package io.gravitee.am.gateway.handler.common.auth;

import io.gravitee.am.common.exception.authentication.AccountDisabledException;
import io.gravitee.am.common.exception.authentication.AccountPasswordExpiredException;
import io.gravitee.am.common.exception.authentication.BadCredentialsException;
import io.gravitee.am.common.exception.authentication.InternalAuthenticationServiceException;
import io.gravitee.am.common.exception.authentication.UsernameNotFoundException;
import io.gravitee.am.gateway.handler.common.auth.event.AuthenticationEvent;
import io.gravitee.am.gateway.handler.common.auth.idp.IdentityProviderManager;
import io.gravitee.am.gateway.handler.common.auth.user.UserAuthenticationService;
import io.gravitee.am.gateway.handler.common.auth.user.impl.UserAuthenticationManagerImpl;
import io.gravitee.am.gateway.handler.common.user.UserService;
import io.gravitee.am.identityprovider.api.Authentication;
import io.gravitee.am.identityprovider.api.AuthenticationContext;
import io.gravitee.am.identityprovider.api.AuthenticationProvider;
import io.gravitee.am.identityprovider.api.DefaultUser;
import io.gravitee.am.identityprovider.api.SimpleAuthenticationContext;
import io.gravitee.am.identityprovider.api.User;
import io.gravitee.am.model.Domain;
import io.gravitee.am.model.IdentityProvider;
import io.gravitee.am.model.account.AccountSettings;
import io.gravitee.am.model.idp.ApplicationIdentityProvider;
import io.gravitee.am.model.oidc.Client;
import io.gravitee.am.monitoring.provider.GatewayMetricProvider;
import io.gravitee.am.repository.management.api.search.LoginAttemptCriteria;
import io.gravitee.am.service.LoginAttemptService;
import io.gravitee.am.service.PasswordService;
import io.gravitee.common.event.EventManager;
import io.gravitee.gateway.api.Request;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.core.Single;
import io.reactivex.rxjava3.observers.TestObserver;
import java.util.Arrays;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.concurrent.TimeUnit;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentMatchers;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:io/gravitee/am/gateway/handler/common/auth/UserAuthenticationManagerTest.class */
public class UserAuthenticationManagerTest {

    @InjectMocks
    private UserAuthenticationManagerImpl userAuthenticationManager = new UserAuthenticationManagerImpl();

    @Mock
    private UserAuthenticationService userAuthenticationService;

    @Mock
    private Domain domain;

    @Mock
    private IdentityProviderManager identityProviderManager;

    @Mock
    private EventManager eventManager;

    @Mock
    private LoginAttemptService loginAttemptService;

    @Mock
    private UserService userService;

    @Mock
    private PasswordService passwordService;

    @Mock
    private GatewayMetricProvider gatewayMetricProvider;

    @Test
    public void shouldNotAuthenticateUser_noIdentityProvider() {
        Client client = new Client();
        client.setClientId("client-id");
        client.setIdentityProviders(new TreeSet());
        TestObserver test = this.userAuthenticationManager.authenticate(client, new Authentication() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.1
            public Object getCredentials() {
                return null;
            }

            public Object getPrincipal() {
                return null;
            }

            public AuthenticationContext getContext() {
                return null;
            }
        }).test();
        test.assertNotComplete();
        test.assertError(InternalAuthenticationServiceException.class);
        ((UserAuthenticationService) Mockito.verify(this.userAuthenticationService, Mockito.times(0))).connect((User) Mockito.any());
        ((UserAuthenticationService) Mockito.verify(this.userAuthenticationService, Mockito.times(0))).connect((User) Mockito.any(), Mockito.anyBoolean());
        ((EventManager) Mockito.verify(this.eventManager, Mockito.times(1))).publishEvent((Enum) ArgumentMatchers.eq(AuthenticationEvent.FAILURE), Mockito.any());
    }

