package net.shibboleth.idp.plugin.authn.duo.impl;

import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.plugin.authn.duo.DefaultDuoOIDCIntegration;
import net.shibboleth.idp.plugin.authn.duo.DuoClientException;
import net.shibboleth.idp.plugin.authn.duo.DuoOIDCClient;
import net.shibboleth.idp.plugin.authn.duo.DuoOIDCClientRegistry;
import net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration;
import net.shibboleth.idp.plugin.authn.duo.DuoRegistryException;
import net.shibboleth.idp.plugin.authn.duo.SimpleDuoOIDCIntegration;
import net.shibboleth.idp.plugin.authn.duo.context.DuoOIDCAuthenticationContext;
import net.shibboleth.idp.plugin.authn.duo.context.DuoPasswordlessContext;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.testing.ConstantSupplier;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.springframework.mock.web.MockHttpServletRequest;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/impl/PopulateDuoAuthenticationContextTest.class */
public class PopulateDuoAuthenticationContextTest extends AbstractDuoActionTest {
    private PopulateDuoAuthenticationContext action;
    private MockHttpServletRequest request;
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeMethod
    public void setUp() throws Exception {
        super.setup();
        this.action = new PopulateDuoAuthenticationContext();
        this.request = new MockHttpServletRequest();
    }

    @Test
    public void testExecuteSuccessWithStaticClient() throws ComponentInitializationException, DuoRegistryException, DuoClientException {
        SimpleDuoOIDCIntegration simpleDuoOIDCIntegration = new SimpleDuoOIDCIntegration();
        simpleDuoOIDCIntegration.setAPIHost("api.duosecurity.com");
        simpleDuoOIDCIntegration.setClientId("DIU6GEFWG5LIUBVV2M3P");
        simpleDuoOIDCIntegration.setRedirectURI("https://simple-static.redirect/");
        simpleDuoOIDCIntegration.setSecretKey("rFvDfPul27v3Wew2zb6xRPzAJewJ34MP2w8UitPh");
        simpleDuoOIDCIntegration.setAuthorizeEndpoint("/authorize");
        simpleDuoOIDCIntegration.setTokenEndpoint("/token");
        simpleDuoOIDCIntegration.setHealthCheckEndpoint("/health");
        simpleDuoOIDCIntegration.initialize();
        this.action.setStandardDuoIntegrationLookupStrategy(profileRequestContext -> {
            return simpleDuoOIDCIntegration;
        });
        this.action.setUsernameLookupStrategy(profileRequestContext2 -> {
            return "jdoe";
        });
        this.action.setHttpServletRequestSupplier(new ConstantSupplier(this.request));
        DuoOIDCClientRegistry duoOIDCClientRegistry = (DuoOIDCClientRegistry) Mockito.mock(DuoOIDCClientRegistry.class);
        Mockito.when(duoOIDCClientRegistry.getClientOrCreate((DuoOIDCIntegration) ArgumentMatchers.any(DuoOIDCIntegration.class))).thenReturn((DuoOIDCClient) Mockito.mock(DuoOIDCClient.class));
        this.action.setClientRegistry(duoOIDCClientRegistry);
        this.action.initialize();
        Assert.assertNull(this.action.execute(this.src));
        DuoOIDCAuthenticationContext subcontext = this.ac.getSubcontext(DuoOIDCAuthenticationContext.class);
        Assert.assertNotNull(subcontext);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(subcontext.getRedirectURIOverride(), (String) null);
    }

