package org.apereo.cas.webauthn.storage;

import com.yubico.data.CredentialRegistration;
import com.yubico.webauthn.AssertionResult;
import com.yubico.webauthn.RegisteredCredential;
import com.yubico.webauthn.data.ByteArray;
import com.yubico.webauthn.data.UserIdentity;
import java.time.Clock;
import java.time.Instant;
import java.util.Locale;
import java.util.Optional;
import java.util.UUID;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.webauthn.web.flow.BaseWebAuthnWebflowTests;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;

@SpringBootTest(classes = {BaseWebAuthnWebflowTests.SharedTestConfiguration.class}, properties = {"cas.authn.mfa.web-authn.core.trust-source.fido.legal-header=Retrieval and use of this BLOB indicates acceptance of the appropriate agreement located at https://fidoalliance.org/metadata/metadata-legal-terms/", "cas.authn.mfa.web-authn.core.allowed-origins=https://localhost:8443", "cas.authn.mfa.web-authn.core.application-id=https://localhost:8443", "cas.authn.mfa.web-authn.core.relying-party-name=CAS WebAuthn Demo", "cas.authn.mfa.web-authn.core.relying-party-id=example.org"})
/* loaded from: input_file:org/apereo/cas/webauthn/storage/BaseWebAuthnCredentialRepositoryTests.class */
public abstract class BaseWebAuthnCredentialRepositoryTests {

    @Autowired
    protected CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("webAuthnCredentialRepository")
    protected WebAuthnCredentialRepository webAuthnCredentialRepository;

    @Autowired
    @Qualifier("webAuthnCredentialRegistrationCipherExecutor")
    protected CipherExecutor<String, String> cipherExecutor;

    public static CredentialRegistration getCredentialRegistration(String str) throws Exception {
        return CredentialRegistration.builder().registrationTime(Instant.now(Clock.systemUTC())).credential(RegisteredCredential.builder().credentialId(ByteArray.fromBase64Url(str)).userHandle(ByteArray.fromBase64Url(str)).publicKeyCose(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).build()).userIdentity(UserIdentity.builder().name(str).displayName("CAS").id(ByteArray.fromBase64Url(str)).build()).build();
    }

    @Test
    protected void verifyOperation() throws Throwable {
        String username = getUsername();
        CredentialRegistration credentialRegistration = getCredentialRegistration(username.toLowerCase(Locale.ENGLISH));
        Assertions.assertTrue(this.webAuthnCredentialRepository.addRegistrationByUsername(username.toLowerCase(Locale.ENGLISH), credentialRegistration));
        Assertions.assertFalse(this.webAuthnCredentialRepository.getCredentialIdsForUsername(username.toUpperCase(Locale.ENGLISH)).isEmpty());
        ByteArray fromBase64Url = ByteArray.fromBase64Url(username);
        Optional registrationByUsernameAndCredentialId = this.webAuthnCredentialRepository.getRegistrationByUsernameAndCredentialId(username.toUpperCase(Locale.ENGLISH), fromBase64Url);
        Assertions.assertTrue(registrationByUsernameAndCredentialId.isPresent());
        Assertions.assertNotNull(((CredentialRegistration) registrationByUsernameAndCredentialId.get()).getRegistrationTime());
        Assertions.assertFalse(this.webAuthnCredentialRepository.getRegistrationsByUserHandle(fromBase64Url).isEmpty());
        Assertions.assertFalse(this.webAuthnCredentialRepository.getRegistrationsByUsername(username.toUpperCase(Locale.ENGLISH)).isEmpty());
        Assertions.assertFalse(this.webAuthnCredentialRepository.getUserHandleForUsername(username.toUpperCase(Locale.ENGLISH)).isEmpty());
        Assertions.assertFalse(this.webAuthnCredentialRepository.getUsernameForUserHandle(fromBase64Url).isEmpty());
        Assertions.assertFalse(this.webAuthnCredentialRepository.lookup(fromBase64Url, fromBase64Url).isEmpty());
        Assertions.assertFalse(this.webAuthnCredentialRepository.lookupAll(fromBase64Url).isEmpty());
        Assertions.assertTrue(this.webAuthnCredentialRepository.stream().count() > 0);
        RegisteredCredential build = RegisteredCredential.builder().credentialId(fromBase64Url).userHandle(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).publicKeyCose(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).build();
        AssertionResult assertionResult = (AssertionResult) Mockito.mock(AssertionResult.class);
        Mockito.when(assertionResult.getCredential()).thenReturn(build);
        Mockito.when(Long.valueOf(assertionResult.getSignatureCount())).thenReturn(1L);
        Mockito.when(assertionResult.getUsername()).thenReturn(username);
        Mockito.when(assertionResult.getCredentialId()).thenReturn(fromBase64Url);
        this.webAuthnCredentialRepository.updateSignatureCount(assertionResult);
        this.webAuthnCredentialRepository.removeAllRegistrations(username.toUpperCase(Locale.ENGLISH));
        this.webAuthnCredentialRepository.removeRegistrationByUsername(username.toUpperCase(Locale.ENGLISH), credentialRegistration);
        Assertions.assertTrue(this.webAuthnCredentialRepository.lookup(fromBase64Url, fromBase64Url).isEmpty());
        Assertions.assertDoesNotThrow(() -> {
            this.webAuthnCredentialRepository.clean();
        });
    }

    protected String getUsername() throws Exception {
        return UUID.randomUUID().toString();
    }
}