    @Test
    public void shouldAuthenticateUser_singleIdentityProvider() {
        Client client = new Client();
        client.setClientId("client-id");
        client.setIdentityProviders(getApplicationIdentityProviders("idp-1"));
        IdentityProvider identityProvider = new IdentityProvider();
        identityProvider.setId("idp-1");
        Mockito.when(this.identityProviderManager.getIdentityProvider("idp-1")).thenReturn(identityProvider);
        Mockito.when(Boolean.valueOf(this.passwordService.checkAccountPasswordExpiry((io.gravitee.am.model.User) Mockito.any(), (Client) Mockito.any(), (Domain) Mockito.any()))).thenReturn(false);
        Mockito.when(this.userAuthenticationService.connect((User) Mockito.any(), (Client) Mockito.any(), (Request) Mockito.any(), ArgumentMatchers.eq(true))).then(invocationOnMock -> {
            User user = (User) invocationOnMock.getArgument(0);
            io.gravitee.am.model.User user2 = new io.gravitee.am.model.User();
            user2.setUsername(user.getUsername());
            return Single.just(user2);
        });
        Mockito.when(this.identityProviderManager.get("idp-1")).thenReturn(Maybe.just(new AuthenticationProvider() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.2
            public Maybe<User> loadUserByUsername(Authentication authentication) {
                return Maybe.just(new DefaultUser("username"));
            }

            public Maybe<User> loadUserByUsername(String str) {
                return Maybe.empty();
            }
        }));
        TestObserver test = this.userAuthenticationManager.authenticate(client, new Authentication() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.3
            public Object getCredentials() {
                return null;
            }

            public Object getPrincipal() {
                return "username";
            }

            public AuthenticationContext getContext() {
                return new SimpleAuthenticationContext();
            }
        }).test();
        test.assertNoErrors();
        test.assertComplete();
        test.assertValue(user -> {
            return user.getUsername().equals("username");
        });
        ((EventManager) Mockito.verify(this.eventManager, Mockito.times(1))).publishEvent((Enum) ArgumentMatchers.eq(AuthenticationEvent.SUCCESS), Mockito.any());
    }

    @Test
    public void shouldAuthenticateUser_singleIdentityProvider_PasswordExpiry() {
        Client client = new Client();
        client.setClientId("client-id");
        client.setIdentityProviders(getApplicationIdentityProviders("idp-1"));
        IdentityProvider identityProvider = new IdentityProvider();
        identityProvider.setId("idp-1");
        Mockito.when(this.identityProviderManager.getIdentityProvider("idp-1")).thenReturn(identityProvider);
        Mockito.when(Boolean.valueOf(this.passwordService.checkAccountPasswordExpiry((io.gravitee.am.model.User) Mockito.any(), (Client) Mockito.any(), (Domain) Mockito.any()))).thenReturn(true);
        Mockito.when(this.userAuthenticationService.connect((User) Mockito.any(), (Client) Mockito.any(), (Request) Mockito.any(), ArgumentMatchers.eq(true))).then(invocationOnMock -> {
            User user = (User) invocationOnMock.getArgument(0);
            io.gravitee.am.model.User user2 = new io.gravitee.am.model.User();
            user2.setUsername(user.getUsername());
            return Single.just(user2);
        });
        Mockito.when(this.identityProviderManager.get("idp-1")).thenReturn(Maybe.just(new AuthenticationProvider() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.4
            public Maybe<User> loadUserByUsername(Authentication authentication) {
                return Maybe.just(new DefaultUser("username"));
            }

            public Maybe<User> loadUserByUsername(String str) {
                return Maybe.empty();
            }
        }));
        TestObserver test = this.userAuthenticationManager.authenticate(client, new Authentication() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.5
            public Object getCredentials() {
                return null;
            }

            public Object getPrincipal() {
                return "username";
            }

            public AuthenticationContext getContext() {
                return new SimpleAuthenticationContext();
            }
        }).test();
        test.awaitDone(10L, TimeUnit.SECONDS);
        test.assertError(AccountPasswordExpiredException.class);
        ((EventManager) Mockito.verify(this.eventManager, Mockito.times(1))).publishEvent((Enum) ArgumentMatchers.eq(AuthenticationEvent.FAILURE), Mockito.any());
    }

