authenticationResponse.getStatusString()).thenReturn("error");
        oktaAuthenticationStateHandlerAdapter.handlePasswordExpired(authenticationResponse);
        Objects.requireNonNull(oktaAuthenticationStateHandlerAdapter);
        Assertions.assertThrows(AccountExpiredException.class, oktaAuthenticationStateHandlerAdapter::throwExceptionIfNecessary);
    }

    @Test
    public void handlePasswordReset() {
        OktaAuthenticationStateHandlerAdapter oktaAuthenticationStateHandlerAdapter = new OktaAuthenticationStateHandlerAdapter(new DefaultPasswordPolicyHandlingStrategy(), new PasswordPolicyContext());
        AuthenticationResponse authenticationResponse = (AuthenticationResponse) Mockito.mock(AuthenticationResponse.class);
        Mockito.when(authenticationResponse.getStatusString()).thenReturn("error");
        oktaAuthenticationStateHandlerAdapter.handlePasswordReset(authenticationResponse);
        Objects.requireNonNull(oktaAuthenticationStateHandlerAdapter);
        Assertions.assertThrows(AccountPasswordMustChangeException.class, oktaAuthenticationStateHandlerAdapter::throwExceptionIfNecessary);
    }
}
