package io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.mfa;

import io.gravitee.am.common.factor.FactorType;
import io.gravitee.am.gateway.handler.common.factor.FactorManager;
import io.gravitee.am.gateway.handler.common.ruleengine.SpELRuleEngine;
import io.gravitee.am.gateway.handler.common.vertx.web.auth.user.User;
import io.gravitee.am.gateway.handler.common.vertx.web.handler.RedirectHandler;
import io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.internal.AuthenticationFlowChain;
import io.gravitee.am.model.ApplicationFactorSettings;
import io.gravitee.am.model.ChallengeSettings;
import io.gravitee.am.model.EnrollSettings;
import io.gravitee.am.model.EnrollmentSettings;
import io.gravitee.am.model.Factor;
import io.gravitee.am.model.FactorSettings;
import io.gravitee.am.model.MFASettings;
import io.gravitee.am.model.MfaChallengeType;
import io.gravitee.am.model.MfaEnrollType;
import io.gravitee.am.model.StepUpAuthenticationSettings;
import io.gravitee.am.model.factor.EnrolledFactor;
import io.gravitee.am.model.factor.FactorStatus;
import io.gravitee.am.model.oidc.Client;
import io.vertx.core.Handler;
import io.vertx.core.http.HttpMethod;
import io.vertx.rxjava3.core.http.HttpServerRequest;
import io.vertx.rxjava3.ext.web.RoutingContext;
import io.vertx.rxjava3.ext.web.Session;
import java.util.Date;
import java.util.List;
import java.util.Map;
import org.junit.Assert;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentMatchers;
import org.mockito.BDDMockito;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:io/gravitee/am/gateway/handler/common/vertx/web/handler/impl/internal/mfa/MFAEnrollStepTest.class */
class MFAEnrollStepTest {
    private static final String FACTOR_ID = "any-factor-id";
    private static final Handler<RoutingContext> handler = RedirectHandler.create("/mfa/enroll");
    private static final ApplicationFactorSettings DEFAULT_FACTOR = getDefaultFactor();

    @Mock
    private FactorManager factorManager;

    @Mock
    SpELRuleEngine ruleEngine;

    @Mock
    RoutingContext routingContext;

    @Mock
    AuthenticationFlowChain flow;

    @Mock
    Client client;

    @Mock
    MFASettings mfa;

    @Mock
    EnrollmentSettings enrollmentSettings;

    @Mock
    ChallengeSettings challenge;

    @Mock
    User authUser;

    @Mock
    Factor factor;

    @Mock
    EnrollSettings enroll;

    @Mock
    MfaFilterContext filterContext;

    @Mock
    Session session;

    @Mock
    HttpServerRequest httpServerRequest;

    @Mock
    io.vertx.core.http.HttpServerRequest vertexhttpServerRequest;
    private FactorSettings factorSettings;
    private MFAEnrollStep mfaEnrollStep;

    MFAEnrollStepTest() {
    }

    @BeforeEach
    void setUp() {
        Mockito.when(this.routingContext.get("client")).thenReturn(this.client);
        Mockito.when(this.routingContext.session()).thenReturn(this.session);
        this.mfaEnrollStep = new MFAEnrollStep(handler, this.ruleEngine, this.factorManager);
        this.factorSettings = new FactorSettings();
        this.factorSettings.setDefaultFactorId(DEFAULT_FACTOR.getId());
        this.factorSettings.setApplicationFactors(List.of(DEFAULT_FACTOR));
        Mockito.when(this.client.getFactorSettings()).thenReturn(this.factorSettings);
    }

    @Test
    void shouldStopMfaWhenNoFactor() {
        Mockito.when(this.routingContext.user()).thenReturn(io.vertx.rxjava3.ext.auth.User.newInstance(this.authUser));
        Mockito.when(this.client.getFactorSettings()).thenReturn((Object) null);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyStop();
    }

    @Test
    void shouldEnrollWhenStepUp() {
        mockStepUp(true);
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyEnrollment();
    }

    @Test
    void shouldStopMfaWhenStepUpFalseAndConditionalSatisfied() {
        mockStepUp(false);
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(true);
        Mockito.when(this.enroll.getType()).thenReturn(MfaEnrollType.CONDITIONAL);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        mockConditionalEnrollmentRuleSatisfied(true);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyStop();
    }

