package org.apereo.cas.okta;

import com.okta.authn.sdk.AuthenticationStateHandler;
import com.okta.authn.sdk.client.AuthenticationClient;
import com.okta.authn.sdk.resource.AuthenticationResponse;
import com.okta.authn.sdk.resource.User;
import javax.security.auth.login.FailedLoginException;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.config.CasPersonDirectoryTestConfiguration;
import org.apereo.cas.config.OktaAuthenticationConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.okta.BaseOktaTests;
import org.apereo.cas.services.ServicesManager;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;

@Tag("AuthenticationHandler")
@SpringBootTest(classes = {OktaAuthenticationConfiguration.class, CasPersonDirectoryTestConfiguration.class, BaseOktaTests.SharedTestConfiguration.class}, properties = {"cas.authn.okta.proxy-host=localhost", "cas.authn.okta.proxy-port=1234", "cas.authn.okta.proxy-username=username", "cas.authn.okta.proxy-password=password", "cas.authn.okta.organization-url=https://dev-159539.oktapreview.com"})
/* loaded from: input_file:org/apereo/cas/okta/OktaAuthenticationStateHandlerTests.class */
public class OktaAuthenticationStateHandlerTests {

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("oktaAuthenticationHandler")
    private AuthenticationHandler oktaAuthenticationHandler;

    @Autowired
    @Qualifier("oktaPrincipalFactory")
    private PrincipalFactory oktaPrincipalFactory;

    @Test
    public void verifyOperation() {
        UsernamePasswordCredential credentialsWithDifferentUsernameAndPassword = CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("casuser@apereo.org", "a8BuQH@6B7z");
        Assertions.assertThrows(FailedLoginException.class, () -> {
            this.oktaAuthenticationHandler.authenticate(credentialsWithDifferentUsernameAndPassword);
        });
    }

    @Test
    public void verifySuccess() throws Exception {
        UsernamePasswordCredential credentialsWithDifferentUsernameAndPassword = CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("casuser@apereo.org", "a8BuQH@6B7z");
        AuthenticationResponse authenticationResponse = (AuthenticationResponse) Mockito.mock(AuthenticationResponse.class);
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getLogin()).thenReturn("casuser");
        Mockito.when(user.getId()).thenReturn("casuser");
        Mockito.when(authenticationResponse.getUser()).thenReturn(user);
        Mockito.when(authenticationResponse.getSessionToken()).thenReturn("token");
        AuthenticationClient authenticationClient = (AuthenticationClient) Mockito.mock(AuthenticationClient.class);
        Mockito.when(authenticationClient.authenticate(Mockito.anyString(), (char[]) Mockito.any(), (String) Mockito.any(), (AuthenticationStateHandler) Mockito.any(AuthenticationStateHandler.class))).thenAnswer(invocationOnMock -> {
            ((AuthenticationStateHandler) invocationOnMock.getArgument(3, AuthenticationStateHandler.class)).handleSuccess(authenticationResponse);
            return authenticationResponse;
        });
        OktaAuthenticationHandler oktaAuthenticationHandler = new OktaAuthenticationHandler((String) null, this.servicesManager, this.oktaPrincipalFactory, this.casProperties.getAuthn().getOkta(), authenticationClient);
        Assertions.assertNotNull(oktaAuthenticationHandler.authenticate(credentialsWithDifferentUsernameAndPassword));
        Assertions.assertNotNull(oktaAuthenticationHandler.getOktaAuthenticationClient());
        Assertions.assertNotNull(oktaAuthenticationHandler.getProperties());
    }
}
