package org.jasig.cas;

import org.jasig.cas.authentication.Credential;
import org.jasig.cas.authentication.MixedPrincipalException;
import org.jasig.cas.authentication.OneTimePasswordCredential;
import org.jasig.cas.authentication.UsernamePasswordCredential;
import org.jasig.cas.authentication.principal.Service;
import org.jasig.cas.authentication.principal.SimpleWebApplicationServiceImpl;
import org.jasig.cas.ticket.UnsatisfiedAuthenticationPolicyException;
import org.jasig.cas.validation.Assertion;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;

@ContextConfiguration(locations = {"/mfa-test-context.xml"})
@RunWith(SpringJUnit4ClassRunner.class)
/* loaded from: input_file:org/jasig/cas/MultifactorAuthenticationTests.class */
public class MultifactorAuthenticationTests {

    @Autowired
    private CentralAuthenticationService cas;

    @Test
    public void testAllowsAccessToNormalSecurityServiceWithPassword() throws Exception {
        String createTicketGrantingTicket = this.cas.createTicketGrantingTicket(new Credential[]{newUserPassCredentials("alice", "alice")});
        Assert.assertNotNull(createTicketGrantingTicket);
        Assert.assertNotNull(this.cas.grantServiceTicket(createTicketGrantingTicket, newService("https://example.com/normal/")));
    }

    @Test
    public void testAllowsAccessToNormalSecurityServiceWithOTP() throws Exception {
        String createTicketGrantingTicket = this.cas.createTicketGrantingTicket(new Credential[]{new OneTimePasswordCredential("alice", "31415")});
        Assert.assertNotNull(createTicketGrantingTicket);
        Assert.assertNotNull(this.cas.grantServiceTicket(createTicketGrantingTicket, newService("https://example.com/normal/")));
    }

    @Test(expected = UnsatisfiedAuthenticationPolicyException.class)
    public void testDeniesAccessToHighSecurityServiceWithPassword() throws Exception {
        String createTicketGrantingTicket = this.cas.createTicketGrantingTicket(new Credential[]{newUserPassCredentials("alice", "alice")});
        Assert.assertNotNull(createTicketGrantingTicket);
        this.cas.grantServiceTicket(createTicketGrantingTicket, newService("https://example.com/high/"));
    }

    @Test(expected = UnsatisfiedAuthenticationPolicyException.class)
    public void testDeniesAccessToHighSecurityServiceWithOTP() throws Exception {
        String createTicketGrantingTicket = this.cas.createTicketGrantingTicket(new Credential[]{new OneTimePasswordCredential("alice", "31415")});
        Assert.assertNotNull(createTicketGrantingTicket);
        Assert.assertNotNull(this.cas.grantServiceTicket(createTicketGrantingTicket, newService("https://example.com/high/")));
    }

    @Test
    public void testAllowsAccessToHighSecurityServiceWithPasswordAndOTP() throws Exception {
        String createTicketGrantingTicket = this.cas.createTicketGrantingTicket(new Credential[]{newUserPassCredentials("alice", "alice"), new OneTimePasswordCredential("alice", "31415")});
        Assert.assertNotNull(createTicketGrantingTicket);
        Assert.assertNotNull(this.cas.grantServiceTicket(createTicketGrantingTicket, newService("https://example.com/high/")));
    }

    @Test
    public void testAllowsAccessToHighSecurityServiceWithPasswordAndOTPViaRenew() throws Exception {
        String createTicketGrantingTicket = this.cas.createTicketGrantingTicket(new Credential[]{newUserPassCredentials("alice", "alice")});
        Assert.assertNotNull(createTicketGrantingTicket);
        Service newService = newService("https://example.com/high/");
        String grantServiceTicket = this.cas.grantServiceTicket(createTicketGrantingTicket, newService, new Credential[]{newUserPassCredentials("alice", "alice"), new OneTimePasswordCredential("alice", "31415")});
        Assert.assertNotNull(grantServiceTicket);
        Assertion validateServiceTicket = this.cas.validateServiceTicket(grantServiceTicket, newService);
        Assert.assertEquals(2L, validateServiceTicket.getPrimaryAuthentication().getSuccesses().size());
        Assert.assertTrue(validateServiceTicket.getPrimaryAuthentication().getSuccesses().containsKey("passwordHandler"));
        Assert.assertTrue(validateServiceTicket.getPrimaryAuthentication().getSuccesses().containsKey("oneTimePasswordHandler"));
        Assert.assertTrue(validateServiceTicket.getPrimaryAuthentication().getAttributes().containsKey("successfulAuthenticationHandlers"));
    }

    @Test(expected = MixedPrincipalException.class)
    public void testThrowsMixedPrincipalExceptionOnRenewWithDifferentPrincipal() throws Exception {
        String createTicketGrantingTicket = this.cas.createTicketGrantingTicket(new Credential[]{newUserPassCredentials("alice", "alice")});
        Assert.assertNotNull(createTicketGrantingTicket);
        this.cas.grantServiceTicket(createTicketGrantingTicket, newService("https://example.com/high/"), new Credential[]{newUserPassCredentials("bob", "bob"), new OneTimePasswordCredential("bob", "62831")});
    }

    private static UsernamePasswordCredential newUserPassCredentials(String str, String str2) {
        UsernamePasswordCredential usernamePasswordCredential = new UsernamePasswordCredential();
        usernamePasswordCredential.setUsername(str);
        usernamePasswordCredential.setPassword(str2);
        return usernamePasswordCredential;
    }

    private static Service newService(String str) {
        return new SimpleWebApplicationServiceImpl(str);
    }
}