    @Test
    public void shouldAuthenticateUser_singleIdentityProvider_throwException() {
        Client client = new Client();
        client.setClientId("client-id");
        client.setIdentityProviders(getApplicationIdentityProviders("idp-1"));
        IdentityProvider identityProvider = new IdentityProvider();
        identityProvider.setId("idp-1");
        Mockito.when(this.identityProviderManager.getIdentityProvider("idp-1")).thenReturn(identityProvider);
        Mockito.when(this.identityProviderManager.get("idp-1")).thenReturn(Maybe.just(new AuthenticationProvider() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.6
            public Maybe<User> loadUserByUsername(Authentication authentication) {
                throw new BadCredentialsException();
            }

            public Maybe<User> loadUserByUsername(String str) {
                return Maybe.empty();
            }
        }));
        TestObserver test = this.userAuthenticationManager.authenticate(client, new Authentication() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.7
            public Object getCredentials() {
                return null;
            }

            public Object getPrincipal() {
                return "username";
            }

            public AuthenticationContext getContext() {
                return null;
            }
        }).test();
        ((UserAuthenticationService) Mockito.verify(this.userAuthenticationService, Mockito.times(0))).connect((User) Mockito.any());
        ((UserAuthenticationService) Mockito.verify(this.userAuthenticationService, Mockito.times(0))).connect((User) Mockito.any(), Mockito.anyBoolean());
        test.assertError(BadCredentialsException.class);
        ((EventManager) Mockito.verify(this.eventManager, Mockito.times(1))).publishEvent((Enum) ArgumentMatchers.eq(AuthenticationEvent.FAILURE), Mockito.any());
    }

    @Test
    public void shouldAuthenticateUser_multipleIdentityProvider() {
        Client client = new Client();
        client.setClientId("client-id");
        client.setIdentityProviders(getApplicationIdentityProviders("idp-1", "idp-2"));
        IdentityProvider identityProvider = new IdentityProvider();
        identityProvider.setId("idp-1");
        IdentityProvider identityProvider2 = new IdentityProvider();
        identityProvider2.setId("idp-2");
        Mockito.when(Boolean.valueOf(this.passwordService.checkAccountPasswordExpiry((io.gravitee.am.model.User) Mockito.any(), (Client) Mockito.any(), (Domain) Mockito.any()))).thenReturn(false);
        Mockito.when(this.userAuthenticationService.connect((User) Mockito.any(), (Client) Mockito.any(), (Request) Mockito.any(), ArgumentMatchers.eq(true))).then(invocationOnMock -> {
            User user = (User) invocationOnMock.getArgument(0);
            io.gravitee.am.model.User user2 = new io.gravitee.am.model.User();
            user2.setUsername(user.getUsername());
            return Single.just(user2);
        });
        Mockito.when(this.identityProviderManager.getIdentityProvider("idp-1")).thenReturn(identityProvider);
        Mockito.when(this.identityProviderManager.get("idp-1")).thenReturn(Maybe.just(new AuthenticationProvider() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.8
            public Maybe<User> loadUserByUsername(Authentication authentication) {
                throw new BadCredentialsException();
            }

            public Maybe<User> loadUserByUsername(String str) {
                return Maybe.empty();
            }
        }));
        Mockito.when(this.identityProviderManager.getIdentityProvider("idp-2")).thenReturn(identityProvider2);
        Mockito.when(this.identityProviderManager.get("idp-2")).thenReturn(Maybe.just(new AuthenticationProvider() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.9
            public Maybe<User> loadUserByUsername(Authentication authentication) {
                return Maybe.just(new DefaultUser("username"));
            }

            public Maybe<User> loadUserByUsername(String str) {
                return Maybe.empty();
            }
        }));
        TestObserver test = this.userAuthenticationManager.authenticate(client, new Authentication() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.10
            public Object getCredentials() {
                return null;
            }

            public Object getPrincipal() {
                return "username";
            }

            public AuthenticationContext getContext() {
                return new SimpleAuthenticationContext();
            }
        }).test();
        test.assertNoErrors();
        test.assertComplete();
        test.assertValue(user -> {
            return user.getUsername().equals("username");
        });
        ((EventManager) Mockito.verify(this.eventManager, Mockito.times(1))).publishEvent((Enum) ArgumentMatchers.eq(AuthenticationEvent.SUCCESS), Mockito.any());
    }

