package org.apereo.cas.azure.ad.authentication;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.microsoft.aad.adal4j.AuthenticationResult;
import com.microsoft.aad.adal4j.UserInfo;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.UUID;
import javax.security.auth.login.FailedLoginException;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.azure.ad.config.AzureActiveDirectoryAuthenticationConfiguration;
import org.apereo.cas.config.CasAuthenticationEventExecutionPlanTestConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationPrincipalConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationServiceSelectionStrategyConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationSupportConfiguration;
import org.apereo.cas.config.CasCoreConfiguration;
import org.apereo.cas.config.CasCoreHttpConfiguration;
import org.apereo.cas.config.CasCoreNotificationsConfiguration;
import org.apereo.cas.config.CasCoreServicesConfiguration;
import org.apereo.cas.config.CasCoreTicketCatalogConfiguration;
import org.apereo.cas.config.CasCoreTicketIdGeneratorsConfiguration;
import org.apereo.cas.config.CasCoreTicketsConfiguration;
import org.apereo.cas.config.CasCoreUtilConfiguration;
import org.apereo.cas.config.CasCoreWebConfiguration;
import org.apereo.cas.config.CasDefaultServiceTicketIdGeneratorsConfiguration;
import org.apereo.cas.config.CasPersonDirectoryTestConfiguration;
import org.apereo.cas.config.CasRegisteredServicesTestConfiguration;
import org.apereo.cas.config.support.CasWebApplicationServiceFactoryConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.logout.config.CasCoreLogoutConfiguration;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.MockWebServer;
import org.apereo.cas.util.serialization.JacksonObjectMapperFactory;
import org.apereo.services.persondir.IPersonAttributeDao;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.core.io.ByteArrayResource;
import org.springframework.http.HttpStatus;

@Tag("AuthenticationHandler")
@EnableConfigurationProperties({CasConfigurationProperties.class})
@SpringBootTest(classes = {RefreshAutoConfiguration.class, AzureActiveDirectoryAuthenticationConfiguration.class, CasCoreConfiguration.class, CasCoreTicketsConfiguration.class, CasCoreLogoutConfiguration.class, CasCoreNotificationsConfiguration.class, CasCoreServicesConfiguration.class, CasCoreTicketIdGeneratorsConfiguration.class, CasCoreTicketCatalogConfiguration.class, CasCoreAuthenticationConfiguration.class, CasCoreAuthenticationSupportConfiguration.class, CasCoreAuthenticationServiceSelectionStrategyConfiguration.class, CasCoreHttpConfiguration.class, CasCoreWebConfiguration.class, CasPersonDirectoryTestConfiguration.class, CasCoreUtilConfiguration.class, CasRegisteredServicesTestConfiguration.class, CasWebApplicationServiceFactoryConfiguration.class, CasAuthenticationEventExecutionPlanTestConfiguration.class, CasDefaultServiceTicketIdGeneratorsConfiguration.class, CasCoreAuthenticationPrincipalConfiguration.class}, properties = {"cas.authn.azure-active-directory.client-id=12345678-bc3b-4e2d-a9bf-bf6c7ded8b7e", "cas.authn.azure-active-directory.login-url=https://login.microsoftonline.com/common/", "cas.authn.attribute-repository.azure-active-directory[0].client-id=12345678-bc3b-4e2d-a9bf-bf6c7ded8b7e", "cas.authn.attribute-repository.azure-active-directory[0].client-secret=msdbdsf84d"})
/* loaded from: input_file:org/apereo/cas/azure/ad/authentication/AzureActiveDirectoryAuthenticationHandlerTests.class */
public class AzureActiveDirectoryAuthenticationHandlerTests {
    private static final ObjectMapper MAPPER = JacksonObjectMapperFactory.builder().defaultTypingEnabled(true).build().toObjectMapper();

    @Autowired
    private CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("microsoftAzureActiveDirectoryAttributeRepositories")
    private List<IPersonAttributeDao> microsoftAzureActiveDirectoryAttributeRepositories;

    @Autowired
    @Qualifier("servicesManager")
    private ServicesManager servicesManager;

    @Autowired
    @Qualifier("microsoftAzureActiveDirectoryAuthenticationHandler")
    private AuthenticationHandler microsoftAzureActiveDirectoryAuthenticationHandler;

    @Test
    public void verifyOperationFails() {
        Assertions.assertFalse(this.microsoftAzureActiveDirectoryAttributeRepositories.isEmpty());
        UsernamePasswordCredential credentialsWithDifferentUsernameAndPassword = CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("castest@hotmail.onmicrosoft.com", "1234567890");
        Assertions.assertThrows(FailedLoginException.class, () -> {
            this.microsoftAzureActiveDirectoryAuthenticationHandler.authenticate(credentialsWithDifferentUsernameAndPassword, (Service) Mockito.mock(Service.class));
        });
    }

    @Test
    public void verifySuccess() throws Exception {
        AzureActiveDirectoryAuthenticationHandler mockAzureActiveDirectoryAuthenticationHandler = getMockAzureActiveDirectoryAuthenticationHandler(8890);
        MockWebServer mockWebServer = new MockWebServer(8890, new ByteArrayResource(MAPPER.writeValueAsString(RegisteredServiceTestUtils.getTestAttributes()).getBytes(StandardCharsets.UTF_8), "Output"), HttpStatus.OK);
        try {
            mockWebServer.start();
            Assertions.assertNotNull(mockAzureActiveDirectoryAuthenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("castest@hotmail.onmicrosoft.com", "1234567890"), (Service) Mockito.mock(Service.class)));
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void verifyOperationFailsLogin() throws Exception {
        AzureActiveDirectoryAuthenticationHandler mockAzureActiveDirectoryAuthenticationHandler = getMockAzureActiveDirectoryAuthenticationHandler(7787);
        MockWebServer mockWebServer = new MockWebServer(7787, new ByteArrayResource(MAPPER.writeValueAsString(RegisteredServiceTestUtils.getTestAttributes()).getBytes(StandardCharsets.UTF_8), "Output"), HttpStatus.UNAUTHORIZED);
        try {
            mockWebServer.start();
            UsernamePasswordCredential credentialsWithDifferentUsernameAndPassword = CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("castest@hotmail.onmicrosoft.com", "1234567890");
            Assertions.assertThrows(FailedLoginException.class, () -> {
                mockAzureActiveDirectoryAuthenticationHandler.authenticate(credentialsWithDifferentUsernameAndPassword, (Service) Mockito.mock(Service.class));
            });
            mockWebServer.close();
        } catch (Throwable th) {
            try {
                mockWebServer.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private AzureActiveDirectoryAuthenticationHandler getMockAzureActiveDirectoryAuthenticationHandler(int i) {
        return new AzureActiveDirectoryAuthenticationHandler(getClass().getName(), this.servicesManager, PrincipalFactoryUtils.newPrincipalFactory(), 0, this.casProperties.getAuthn().getAzureActiveDirectory().getClientId(), this.casProperties.getAuthn().getAzureActiveDirectory().getLoginUrl(), "http://localhost:" + i) { // from class: org.apereo.cas.azure.ad.authentication.AzureActiveDirectoryAuthenticationHandlerTests.1
            protected AuthenticationResult getAccessTokenFromUserCredentials(String str, String str2) throws Exception {
                return new AuthenticationResult("accessType", UUID.randomUUID().toString(), UUID.randomUUID().toString(), 3600L, UUID.randomUUID().toString(), (UserInfo) null, true);
            }
        };
    }
}