    @Test
    void shouldThrowErrorWhenTypeIsUnknown() {
        mockAuthUser();
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(true);
        Mockito.when(this.enroll.getType()).thenReturn((Object) null);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        Assert.assertThrows(Exception.class, () -> {
            this.mfaEnrollStep.execute(this.routingContext, this.flow);
        });
    }

    @Test
    void shouldEnrollWhenRequiredAndUserNoFactorEnrolled() {
        mockAuthUser();
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(true);
        Mockito.when(this.enroll.getType()).thenReturn(MfaEnrollType.REQUIRED);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyEnrollment();
    }

    @Test
    void shouldContinueToChallengeWhenFactorMatchRule() {
        mockContextRequest();
        mockAuthUser();
        ApplicationFactorSettings applicationFactorSettings = new ApplicationFactorSettings();
        applicationFactorSettings.setSelectionRule("factor-rule-not-match");
        applicationFactorSettings.setId(FACTOR_ID);
        this.factorSettings = new FactorSettings();
        this.factorSettings.setDefaultFactorId(DEFAULT_FACTOR.getId());
        this.factorSettings.setApplicationFactors(List.of(applicationFactorSettings));
        Mockito.when(this.client.getFactorSettings()).thenReturn(this.factorSettings);
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(true);
        Mockito.when(this.enroll.getType()).thenReturn(MfaEnrollType.REQUIRED);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.session.get("enrolledFactorId")).thenReturn(FACTOR_ID);
        Mockito.when(this.factorManager.getFactor(FACTOR_ID)).thenReturn(this.factor);
        mockFactorRuleSatisfied("factor-rule-not-match", true);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyContinue();
        ((Session) Mockito.verify(this.session, Mockito.never())).put("enrolledFactorId", DEFAULT_FACTOR.getId());
    }

    @Test
    void shouldGoBackToEnrollmentWhenSelectedFactorDoesNotMatchRule() {
        mockContextRequest();
        mockAuthUser();
        ApplicationFactorSettings applicationFactorSettings = new ApplicationFactorSettings();
        applicationFactorSettings.setSelectionRule("factor-rule-not-match");
        applicationFactorSettings.setId(FACTOR_ID);
        this.factorSettings.setDefaultFactorId(DEFAULT_FACTOR.getId());
        this.factorSettings.setApplicationFactors(List.of(DEFAULT_FACTOR, applicationFactorSettings));
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.session.get("enrolledFactorId")).thenReturn(FACTOR_ID);
        Mockito.lenient().when(this.factorManager.getFactor(FACTOR_ID)).thenReturn(this.factor);
        Mockito.lenient().when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        mockFactorRuleSatisfied("factor-rule-not-match", false);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyEnrollment();
    }

    @Test
    void shouldEnrollWhenConditionalAndUserNoFactorEnrolled() {
        mockAuthUser();
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(true);
        Mockito.when(this.enroll.getType()).thenReturn(MfaEnrollType.CONDITIONAL);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyEnrollment();
    }

    @Test
    void shouldStopMfaWhenConditionalRuleSatisfied() {
        mockStepUp(false);
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(true);
        Mockito.when(this.enroll.getType()).thenReturn(MfaEnrollType.CONDITIONAL);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        mockConditionalEnrollmentRuleSatisfied(true);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyStop();
    }

    @Test
    void shouldEnrollWhenOptionalAndUserNoFactorEnrolled() {
        mockAuthUser();
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(true);
        Mockito.when(this.enroll.getType()).thenReturn(MfaEnrollType.OPTIONAL);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyEnrollment();
    }

    @Test
    void shouldStopMfaWhenOptionalUserCanSkipAndSkipped() {
        mockStepUp(false);
        mockAuthUserWithSkipTime();
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(true);
        Mockito.when(this.enroll.getSkipTimeSeconds()).thenReturn(1000L);
        Mockito.when(this.enroll.getType()).thenReturn(MfaEnrollType.OPTIONAL);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyStop();
    }

    @Test
    void shouldEnrollWhenOptionalUserCanSkipAndNotSkipped() {
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(true);
        Mockito.when(this.enroll.getType()).thenReturn(MfaEnrollType.OPTIONAL);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyEnrollment();
    }

