package io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.mfa;

import io.gravitee.am.gateway.handler.common.factor.FactorManager;
import io.gravitee.am.gateway.handler.common.ruleengine.SpELRuleEngine;
import io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User;
import io.gravitee.am.gateway.handler.common.vertx.web.handler.RedirectHandler;
import io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.AuthenticationFlowChain;
import io.gravitee.am.model.ChallengeSettings;
import io.gravitee.am.model.EnrollSettings;
import io.gravitee.am.model.Factor;
import io.gravitee.am.model.MFASettings;
import io.gravitee.am.model.MfaChallengeType;
import io.gravitee.am.model.RememberDeviceSettings;
import io.gravitee.am.model.StepUpAuthenticationSettings;
import io.gravitee.am.model.oidc.Client;
import io.vertx.core.Handler;
import io.vertx.core.http.HttpMethod;
import io.vertx.rxjava3.core.http.HttpServerRequest;
import io.vertx.rxjava3.ext.web.RoutingContext;
import io.vertx.rxjava3.ext.web.Session;
import java.util.Map;
import org.junit.Assert;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentMatchers;
import org.mockito.BDDMockito;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:io/gravitee/am/gateway/handler/common/vertx/web/handler/impl/internal/mfa/MFAChallengeStepTest.class */
class MFAChallengeStepTest {
    private static final Handler<RoutingContext> handler = RedirectHandler.create("/mfa/challenge");

    @Mock
    private FactorManager factorManager;

    @Mock
    SpELRuleEngine ruleEngine;

    @Mock
    RoutingContext routingContext;

    @Mock
    AuthenticationFlowChain flow;

    @Mock
    Client client;

    @Mock
    MFASettings mfa;

    @Mock
    EnrollSettings enrollSettings;

    @Mock
    ChallengeSettings challengeSettings;

    @Mock
    User authUser;

    @Mock
    Factor factor;

    @Mock
    ChallengeSettings challenge;

    @Mock
    MfaFilterContext filterContext;

    @Mock
    Session session;

    @Mock
    HttpServerRequest httpServerRequest;

    @Mock
    io.vertx.core.http.HttpServerRequest vertexhttpServerRequest;
    private MFAChallengeStep mfaChallengeStep;

    MFAChallengeStepTest() {
    }

    @BeforeEach
    void setUp() {
        this.mfaChallengeStep = new MFAChallengeStep(handler, this.ruleEngine, this.factorManager);
        Mockito.when(this.routingContext.session()).thenReturn(this.session);
    }

    @Test
    void shouldChallengeWhenStepUp() {
        mockStepUp(true);
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        this.mfaChallengeStep.execute(this.routingContext, this.flow);
        verifyChallenge();
    }

    @Test
    void shouldContinueWhenStepUpFalse() {
        mockStepUp(false);
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.CONDITIONAL);
        Mockito.when(this.routingContext.request()).thenReturn(this.httpServerRequest);
        Mockito.when(this.routingContext.session()).thenReturn(this.session);
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        Mockito.when(this.session.get("mfaStop")).thenReturn(false);
        mockChallengeRuleSatisfied(true);
        this.mfaChallengeStep.execute(this.routingContext, this.flow);
        verifyContinue();
    }

    @Test
    void shouldContinueWhenMfaStop() {
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        Mockito.when(this.routingContext.user()).thenReturn(io.vertx.rxjava3.ext.auth.User.newInstance(this.authUser));
        Mockito.when(this.session.get("mfaStop")).thenReturn(true);
        this.mfaChallengeStep.execute(this.routingContext, this.flow);
        verifyContinue();
    }

    @Test
    void shouldThrowErrorWhenTypeIsUnknown() {
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn((Object) null);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        Mockito.when(this.session.get("mfaStop")).thenReturn(false);
        Assert.assertThrows(Exception.class, () -> {
            this.mfaChallengeStep.execute(this.routingContext, this.flow);
        });
    }

    @Test
    void shouldChallengeWhenRequiredAndInvalidSession() {
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.REQUIRED);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        Mockito.when(this.session.get("mfaStop")).thenReturn(false);
        this.mfaChallengeStep.execute(this.routingContext, this.flow);
        verifyChallenge();
    }

    @Test
    void shouldChallengeWhenRequiredAndAuthButNoDevice() {
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.REQUIRED);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        Mockito.when(this.session.get("mfaStop")).thenReturn(false);
        this.mfaChallengeStep.execute(this.routingContext, this.flow);
        verifyChallenge();
    }

