package org.apache.activemq.artemis.tests.integration.security;

import java.io.File;
import java.lang.management.ManagementFactory;
import java.net.URL;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import javax.naming.NameClassPair;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import org.apache.activemq.artemis.api.core.ActiveMQException;
import org.apache.activemq.artemis.api.core.RoutingType;
import org.apache.activemq.artemis.api.core.SimpleString;
import org.apache.activemq.artemis.api.core.TransportConfiguration;
import org.apache.activemq.artemis.api.core.client.ActiveMQClient;
import org.apache.activemq.artemis.api.core.client.ClientConsumer;
import org.apache.activemq.artemis.api.core.client.ClientProducer;
import org.apache.activemq.artemis.api.core.client.ClientSession;
import org.apache.activemq.artemis.api.core.client.ClientSessionFactory;
import org.apache.activemq.artemis.api.core.client.ServerLocator;
import org.apache.activemq.artemis.core.config.impl.ConfigurationImpl;
import org.apache.activemq.artemis.core.remoting.impl.invm.InVMAcceptorFactory;
import org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnectorFactory;
import org.apache.activemq.artemis.core.server.ActiveMQServer;
import org.apache.activemq.artemis.core.server.ActiveMQServers;
import org.apache.activemq.artemis.core.server.impl.LegacyLDAPSecuritySettingPlugin;
import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import org.junit.runner.RunWith;

@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", port = 1024)})
@RunWith(FrameworkRunner.class)
@ApplyLdifFiles({"AMQauth.ldif"})
/* loaded from: input_file:org/apache/activemq/artemis/tests/integration/security/LegacyLDAPSecuritySettingPluginListenerTest.class */
public class LegacyLDAPSecuritySettingPluginListenerTest extends AbstractLdapTestUnit {
    private ServerLocator locator;
    ActiveMQServer server;
    public static final String TARGET_TMP = "./target/tmp";
    private static final String PRINCIPAL = "uid=admin,ou=system";
    private static final String CREDENTIALS = "secret";

    @Rule
    public TemporaryFolder temporaryFolder;
    private String testDir;

    public LegacyLDAPSecuritySettingPluginListenerTest() {
        File file = new File("./target/tmp");
        file.mkdirs();
        this.temporaryFolder = new TemporaryFolder(file);
    }

    @Before
    public void setUp() throws Exception {
        this.locator = ActiveMQClient.createServerLocatorWithoutHA(new TransportConfiguration[]{new TransportConfiguration(InVMConnectorFactory.class.getCanonicalName())});
        this.testDir = this.temporaryFolder.getRoot().getAbsolutePath();
        LegacyLDAPSecuritySettingPlugin legacyLDAPSecuritySettingPlugin = new LegacyLDAPSecuritySettingPlugin();
        HashMap hashMap = new HashMap();
        hashMap.put("initialContextFactory", "com.sun.jndi.ldap.LdapCtxFactory");
        hashMap.put("connectionURL", "ldap://localhost:1024");
        hashMap.put("connectionUsername", PRINCIPAL);
        hashMap.put("connectionPassword", CREDENTIALS);
        hashMap.put("connectionProtocol", "s");
        hashMap.put("authentication", "simple");
        hashMap.put("enableListener", "true");
        legacyLDAPSecuritySettingPlugin.init(hashMap);
        this.server = ActiveMQServers.newActiveMQServer(new ConfigurationImpl().setSecurityEnabled(true).addAcceptorConfiguration(new TransportConfiguration(InVMAcceptorFactory.class.getCanonicalName())).setJournalDirectory(ActiveMQTestBase.getJournalDir(this.testDir, 0, false)).setBindingsDirectory(ActiveMQTestBase.getBindingsDir(this.testDir, 0, false)).setPagingDirectory(ActiveMQTestBase.getPageDir(this.testDir, 0, false)).setLargeMessagesDirectory(ActiveMQTestBase.getLargeMessagesDir(this.testDir, 0, false)).setPersistenceEnabled(false).addSecuritySettingPlugin(legacyLDAPSecuritySettingPlugin), ManagementFactory.getPlatformMBeanServer(), new ActiveMQJAASSecurityManager("LDAPLogin"), false);
    }

