package net.shibboleth.idp.authn.impl;

import java.util.HashMap;
import java.util.Set;
import net.shibboleth.idp.authn.AuthenticationResult;
import net.shibboleth.idp.authn.TemplateSearchDnResolver;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.AuthenticationErrorContext;
import net.shibboleth.idp.authn.context.LDAPResponseContext;
import net.shibboleth.idp.authn.context.UsernamePasswordContext;
import net.shibboleth.idp.authn.impl.ValidateCredentials;
import net.shibboleth.idp.authn.impl.testing.BaseAuthenticationContextTest;
import net.shibboleth.idp.authn.principal.UsernamePrincipal;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.spring.resource.ResourceHelper;
import net.shibboleth.shared.testing.ConstantSupplier;
import net.shibboleth.shared.testing.InMemoryDirectory;
import net.shibboleth.shared.testing.VelocityEngine;
import org.ldaptive.DefaultConnectionFactory;
import org.ldaptive.auth.AuthenticationResponse;
import org.ldaptive.auth.AuthenticationResultCode;
import org.ldaptive.auth.Authenticator;
import org.ldaptive.auth.SimpleBindAuthenticationHandler;
import org.ldaptive.jaas.LdapPrincipal;
import org.springframework.core.io.ClassPathResource;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.webflow.execution.Event;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/authn/impl/ValidateCredentialsTest.class */
public class ValidateCredentialsTest extends BaseAuthenticationContextTest {
    private static final String DATA_PATH = "/net/shibboleth/idp/authn/impl/";
    private ValidateCredentials action;
    private InMemoryDirectory directoryServer;
    private TemplateSearchDnResolver dnResolver;
    private SimpleBindAuthenticationHandler authHandler;
    private Authenticator authenticator;
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeClass
    public void setupDirectoryServer() {
        this.directoryServer = new InMemoryDirectory(new String[]{"dc=shibboleth,dc=net"}, new ClassPathResource("/net/shibboleth/idp/authn/impl/loginLDAPTest.ldif"), 10389);
        this.directoryServer.start();
    }

    @BeforeClass
    public void setupAuthenticator() {
        this.dnResolver = new TemplateSearchDnResolver(new DefaultConnectionFactory("ldap://localhost:10389"), VelocityEngine.newVelocityEngine(), "(uid=$usernamePasswordContext.username)");
        this.dnResolver.setBaseDn("ou=people,dc=shibboleth,dc=net");
        this.authHandler = new SimpleBindAuthenticationHandler(new DefaultConnectionFactory("ldap://localhost:10389"));
        this.authenticator = new Authenticator(this.dnResolver, this.authHandler);
    }

    @AfterClass
    public void teardownDirectoryServer() throws Exception {
        if (this.directoryServer.openConnectionCount() > 0) {
            Thread.sleep(100L);
        }
        Assert.assertEquals(this.directoryServer.openConnectionCount(), 0L);
        this.directoryServer.stop(true);
    }

    @Override // net.shibboleth.idp.authn.impl.testing.BaseAuthenticationContextTest
    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        super.setUp();
        LDAPCredentialValidator lDAPCredentialValidator = new LDAPCredentialValidator();
        lDAPCredentialValidator.setId("ldap");
        if (!$assertionsDisabled && this.authenticator == null) {
            throw new AssertionError();
        }
        lDAPCredentialValidator.setAuthenticator(this.authenticator);
        lDAPCredentialValidator.initialize();
        HTPasswdCredentialValidator hTPasswdCredentialValidator = new HTPasswdCredentialValidator();
        hTPasswdCredentialValidator.setId("htpasswd");
        hTPasswdCredentialValidator.setResource(ResourceHelper.of(new ClassPathResource("/net/shibboleth/idp/authn/impl/htpasswd.txt")));
        hTPasswdCredentialValidator.initialize();
        this.action = new ValidateCredentials();
        this.action.setValidators(CollectionSupport.listOf(lDAPCredentialValidator, hTPasswdCredentialValidator));
        HashMap hashMap = new HashMap();
        hashMap.put("UnknownUsername", CollectionSupport.singleton("DN_RESOLUTION_FAILURE"));
        hashMap.put("InvalidPassword", CollectionSupport.singleton("INVALID_CREDENTIALS"));
        hashMap.put("InvalidPassword", CollectionSupport.singleton("InvalidCredentials"));
        hashMap.put("ExpiringPassword", CollectionSupport.singleton("ACCOUNT_WARNING"));
        hashMap.put("ExpiredPassword", CollectionSupport.listOf("PASSWORD_EXPIRED", "CHANGE_AFTER_RESET"));
        this.action.setClassifiedMessages(hashMap);
        this.action.setHttpServletRequestSupplier(new ConstantSupplier(new MockHttpServletRequest()));
    }