    @Test
    void shouldContinueWhenRequiredAndValidAuth() {
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.REQUIRED);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        Mockito.when(this.session.get("strongAuthCompleted")).thenReturn(true);
        Mockito.when(this.session.get("enrolledFactorId")).thenReturn((Object) null);
        Mockito.when(this.session.get("mfaChallengeCompleted")).thenReturn(true);
        Mockito.when(this.session.get("mfaStop")).thenReturn(false);
        this.mfaChallengeStep.execute(this.routingContext, this.flow);
        verifyContinue();
    }

    @Test
    void shouldContinueWhenRequiredAndRememberedDevice() {
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.REQUIRED);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        RememberDeviceSettings rememberDeviceSettings = new RememberDeviceSettings();
        rememberDeviceSettings.setActive(true);
        Mockito.when(this.mfa.getRememberDevice()).thenReturn(rememberDeviceSettings);
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        Mockito.when(this.session.get("enrolledFactorId")).thenReturn((Object) null);
        Mockito.when(this.session.get("mfaChallengeCompleted")).thenReturn(false);
        Mockito.when(this.session.get("deviceAlreadyExists")).thenReturn(true);
        Mockito.when(this.session.get("strongAuthCompleted")).thenReturn(false);
        Mockito.when(this.session.get("mfaStop")).thenReturn(false);
        this.mfaChallengeStep.execute(this.routingContext, this.flow);
        verifyContinue();
    }

    @Test
    void shouldContinueWhenConditionalRuleTrue() {
        mockContextRequest();
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.CONDITIONAL);
        Mockito.when(this.routingContext.request()).thenReturn(this.httpServerRequest);
        Mockito.when(this.routingContext.session()).thenReturn(this.session);
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        Mockito.when(this.session.get("mfaStop")).thenReturn(false);
        mockChallengeRuleSatisfied(true);
        this.mfaChallengeStep.execute(this.routingContext, this.flow);
        verifyContinue();
    }

    @Test
    void shouldChallengeWhenConditionalRuleFalse() {
        mockContextRequest();
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.CONDITIONAL);
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        Mockito.when(this.routingContext.session()).thenReturn(this.session);
        Mockito.when(this.session.get("mfaStop")).thenReturn(false);
        mockChallengeRuleSatisfied(false);
        this.mfaChallengeStep.execute(this.routingContext, this.flow);
        verifyChallenge();
    }

    @Test
    void shouldChallengeWhenConditionalRuleTrueAndAuth() {
        mockContextRequest();
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.CONDITIONAL);
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        Mockito.when(this.routingContext.session()).thenReturn(this.session);
        Mockito.when(this.session.get("mfaStop")).thenReturn(false);
        mockChallengeRuleSatisfied(false);
        this.mfaChallengeStep.execute(this.routingContext, this.flow);
        verifyChallenge();
    }

    @Test
    void shouldChallengeWhenRiskBasedRuleFalse() {
        mockContextRequest();
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.RISK_BASED);
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        Mockito.when(this.routingContext.session()).thenReturn(this.session);
        Mockito.when(this.session.get("mfaStop")).thenReturn(false);
        mockRiskBasedSatisfied(false);
        this.mfaChallengeStep.execute(this.routingContext, this.flow);
        verifyChallenge();
    }

    @Test
    void shouldContinueWhenRiskBasedRuleTrueNoAuth() {
        mockContextRequest();
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.RISK_BASED);
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        Mockito.when(this.routingContext.session()).thenReturn(this.session);
        Mockito.when(this.session.get("mfaStop")).thenReturn(false);
        mockRiskBasedSatisfied(true);
        this.mfaChallengeStep.execute(this.routingContext, this.flow);
        verifyContinue();
    }

    @Test
    void shouldContinueWhenRiskBasedRuleTrueAndAuth() {
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.RISK_BASED);
        Mockito.when(this.routingContext.session()).thenReturn(this.session);
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        Mockito.when(this.session.get("mfaChallengeCompleted")).thenReturn(true);
        Mockito.when(this.session.get("mfaStop")).thenReturn(false);
        Mockito.when(this.session.get("enrolledFactorId")).thenReturn((Object) null);
        Mockito.when(this.session.get("strongAuthCompleted")).thenReturn(true);
        this.mfaChallengeStep.execute(this.routingContext, this.flow);
        verifyContinue();
    }