    @After
    public void tearDown() throws Exception {
        this.locator.close();
        this.server.stop();
    }

    @Test
    public void testRunning() throws Exception {
        DirContext context = getContext();
        HashSet hashSet = new HashSet();
        NamingEnumeration list = context.list("ou=system");
        while (list.hasMore()) {
            hashSet.add(((NameClassPair) list.next()).getName());
        }
        Assert.assertTrue(hashSet.contains("uid=admin"));
        Assert.assertTrue(hashSet.contains("ou=users"));
        Assert.assertTrue(hashSet.contains("ou=groups"));
        Assert.assertTrue(hashSet.contains("ou=configuration"));
        Assert.assertTrue(hashSet.contains("prefNodeName=sysPrefRoot"));
    }

    private DirContext getContext() throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.provider.url", "ldap://localhost:1024");
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", PRINCIPAL);
        hashtable.put("java.naming.security.credentials", CREDENTIALS);
        return new InitialDirContext(hashtable);
    }

    @Test
    public void testProducerPermissionUpdate() throws Exception {
        this.server.getConfiguration().setSecurityInvalidationInterval(0L);
        this.server.start();
        ClientSessionFactory createSessionFactory = this.locator.createSessionFactory();
        ClientSession createSession = createSessionFactory.createSession("first", CREDENTIALS, false, true, true, false, 0);
        ClientSession createSession2 = createSessionFactory.createSession("second", CREDENTIALS, false, true, true, false, 0);
        createSession.createQueue(SimpleString.toSimpleString("queue1"), SimpleString.toSimpleString("queue1"));
        ClientProducer createProducer = createSession.createProducer();
        ClientProducer createProducer2 = createSession2.createProducer();
        createProducer.send("queue1", createSession.createMessage(true));
        try {
            createProducer2.send("queue1", createSession.createMessage(true));
            Assert.fail("Sending here should fail due to the original security data.");
        } catch (ActiveMQException e) {
        }
        DirContext context = getContext();
        BasicAttributes basicAttributes = new BasicAttributes();
        basicAttributes.put("uniquemember", "uid=role2");
        context.modifyAttributes("cn=write,uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,ou=system", 2, basicAttributes);
        context.close();
        createProducer2.send("queue1", createSession.createMessage(true));
        try {
            createProducer.send("queue1", createSession.createMessage(true));
            Assert.fail("Sending here should fail due to the modified security data.");
        } catch (ActiveMQException e2) {
        }
        createSessionFactory.close();
    }

    @Test
    public void testConsumerPermissionUpdate() throws Exception {
        this.server.getConfiguration().setSecurityInvalidationInterval(0L);
        this.server.start();
        ClientSessionFactory createSessionFactory = this.locator.createSessionFactory();
        ClientSession createSession = createSessionFactory.createSession("first", CREDENTIALS, false, true, true, false, 0);
        ClientSession createSession2 = createSessionFactory.createSession("second", CREDENTIALS, false, true, true, false, 0);
        createSession.createQueue(SimpleString.toSimpleString("queue1"), SimpleString.toSimpleString("queue1"));
        ClientConsumer createConsumer = createSession.createConsumer("queue1");
        createConsumer.receiveImmediate();
        createConsumer.close();
        try {
            createSession2.createConsumer("queue1");
            Assert.fail("Consuming here should fail due to the original security data.");
        } catch (ActiveMQException e) {
        }
        DirContext context = getContext();
        BasicAttributes basicAttributes = new BasicAttributes();
        basicAttributes.put("uniquemember", "uid=role2");
        context.modifyAttributes("cn=read,uid=queue1,ou=queues,ou=destinations,o=ActiveMQ,ou=system", 2, basicAttributes);
        context.close();
        ClientConsumer createConsumer2 = createSession2.createConsumer("queue1");
        createConsumer2.receiveImmediate();
        createConsumer2.close();
        try {
            createSession.createConsumer("queue1");
            Assert.fail("Sending here should fail due to the modified security data.");
        } catch (ActiveMQException e2) {
        }
        createSessionFactory.close();
    }