    @Test
    public void shouldAuthenticateUser_multipleIDPs_firstPriorityIdentityProvider() {
        Client client = new Client();
        client.setClientId("client-id");
        ApplicationIdentityProvider applicationIdentityProvider = new ApplicationIdentityProvider();
        applicationIdentityProvider.setIdentity("idp-1");
        applicationIdentityProvider.setPriority(2);
        ApplicationIdentityProvider applicationIdentityProvider2 = new ApplicationIdentityProvider();
        applicationIdentityProvider2.setIdentity("idp-2");
        applicationIdentityProvider2.setPriority(1);
        TreeSet treeSet = new TreeSet();
        treeSet.add(applicationIdentityProvider);
        treeSet.add(applicationIdentityProvider2);
        client.setIdentityProviders(treeSet);
        IdentityProvider identityProvider = new IdentityProvider();
        identityProvider.setId("idp-1");
        IdentityProvider identityProvider2 = new IdentityProvider();
        identityProvider2.setId("idp-2");
        Mockito.when(this.userAuthenticationService.connect((User) Mockito.any(), (Client) Mockito.any(), (Request) Mockito.any(), ArgumentMatchers.eq(true))).then(invocationOnMock -> {
            User user = (User) invocationOnMock.getArgument(0);
            io.gravitee.am.model.User user2 = new io.gravitee.am.model.User();
            user2.setUsername(user.getUsername());
            return Single.just(user2);
        });
        AuthenticationProvider authenticationProvider = (AuthenticationProvider) Mockito.mock(AuthenticationProvider.class);
        Mockito.when(this.identityProviderManager.getIdentityProvider("idp-1")).thenReturn(identityProvider);
        AuthenticationProvider authenticationProvider2 = (AuthenticationProvider) Mockito.mock(AuthenticationProvider.class);
        Mockito.when(authenticationProvider2.loadUserByUsername((Authentication) Mockito.any(Authentication.class))).thenReturn(Maybe.just(new DefaultUser("username2")));
        Mockito.when(this.identityProviderManager.getIdentityProvider("idp-2")).thenReturn(identityProvider2);
        Mockito.when(this.identityProviderManager.get("idp-2")).thenReturn(Maybe.just(authenticationProvider2));
        TestObserver test = this.userAuthenticationManager.authenticate(client, new Authentication() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.11
            public Object getCredentials() {
                return null;
            }

            public Object getPrincipal() {
                return "username";
            }

            public AuthenticationContext getContext() {
                return new SimpleAuthenticationContext();
            }
        }).test();
        test.assertNoErrors();
        test.assertComplete();
        test.assertValue(user -> {
            return user.getUsername().equals("username2");
        });
        ((AuthenticationProvider) Mockito.verify(authenticationProvider, Mockito.never())).loadUserByUsername((Authentication) Mockito.any(Authentication.class));
        ((AuthenticationProvider) Mockito.verify(authenticationProvider2, Mockito.times(1))).loadUserByUsername((Authentication) Mockito.any(Authentication.class));
        ((EventManager) Mockito.verify(this.eventManager, Mockito.times(1))).publishEvent((Enum) ArgumentMatchers.eq(AuthenticationEvent.SUCCESS), Mockito.any());
    }

