package org.apereo.cas.webauthn.web.flow;

import com.yubico.core.SessionManager;
import com.yubico.data.CredentialRegistration;
import com.yubico.webauthn.RegisteredCredential;
import com.yubico.webauthn.data.ByteArray;
import com.yubico.webauthn.data.UserIdentity;
import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.cas.webauthn.storage.WebAuthnCredentialRepository;
import org.apereo.cas.webauthn.web.flow.BaseWebAuthnWebflowTests;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.webflow.context.ExternalContextHolder;
import org.springframework.webflow.context.servlet.ServletExternalContext;
import org.springframework.webflow.execution.Action;
import org.springframework.webflow.execution.RequestContextHolder;
import org.springframework.webflow.test.MockRequestContext;

@Tag("WebflowMfaActions")
@SpringBootTest(classes = {BaseWebAuthnWebflowTests.SharedTestConfiguration.class}, properties = {"cas.authn.mfa.web-authn.core.allowed-origins=https://localhost:8443", "cas.authn.mfa.web-authn.core.application-id=https://localhost:8443", "cas.authn.mfa.web-authn.core.relying-party-name=CAS WebAuthn Demo", "cas.authn.mfa.web-authn.core.relying-party-id=example.org", "cas.authn.mfa.web-authn.core.allow-primary-authentication=true"})
/* loaded from: input_file:org/apereo/cas/webauthn/web/flow/WebAuthnValidateSessionCredentialTokenActionTests.class */
public class WebAuthnValidateSessionCredentialTokenActionTests {
    private static final String SAMPLE_TOKEN = "mO2ST2ZLIZCP6VmGDkiIX-_-VNXfOJQ6TjCwUFSCA3Y";

    @Autowired
    @Qualifier("webAuthnValidateSessionCredentialTokenAction")
    private Action webAuthnValidateSessionCredentialTokenAction;

    @Autowired
    @Qualifier("webAuthnCredentialRepository")
    private WebAuthnCredentialRepository webAuthnCredentialRepository;

    @Autowired
    @Qualifier("webAuthnSessionManager")
    private SessionManager webAuthnSessionManager;

    @Autowired
    @Qualifier("webAuthnMultifactorAuthenticationProvider")
    private MultifactorAuthenticationProvider webAuthnMultifactorAuthenticationProvider;

    @Test
    public void verifyMissingToken() throws Exception {
        MockRequestContext mockRequestContext = new MockRequestContext();
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(), new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        WebUtils.putMultifactorAuthenticationProviderIdIntoFlowScope(mockRequestContext, this.webAuthnMultifactorAuthenticationProvider);
        Assertions.assertEquals("authenticationFailure", this.webAuthnValidateSessionCredentialTokenAction.execute(mockRequestContext).getId());
    }

    @Test
    public void verifyEmptySessionForToken() throws Exception {
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("token", SAMPLE_TOKEN);
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        WebUtils.putMultifactorAuthenticationProviderIdIntoFlowScope(mockRequestContext, this.webAuthnMultifactorAuthenticationProvider);
        Assertions.assertEquals("authenticationFailure", this.webAuthnValidateSessionCredentialTokenAction.execute(mockRequestContext).getId());
    }

    @Test
    public void verifyNoUserForToken() throws Exception {
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("token", this.webAuthnSessionManager.createSession(ByteArray.fromBase64Url(SAMPLE_TOKEN)).getBase64Url());
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        WebUtils.putMultifactorAuthenticationProviderIdIntoFlowScope(mockRequestContext, this.webAuthnMultifactorAuthenticationProvider);
        Assertions.assertEquals("authenticationFailure", this.webAuthnValidateSessionCredentialTokenAction.execute(mockRequestContext).getId());
    }

    @Test
    public void verifySuccessAuthForToken() throws Exception {
        MockRequestContext mockRequestContext = new MockRequestContext();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        ByteArray fromBase64Url = ByteArray.fromBase64Url(SAMPLE_TOKEN);
        mockHttpServletRequest.addParameter("token", this.webAuthnSessionManager.createSession(fromBase64Url).getBase64Url());
        this.webAuthnCredentialRepository.addRegistrationByUsername("casuser", CredentialRegistration.builder().credential(RegisteredCredential.builder().credentialId(ByteArray.fromBase64Url("casuser")).userHandle(fromBase64Url).publicKeyCose(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).build()).userIdentity(UserIdentity.builder().name("casuser").displayName("CAS").id(fromBase64Url).build()).build());
        mockRequestContext.setExternalContext(new ServletExternalContext(new MockServletContext(), mockHttpServletRequest, new MockHttpServletResponse()));
        RequestContextHolder.setRequestContext(mockRequestContext);
        ExternalContextHolder.setExternalContext(mockRequestContext.getExternalContext());
        WebUtils.putMultifactorAuthenticationProviderIdIntoFlowScope(mockRequestContext, this.webAuthnMultifactorAuthenticationProvider);
        Assertions.assertEquals("finalize", this.webAuthnValidateSessionCredentialTokenAction.execute(mockRequestContext).getId());
        Assertions.assertNotNull(WebUtils.getAuthentication(mockRequestContext));
    }
}
