package net.shibboleth.idp.authn.impl;

import com.unboundid.ldap.listener.InMemoryDirectoryServer;
import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
import com.unboundid.ldap.listener.InMemoryListenerConfig;
import com.unboundid.ldap.sdk.LDAPException;
import java.io.File;
import java.io.IOException;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.regex.Pattern;
import javax.security.auth.login.LoginException;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.AuthenticationErrorContext;
import net.shibboleth.idp.authn.context.RequestedPrincipalContext;
import net.shibboleth.idp.authn.context.UsernamePasswordContext;
import net.shibboleth.idp.authn.impl.testing.BaseAuthenticationContextTest;
import net.shibboleth.idp.authn.principal.UsernamePrincipal;
import net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory;
import net.shibboleth.idp.authn.testing.TestPrincipal;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.utilities.java.support.collection.Pair;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.net.URISupport;
import org.springframework.core.io.ClassPathResource;
import org.springframework.mock.web.MockHttpServletRequest;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/authn/impl/JAASCredentialValidatorTest.class */
public class JAASCredentialValidatorTest extends BaseAuthenticationContextTest {
    private static final String DATA_PATH = "src/test/resources/net/shibboleth/idp/authn/impl/";
    private static final String DATA_CLASSPATH = "/net/shibboleth/idp/authn/impl/";
    private JAASCredentialValidator validator;
    private ValidateCredentials action;
    private InMemoryDirectoryServer directoryServer;

    @BeforeClass
    public void setupDirectoryServer() throws LDAPException {
        InMemoryDirectoryServerConfig inMemoryDirectoryServerConfig = new InMemoryDirectoryServerConfig(new String[]{"dc=shibboleth,dc=net"});
        inMemoryDirectoryServerConfig.setListenerConfigs(new InMemoryListenerConfig[]{InMemoryListenerConfig.createLDAPConfig("default", 10389)});
        inMemoryDirectoryServerConfig.addAdditionalBindCredentials("cn=Directory Manager", "password");
        this.directoryServer = new InMemoryDirectoryServer(inMemoryDirectoryServerConfig);
        this.directoryServer.importFromLDIF(true, "src/test/resources/net/shibboleth/idp/authn/impl/loginLDAPTest.ldif");
        this.directoryServer.startListening();
    }

    @AfterClass
    public void teardownDirectoryServer() {
        this.directoryServer.shutDown(true);
    }

    @Override // net.shibboleth.idp.authn.impl.testing.BaseAuthenticationContextTest
    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        super.setUp();
        this.validator = new JAASCredentialValidator();
        this.validator.setId("jaastest");
        this.action = new ValidateCredentials();
        this.action.setValidators(Collections.singletonList(this.validator));
        HashMap hashMap = new HashMap();
        hashMap.put("UnknownUsername", Collections.singleton("DN_RESOLUTION_FAILURE"));
        hashMap.put("InvalidPassword", Collections.singleton("INVALID_CREDENTIALS"));
        this.action.setClassifiedMessages(hashMap);
        this.action.setHttpServletRequest(new MockHttpServletRequest());
    }

    @Test
    public void testMissingFlow() throws ComponentInitializationException {
        this.validator.initialize();
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidAuthenticationContext");
    }

    @Test
    public void testMissingUser() throws ComponentInitializationException {
        this.prc.getSubcontext(AuthenticationContext.class).setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.initialize();
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "NoCredentials");
    }

    @Test
    public void testMissingUser2() throws ComponentInitializationException {
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        subcontext.getSubcontext(UsernamePasswordContext.class, true);
        this.validator.initialize();
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "NoCredentials");
    }

    @Test
    public void testNoConfig() throws ComponentInitializationException {
        this.action.getHttpServletRequest().addParameter("username", "foo");
        this.action.getHttpServletRequest().addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidCredentials");
        AuthenticationErrorContext subcontext2 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        Assert.assertEquals(subcontext2.getExceptions().size(), 1);
        Assert.assertTrue(subcontext2.getExceptions().get(0) instanceof LoginException);
    }