    @Test
    void shouldContinueWhenOptionalUserCanNotSkipButHasFactor() {
        mockAuthUserWithEnrolledFactors();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(true);
        Mockito.when(this.enroll.getType()).thenReturn(MfaEnrollType.OPTIONAL);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyContinue();
    }

    @Test
    void shouldStopMfaWhenEnrollAndChallengeDisabled() {
        mockAuthUser();
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(false);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyStop();
    }

    @Test
    void shouldContinueWhenEnrollDisabledUserHasEnrolledStepUpEnabled() {
        mockStepUp(true);
        mockAuthUserWithEnrolledFactors();
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(false);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyContinue();
    }

    @Test
    void shouldEnrollWhenEnrollDisabledButChallengeEnabled() {
        mockAuthUser();
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyEnrollment();
    }

    @Test
    void shouldEnrollWhenEnrollDisabledButChallengeEnabledAndNotConditionalNotEnrolled() {
        mockAuthUser();
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.REQUIRED);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyEnrollment();
    }

    @Test
    void shouldContinueWhenEnrollDisabledButChallengeEnabledAndNotConditionalNotEnrolledButHasFactors() {
        mockAuthUserWithEnrolledFactors();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.REQUIRED);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyContinue();
    }

    @Test
    void shouldStopMfaWhenEnrollDisabledButChallengeEnabledAndConditionalRuleSatisfied() {
        mockStepUp(false);
        mockAuthUser();
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.CONDITIONAL);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        mockChallengeRuleSatisfied(true);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyStop();
    }

    @Test
    void shouldEnrollWhenEnrollDisabledButChallengeEnabledAndConditionalRuleNotSatisfied() {
        mockStepUp(false);
        mockAuthUser();
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.CONDITIONAL);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        mockChallengeRuleSatisfied(false);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyEnrollment();
    }

    @Test
    void shouldContinueWhenEnrollDisabledButChallengeEnabledAndConditionalRuleNotSatisfiedAndEnrolled() {
        mockContextRequest();
        mockAuthUserWithEnrolledFactors();
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.CONDITIONAL);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        mockChallengeRuleSatisfied(false);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyContinue();
    }

    @Test
    void shouldEnrollWhenEnrollDisabledButChallengeEnabledAndConditionalRuleNotSatisfiedAndNotEnrolled() {
        mockStepUp(false);
        mockAuthUser();
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(false);
        Mockito.when(Boolean.valueOf(this.challenge.isActive())).thenReturn(true);
        Mockito.when(this.challenge.getType()).thenReturn(MfaChallengeType.CONDITIONAL);
        Mockito.when(this.mfa.getChallenge()).thenReturn(this.challenge);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        mockChallengeRuleSatisfied(false);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyEnrollment();
    }

    @Test
    void shouldContinueWhenRequiredAndUserHasFactorEnrolled() {
        mockAuthUserWithEnrolledFactors();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(true);
        Mockito.when(this.enroll.getType()).thenReturn(MfaEnrollType.REQUIRED);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyContinue();
    }

    @Test
    void shouldContinueWhenConditionalAndUserHasFactorEnrolled() {
        mockAuthUserWithEnrolledFactors();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(true);
        Mockito.when(this.enroll.getType()).thenReturn(MfaEnrollType.CONDITIONAL);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyContinue();
    }

    @Test
    void shouldContinueWhenOptionalAndUserHasFactorEnrolled() {
        mockAuthUserWithEnrolledFactors();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(true);
        Mockito.when(this.enroll.getType()).thenReturn(MfaEnrollType.OPTIONAL);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyContinue();
    }

    @Test
    void shouldEnrollWhenConditionalNotSatisfiedUserHasNoFactorButCanNotSkipped() {
        mockStepUp(false);
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(true);
        Mockito.when(this.enroll.getType()).thenReturn(MfaEnrollType.CONDITIONAL);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        mockConditionalEnrollmentRuleSatisfied(false);
        mockEnrollmentCanSkipRuleSatisfied(false);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyEnrollment();
    }