    @Test
    public void shouldAuthenticateUser_multipleIdentityProvider_one_rule_matching() {
        Client client = new Client();
        client.setClientId("client-id");
        client.setIdentityProviders(getApplicationIdentityProviders("idp-1", "idp-2"));
        client.getIdentityProviders().forEach(applicationIdentityProvider -> {
            applicationIdentityProvider.setSelectionRule("{#context.attributes['testAttribute'] == 'valueAttribute'}");
        });
        IdentityProvider identityProvider = new IdentityProvider();
        identityProvider.setId("idp-1");
        IdentityProvider identityProvider2 = new IdentityProvider();
        identityProvider2.setId("idp-2");
        Mockito.when(Boolean.valueOf(this.passwordService.checkAccountPasswordExpiry((io.gravitee.am.model.User) Mockito.any(), (Client) Mockito.any(), (Domain) Mockito.any()))).thenReturn(false);
        Mockito.when(this.userAuthenticationService.connect((User) Mockito.any(), (Client) Mockito.any(), (Request) Mockito.any(), ArgumentMatchers.eq(true))).then(invocationOnMock -> {
            User user = (User) invocationOnMock.getArgument(0);
            io.gravitee.am.model.User user2 = new io.gravitee.am.model.User();
            user2.setUsername(user.getUsername());
            return Single.just(user2);
        });
        Mockito.when(this.identityProviderManager.getIdentityProvider("idp-1")).thenReturn(identityProvider);
        Mockito.when(this.identityProviderManager.get("idp-1")).thenReturn(Maybe.just(new AuthenticationProvider() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.12
            public Maybe<User> loadUserByUsername(Authentication authentication) {
                throw new BadCredentialsException();
            }

            public Maybe<User> loadUserByUsername(String str) {
                return Maybe.empty();
            }
        }));
        Mockito.when(this.identityProviderManager.getIdentityProvider("idp-2")).thenReturn(identityProvider2);
        Mockito.when(this.identityProviderManager.get("idp-2")).thenReturn(Maybe.just(new AuthenticationProvider() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.13
            public Maybe<User> loadUserByUsername(Authentication authentication) {
                return Maybe.just(new DefaultUser("username"));
            }

            public Maybe<User> loadUserByUsername(String str) {
                return Maybe.empty();
            }
        }));
        TestObserver test = this.userAuthenticationManager.authenticate(client, new Authentication() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.14
            public Object getCredentials() {
                return null;
            }

            public Object getPrincipal() {
                return "username";
            }

            public AuthenticationContext getContext() {
                SimpleAuthenticationContext simpleAuthenticationContext = new SimpleAuthenticationContext();
                simpleAuthenticationContext.setAttribute("testAttribute", "valueAttribute");
                return simpleAuthenticationContext;
            }
        }).test();
        test.assertNoErrors();
        test.assertComplete();
        test.assertValue(user -> {
            return user.getUsername().equals("username");
        });
        ((EventManager) Mockito.verify(this.eventManager, Mockito.times(1))).publishEvent((Enum) ArgumentMatchers.eq(AuthenticationEvent.SUCCESS), Mockito.any());
    }

    @Test
    public void shouldNotAuthenticateUser_multipleIdentityProvider_wrongRule() {
        Client client = new Client();
        client.setClientId("client-id");
        client.setIdentityProviders(getApplicationIdentityProviders("idp-1", "idp-2"));
        client.getIdentityProviders().forEach(applicationIdentityProvider -> {
            applicationIdentityProvider.setSelectionRule("{#context.attributes.testAttribute == 'valueAttribute'}");
        });
        new IdentityProvider().setId("idp-1");
        new IdentityProvider().setId("idp-2");
        TestObserver test = this.userAuthenticationManager.authenticate(client, new Authentication() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.15
            public Object getCredentials() {
                return null;
            }

            public Object getPrincipal() {
                return "username";
            }

            public AuthenticationContext getContext() {
                SimpleAuthenticationContext simpleAuthenticationContext = new SimpleAuthenticationContext();
                simpleAuthenticationContext.setAttribute("testAttribute", "valueAttribute");
                return simpleAuthenticationContext;
            }
        }).test();
        test.assertNotComplete();
        test.assertError(InternalAuthenticationServiceException.class);
        ((EventManager) Mockito.verify(this.eventManager, Mockito.times(1))).publishEvent((Enum) ArgumentMatchers.eq(AuthenticationEvent.FAILURE), Mockito.any());
    }