    @Test
    public void testBadUsername() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "foo");
        getMockHttpServletRequest(this.action).addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        AuthenticationResponse authenticationResponse = subcontext2.getAuthenticationResponse();
        if (!$assertionsDisabled && authenticationResponse == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(authenticationResponse.getAuthenticationResultCode(), AuthenticationResultCode.DN_RESOLUTION_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        if (!$assertionsDisabled && subcontext3 == null) {
            throw new AssertionError();
        }
        ActionTestingSupport.assertEvent(execute, "UnknownUsername");
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 1);
        Assert.assertTrue(subcontext3.isClassifiedError("UnknownUsername"));
    }

    @Test
    public void testEmptyPassword() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL");
        getMockHttpServletRequest(this.action).addParameter("password", "");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        AuthenticationErrorContext subcontext2 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        ActionTestingSupport.assertEvent(execute, "InvalidPassword");
        Assert.assertEquals(subcontext2.getClassifiedErrors().size(), 1);
        Assert.assertTrue(subcontext2.isClassifiedError("InvalidPassword"));
    }

    @Test
    public void testBadPassword() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL");
        getMockHttpServletRequest(this.action).addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        AuthenticationResponse authenticationResponse = subcontext2.getAuthenticationResponse();
        if (!$assertionsDisabled && authenticationResponse == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(authenticationResponse.getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        if (!$assertionsDisabled && subcontext3 == null) {
            throw new AssertionError();
        }
        ActionTestingSupport.assertEvent(execute, "InvalidPassword");
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 2);
        Assert.assertTrue(subcontext3.isClassifiedError("InvalidPassword"));
        Assert.assertTrue(subcontext3.isClassifiedError("InvalidCredentials"));
    }

    @Test
    public void testAuthorized() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL");
        getMockHttpServletRequest(this.action).addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNotNull(subcontext.getSubcontext(UsernamePasswordContext.class));
        Assert.assertNull(subcontext.getSubcontext(AuthenticationErrorContext.class));
        AuthenticationResult authenticationResult = subcontext.getAuthenticationResult();
        if (!$assertionsDisabled && authenticationResult == null) {
            throw new AssertionError();
        }
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        AuthenticationResponse authenticationResponse = subcontext2.getAuthenticationResponse();
        if (!$assertionsDisabled && authenticationResponse == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(authenticationResponse.getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_SUCCESS);
        UsernamePrincipal usernamePrincipal = (UsernamePrincipal) authenticationResult.getSubject().getPrincipals(UsernamePrincipal.class).iterator().next();
        Assert.assertNotNull(usernamePrincipal);
        Assert.assertEquals(usernamePrincipal.getName(), "PETER_THE_PRINCIPAL");
        LdapPrincipal ldapPrincipal = (LdapPrincipal) authenticationResult.getSubject().getPrincipals(LdapPrincipal.class).iterator().next();
        Assert.assertNotNull(ldapPrincipal);
        Assert.assertEquals(ldapPrincipal.getName(), "PETER_THE_PRINCIPAL");
        Assert.assertNotNull(ldapPrincipal.getLdapEntry());
    }

