package org.apache.activemq.artemis.tests.integration.mqtt;

import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.activemq.artemis.core.protocol.mqtt.MQTTProtocolManager;
import org.apache.activemq.artemis.core.protocol.mqtt.MQTTSessionState;
import org.apache.activemq.artemis.core.protocol.mqtt.exceptions.InvalidClientIdException;
import org.apache.activemq.artemis.core.remoting.impl.AbstractAcceptor;
import org.apache.activemq.artemis.core.security.CheckType;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.spi.core.protocol.ProtocolManager;
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager5;
import org.apache.activemq.artemis.tests.util.RandomUtil;
import org.apache.activemq.artemis.tests.util.Wait;
import org.fusesource.mqtt.client.BlockingConnection;
import org.fusesource.mqtt.client.MQTT;
import org.fusesource.mqtt.client.MQTTException;
import org.fusesource.mqtt.codec.CONNACK;
import org.junit.Test;

/* loaded from: input_file:org/apache/activemq/artemis/tests/integration/mqtt/MQTTSecurityManagerTest.class */
public class MQTTSecurityManagerTest extends MQTTTestSupport {
    private String clientID = "new-" + RandomUtil.randomString();
    private boolean rejectClientId = false;

    @Override // org.apache.activemq.artemis.tests.integration.mqtt.MQTTTestSupport
    public boolean isSecurityEnabled() {
        return true;
    }

    @Override // org.apache.activemq.artemis.tests.integration.mqtt.MQTTTestSupport
    public void configureBroker() throws Exception {
        super.configureBroker();
        this.server.setSecurityManager(new ActiveMQSecurityManager5() { // from class: org.apache.activemq.artemis.tests.integration.mqtt.MQTTSecurityManagerTest.1
            public Subject authenticate(String str, String str2, RemotingConnection remotingConnection, String str3) {
                if (MQTTSecurityManagerTest.this.rejectClientId) {
                    throw new InvalidClientIdException();
                }
                remotingConnection.setClientID(MQTTSecurityManagerTest.this.clientID);
                return new Subject();
            }

            public boolean authorize(Subject subject, Set<Role> set, CheckType checkType, String str) {
                return true;
            }

            public boolean validateUser(String str, String str2) {
                return true;
            }

            public boolean validateUserAndRole(String str, String str2, Set<Role> set, CheckType checkType) {
                return true;
            }
        });
        this.server.getConfiguration().setAuthenticationCacheSize(0L);
        this.server.getConfiguration().setAuthorizationCacheSize(0L);
    }

    @Test(timeout = 30000)
    public void testSecurityManagerModifyClientID() throws Exception {
        BlockingConnection blockingConnection = null;
        try {
            MQTT createMQTTConnection = createMQTTConnection(RandomUtil.randomString(), true);
            createMQTTConnection.setUserName(this.fullUser);
            createMQTTConnection.setPassword(this.fullPass);
            createMQTTConnection.setConnectAttemptsMax(1L);
            blockingConnection = createMQTTConnection.blockingConnection();
            blockingConnection.connect();
            assertTrue("Should be connected", Wait.waitFor(() -> {
                return blockingConnection.isConnected();
            }, 5000L, 100L));
            Map map = null;
            AbstractAcceptor acceptor = this.server.getRemotingService().getAcceptor("MQTT");
            if (acceptor instanceof AbstractAcceptor) {
                MQTTProtocolManager mQTTProtocolManager = (ProtocolManager) acceptor.getProtocolMap().get("MQTT");
                if (mQTTProtocolManager instanceof MQTTProtocolManager) {
                    map = mQTTProtocolManager.getSessionStates();
                }
            }
            assertEquals(1L, map.size());
            assertTrue(map.keySet().contains(this.clientID));
            Iterator it = map.values().iterator();
            while (it.hasNext()) {
                assertEquals(this.clientID, ((MQTTSessionState) it.next()).getClientId());
            }
            if (blockingConnection == null || !blockingConnection.isConnected()) {
                return;
            }
            blockingConnection.disconnect();
        } catch (Throwable th) {
            if (blockingConnection != null && blockingConnection.isConnected()) {
                blockingConnection.disconnect();
            }
            throw th;
        }
    }

    @Test(timeout = 30000)
    public void testSecurityManagerModifyClientIDAndStealConnection() throws Exception {
        BlockingConnection blockingConnection = null;
        try {
            MQTT createMQTTConnection = createMQTTConnection("old-" + RandomUtil.randomString(), true);
            createMQTTConnection.setUserName(this.fullUser);
            createMQTTConnection.setPassword(this.fullPass);
            createMQTTConnection.setConnectAttemptsMax(1L);
            blockingConnection = createMQTTConnection.blockingConnection();
            blockingConnection.connect();
            assertTrue("Should be connected", Wait.waitFor(() -> {
                return blockingConnection.isConnected();
            }, 5000L, 100L));
            Map map = null;
            AbstractAcceptor acceptor = this.server.getRemotingService().getAcceptor("MQTT");
            if (acceptor instanceof AbstractAcceptor) {
                MQTTProtocolManager mQTTProtocolManager = (ProtocolManager) acceptor.getProtocolMap().get("MQTT");
                if (mQTTProtocolManager instanceof MQTTProtocolManager) {
                    map = mQTTProtocolManager.getSessionStates();
                }
            }
            assertEquals(1L, map.size());
            assertTrue(map.keySet().contains(this.clientID));
            Iterator it = map.values().iterator();
            while (it.hasNext()) {
                assertEquals(this.clientID, ((MQTTSessionState) it.next()).getClientId());
            }
            BlockingConnection blockingConnection2 = createMQTTConnection.blockingConnection();
            blockingConnection2.connect();
            assertTrue("Should be connected", Wait.waitFor(() -> {
                return blockingConnection2.isConnected();
            }, 5000L, 100L));
            Wait.assertFalse(() -> {
                return blockingConnection.isConnected();
            }, 5000L, 100L);
            assertEquals(1L, map.size());
            assertTrue(map.keySet().contains(this.clientID));
            Iterator it2 = map.values().iterator();
            while (it2.hasNext()) {
                assertEquals(this.clientID, ((MQTTSessionState) it2.next()).getClientId());
            }
            if (blockingConnection == null || !blockingConnection.isConnected()) {
                return;
            }
            blockingConnection.disconnect();
        } catch (Throwable th) {
            if (blockingConnection != null && blockingConnection.isConnected()) {
                blockingConnection.disconnect();
            }
            throw th;
        }
    }

    @Test(timeout = 30000)
    public void testSecurityManagerRejectClientID() throws Exception {
        this.rejectClientId = true;
        BlockingConnection blockingConnection = null;
        try {
            MQTT createMQTTConnection = createMQTTConnection(RandomUtil.randomString(), true);
            createMQTTConnection.setUserName(this.fullUser);
            createMQTTConnection.setPassword(this.fullPass);
            createMQTTConnection.setConnectAttemptsMax(1L);
            blockingConnection = createMQTTConnection.blockingConnection();
            try {
                blockingConnection.connect();
                fail("Should have thrown exception");
            } catch (MQTTException e) {
                assertEquals(CONNACK.Code.CONNECTION_REFUSED_IDENTIFIER_REJECTED, e.connack.code());
            }
            if (blockingConnection == null || !blockingConnection.isConnected()) {
                return;
            }
            blockingConnection.disconnect();
        } catch (Throwable th) {
            if (blockingConnection != null && blockingConnection.isConnected()) {
                blockingConnection.disconnect();
            }
            throw th;
        }
    }
}