    @Test
    void shouldContinueWhenRiskBasedRuleFalse() {
        mockContextRequest();
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.RISK_BASED);
        Mockito.when(this.routingContext.session()).thenReturn(this.session);
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        Mockito.when(this.session.get("mfaChallengeCompleted")).thenReturn(false);
        Mockito.when(this.session.get("mfaStop")).thenReturn(false);
        Mockito.when(this.session.get("enrolledFactorId")).thenReturn((Object) null);
        Mockito.when(this.session.get("strongAuthCompleted")).thenReturn(false);
        mockRiskBasedSatisfied(false);
        this.mfaChallengeStep.execute(this.routingContext, this.flow);
        verifyChallenge();
    }

    @Test
    void shouldContinueWhenChallengeIsDisabled() {
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(false);
        Mockito.when(this.routingContext.session()).thenReturn(this.session);
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        Mockito.when(this.session.get("mfaStop")).thenReturn(false);
        Mockito.when(this.session.get("enrolledFactorId")).thenReturn((Object) null);
        Mockito.when(this.session.get("mfaChallengeCompleted")).thenReturn(false);
        this.mfaChallengeStep.execute(this.routingContext, this.flow);
        verifyContinue();
    }

    @Test
    void shouldChallengeWhenEnrolling() {
        Mockito.when(this.routingContext.user()).thenReturn(io.vertx.rxjava3.ext.auth.User.newInstance(this.authUser));
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        Mockito.when(this.session.get("mfaStop")).thenReturn(false);
        Mockito.when(this.session.get("enrolledFactorId")).thenReturn(new Object());
        this.mfaChallengeStep.execute(this.routingContext, this.flow);
        verifyChallenge();
    }

    private void verifyChallenge() {
        ((AuthenticationFlowChain) Mockito.verify(this.flow, Mockito.times(1))).exit(this.mfaChallengeStep);
        ((AuthenticationFlowChain) Mockito.verify(this.flow, Mockito.times(0))).doNext(this.routingContext);
    }

    private void verifyContinue() {
        ((AuthenticationFlowChain) Mockito.verify(this.flow, Mockito.times(1))).doNext(this.routingContext);
        ((AuthenticationFlowChain) Mockito.verify(this.flow, Mockito.times(0))).exit(this.mfaChallengeStep);
    }

    private void mockContextRequest() {
        Mockito.when(this.routingContext.request()).thenReturn(this.httpServerRequest);
        Mockito.when(this.httpServerRequest.getDelegate()).thenReturn(this.vertexhttpServerRequest);
        Mockito.when(this.vertexhttpServerRequest.method()).thenReturn(HttpMethod.GET);
        Mockito.when(this.session.get((String) ArgumentMatchers.any())).thenReturn((Object) null);
    }

    private void mockAuthUser() {
        io.vertx.rxjava3.ext.auth.User user = (io.vertx.rxjava3.ext.auth.User) Mockito.mock(io.vertx.rxjava3.ext.auth.User.class);
        Mockito.when(this.routingContext.user()).thenReturn(user);
        User user2 = (User) Mockito.mock(User.class);
        BDDMockito.given(user.getDelegate()).willReturn(user2);
        BDDMockito.given(user2.getUser()).willReturn((io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class));
    }

    private void mockChallengeRuleSatisfied(boolean z) {
        Mockito.when(this.challenge.getChallengeRule()).thenReturn("rule-challenge");
        Mockito.when(this.ruleEngine.evaluate((String) ArgumentMatchers.eq("rule-challenge"), (Map) ArgumentMatchers.any(), (Class) ArgumentMatchers.any(), ArgumentMatchers.any())).thenReturn(Boolean.valueOf(z));
    }

    private void mockRiskBasedSatisfied(boolean z) {
        Mockito.when(this.challenge.getChallengeRule()).thenReturn("rule-risk-based");
        Mockito.when(this.ruleEngine.evaluate((String) ArgumentMatchers.eq("rule-risk-based"), (Map) ArgumentMatchers.any(), (Class) ArgumentMatchers.any(), ArgumentMatchers.any())).thenReturn(Boolean.valueOf(z));
    }

    private void mockStepUp(boolean z) {
        mockContextRequest();
        StepUpAuthenticationSettings stepUpAuthenticationSettings = new StepUpAuthenticationSettings();
        stepUpAuthenticationSettings.setActive(true);
        stepUpAuthenticationSettings.setStepUpAuthenticationRule("step-up-rule");
        Mockito.when(this.mfa.getStepUpAuthentication()).thenReturn(stepUpAuthenticationSettings);
        Mockito.when(this.ruleEngine.evaluate((String) ArgumentMatchers.eq("step-up-rule"), (Map) ArgumentMatchers.any(), (Class) ArgumentMatchers.any(), ArgumentMatchers.any())).thenReturn(Boolean.valueOf(z));
    }
}