    @Test
    public void testAuthorized2() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL2");
        getMockHttpServletRequest(this.action).addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.action.setCleanupHook(new ValidateCredentials.UsernamePasswordCleanupHook());
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNull(subcontext.getSubcontext(UsernamePasswordContext.class));
        AuthenticationResult authenticationResult = subcontext.getAuthenticationResult();
        if (!$assertionsDisabled && authenticationResult == null) {
            throw new AssertionError();
        }
        UsernamePrincipal usernamePrincipal = (UsernamePrincipal) authenticationResult.getSubject().getPrincipals(UsernamePrincipal.class).iterator().next();
        Assert.assertNotNull(usernamePrincipal);
        Assert.assertEquals(usernamePrincipal.getName(), "PETER_THE_PRINCIPAL2");
        Assert.assertTrue(authenticationResult.getSubject().getPrincipals(LdapPrincipal.class).isEmpty());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        AuthenticationResponse authenticationResponse = subcontext2.getAuthenticationResponse();
        if (!$assertionsDisabled && authenticationResponse == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(authenticationResponse.getAuthenticationResultCode(), AuthenticationResultCode.DN_RESOLUTION_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        if (!$assertionsDisabled && subcontext3 == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 1);
        Assert.assertTrue(subcontext3.isClassifiedError("UnknownUsername"));
    }

    @Test
    public void testBadPassword2() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL2");
        getMockHttpServletRequest(this.action).addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.action.setRequireAll(true);
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        AuthenticationResponse authenticationResponse = subcontext2.getAuthenticationResponse();
        if (!$assertionsDisabled && authenticationResponse == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(authenticationResponse.getAuthenticationResultCode(), AuthenticationResultCode.DN_RESOLUTION_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        if (!$assertionsDisabled && subcontext3 == null) {
            throw new AssertionError();
        }
        ActionTestingSupport.assertEvent(execute, "UnknownUsername");
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 1);
        Assert.assertTrue(subcontext3.isClassifiedError("UnknownUsername"));
    }

    @Test
    public void testAuthorizedAll() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL");
        getMockHttpServletRequest(this.action).addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.action.setRequireAll(true);
        this.action.setCleanupHook(new ValidateCredentials.UsernamePasswordCleanupHook());
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNull(subcontext.getSubcontext(UsernamePasswordContext.class));
        Assert.assertNull(subcontext.getSubcontext(AuthenticationErrorContext.class));
        AuthenticationResult authenticationResult = subcontext.getAuthenticationResult();
        if (!$assertionsDisabled && authenticationResult == null) {
            throw new AssertionError();
        }
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        AuthenticationResponse authenticationResponse = subcontext2.getAuthenticationResponse();
        if (!$assertionsDisabled && authenticationResponse == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(authenticationResponse.getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_SUCCESS);
        Set principals = authenticationResult.getSubject().getPrincipals(UsernamePrincipal.class);
        Assert.assertEquals(principals.size(), 1);
        Assert.assertNotNull(principals.iterator().next());
        Assert.assertEquals(((UsernamePrincipal) principals.iterator().next()).getName(), "PETER_THE_PRINCIPAL");
        LdapPrincipal ldapPrincipal = (LdapPrincipal) authenticationResult.getSubject().getPrincipals(LdapPrincipal.class).iterator().next();
        Assert.assertNotNull(ldapPrincipal);
        Assert.assertEquals(ldapPrincipal.getName(), "PETER_THE_PRINCIPAL");
        Assert.assertNotNull(ldapPrincipal.getLdapEntry());
    }

    private void doExtract() throws ComponentInitializationException {
        ExtractUsernamePasswordFromFormRequest extractUsernamePasswordFromFormRequest = new ExtractUsernamePasswordFromFormRequest();
        extractUsernamePasswordFromFormRequest.setHttpServletRequestSupplier(this.action.getHttpServletRequestSupplier());
        extractUsernamePasswordFromFormRequest.initialize();
        extractUsernamePasswordFromFormRequest.execute(this.src);
    }

    static {
        $assertionsDisabled = !ValidateCredentialsTest.class.desiredAssertionStatus();
    }
}