    @Test
    public void shouldNotAuthenticateUser_accountDisabled() {
        Client client = new Client();
        client.setClientId("client-id");
        client.setIdentityProviders(getApplicationIdentityProviders("idp-1"));
        IdentityProvider identityProvider = new IdentityProvider();
        identityProvider.setId("idp-1");
        Mockito.when(this.identityProviderManager.getIdentityProvider("idp-1")).thenReturn(identityProvider);
        Mockito.when(this.userAuthenticationService.connect((User) Mockito.any(), (Client) Mockito.any(), (Request) Mockito.any(), ArgumentMatchers.eq(true))).then(invocationOnMock -> {
            return Single.error(new AccountDisabledException(((User) invocationOnMock.getArgument(0)).getUsername()));
        });
        Mockito.when(this.identityProviderManager.get("idp-1")).thenReturn(Maybe.just(new AuthenticationProvider() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.16
            public Maybe<User> loadUserByUsername(Authentication authentication) {
                return Maybe.just(new DefaultUser("username"));
            }

            public Maybe<User> loadUserByUsername(String str) {
                return Maybe.empty();
            }
        }));
        this.userAuthenticationManager.authenticate(client, new Authentication() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.17
            public Object getCredentials() {
                return null;
            }

            public Object getPrincipal() {
                return "username";
            }

            public AuthenticationContext getContext() {
                return new SimpleAuthenticationContext();
            }
        }).test().assertError(AccountDisabledException.class);
        ((EventManager) Mockito.verify(this.eventManager, Mockito.times(1))).publishEvent((Enum) ArgumentMatchers.eq(AuthenticationEvent.FAILURE), Mockito.any());
    }

    @Test
    public void shouldNotAuthenticateUser_onlyExternalProvider() {
        Client client = new Client();
        client.setClientId("client-id");
        client.setIdentityProviders(getApplicationIdentityProviders("idp-1"));
        IdentityProvider identityProvider = new IdentityProvider();
        identityProvider.setId("idp-1");
        identityProvider.setExternal(true);
        Mockito.when(this.identityProviderManager.getIdentityProvider("idp-1")).thenReturn(identityProvider);
        TestObserver test = this.userAuthenticationManager.authenticate(client, (Authentication) null).test();
        test.assertNotComplete();
        test.assertError(InternalAuthenticationServiceException.class);
        ((UserAuthenticationService) Mockito.verify(this.userAuthenticationService, Mockito.times(0))).connect((User) Mockito.any());
        ((UserAuthenticationService) Mockito.verify(this.userAuthenticationService, Mockito.times(0))).connect((User) Mockito.any(), Mockito.anyBoolean());
        ((EventManager) Mockito.verify(this.eventManager, Mockito.times(1))).publishEvent((Enum) ArgumentMatchers.eq(AuthenticationEvent.FAILURE), Mockito.any());
    }

    @Test
    public void shouldNotAuthenticateUser_unknownUserFromIdp_loginAttempt_enabled() {
        AccountSettings accountSettings = new AccountSettings();
        accountSettings.setInherited(false);
        accountSettings.setLoginAttemptsDetectionEnabled(true);
        accountSettings.setMaxLoginAttempts(1);
        Client client = new Client();
        client.setClientId("client-id");
        client.setIdentityProviders(getApplicationIdentityProviders("idp-1"));
        client.setAccountSettings(accountSettings);
        IdentityProvider identityProvider = new IdentityProvider();
        identityProvider.setId("idp-1");
        Mockito.when(this.identityProviderManager.getIdentityProvider("idp-1")).thenReturn(identityProvider);
        Mockito.when(this.identityProviderManager.get("idp-1")).thenReturn(Maybe.just(new AuthenticationProvider() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.18
            public Maybe<User> loadUserByUsername(Authentication authentication) {
                return Maybe.error(new UsernameNotFoundException("username"));
            }

            public Maybe<User> loadUserByUsername(String str) {
                return Maybe.empty();
            }
        }));
        Mockito.when(this.loginAttemptService.checkAccount((LoginAttemptCriteria) Mockito.any(), (AccountSettings) Mockito.any())).thenReturn(Maybe.empty());
        this.userAuthenticationManager.authenticate(client, new Authentication() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.19
            public Object getCredentials() {
                return null;
            }

