package net.shibboleth.idp.plugin.authn.totp.impl;

import com.warrenstrange.googleauth.GoogleAuthenticator;
import com.warrenstrange.googleauth.GoogleAuthenticatorKey;
import java.util.Collections;
import java.util.HashMap;
import java.util.regex.Pattern;
import javax.security.auth.login.LoginException;
import net.shibboleth.idp.authn.AuthenticationFlowDescriptor;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.AuthenticationErrorContext;
import net.shibboleth.idp.authn.impl.ValidateCredentials;
import net.shibboleth.idp.authn.impl.testing.BaseAuthenticationContextTest;
import net.shibboleth.idp.authn.principal.TOTPPrincipal;
import net.shibboleth.idp.plugin.authn.totp.context.TOTPContext;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.utilities.java.support.codec.Base32Support;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/totp/impl/GoogleTOTPAuthenticatorTest.class */
public class GoogleTOTPAuthenticatorTest extends BaseAuthenticationContextTest {
    private GoogleTOTPAuthenticator authenticator;
    private TOTPCredentialValidator validator;
    private ValidateCredentials action;

    @BeforeMethod
    public void setUp() throws Exception {
        super.setUp();
        StaticSeedSource staticSeedSource = new StaticSeedSource();
        staticSeedSource.initialize();
        this.authenticator = new GoogleTOTPAuthenticator();
        this.authenticator.initialize();
        this.validator = new TOTPCredentialValidator();
        this.validator.setId("gauthtest");
        this.validator.setSeedSource(staticSeedSource);
        this.validator.setAuthenticator(this.authenticator);
        this.action = new ValidateCredentials();
        this.action.setValidators(Collections.singletonList(this.validator));
        HashMap hashMap = new HashMap();
        hashMap.put("InvalidCredentials", Collections.singleton("InvalidCredentials"));
        hashMap.put("UnknownUsername", Collections.singleton("UnknownUsername"));
        this.action.setClassifiedMessages(hashMap);
    }

    @Test
    public void testMissingContext() throws Exception {
        this.prc.getSubcontext(AuthenticationContext.class).setAttemptedFlow((AuthenticationFlowDescriptor) this.authenticationFlows.get(0));
        this.validator.initialize();
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "NoCredentials");
    }

    @Test
    public void testMissingUser() throws Exception {
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow((AuthenticationFlowDescriptor) this.authenticationFlows.get(0));
        subcontext.getSubcontext(TOTPContext.class, true);
        this.validator.initialize();
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "UnknownUsername");
    }

    @Test
    public void testMissingCode() throws Exception {
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow((AuthenticationFlowDescriptor) this.authenticationFlows.get(0));
        subcontext.getSubcontext(TOTPContext.class, true).setUsername("foo").getTokenSeeds().add("foo".getBytes());
        this.validator.initialize();
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "NoCredentials");
    }

    @Test
    public void testMissingSeeds() throws Exception {
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow((AuthenticationFlowDescriptor) this.authenticationFlows.get(0));
        subcontext.getSubcontext(TOTPContext.class, true).setUsername("foo").setTokenCode(123456);
        this.validator.initialize();
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidCredentials");
    }

    @Test
    public void testUnmatchedUser() throws Exception {
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow((AuthenticationFlowDescriptor) this.authenticationFlows.get(0));
        subcontext.getSubcontext(TOTPContext.class, true).setUsername("bar").setTokenCode(123456).getTokenSeeds().add("foo".getBytes());
        this.validator.setMatchExpression(Pattern.compile("foo.+"));
        this.validator.initialize();
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "RequestUnsupported");
    }

    @Test
    public void testInvalidSeed() throws Exception {
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow((AuthenticationFlowDescriptor) this.authenticationFlows.get(0));
        subcontext.getSubcontext(TOTPContext.class, true).setUsername("foo").setTokenCode(123456).getTokenSeeds().add("foo".getBytes());
        this.validator.initialize();
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidCredentials");
        Assert.assertTrue(subcontext.getSubcontext(AuthenticationErrorContext.class).getExceptions().get(0) instanceof LoginException);
    }

    @Test
    public void testInvalidCode() throws Exception {
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow((AuthenticationFlowDescriptor) this.authenticationFlows.get(0));
        subcontext.getSubcontext(TOTPContext.class, true).setUsername("foo").setTokenCode(123456).getTokenSeeds().add(Base32Support.decode("G24YUKCHHXRDWCPR"));
        this.validator.initialize();
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidCredentials");
        Assert.assertTrue(subcontext.getSubcontext(AuthenticationErrorContext.class).getExceptions().get(0) instanceof LoginException);
    }

    @Test
    public void testSuccess() throws Exception {
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow((AuthenticationFlowDescriptor) this.authenticationFlows.get(0));
        GoogleAuthenticator googleAuthenticator = new GoogleAuthenticator();
        GoogleAuthenticatorKey createCredentials = googleAuthenticator.createCredentials();
        subcontext.getSubcontext(TOTPContext.class, true).setUsername("foo").setTokenCode(Integer.valueOf(googleAuthenticator.getTotpPassword(createCredentials.getKey()))).getTokenSeeds().add(Base32Support.decode(createCredentials.getKey()));
        this.validator.initialize();
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNotNull(subcontext.getAuthenticationResult());
        Assert.assertEquals(((TOTPPrincipal) subcontext.getAuthenticationResult().getSubject().getPrincipals(TOTPPrincipal.class).iterator().next()).getName(), "foo");
    }
}