    @Test
    public void testNewConsumerPermission() throws Exception {
        this.server.getConfiguration().setSecurityInvalidationInterval(0L);
        this.server.start();
        this.server.createQueue(SimpleString.toSimpleString("queue2"), RoutingType.ANYCAST, SimpleString.toSimpleString("queue2"), (SimpleString) null, false, false);
        ClientSessionFactory createSessionFactory = this.locator.createSessionFactory();
        ClientSession createSession = createSessionFactory.createSession("first", CREDENTIALS, false, true, true, false, 0);
        try {
            createSession.createConsumer("queue2");
            Assert.fail("Consuming here should fail due to the original security data.");
        } catch (ActiveMQException e) {
        }
        DirContext context = getContext();
        BasicAttributes basicAttributes = new BasicAttributes();
        basicAttributes.put("uniquemember", "uid=role1");
        BasicAttribute basicAttribute = new BasicAttribute("objectclass");
        basicAttribute.add("top");
        basicAttribute.add("groupOfUniqueNames");
        basicAttributes.put(basicAttribute);
        context.bind("cn=read,uid=queue2,ou=queues,ou=destinations,o=ActiveMQ,ou=system", (Object) null, basicAttributes);
        createSession.createConsumer("queue2").receiveImmediate();
        context.unbind("cn=read,uid=queue2,ou=queues,ou=destinations,o=ActiveMQ,ou=system");
        context.close();
        try {
            createSession.createConsumer("queue2");
            Assert.fail("Consuming here should fail due to the modified security data.");
        } catch (ActiveMQException e2) {
        }
        createSessionFactory.close();
    }

    @Test
    public void testNewProducerPermission() throws Exception {
        this.server.getConfiguration().setSecurityInvalidationInterval(0L);
        this.server.start();
        this.server.createQueue(SimpleString.toSimpleString("queue2"), RoutingType.ANYCAST, SimpleString.toSimpleString("queue2"), (SimpleString) null, false, false);
        ClientSessionFactory createSessionFactory = this.locator.createSessionFactory();
        ClientSession createSession = createSessionFactory.createSession("first", CREDENTIALS, false, true, true, false, 0);
        ClientProducer createProducer = createSession.createProducer(SimpleString.toSimpleString("queue2"));
        try {
            createProducer.send(createSession.createMessage(true));
            Assert.fail("Producing here should fail due to the original security data.");
        } catch (ActiveMQException e) {
        }
        DirContext context = getContext();
        BasicAttributes basicAttributes = new BasicAttributes();
        basicAttributes.put("uniquemember", "uid=role1");
        BasicAttribute basicAttribute = new BasicAttribute("objectclass");
        basicAttribute.add("top");
        basicAttribute.add("groupOfUniqueNames");
        basicAttributes.put(basicAttribute);
        context.bind("cn=write,uid=queue2,ou=queues,ou=destinations,o=ActiveMQ,ou=system", (Object) null, basicAttributes);
        createProducer.send(createSession.createMessage(true));
        context.unbind("cn=write,uid=queue2,ou=queues,ou=destinations,o=ActiveMQ,ou=system");
        context.close();
        try {
            createProducer.send(createSession.createMessage(true));
            Assert.fail("Producing here should fail due to the modified security data.");
        } catch (ActiveMQException e2) {
        }
        createSessionFactory.close();
    }

    static {
        URL resource;
        if (System.getProperty("java.security.auth.login.config") != null || (resource = LegacyLDAPSecuritySettingPluginListenerTest.class.getClassLoader().getResource("login.config")) == null) {
            return;
        }
        System.setProperty("java.security.auth.login.config", resource.getFile());
    }
}