            public Object getPrincipal() {
                return "username";
            }

            public AuthenticationContext getContext() {
                return null;
            }
        }).test().assertError(BadCredentialsException.class);
        ((UserService) Mockito.verify(this.userService, Mockito.never())).findByDomainAndUsernameAndSource(Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
        ((LoginAttemptService) Mockito.verify(this.loginAttemptService, Mockito.never())).loginFailed((LoginAttemptCriteria) Mockito.any(), (AccountSettings) Mockito.any());
        ((UserAuthenticationService) Mockito.verify(this.userAuthenticationService, Mockito.never())).lockAccount((LoginAttemptCriteria) Mockito.any(), (AccountSettings) Mockito.any(), (Client) Mockito.any(), (io.gravitee.am.model.User) Mockito.any());
        ((EventManager) Mockito.verify(this.eventManager, Mockito.times(1))).publishEvent((Enum) ArgumentMatchers.eq(AuthenticationEvent.FAILURE), Mockito.any());
    }

    @Test
    public void shouldNotAuthenticateUser_unknownUserFromAM_loginAttempt_enabled() {
        AccountSettings accountSettings = new AccountSettings();
        accountSettings.setInherited(false);
        accountSettings.setLoginAttemptsDetectionEnabled(true);
        accountSettings.setMaxLoginAttempts(1);
        Client client = new Client();
        client.setClientId("client-id");
        client.setIdentityProviders(getApplicationIdentityProviders("idp-1"));
        client.setAccountSettings(accountSettings);
        IdentityProvider identityProvider = new IdentityProvider();
        identityProvider.setId("idp-1");
        Mockito.when(this.identityProviderManager.getIdentityProvider("idp-1")).thenReturn(identityProvider);
        Mockito.when(this.identityProviderManager.get("idp-1")).thenReturn(Maybe.just(new AuthenticationProvider() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.20
            public Maybe<User> loadUserByUsername(Authentication authentication) {
                return Maybe.error(new BadCredentialsException("username"));
            }

            public Maybe<User> loadUserByUsername(String str) {
                return Maybe.empty();
            }
        }));
        Mockito.when(this.domain.getId()).thenReturn("domain-id");
        Mockito.when(this.userService.findByDomainAndUsernameAndSource(Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyBoolean())).thenReturn(Maybe.empty());
        Mockito.when(this.loginAttemptService.checkAccount((LoginAttemptCriteria) Mockito.any(), (AccountSettings) Mockito.any())).thenReturn(Maybe.empty());
        this.userAuthenticationManager.authenticate(client, new Authentication() { // from class: io.gravitee.am.gateway.handler.common.auth.UserAuthenticationManagerTest.21
            public Object getCredentials() {
                return null;
            }

            public Object getPrincipal() {
                return "username";
            }

            public AuthenticationContext getContext() {
                return null;
            }
        }).test().assertError(BadCredentialsException.class);
        ((UserService) Mockito.verify(this.userService, Mockito.times(1))).findByDomainAndUsernameAndSource(Mockito.anyString(), Mockito.anyString(), Mockito.anyString(), Mockito.anyBoolean());
        ((LoginAttemptService) Mockito.verify(this.loginAttemptService, Mockito.never())).loginFailed((LoginAttemptCriteria) Mockito.any(), (AccountSettings) Mockito.any());
        ((UserAuthenticationService) Mockito.verify(this.userAuthenticationService, Mockito.never())).lockAccount((LoginAttemptCriteria) Mockito.any(), (AccountSettings) Mockito.any(), (Client) Mockito.any(), (io.gravitee.am.model.User) Mockito.any());
        ((EventManager) Mockito.verify(this.eventManager, Mockito.times(1))).publishEvent((Enum) ArgumentMatchers.eq(AuthenticationEvent.FAILURE), Mockito.any());
    }

    private SortedSet<ApplicationIdentityProvider> getApplicationIdentityProviders(String... strArr) {
        TreeSet treeSet = new TreeSet();
        Arrays.stream(strArr).forEach(str -> {
            ApplicationIdentityProvider applicationIdentityProvider = new ApplicationIdentityProvider();
            applicationIdentityProvider.setIdentity(str);
            treeSet.add(applicationIdentityProvider);
        });
        return treeSet;
    }
}