    @Test
    public void testPasswordlessExecuteSuccessWithStaticClient() throws ComponentInitializationException, DuoRegistryException, DuoClientException {
        SimpleDuoOIDCIntegration simpleDuoOIDCIntegration = new SimpleDuoOIDCIntegration();
        simpleDuoOIDCIntegration.setPasswordless(true);
        simpleDuoOIDCIntegration.setAPIHost("api.duosecurity.com");
        simpleDuoOIDCIntegration.setClientId("DIU6GEFWG5LIUBVV2M3P");
        simpleDuoOIDCIntegration.setRedirectURI("https://simple-static.redirect/");
        simpleDuoOIDCIntegration.setSecretKey("rFvDfPul27v3Wew2zb6xRPzAJewJ34MP2w8UitPh");
        simpleDuoOIDCIntegration.setAuthorizeEndpoint("/authorize");
        simpleDuoOIDCIntegration.setTokenEndpoint("/token");
        simpleDuoOIDCIntegration.setHealthCheckEndpoint("/health");
        simpleDuoOIDCIntegration.initialize();
        this.action.setPasswordlessDuoIntegrationLookupStrategy(profileRequestContext -> {
            return simpleDuoOIDCIntegration;
        });
        this.action.setHttpServletRequestSupplier(new ConstantSupplier(this.request));
        DuoOIDCClientRegistry duoOIDCClientRegistry = (DuoOIDCClientRegistry) Mockito.mock(DuoOIDCClientRegistry.class);
        Mockito.when(duoOIDCClientRegistry.getClientOrCreate((DuoOIDCIntegration) ArgumentMatchers.any(DuoOIDCIntegration.class))).thenReturn((DuoOIDCClient) Mockito.mock(DuoOIDCClient.class));
        this.action.setClientRegistry(duoOIDCClientRegistry);
        this.action.initialize();
        this.prc.ensureSubcontext(AuthenticationContext.class).ensureSubcontext(DuoPasswordlessContext.class).setUsername("jdoe");
        Assert.assertNull(this.action.execute(this.src));
        DuoOIDCAuthenticationContext subcontext = this.ac.getSubcontext(DuoOIDCAuthenticationContext.class);
        Assert.assertNotNull(subcontext);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(subcontext.getRedirectURIOverride(), (String) null);
    }

    @Test
    public void testExecuteDynamicClientButNoRedirectCreationStrategy() throws ComponentInitializationException, DuoRegistryException {
        DefaultDuoOIDCIntegration createDummyDuoIntegration = createDummyDuoIntegration();
        this.action.setStandardDuoIntegrationLookupStrategy(profileRequestContext -> {
            return createDummyDuoIntegration;
        });
        this.action.setUsernameLookupStrategy(profileRequestContext2 -> {
            return "jdoe";
        });
        this.request.addHeader("Host", "example.com");
        this.request.setServerPort(443);
        this.request.setScheme("https");
        this.action.setHttpServletRequestSupplier(new ConstantSupplier(this.request));
        DuoOIDCClientRegistry duoOIDCClientRegistry = (DuoOIDCClientRegistry) Mockito.mock(DuoOIDCClientRegistry.class);
        Mockito.when(duoOIDCClientRegistry.getClientOrCreate((DuoOIDCIntegration) ArgumentMatchers.any(DuoOIDCIntegration.class))).thenReturn((DuoOIDCClient) Mockito.mock(DuoOIDCClient.class));
        this.action.setClientRegistry(duoOIDCClientRegistry);
        this.action.initialize();
        assertEventId(this.action.execute(this.src), "AuthenticationException");
    }

    @Test
    public void testExecuteSuccessWithDynamicClient() throws ComponentInitializationException, DuoRegistryException, DuoClientException {
        DefaultDuoOIDCIntegration createDummyDuoIntegration = createDummyDuoIntegration();
        createDummyDuoIntegration.setRegisteredRedirectURI((String) null);
        this.action.setStandardDuoIntegrationLookupStrategy(profileRequestContext -> {
            return createDummyDuoIntegration;
        });
        this.action.setUsernameLookupStrategy(profileRequestContext2 -> {
            return "jdoe";
        });
        this.action.setRedirectURICreationStrategy((httpServletRequest, dynamicDuoOIDCIntegration) -> {
            return "https://example.com/idp/profile/Authn/Duo/2FA/callback";
        });
        this.action.setHttpServletRequestSupplier(new ConstantSupplier(this.request));
        this.request.addHeader("Host", "example.com");
        this.request.setServerPort(443);
        this.request.setScheme("https");
        DuoOIDCClientRegistry duoOIDCClientRegistry = (DuoOIDCClientRegistry) Mockito.mock(DuoOIDCClientRegistry.class);
        Mockito.when(duoOIDCClientRegistry.getClientOrCreate((DuoOIDCIntegration) ArgumentMatchers.any(DuoOIDCIntegration.class))).thenReturn((DuoOIDCClient) Mockito.mock(DuoOIDCClient.class));
        this.action.setClientRegistry(duoOIDCClientRegistry);
        this.action.initialize();
        Assert.assertNull(this.action.execute(this.src));
        Assert.assertEquals(createDummyDuoIntegration.getRedirectURI(), "https://example.com/idp/profile/Authn/Duo/2FA/callback");
        DuoOIDCAuthenticationContext subcontext = this.ac.getSubcontext(DuoOIDCAuthenticationContext.class);
        Assert.assertNotNull(subcontext);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(subcontext.getRedirectURIOverride(), "https://example.com/idp/profile/Authn/Duo/2FA/callback");
    }