    @Test
    void shouldEnrollWhenConditionalNotSatisfiedUserHasNoFactorButCanButNotSkipped() {
        mockStepUp(false);
        mockAuthUser();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(true);
        Mockito.when(this.enroll.getType()).thenReturn(MfaEnrollType.CONDITIONAL);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        mockConditionalEnrollmentRuleSatisfied(false);
        mockEnrollmentCanSkipRuleSatisfied(true);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyEnrollment();
    }

    @Test
    void shouldStopMfaWhenConditionalNotSatisfiedUserHasNoFactorButUserCanAndSkipped() {
        mockStepUp(false);
        mockAuthUserWithSkipTime();
        Mockito.when(this.client.getMfaSettings()).thenReturn(this.mfa);
        Mockito.when(this.mfa.getEnroll()).thenReturn(this.enroll);
        Mockito.when(Boolean.valueOf(this.enroll.isActive())).thenReturn(true);
        Mockito.when(this.enroll.getSkipTimeSeconds()).thenReturn(1000L);
        Mockito.when(this.enroll.getType()).thenReturn(MfaEnrollType.CONDITIONAL);
        Mockito.when(this.factor.getFactorType()).thenReturn(FactorType.SMS);
        Mockito.when(this.factorManager.getFactor(DEFAULT_FACTOR.getId())).thenReturn(this.factor);
        mockConditionalEnrollmentRuleSatisfied(false);
        mockEnrollmentCanSkipRuleSatisfied(true);
        this.mfaEnrollStep.execute(this.routingContext, this.flow);
        verifyStop();
        ((Session) Mockito.verify(this.session)).put("mfaEnrollmentCanBeSkippedConditionally", true);
    }

    private void mockEnrollmentCanSkipRuleSatisfied(boolean z) {
        Mockito.when(Boolean.valueOf(this.enroll.isEnrollmentSkipActive())).thenReturn(true);
        Mockito.when(this.enroll.getEnrollmentSkipRule()).thenReturn("enrollment-can-skip-rule");
        Mockito.when(this.ruleEngine.evaluate((String) ArgumentMatchers.eq("enrollment-can-skip-rule"), (Map) ArgumentMatchers.any(), (Class) ArgumentMatchers.any(), ArgumentMatchers.any())).thenReturn(Boolean.valueOf(z));
    }

    private void mockConditionalEnrollmentRuleSatisfied(boolean z) {
        Mockito.when(this.enroll.getEnrollmentRule()).thenReturn("enrollment-rule");
        Mockito.when(this.ruleEngine.evaluate((String) ArgumentMatchers.eq("enrollment-rule"), (Map) ArgumentMatchers.any(), (Class) ArgumentMatchers.any(), ArgumentMatchers.any())).thenReturn(Boolean.valueOf(z));
    }

    private void mockChallengeRuleSatisfied(boolean z) {
        Mockito.when(this.challenge.getChallengeRule()).thenReturn("challenge-rule");
        Mockito.when(this.ruleEngine.evaluate((String) ArgumentMatchers.eq("challenge-rule"), (Map) ArgumentMatchers.any(), (Class) ArgumentMatchers.any(), ArgumentMatchers.any())).thenReturn(Boolean.valueOf(z));
    }

    private void mockFactorRuleSatisfied(String str, boolean z) {
        Mockito.when(this.ruleEngine.evaluate((String) ArgumentMatchers.eq(str), (Map) ArgumentMatchers.any(), (Class) ArgumentMatchers.any(), ArgumentMatchers.any())).thenReturn(Boolean.valueOf(z));
    }

    private void verifyEnrollment() {
        ((AuthenticationFlowChain) Mockito.verify(this.flow, Mockito.times(1))).exit(this.mfaEnrollStep);
        ((AuthenticationFlowChain) Mockito.verify(this.flow, Mockito.times(0))).doNext(this.routingContext);
    }

    private void verifyContinue() {
        ((AuthenticationFlowChain) Mockito.verify(this.flow, Mockito.times(1))).doNext(this.routingContext);
        ((AuthenticationFlowChain) Mockito.verify(this.flow, Mockito.times(0))).exit(this.mfaEnrollStep);
    }

    private void verifyStop() {
        ((Session) Mockito.verify(this.session, Mockito.times(1))).put("mfaStop", true);
        verifyContinue();
    }