    @Test
    public void testBadConfig() throws ComponentInitializationException, URISyntaxException, IOException {
        this.action.getHttpServletRequest().addParameter("username", "foo");
        this.action.getHttpServletRequest().addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setLoginConfigNames(Collections.singletonList("ShibBadAuth"));
        this.validator.setLoginConfigType("JavaLoginConfig");
        this.validator.setLoginConfigParameters(URISupport.fileURIFromAbsolutePath(getCurrentDir() + "/src/test/resources/net/shibboleth/idp/authn/impl/jaas.config"));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidCredentials");
        AuthenticationErrorContext subcontext2 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        Assert.assertEquals(subcontext2.getExceptions().size(), 1);
        Assert.assertTrue(subcontext2.getExceptions().get(0) instanceof LoginException);
    }

    @Test
    public void testUnsupportedConfig() throws ComponentInitializationException, URISyntaxException, IOException {
        this.action.getHttpServletRequest().addParameter("username", "foo");
        this.action.getHttpServletRequest().addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        RequestedPrincipalContext subcontext2 = subcontext.getSubcontext(RequestedPrincipalContext.class, true);
        subcontext2.getPrincipalEvalPredicateFactoryRegistry().register(TestPrincipal.class, "exact", new ExactPrincipalEvalPredicateFactory());
        subcontext2.setOperator("exact");
        subcontext2.setRequestedPrincipals(Collections.singletonList(new TestPrincipal("test1")));
        this.validator.setLoginConfigurations(Collections.singletonList(new Pair("ShibUserPassAuth", Collections.singletonList(new TestPrincipal("test2")))));
        this.validator.setLoginConfigType("JavaLoginConfig");
        this.validator.setLoginConfigParameters(URISupport.fileURIFromAbsolutePath(getCurrentDir() + "/src/test/resources/net/shibboleth/idp/authn/impl/jaas.config"));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "RequestUnsupported");
    }

    @Test
    public void testUnmatchedUser() throws ComponentInitializationException {
        this.action.getHttpServletRequest().addParameter("username", "foo");
        this.action.getHttpServletRequest().addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        subcontext.getSubcontext(UsernamePasswordContext.class, true);
        this.validator.setMatchExpression(Pattern.compile("foo.+"));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "RequestUnsupported");
    }

    @Test
    public void testBadUsername() throws ComponentInitializationException {
        this.action.getHttpServletRequest().addParameter("username", "foo");
        this.action.getHttpServletRequest().addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setLoginConfigType("JavaLoginConfig");
        this.validator.setLoginConfigResource(new ClassPathResource("/net/shibboleth/idp/authn/impl/jaas.config"));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "UnknownUsername");
        AuthenticationErrorContext subcontext2 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        Assert.assertTrue(subcontext2.getExceptions().get(0) instanceof LoginException);
        Assert.assertTrue(subcontext2.isClassifiedError("UnknownUsername"));
        Assert.assertFalse(subcontext2.isClassifiedError("InvalidPassword"));
    }

    @Test
    public void testBadPassword() throws ComponentInitializationException {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setLoginConfigType("JavaLoginConfig");
        this.validator.setLoginConfigResource(new ClassPathResource("/net/shibboleth/idp/authn/impl/jaas.config"));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidPassword");
        AuthenticationErrorContext subcontext2 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        Assert.assertTrue(subcontext2.getExceptions().get(0) instanceof LoginException);
        Assert.assertFalse(subcontext2.isClassifiedError("UnknownUsername"));
        Assert.assertTrue(subcontext2.isClassifiedError("InvalidPassword"));
    }

    @Test
    public void testAuthorized() throws ComponentInitializationException, URISyntaxException, IOException {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setLoginConfigType("JavaLoginConfig");
        this.validator.setLoginConfigParameters(URISupport.fileURIFromAbsolutePath(getCurrentDir() + "/src/test/resources/net/shibboleth/idp/authn/impl/jaas.config"));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNotNull(subcontext.getAuthenticationResult());
        Assert.assertEquals(((UsernamePrincipal) subcontext.getAuthenticationResult().getSubject().getPrincipals(UsernamePrincipal.class).iterator().next()).getName(), "PETER_THE_PRINCIPAL");
    }