    @Test
    public void testPasswordlessExecuteSuccessWithDynamicClient() throws ComponentInitializationException, DuoRegistryException, DuoClientException {
        DefaultDuoOIDCIntegration createDummyDuoIntegration = createDummyDuoIntegration();
        createDummyDuoIntegration.setPasswordless(true);
        createDummyDuoIntegration.setRegisteredRedirectURI((String) null);
        createDummyDuoIntegration.initialize();
        this.action.setPasswordlessDuoIntegrationLookupStrategy(profileRequestContext -> {
            return createDummyDuoIntegration;
        });
        this.action.setRedirectURICreationStrategy((httpServletRequest, dynamicDuoOIDCIntegration) -> {
            return "https://example.com/idp/profile/Authn/Duo/2FA/callback";
        });
        this.action.setHttpServletRequestSupplier(new ConstantSupplier(this.request));
        this.request.addHeader("Host", "example.com");
        this.request.setServerPort(443);
        this.request.setScheme("https");
        DuoOIDCClientRegistry duoOIDCClientRegistry = (DuoOIDCClientRegistry) Mockito.mock(DuoOIDCClientRegistry.class);
        Mockito.when(duoOIDCClientRegistry.getClientOrCreate((DuoOIDCIntegration) ArgumentMatchers.any(DuoOIDCIntegration.class))).thenReturn((DuoOIDCClient) Mockito.mock(DuoOIDCClient.class));
        this.action.setClientRegistry(duoOIDCClientRegistry);
        this.action.initialize();
        this.prc.ensureSubcontext(AuthenticationContext.class).ensureSubcontext(DuoPasswordlessContext.class).setUsername("jdoe");
        Assert.assertNull(this.action.execute(this.src));
        Assert.assertEquals(createDummyDuoIntegration.getRedirectURI(), "https://example.com/idp/profile/Authn/Duo/2FA/callback");
        DuoOIDCAuthenticationContext subcontext = this.ac.getSubcontext(DuoOIDCAuthenticationContext.class);
        Assert.assertNotNull(subcontext);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(subcontext.getRedirectURIOverride(), "https://example.com/idp/profile/Authn/Duo/2FA/callback");
    }

    @Test
    public void testExecuteNoDuoIntegration() throws ComponentInitializationException, DuoRegistryException, DuoClientException {
        this.action.setClientRegistry((DuoOIDCClientRegistry) Mockito.mock(DuoOIDCClientRegistry.class));
        this.action.setRedirectURICreationStrategy((httpServletRequest, dynamicDuoOIDCIntegration) -> {
            return "https://example.com/idp/profile/Authn/Duo/2FA/callback";
        });
        this.action.setHttpServletRequestSupplier(new ConstantSupplier(this.request));
        this.action.initialize();
        assertEventId(this.action.execute(this.src), "InvalidProfileContext");
    }

    @Test(expectedExceptions = {ComponentInitializationException.class})
    public void testExecuteNoDuoClientRegistry() throws ComponentInitializationException, DuoRegistryException, DuoClientException {
        this.action.initialize();
    }

