package org.apache.activemq.security;

import java.net.URI;
import java.security.Principal;
import java.util.HashMap;
import java.util.Set;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import junit.framework.TestCase;
import org.apache.activemq.broker.ConnectionContext;
import org.apache.activemq.broker.StubBroker;
import org.apache.activemq.broker.TransportConnector;
import org.apache.activemq.command.ConnectionInfo;
import org.apache.activemq.jaas.GroupPrincipal;
import org.apache.activemq.jaas.UserPrincipal;
import org.apache.activemq.transport.tcp.SslTransportFactory;
import org.apache.activemq.transport.tcp.SslTransportServer;
import org.apache.activemq.transport.tcp.StubSSLServerSocket;
import org.apache.activemq.transport.tcp.StubSSLSocketFactory;
import org.apache.activemq.transport.tcp.StubX509Certificate;
import org.apache.activemq.transport.tcp.TcpTransportFactory;
import org.apache.activemq.transport.tcp.TcpTransportServer;

/* loaded from: input_file:org/apache/activemq/security/JaasDualAuthenticationBrokerTest.class */
public class JaasDualAuthenticationBrokerTest extends TestCase {
    private static final String INSECURE_GROUP = "insecureGroup";
    private static final String INSECURE_USERNAME = "insecureUserName";
    private static final String DN_GROUP = "dnGroup";
    private static final String DN_USERNAME = "dnUserName";
    StubBroker receiveBroker;
    JaasDualAuthenticationBroker authBroker;
    ConnectionContext connectionContext;
    ConnectionInfo connectionInfo;
    SslTransportServer sslTransportServer;
    TcpTransportServer nonSslTransportServer;

    void createLoginConfig() {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap.put(StubLoginModule.ALLOW_LOGIN_PROPERTY, "true");
        hashMap.put(StubLoginModule.USERS_PROPERTY, DN_USERNAME);
        hashMap.put(StubLoginModule.GROUPS_PROPERTY, DN_GROUP);
        AppConfigurationEntry appConfigurationEntry = new AppConfigurationEntry("org.apache.activemq.security.StubLoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap);
        hashMap2.put(StubLoginModule.ALLOW_LOGIN_PROPERTY, "true");
        hashMap2.put(StubLoginModule.USERS_PROPERTY, INSECURE_USERNAME);
        hashMap2.put(StubLoginModule.GROUPS_PROPERTY, INSECURE_GROUP);
        Configuration.setConfiguration(new StubDualJaasConfiguration(new AppConfigurationEntry("org.apache.activemq.security.StubLoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap2), appConfigurationEntry));
    }

    protected void setUp() throws Exception {
        this.receiveBroker = new StubBroker();
        this.authBroker = new JaasDualAuthenticationBroker(this.receiveBroker, "activemq-domain", "activemq-ssl-domain");
        this.connectionContext = new ConnectionContext();
        StubSSLSocketFactory stubSSLSocketFactory = new StubSSLSocketFactory(new StubSSLServerSocket());
        try {
            this.sslTransportServer = new SslTransportServer((SslTransportFactory) null, new URI("ssl://localhost:61616?needClientAuth=true"), stubSSLSocketFactory);
        } catch (Exception e) {
            fail("Unable to create SslTransportServer.");
        }
        this.sslTransportServer.setNeedClientAuth(true);
        this.sslTransportServer.bind();
        try {
            this.nonSslTransportServer = new TcpTransportServer((TcpTransportFactory) null, new URI("tcp://localhost:61613"), stubSSLSocketFactory);
        } catch (Exception e2) {
            fail("Unable to create TcpTransportServer.");
        }
        this.connectionInfo = new ConnectionInfo();
        createLoginConfig();
    }

    protected void tearDown() throws Exception {
        super.tearDown();
    }

    public void testSecureConnector() {
        this.connectionContext.setConnector(new TransportConnector(this.sslTransportServer));
        this.connectionInfo.setTransportContext(new StubX509Certificate[0]);
        try {
            this.authBroker.addConnection(this.connectionContext, this.connectionInfo);
        } catch (Exception e) {
            fail("Call to addConnection failed: " + e.getMessage());
        }
        assertEquals("Number of addConnection calls to underlying Broker must match number of calls made to AuthenticationBroker.", 1, this.receiveBroker.addConnectionData.size());
        ConnectionContext connectionContext = this.receiveBroker.addConnectionData.getFirst().connectionContext;
        assertEquals("The SecurityContext's userName must be set to that of the UserPrincipal.", DN_USERNAME, connectionContext.getSecurityContext().getUserName());
        Set<Principal> principals = connectionContext.getSecurityContext().getPrincipals();
        assertEquals("2 Principals received", 2, principals.size());
        for (Principal principal : principals) {
            if (principal instanceof UserPrincipal) {
                assertEquals("UserPrincipal is 'dnUserName'", DN_USERNAME, principal.getName());
            } else if (principal instanceof GroupPrincipal) {
                assertEquals("GroupPrincipal is 'dnGroup'", DN_GROUP, principal.getName());
            } else {
                fail("Unexpected Principal subclass found.");
            }
        }
        try {
            this.authBroker.removeConnection(this.connectionContext, this.connectionInfo, (Throwable) null);
        } catch (Exception e2) {
            fail("Call to removeConnection failed: " + e2.getMessage());
        }
        assertEquals("Number of removeConnection calls to underlying Broker must match number of calls made to AuthenticationBroker.", 1, this.receiveBroker.removeConnectionData.size());
    }

    public void testInsecureConnector() {
        this.connectionContext.setConnector(new TransportConnector(this.nonSslTransportServer));
        this.connectionInfo.setUserName(INSECURE_USERNAME);
        try {
            this.authBroker.addConnection(this.connectionContext, this.connectionInfo);
        } catch (Exception e) {
            fail("Call to addConnection failed: " + e.getMessage());
        }
        assertEquals("Number of addConnection calls to underlying Broker must match number of calls made to AuthenticationBroker.", 1, this.receiveBroker.addConnectionData.size());
        ConnectionContext connectionContext = this.receiveBroker.addConnectionData.getFirst().connectionContext;
        assertEquals("The SecurityContext's userName must be set to that of the UserPrincipal.", INSECURE_USERNAME, connectionContext.getSecurityContext().getUserName());
        Set<Principal> principals = connectionContext.getSecurityContext().getPrincipals();
        assertEquals("2 Principals received", 2, principals.size());
        for (Principal principal : principals) {
            if (principal instanceof UserPrincipal) {
                assertEquals("UserPrincipal is 'insecureUserName'", INSECURE_USERNAME, principal.getName());
            } else if (principal instanceof GroupPrincipal) {
                assertEquals("GroupPrincipal is 'insecureGroup'", INSECURE_GROUP, principal.getName());
            } else {
                fail("Unexpected Principal subclass found.");
            }
        }
        try {
            this.authBroker.removeConnection(this.connectionContext, this.connectionInfo, (Throwable) null);
        } catch (Exception e2) {
            fail("Call to removeConnection failed: " + e2.getMessage());
        }
        assertEquals("Number of removeConnection calls to underlying Broker must match number of calls made to AuthenticationBroker.", 1, this.receiveBroker.removeConnectionData.size());
    }
}