    private void mockContextRequest() {
        Mockito.when(this.routingContext.request()).thenReturn(this.httpServerRequest);
        Mockito.when(this.httpServerRequest.getDelegate()).thenReturn(this.vertexhttpServerRequest);
        Mockito.when(this.vertexhttpServerRequest.method()).thenReturn(HttpMethod.GET);
        Mockito.when(this.session.get((String) ArgumentMatchers.any())).thenReturn((Object) null);
    }

    private void mockAuthUser() {
        io.vertx.rxjava3.ext.auth.User user = (io.vertx.rxjava3.ext.auth.User) Mockito.mock(io.vertx.rxjava3.ext.auth.User.class);
        Mockito.when(this.routingContext.user()).thenReturn(user);
        User user2 = (User) Mockito.mock(User.class);
        BDDMockito.given(user.getDelegate()).willReturn(user2);
        BDDMockito.given(user2.getUser()).willReturn((io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class));
    }

    private void mockAuthUserWithSkipTime() {
        io.vertx.rxjava3.ext.auth.User user = (io.vertx.rxjava3.ext.auth.User) Mockito.mock(io.vertx.rxjava3.ext.auth.User.class);
        Mockito.when(this.routingContext.user()).thenReturn(user);
        User user2 = (User) Mockito.mock(User.class);
        BDDMockito.given(user.getDelegate()).willReturn(user2);
        io.gravitee.am.model.User user3 = (io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class);
        Mockito.when(user3.getMfaEnrollmentSkippedAt()).thenReturn(new Date());
        BDDMockito.given(user2.getUser()).willReturn(user3);
    }

    private void mockAuthUserWithEnrolledFactors() {
        io.vertx.rxjava3.ext.auth.User user = (io.vertx.rxjava3.ext.auth.User) Mockito.mock(io.vertx.rxjava3.ext.auth.User.class);
        Mockito.when(this.routingContext.user()).thenReturn(user);
        User user2 = (User) Mockito.mock(User.class);
        BDDMockito.given(user.getDelegate()).willReturn(user2);
        io.gravitee.am.model.User user3 = (io.gravitee.am.model.User) Mockito.mock(io.gravitee.am.model.User.class);
        EnrolledFactor enrolledFactor = new EnrolledFactor();
        enrolledFactor.setFactorId(FACTOR_ID);
        enrolledFactor.setStatus(FactorStatus.ACTIVATED);
        EnrolledFactor enrolledFactor2 = new EnrolledFactor();
        enrolledFactor2.setFactorId("2");
        enrolledFactor2.setStatus(FactorStatus.ACTIVATED);
        Mockito.when(user3.getFactors()).thenReturn(List.of(enrolledFactor, enrolledFactor2));
        BDDMockito.given(user2.getUser()).willReturn(user3);
        Factor factor = new Factor();
        factor.setId(FACTOR_ID);
        factor.setFactorType(FactorType.EMAIL);
        Mockito.when(this.factorManager.getFactor(FACTOR_ID)).thenReturn(factor);
        ApplicationFactorSettings applicationFactorSettings = new ApplicationFactorSettings();
        applicationFactorSettings.setId(FACTOR_ID);
        applicationFactorSettings.setSelectionRule("");
        this.factorSettings.setApplicationFactors(List.of(DEFAULT_FACTOR, applicationFactorSettings));
    }

    private void mockStepUp(boolean z) {
        mockContextRequest();
        StepUpAuthenticationSettings stepUpAuthenticationSettings = new StepUpAuthenticationSettings();
        stepUpAuthenticationSettings.setActive(true);
        stepUpAuthenticationSettings.setStepUpAuthenticationRule("step-up-rule");
        Mockito.when(this.mfa.getStepUpAuthentication()).thenReturn(stepUpAuthenticationSettings);
        Mockito.when(this.ruleEngine.evaluate((String) ArgumentMatchers.eq("step-up-rule"), (Map) ArgumentMatchers.any(), (Class) ArgumentMatchers.any(), ArgumentMatchers.any())).thenReturn(Boolean.valueOf(z));
    }

    private static ApplicationFactorSettings getDefaultFactor() {
        ApplicationFactorSettings applicationFactorSettings = new ApplicationFactorSettings();
        applicationFactorSettings.setSelectionRule("");
        applicationFactorSettings.setId("default-factor");
        return applicationFactorSettings;
    }
}
