package org.wildfly.security.auth.server;

import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.wildfly.security.auth.permission.LoginPermission;
import org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm;
import org.wildfly.security.auth.realm.SimpleRealmEntry;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.authz.Roles;
import org.wildfly.security.permission.PermissionVerifier;

/* loaded from: input_file:org/wildfly/security/auth/server/IdentityPropagationTest.class */
public class IdentityPropagationTest {
    private static SecurityDomain domain1;
    private static SecurityDomain domain2;
    private static SecurityDomain domain3;

    @BeforeClass
    public static void setupSecurityDomains() {
        SimpleMapBackedSecurityRealm simpleMapBackedSecurityRealm = new SimpleMapBackedSecurityRealm();
        HashMap hashMap = new HashMap();
        addUser(hashMap, "joe", "User");
        addUser(hashMap, "bob", "User");
        simpleMapBackedSecurityRealm.setIdentityMap(hashMap);
        SimpleMapBackedSecurityRealm simpleMapBackedSecurityRealm2 = new SimpleMapBackedSecurityRealm();
        HashMap hashMap2 = new HashMap();
        addUser(hashMap2, "sam", "Manager");
        addUser(hashMap2, "bob", "Manager");
        simpleMapBackedSecurityRealm2.setIdentityMap(hashMap2);
        SecurityDomain.Builder builder = SecurityDomain.builder();
        builder.addRealm("users", simpleMapBackedSecurityRealm).build();
        builder.addRealm("managers", simpleMapBackedSecurityRealm2).build();
        builder.setDefaultRealmName("users");
        builder.setPermissionMapper((permissionMappable, roles) -> {
            return PermissionVerifier.from(new LoginPermission());
        });
        domain1 = builder.build();
        SecurityDomain.Builder builder2 = SecurityDomain.builder();
        builder2.addRealm("usersRealm", simpleMapBackedSecurityRealm).setRoleMapper(roles2 -> {
            return Roles.of("UserRole");
        }).build();
        builder2.setDefaultRealmName("usersRealm");
        builder2.setPermissionMapper((permissionMappable2, roles3) -> {
            return permissionMappable2.getPrincipal().getName().equals("joe") ? PermissionVerifier.from(new LoginPermission()) : PermissionVerifier.NONE;
        });
        domain2 = builder2.build();
        SecurityDomain.Builder builder3 = SecurityDomain.builder();
        builder3.addRealm("managersRealm", simpleMapBackedSecurityRealm2).setRoleMapper(roles4 -> {
            return Roles.of("ManagerRole");
        }).build();
        builder3.setDefaultRealmName("managersRealm");
        builder3.setPermissionMapper((permissionMappable3, roles5) -> {
            return PermissionVerifier.from(new LoginPermission());
        });
        HashSet hashSet = new HashSet();
        hashSet.add(domain2);
        Objects.requireNonNull(hashSet);
        builder3.setTrustedSecurityDomainPredicate((v1) -> {
            return r1.contains(v1);
        });
        domain3 = builder3.build();
    }

    @Test
    public void testInflowFromTrustedIdentityWithCommonRealm() throws Exception {
        ServerAuthenticationContext createNewAuthenticationContext = domain2.createNewAuthenticationContext();
        Assert.assertTrue(createNewAuthenticationContext.importIdentity(getIdentityFromDomain(domain1, "joe")));
        SecurityIdentity authorizedIdentity = createNewAuthenticationContext.getAuthorizedIdentity();
        Assert.assertEquals("joe", authorizedIdentity.getPrincipal().getName());
        Assert.assertEquals(domain2, authorizedIdentity.getSecurityDomain());
        Assert.assertTrue(authorizedIdentity.getRoles().contains("UserRole"));
    }

    @Test
    public void testInflowFromTrustedIdentityWithoutCommonRealm() throws Exception {
        ServerAuthenticationContext createNewAuthenticationContext = domain3.createNewAuthenticationContext();
        Assert.assertTrue(createNewAuthenticationContext.importIdentity(getIdentityFromDomain(domain2, "bob")));
        SecurityIdentity authorizedIdentity = createNewAuthenticationContext.getAuthorizedIdentity();
        Assert.assertEquals("bob", authorizedIdentity.getPrincipal().getName());
        Assert.assertEquals(domain3, authorizedIdentity.getSecurityDomain());
        Assert.assertTrue(authorizedIdentity.getRoles().contains("ManagerRole"));
    }

    @Test
    public void testInflowFromUntrustedIdentity() throws Exception {
        ServerAuthenticationContext createNewAuthenticationContext = domain2.createNewAuthenticationContext();
        Assert.assertFalse(createNewAuthenticationContext.importIdentity(getIdentityFromDomain(domain3, "bob")));
        try {
            createNewAuthenticationContext.getAuthorizedIdentity();
            Assert.fail("Expected IllegalStateException not thrown");
        } catch (IllegalStateException e) {
        }
    }

    @Test
    public void testInflowFromAnonymousIdentity() throws Exception {
        ServerAuthenticationContext createNewAuthenticationContext = domain2.createNewAuthenticationContext();
        Assert.assertTrue(createNewAuthenticationContext.importIdentity(domain1.getCurrentSecurityIdentity()));
        Assert.assertEquals(domain2.getAnonymousSecurityIdentity(), createNewAuthenticationContext.getAuthorizedIdentity());
    }

    @Test
    public void testInflowFromSameDomain() throws Exception {
        ServerAuthenticationContext createNewAuthenticationContext = domain2.createNewAuthenticationContext();
        SecurityIdentity identityFromDomain = getIdentityFromDomain(domain2, "joe");
        Assert.assertTrue(createNewAuthenticationContext.importIdentity(identityFromDomain));
        SecurityIdentity authorizedIdentity = createNewAuthenticationContext.getAuthorizedIdentity();
        Assert.assertEquals(identityFromDomain.getSecurityDomain(), authorizedIdentity.getSecurityDomain());
        Assert.assertEquals(identityFromDomain.getPrincipal().getName(), authorizedIdentity.getPrincipal().getName());
        Assert.assertEquals(identityFromDomain.getRealmInfo(), authorizedIdentity.getRealmInfo());
        Assert.assertTrue(authorizedIdentity.getAttributes().get("roles").containsAll(identityFromDomain.getAttributes().get("roles")));
    }

    private static void addUser(Map<String, SimpleRealmEntry> map, String str, String str2) {
        MapAttributes mapAttributes = new MapAttributes();
        mapAttributes.addAll("Roles", Collections.singletonList(str2));
        map.put(str, new SimpleRealmEntry(Collections.emptyList(), mapAttributes));
    }

    private SecurityIdentity getIdentityFromDomain(SecurityDomain securityDomain, String str) {
        return securityDomain.getAnonymousSecurityIdentity().createRunAsIdentity(str, false);
    }
}
