package net.shibboleth.idp.plugin.authn.duo.impl;

import com.google.common.net.UrlEscapers;
import jakarta.servlet.http.Cookie;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.plugin.authn.duo.context.DuoOIDCAuthenticationContext;
import net.shibboleth.idp.profile.context.navigate.WebflowRequestContextProfileRequestContextLookup;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.PredicateSupport;
import net.shibboleth.shared.net.URISupport;
import net.shibboleth.shared.security.DataSealerException;
import org.opensaml.profile.context.ProfileRequestContext;
import org.springframework.webflow.execution.RequestContext;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/impl/PostValidatePasswordlessEvaluationTest.class */
public class PostValidatePasswordlessEvaluationTest extends PasswordlessCookieManagerTest {
    private PostValidatePasswordlessEvaluation action;
    private RequestContext src;
    private ProfileRequestContext prc;
    private AuthenticationContext ac;
    private DuoOIDCAuthenticationContext dac;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // net.shibboleth.idp.plugin.authn.duo.impl.PasswordlessCookieManagerTest
    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        super.setUp();
        this.action = new PostValidatePasswordlessEvaluation();
        this.action.setCookieManager(this.cookieManager);
        this.action.setPasswordlessCondition(PredicateSupport.alwaysTrue());
        this.src = new RequestContextBuilder().buildRequestContext();
        this.prc = new WebflowRequestContextProfileRequestContextLookup().apply(this.src);
        this.ac = this.prc.ensureSubcontext(AuthenticationContext.class);
        this.dac = this.ac.ensureSubcontext(DuoOIDCAuthenticationContext.class);
    }

    @Test
    public void testNoUsername() throws ComponentInitializationException {
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidProfileContext");
        this.ac.removeSubcontext(DuoOIDCAuthenticationContext.class);
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidProfileContext");
    }

    @Test
    public void testNotCacheableCleared() throws ComponentInitializationException {
        this.dac.setUsername("jdoe");
        this.ac.setResultCacheable(false);
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Cookie cookie = this.response.getCookie("_cookieName");
        if (!$assertionsDisabled && cookie == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(cookie.getMaxAge(), 0);
    }

    @Test
    public void testNotCacheableNotCleared() throws ComponentInitializationException, DataSealerException {
        this.request.setCookies(new Cookie[]{new Cookie("_cookieName", UrlEscapers.urlFormParameterEscaper().escape(this.dataSealer.wrap("jdoe")))});
        this.dac.setUsername("jdoe");
        this.ac.setResultCacheable(false);
        this.action.setRequireResultCacheable(false);
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Cookie cookie = this.response.getCookie("_cookieName");
        if (!$assertionsDisabled && cookie == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(cookie.getName(), "_cookieName");
        String doURLDecode = URISupport.doURLDecode(cookie.getValue());
        if (!$assertionsDisabled && doURLDecode == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(this.dataSealer.unwrap(doURLDecode), "jdoe");
    }

    @Test
    public void testOptOutSkips() throws ComponentInitializationException {
        this.dac.setUsername("jdoe");
        this.request.setCookies(new Cookie[]{new Cookie("_cookieName", "__NO")});
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNull(this.response.getCookie("_cookieName"));
    }

    @Test
    public void testNoCookieEligible() throws ComponentInitializationException {
        this.dac.setUsername("jdoe");
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "PasswordlessPrompt");
    }

    @Test
    public void testNoCookieNotEligible() throws ComponentInitializationException {
        this.dac.setUsername("jdoe");
        this.action.setPasswordlessCondition(PredicateSupport.alwaysFalse());
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
    }

    @Test
    public void testCookieMatches() throws ComponentInitializationException, DataSealerException {
        this.dac.setUsername("jdoe");
        this.request.setCookies(new Cookie[]{new Cookie("_cookieName", UrlEscapers.urlFormParameterEscaper().escape(this.dataSealer.wrap("jdoe")))});
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Cookie cookie = this.response.getCookie("_cookieName");
        if (!$assertionsDisabled && cookie == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(cookie.getName(), "_cookieName");
        String doURLDecode = URISupport.doURLDecode(cookie.getValue());
        if (!$assertionsDisabled && doURLDecode == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(this.dataSealer.unwrap(doURLDecode), "jdoe");
    }

    @Test
    public void testCookieMismatch() throws ComponentInitializationException, DataSealerException {
        this.dac.setUsername("jdoe");
        this.request.setCookies(new Cookie[]{new Cookie("_cookieName", UrlEscapers.urlFormParameterEscaper().escape(this.dataSealer.wrap("jdoe2")))});
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "PasswordlessPrompt");
        Cookie cookie = this.response.getCookie("_cookieName");
        if (!$assertionsDisabled && cookie == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(cookie.getMaxAge(), 0);
    }

    @Test
    public void testCookieMismatchIgnore() throws ComponentInitializationException, DataSealerException {
        this.dac.setUsername("jdoe");
        this.request.setCookies(new Cookie[]{new Cookie("_cookieName", UrlEscapers.urlFormParameterEscaper().escape(this.dataSealer.wrap("jdoe2")))});
        this.action.setDetectUsernameMismatch(false);
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNull(this.response.getCookie("_cookieName"));
    }

    static {
        $assertionsDisabled = !PostValidatePasswordlessEvaluationTest.class.desiredAssertionStatus();
    }
}
