package org.wildfly.security.auth.realm;

import java.security.Principal;
import java.security.Provider;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Collections;
import java.util.function.Consumer;
import java.util.function.Function;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.wildfly.common.function.ExceptionSupplier;
import org.wildfly.security.WildFlyElytronProvider;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.realm.ldap.DirContextFactory;
import org.wildfly.security.auth.realm.ldap.LdapSecurityRealmBuilder;
import org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder;
import org.wildfly.security.auth.server.NameRewriter;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.auth.server.ServerUtils;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.PasswordGuessEvidence;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.sasl.gssapi.TestKDC;

/* loaded from: input_file:org/wildfly/security/auth/realm/DistributedSecurityRealmTest.class */
public class DistributedSecurityRealmTest {
    private static final Provider provider = new WildFlyElytronProvider();
    private static final String SERVER_DN = "uid=server,dc=elytron,dc=wildfly,dc=org";
    private static final String SERVER_CREDENTIAL = "serverPassword";
    SecurityRealm realm1;
    SecurityRealm realm2;
    SecurityRealm realm3;
    SecurityRealm evidenceRealm;
    SecurityRealm unavailableRealm;
    SecurityRealm unavailableLdapRealm;
    char[] pass1 = "pass1".toCharArray();
    char[] pass2 = "pass2".toCharArray();
    char[] pass3 = "pass3".toCharArray();
    DistributedSecurityRealm realm;

    /* loaded from: input_file:org/wildfly/security/auth/realm/DistributedSecurityRealmTest$SimpleEvidence.class */
    private class SimpleEvidence implements Evidence {
        private Principal principal;
        private boolean valid;

        public SimpleEvidence(String str, boolean z) {
            this.principal = new NamePrincipal(str);
            this.valid = z;
        }

        public boolean isValid() {
            return this.valid;
        }

        public Principal getPrincipal() {
            return this.principal;
        }
    }

    /* loaded from: input_file:org/wildfly/security/auth/realm/DistributedSecurityRealmTest$SimpleEvidenceRealm.class */
    private class SimpleEvidenceRealm implements SecurityRealm {

        /* loaded from: input_file:org/wildfly/security/auth/realm/DistributedSecurityRealmTest$SimpleEvidenceRealm$SimpleEvidenceRealmIdentity.class */
        private class SimpleEvidenceRealmIdentity implements RealmIdentity {
            private SimpleEvidence evidence;

            public SimpleEvidenceRealmIdentity(SimpleEvidence simpleEvidence) {
                this.evidence = simpleEvidence;
            }

            public Principal getRealmIdentityPrincipal() {
                return this.evidence.getPrincipal();
            }

            public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
                return SupportLevel.UNSUPPORTED;
            }

            public <C extends Credential> C getCredential(Class<C> cls) throws RealmUnavailableException {
                return null;
            }

            public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
                return SimpleEvidence.class.equals(cls) ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
            }

            public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
                return (evidence instanceof SimpleEvidence) && ((SimpleEvidence) evidence).isValid();
            }

            public boolean exists() throws RealmUnavailableException {
                return this.evidence.isValid();
            }
        }

        private SimpleEvidenceRealm() {
        }

        public RealmIdentity getRealmIdentity(Principal principal) throws RealmUnavailableException {
            return RealmIdentity.NON_EXISTENT;
        }

        public RealmIdentity getRealmIdentity(Evidence evidence) throws RealmUnavailableException {
            return evidence instanceof SimpleEvidence ? new SimpleEvidenceRealmIdentity((SimpleEvidence) evidence) : RealmIdentity.NON_EXISTENT;
        }

        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            return SupportLevel.UNSUPPORTED;
        }

        public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            return SimpleEvidence.class.equals(cls) ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
        }
    }

    /* loaded from: input_file:org/wildfly/security/auth/realm/DistributedSecurityRealmTest$UnavailableRealm.class */
    private class UnavailableRealm implements SecurityRealm {
        private UnavailableRealm() {
        }

        public RealmIdentity getRealmIdentity(Principal principal) throws RealmUnavailableException {
            throw new RealmUnavailableException();
        }

        public RealmIdentity getRealmIdentity(Evidence evidence) throws RealmUnavailableException {
            throw new RealmUnavailableException();
        }

        public RealmIdentity getRealmIdentity(Evidence evidence, Function<Principal, Principal> function) throws RealmUnavailableException {
            throw new RealmUnavailableException();
        }

        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            return SupportLevel.POSSIBLY_SUPPORTED;
        }

        public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            return SupportLevel.POSSIBLY_SUPPORTED;
        }
    }