    @Test
    public void testExecuteNullUsername() throws ComponentInitializationException, DuoRegistryException, DuoClientException {
        DefaultDuoOIDCIntegration createDummyDuoIntegration = createDummyDuoIntegration();
        createDummyDuoIntegration.initialize();
        this.action.setStandardDuoIntegrationLookupStrategy(profileRequestContext -> {
            return createDummyDuoIntegration;
        });
        this.action.setUsernameLookupStrategy(profileRequestContext2 -> {
            return null;
        });
        this.action.setRedirectURICreationStrategy((httpServletRequest, dynamicDuoOIDCIntegration) -> {
            return "https://example.com/idp/profile/Authn/Duo/2FA/callback";
        });
        this.action.setHttpServletRequestSupplier(new ConstantSupplier(this.request));
        this.action.setClientRegistry((DuoOIDCClientRegistry) Mockito.mock(DuoOIDCClientRegistry.class));
        this.action.initialize();
        assertEventId(this.action.execute(this.src), "NoCredentials");
    }

    @Test
    public void testExecuteNullRedirectURI() throws ComponentInitializationException, DuoRegistryException, DuoClientException {
        DefaultDuoOIDCIntegration createDummyDuoIntegration = createDummyDuoIntegration();
        createDummyDuoIntegration.initialize();
        this.action.setStandardDuoIntegrationLookupStrategy(profileRequestContext -> {
            return createDummyDuoIntegration;
        });
        this.action.setUsernameLookupStrategy(profileRequestContext2 -> {
            return "jdoe";
        });
        this.action.setRedirectURICreationStrategy((httpServletRequest, dynamicDuoOIDCIntegration) -> {
            return null;
        });
        this.action.setHttpServletRequestSupplier(new ConstantSupplier(this.request));
        this.action.setClientRegistry((DuoOIDCClientRegistry) Mockito.mock(DuoOIDCClientRegistry.class));
        this.action.initialize();
        assertEventId(this.action.execute(this.src), "AuthenticationException");
    }

    @Test
    public void testExecuteClientException() throws ComponentInitializationException, DuoRegistryException, DuoClientException {
        DefaultDuoOIDCIntegration createDummyDuoIntegration = createDummyDuoIntegration();
        createDummyDuoIntegration.initialize();
        this.action.setStandardDuoIntegrationLookupStrategy(profileRequestContext -> {
            return createDummyDuoIntegration;
        });
        this.action.setUsernameLookupStrategy(profileRequestContext2 -> {
            return "jdoe";
        });
        this.action.setRedirectURICreationStrategy((httpServletRequest, dynamicDuoOIDCIntegration) -> {
            return "https://example.com/idp/profile/Authn/Duo/2FA/callback";
        });
        this.action.setHttpServletRequestSupplier(new ConstantSupplier(this.request));
        DuoOIDCClientRegistry duoOIDCClientRegistry = (DuoOIDCClientRegistry) Mockito.mock(DuoOIDCClientRegistry.class);
        Mockito.when(duoOIDCClientRegistry.getClientOrCreate((DuoOIDCIntegration) ArgumentMatchers.any(DuoOIDCIntegration.class))).thenThrow(DuoRegistryException.class);
        this.action.setClientRegistry(duoOIDCClientRegistry);
        this.action.initialize();
        assertEventId(this.action.execute(this.src), "AuthenticationException");
    }

    @Test
    public void testExecuteNoHttpRequest() throws ComponentInitializationException, DuoRegistryException, DuoClientException {
        DefaultDuoOIDCIntegration createDummyDuoIntegration = createDummyDuoIntegration();
        createDummyDuoIntegration.initialize();
        this.action.setStandardDuoIntegrationLookupStrategy(profileRequestContext -> {
            return createDummyDuoIntegration;
        });
        this.action.setUsernameLookupStrategy(profileRequestContext2 -> {
            return "jdoe";
        });
        this.action.setRedirectURICreationStrategy((httpServletRequest, dynamicDuoOIDCIntegration) -> {
            return "https://example.com/idp/profile/Authn/Duo/2FA/callback";
        });
        this.action.setClientRegistry((DuoOIDCClientRegistry) Mockito.mock(DuoOIDCClientRegistry.class));
        this.action.initialize();
        assertEventId(this.action.execute(this.src), "InvalidProfileContext");
    }

    static {
        $assertionsDisabled = !PopulateDuoAuthenticationContextTest.class.desiredAssertionStatus();
    }
}
