package org.wildfly.security.auth.server;

import java.security.PrivilegedActionException;
import java.security.Provider;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.wildfly.security.auth.permission.LoginPermission;
import org.wildfly.security.auth.permission.RunAsPrincipalPermission;
import org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm;
import org.wildfly.security.auth.realm.SimpleRealmEntry;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.authz.RoleMapper;
import org.wildfly.security.authz.Roles;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.evidence.PasswordGuessEvidence;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.WildFlyElytronPasswordProvider;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.permission.PermissionVerifier;

/* loaded from: input_file:org/wildfly/security/auth/server/IdentitySwitchingTest.class */
public class IdentitySwitchingTest {
    private static SecurityDomain usersDomain;
    private static SecurityDomain adminsDomain;
    private static final Provider provider = WildFlyElytronPasswordProvider.getInstance();

    @BeforeClass
    public static void setup() throws Exception {
        SimpleMapBackedSecurityRealm simpleMapBackedSecurityRealm = new SimpleMapBackedSecurityRealm(NameRewriter.IDENTITY_REWRITER, ServerUtils.ELYTRON_PASSWORD_PROVIDERS);
        HashMap hashMap = new HashMap();
        addUser(hashMap, "joe", "User");
        addUser(hashMap, "bob", "User");
        simpleMapBackedSecurityRealm.setIdentityMap(hashMap);
        SimpleMapBackedSecurityRealm simpleMapBackedSecurityRealm2 = new SimpleMapBackedSecurityRealm(NameRewriter.IDENTITY_REWRITER, ServerUtils.ELYTRON_PASSWORD_PROVIDERS);
        HashMap hashMap2 = new HashMap();
        addUser(hashMap2, "admin", "Admin");
        simpleMapBackedSecurityRealm2.setIdentityMap(hashMap2);
        SecurityDomain.Builder builder = SecurityDomain.builder();
        builder.addRealm("users", simpleMapBackedSecurityRealm).build();
        builder.setDefaultRealmName("users");
        builder.setPermissionMapper((permissionMappable, roles) -> {
            return PermissionVerifier.from(new LoginPermission()).or(PermissionVerifier.from(new RunAsPrincipalPermission("bob")));
        });
        usersDomain = builder.build();
        SecurityDomain.Builder builder2 = SecurityDomain.builder();
        builder2.addRealm("admins", simpleMapBackedSecurityRealm2).build();
        builder2.setDefaultRealmName("admins");
        adminsDomain = builder2.build();
    }

    @Test
    public void testRunAsBlock() throws Exception {
        SecurityIdentity anonymousSecurityIdentity = usersDomain.getAnonymousSecurityIdentity();
        SecurityIdentity authenticate = usersDomain.authenticate("joe", new PasswordGuessEvidence("password".toCharArray()));
        SecurityIdentity createRunAsIdentity = anonymousSecurityIdentity.createRunAsIdentity("bob", false);
        Assert.assertEquals("joe", authenticate.getPrincipal().getName());
        Assert.assertEquals(anonymousSecurityIdentity, usersDomain.getCurrentSecurityIdentity());
        authenticate.runAs(() -> {
            Assert.assertEquals(authenticate.getPrincipal(), usersDomain.getCurrentSecurityIdentity().getPrincipal());
            authenticate.createRunAsIdentity("bob", true).runAs(() -> {
                Assert.assertEquals(createRunAsIdentity.getPrincipal(), usersDomain.getCurrentSecurityIdentity().getPrincipal());
                authenticate.createRunAsAnonymous().runAs(() -> {
                    Assert.assertEquals(anonymousSecurityIdentity, usersDomain.getCurrentSecurityIdentity());
                });
                Assert.assertEquals(createRunAsIdentity.getPrincipal(), usersDomain.getCurrentSecurityIdentity().getPrincipal());
            });
            Assert.assertEquals(authenticate.getPrincipal(), usersDomain.getCurrentSecurityIdentity().getPrincipal());
        });
        Assert.assertEquals(anonymousSecurityIdentity, usersDomain.getCurrentSecurityIdentity());
    }

    @Test
    public void testWithSecurityIdentity() {
        SecurityIdentity createRunAsIdentity = usersDomain.getAnonymousSecurityIdentity().createRunAsIdentity("joe", false);
        SecurityIdentity createRunAsIdentity2 = adminsDomain.getAnonymousSecurityIdentity().createRunAsIdentity("admin", false);
        createRunAsIdentity.withSecurityIdentity(createRunAsIdentity).withSecurityIdentity(createRunAsIdentity2).withSecurityIdentity(createRunAsIdentity2).runAs(() -> {
            Assert.assertEquals(createRunAsIdentity.getPrincipal(), usersDomain.getCurrentSecurityIdentity().getPrincipal());
            Assert.assertEquals(createRunAsIdentity2.getPrincipal(), adminsDomain.getCurrentSecurityIdentity().getPrincipal());
        });
        Assert.assertEquals(usersDomain.getAnonymousSecurityIdentity(), usersDomain.getCurrentSecurityIdentity());
        Assert.assertEquals(adminsDomain.getAnonymousSecurityIdentity(), adminsDomain.getCurrentSecurityIdentity());
    }

    @Test
    public void testRunAsAll() throws PrivilegedActionException {
        SecurityIdentity createRunAsIdentity = usersDomain.getAnonymousSecurityIdentity().createRunAsIdentity("joe", false);
        SecurityIdentity createRunAsIdentity2 = adminsDomain.getAnonymousSecurityIdentity().createRunAsIdentity("admin", false);
        SecurityIdentity.runAsAll(() -> {
            Assert.assertEquals(createRunAsIdentity.getPrincipal(), usersDomain.getCurrentSecurityIdentity().getPrincipal());
            Assert.assertEquals(createRunAsIdentity2.getPrincipal(), adminsDomain.getCurrentSecurityIdentity().getPrincipal());
            return Boolean.TRUE;
        }, new SecurityIdentity[]{createRunAsIdentity, createRunAsIdentity2});
        Assert.assertEquals(usersDomain.getAnonymousSecurityIdentity(), usersDomain.getCurrentSecurityIdentity());
        Assert.assertEquals(adminsDomain.getAnonymousSecurityIdentity(), adminsDomain.getCurrentSecurityIdentity());
    }

    @Test
    public void testWithRoleMapper() {
        SecurityIdentity withRoleMapper = usersDomain.getAnonymousSecurityIdentity().createRunAsIdentity("joe", false).withRoleMapper("cat1", RoleMapper.constant(Roles.of("constantJoesRole"))).withRoleMapper("cat2", RoleMapper.constant(Roles.of("secondRole")));
        Assert.assertTrue(withRoleMapper.getRoles("cat1").contains("constantJoesRole"));
        Assert.assertTrue(withRoleMapper.getRoles("cat2").contains("secondRole"));
    }

    private static void addUser(Map<String, SimpleRealmEntry> map, String str, String str2) throws Exception {
        List singletonList = Collections.singletonList(new PasswordCredential(PasswordFactory.getInstance("clear", ServerUtils.ELYTRON_PASSWORD_PROVIDERS).generatePassword(new ClearPasswordSpec("password".toCharArray()))));
        MapAttributes mapAttributes = new MapAttributes();
        mapAttributes.addAll("Roles", Collections.singletonList(str2));
        map.put(str, new SimpleRealmEntry(singletonList, mapAttributes));
    }
}