    @Test
    public void testAuthorizedAndKeep() throws ComponentInitializationException {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setLoginConfigType("JavaLoginConfig");
        this.validator.setLoginConfigResource(new ClassPathResource("/net/shibboleth/idp/authn/impl/jaas.config"));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNotNull(subcontext.getAuthenticationResult());
        Assert.assertEquals(((UsernamePrincipal) subcontext.getAuthenticationResult().getSubject().getPrincipals(UsernamePrincipal.class).iterator().next()).getName(), "PETER_THE_PRINCIPAL");
    }

    @Test
    public void testSupported() throws ComponentInitializationException {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        RequestedPrincipalContext subcontext2 = subcontext.getSubcontext(RequestedPrincipalContext.class, true);
        subcontext2.getPrincipalEvalPredicateFactoryRegistry().register(TestPrincipal.class, "exact", new ExactPrincipalEvalPredicateFactory());
        subcontext2.setOperator("exact");
        subcontext2.setRequestedPrincipals(Collections.singletonList(new TestPrincipal("test1")));
        this.validator.setLoginConfigurations(Collections.singletonList(new Pair("ShibUserPassAuth", Collections.singletonList(new TestPrincipal("test1")))));
        this.validator.setLoginConfigType("JavaLoginConfig");
        this.validator.setLoginConfigResource(new ClassPathResource("/net/shibboleth/idp/authn/impl/jaas.config"));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNotNull(subcontext.getAuthenticationResult());
        Assert.assertEquals(((UsernamePrincipal) subcontext.getAuthenticationResult().getSubject().getPrincipals(UsernamePrincipal.class).iterator().next()).getName(), "PETER_THE_PRINCIPAL");
        Assert.assertEquals(((TestPrincipal) subcontext.getAuthenticationResult().getSubject().getPrincipals(TestPrincipal.class).iterator().next()).getName(), "test1");
    }

    @Test
    public void testMultiConfigAuthorized() throws ComponentInitializationException {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setLoginConfigNames(Arrays.asList("ShibBadAuth", "ShibUserPassAuth"));
        this.validator.setLoginConfigType("JavaLoginConfig");
        this.validator.setLoginConfigResource(new ClassPathResource("/net/shibboleth/idp/authn/impl/jaas.config"));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNotNull(subcontext.getAuthenticationResult());
        Assert.assertEquals(((UsernamePrincipal) subcontext.getAuthenticationResult().getSubject().getPrincipals(UsernamePrincipal.class).iterator().next()).getName(), "PETER_THE_PRINCIPAL");
    }

    @Test
    public void testMatchAndAuthorized() throws ComponentInitializationException {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setLoginConfigType("JavaLoginConfig");
        this.validator.setLoginConfigResource(new ClassPathResource("/net/shibboleth/idp/authn/impl/jaas.config"));
        this.validator.setMatchExpression(Pattern.compile(".+_THE_.+"));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNotNull(subcontext.getAuthenticationResult());
        Assert.assertEquals(((UsernamePrincipal) subcontext.getAuthenticationResult().getSubject().getPrincipals(UsernamePrincipal.class).iterator().next()).getName(), "PETER_THE_PRINCIPAL");
    }

    private void doExtract() throws ComponentInitializationException {
        ExtractUsernamePasswordFromFormRequest extractUsernamePasswordFromFormRequest = new ExtractUsernamePasswordFromFormRequest();
        extractUsernamePasswordFromFormRequest.setHttpServletRequest(this.action.getHttpServletRequest());
        extractUsernamePasswordFromFormRequest.initialize();
        extractUsernamePasswordFromFormRequest.execute(this.src);
    }

    private String getCurrentDir() throws IOException {
        return new File(".").getCanonicalPath().replace(File.separatorChar, '/');
    }
}
