package net.shibboleth.idp.plugin.authn.duo.impl;

import java.text.ParseException;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.plugin.authn.duo.context.DuoOIDCAuthenticationContext;
import net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/impl/ValidateDuoTokenAuthenticationResultTest.class */
public class ValidateDuoTokenAuthenticationResultTest extends AbstractDuoActionTest {
    private ValidateDuoTokenAuthenticationResult action;

    @BeforeMethod
    public void setUp() throws Exception {
        super.setup();
        this.action = new ValidateDuoTokenAuthenticationResult();
    }

    @Test
    public void testExecuteSuccess() throws ComponentInitializationException {
        addDuoContext();
        addDuoIntegrationToContext();
        addAttemptedFlow("authn/DuoOIDC");
        this.dc.setAuthToken(createPlainDummyToken("allow", "Login Succesful", "DIU6GEFWG5LIUBVV2M3P", Instant.now().plus(1L, (TemporalUnit) ChronoUnit.MINUTES), Instant.now(), Instant.now(), "api.duosecurity.com", "duo_push"));
        this.dc.setUsername("jdoe");
        this.action.initialize();
        Assert.assertNull(this.action.execute(this.src));
    }

    @Test
    public void testNoDuoContext() throws ComponentInitializationException {
        addAttemptedFlow("authn/DuoOIDC");
        this.action.initialize();
        assertEventId(this.action.execute(this.src), "InvalidAuthenticationContext");
    }

    @Test
    public void testExecuteRequestDenied() throws ComponentInitializationException {
        addDuoContext();
        addDuoIntegrationToContext();
        addAttemptedFlow("authn/DuoOIDC");
        HashMap hashMap = new HashMap();
        hashMap.put("AccountLocked", Arrays.asList("deny"));
        this.action.setClassifiedMessages(hashMap);
        this.dc.setAuthToken(createPlainDummyToken("deny", "Account locked", "DIU6GEFWG5LIUBVV2M3P", Instant.now().plus(1L, (TemporalUnit) ChronoUnit.MINUTES), Instant.now(), Instant.now(), "api.duosecurity.com", "duo_push"));
        this.dc.setUsername("jdoe");
        this.action.initialize();
        assertEventId(this.action.execute(this.src), "AccountLocked");
    }

    @Test
    public void testExecuteNoDuoAuthToken() throws ComponentInitializationException {
        addDuoContext();
        addDuoIntegrationToContext();
        addAttemptedFlow("authn/DuoOIDC");
        this.dc.setUsername("jdoe");
        this.action.initialize();
        assertEventId(this.action.execute(this.src), "InvalidAuthenticationContext");
    }

    @Test
    public void testExecuteFailedToken() throws ComponentInitializationException {
        addDuoContext();
        addDuoIntegrationToContext();
        addAttemptedFlow("authn/DuoOIDC");
        this.dc.setAuthToken(createPlainDummyToken("deny", "Login Failed", "DIU6GEFWG5LIUBVV2M3P", Instant.now().plus(1L, (TemporalUnit) ChronoUnit.MINUTES), Instant.now(), Instant.now(), "api.duosecurity.com", "duo_push"));
        this.dc.setUsername("jdoe");
        this.action.initialize();
        assertEventId(this.action.execute(this.src), "InvalidCredentials");
    }

    @Test
    public void testExecuteWithPrincipalHook() throws ComponentInitializationException {
        addDuoContext();
        addDuoIntegrationToContext();
        addAttemptedFlow("authn/DuoOIDC");
        this.dc.setAuthToken(createPlainDummyToken("allow", "Login Succesful", "DIU6GEFWG5LIUBVV2M3P", Instant.now().plus(1L, (TemporalUnit) ChronoUnit.MINUTES), Instant.now(), Instant.now(), "api.duosecurity.com", "duo_push"));
        this.dc.setUsername("jdoe");
        this.action.setContextToPrincipalMappingStrategy(profileRequestContext -> {
            DuoOIDCAuthenticationContext subcontext = profileRequestContext.getSubcontext(AuthenticationContext.class).getSubcontext(DuoOIDCAuthenticationContext.class);
            ArrayList arrayList = new ArrayList();
            try {
                if ("duo_push".equals((String) subcontext.getAuthToken().getJWTClaimsSet().getJSONObjectClaim("auth_context").get("factor"))) {
                    arrayList.add(new AuthnContextClassRefPrincipal("http://example.com/duoPush"));
                }
                return arrayList;
            } catch (ParseException e) {
                throw new RuntimeException("Can not find duo factor in mocked duo response", e);
            }
        });
        this.action.initialize();
        Assert.assertNull(this.action.execute(this.src));
        Assert.assertNotNull(this.prc.getSubcontext(AuthenticationContext.class).getAuthenticationResult());
        Assert.assertTrue(this.prc.getSubcontext(AuthenticationContext.class).getAuthenticationResult().getSubject().getPrincipals().contains(new AuthnContextClassRefPrincipal("http://example.com/duoPush")));
    }

    @Test
    public void testExecuteWithPrincipalHookNoMatchingFactor() throws ComponentInitializationException {
        addDuoContext();
        addDuoIntegrationToContext();
        addAttemptedFlow("authn/DuoOIDC");
        this.dc.setAuthToken(createPlainDummyToken("allow", "Login Succesful", "DIU6GEFWG5LIUBVV2M3P", Instant.now().plus(1L, (TemporalUnit) ChronoUnit.MINUTES), Instant.now(), Instant.now(), "api.duosecurity.com", "duo_push"));
        this.dc.setUsername("jdoe");
        this.action.setContextToPrincipalMappingStrategy(profileRequestContext -> {
            DuoOIDCAuthenticationContext subcontext = profileRequestContext.getSubcontext(AuthenticationContext.class).getSubcontext(DuoOIDCAuthenticationContext.class);
            ArrayList arrayList = new ArrayList();
            try {
                if ("sms".equals((String) subcontext.getAuthToken().getJWTClaimsSet().getJSONObjectClaim("auth_context").get("factor"))) {
                    arrayList.add(new AuthnContextClassRefPrincipal("http://example.com/sms"));
                }
                return arrayList;
            } catch (ParseException e) {
                throw new RuntimeException("Can not find duo factor in mocked duo response", e);
            }
        });
        this.action.initialize();
        Assert.assertNull(this.action.execute(this.src));
        Assert.assertNotNull(this.prc.getSubcontext(AuthenticationContext.class).getAuthenticationResult());
        Assert.assertFalse(this.prc.getSubcontext(AuthenticationContext.class).getAuthenticationResult().getSubject().getPrincipals().contains(new AuthnContextClassRefPrincipal("http://example.com/sms")));
    }
}