    @Before
    public void setup() throws Exception {
        this.realm1 = createRealmWithIdentity("user1", createPasswordCredential(this.pass1));
        this.realm2 = createRealmWithIdentity("user2", createPasswordCredential(this.pass2));
        this.realm3 = createRealmWithIdentity("user3", createPasswordCredential(this.pass3));
        this.evidenceRealm = new SimpleEvidenceRealm();
        this.unavailableRealm = new UnavailableRealm();
        this.unavailableLdapRealm = LdapSecurityRealmBuilder.builder().setDirContextSupplier(createDirContextSupplier()).identityMapping().setRdnIdentifier("uid").build().addDirectEvidenceVerification().build();
        this.realm = new DistributedSecurityRealm(new SecurityRealm[]{this.realm1, this.realm2, this.evidenceRealm, this.realm3});
    }

    @Test
    public void testNoIdentity() throws Exception {
        Assert.assertFalse(this.realm.getRealmIdentity(new NamePrincipal("user4")).exists());
    }

    @Test
    public void testExistingIdentity1() throws Exception {
        RealmIdentity realmIdentity = this.realm.getRealmIdentity(new NamePrincipal("user1"));
        Assert.assertTrue(realmIdentity.exists());
        PasswordCredential credential = realmIdentity.getCredential(PasswordCredential.class);
        Assert.assertTrue(credential.verify(ServerUtils.ELYTRON_PASSWORD_PROVIDERS, new PasswordGuessEvidence(this.pass1)));
        Assert.assertFalse(credential.verify(ServerUtils.ELYTRON_PASSWORD_PROVIDERS, new PasswordGuessEvidence(this.pass2)));
        Assert.assertFalse(credential.verify(ServerUtils.ELYTRON_PASSWORD_PROVIDERS, new PasswordGuessEvidence(this.pass3)));
        realmIdentity.dispose();
    }

    @Test
    public void testExistingIdentity2() throws Exception {
        RealmIdentity realmIdentity = this.realm.getRealmIdentity(new NamePrincipal("user2"));
        Assert.assertTrue(realmIdentity.exists());
        PasswordCredential credential = realmIdentity.getCredential(PasswordCredential.class);
        Assert.assertFalse(credential.verify(ServerUtils.ELYTRON_PASSWORD_PROVIDERS, new PasswordGuessEvidence(this.pass1)));
        Assert.assertTrue(credential.verify(ServerUtils.ELYTRON_PASSWORD_PROVIDERS, new PasswordGuessEvidence(this.pass2)));
        Assert.assertFalse(credential.verify(ServerUtils.ELYTRON_PASSWORD_PROVIDERS, new PasswordGuessEvidence(this.pass3)));
        realmIdentity.dispose();
    }

    @Test
    public void testExistingIdentity3() throws Exception {
        RealmIdentity realmIdentity = this.realm.getRealmIdentity(new NamePrincipal("user3"));
        Assert.assertTrue(realmIdentity.exists());
        PasswordCredential credential = realmIdentity.getCredential(PasswordCredential.class);
        Assert.assertFalse(credential.verify(ServerUtils.ELYTRON_PASSWORD_PROVIDERS, new PasswordGuessEvidence(this.pass1)));
        Assert.assertFalse(credential.verify(ServerUtils.ELYTRON_PASSWORD_PROVIDERS, new PasswordGuessEvidence(this.pass2)));
        Assert.assertTrue(credential.verify(ServerUtils.ELYTRON_PASSWORD_PROVIDERS, new PasswordGuessEvidence(this.pass3)));
        realmIdentity.dispose();
    }

    @Test
    public void testVerifyEvidence() throws Exception {
        RealmIdentity realmIdentity = this.realm.getRealmIdentity(new NamePrincipal("user1"));
        Assert.assertTrue(realmIdentity.verifyEvidence(new PasswordGuessEvidence(this.pass1)));
        Assert.assertFalse(realmIdentity.verifyEvidence(new PasswordGuessEvidence(this.pass2)));
        Assert.assertFalse(realmIdentity.verifyEvidence(new PasswordGuessEvidence(this.pass3)));
        realmIdentity.dispose();
    }

    @Test
    public void testEvidence() throws Exception {
        RealmIdentity realmIdentity = this.realm.getRealmIdentity(new SimpleEvidence("evidenceUser", true));
        Assert.assertTrue(realmIdentity.exists());
        Assert.assertEquals(realmIdentity.getRealmIdentityPrincipal(), new NamePrincipal("evidenceUser"));
        realmIdentity.dispose();
    }

    @Test
    public void testBadEvidence() throws Exception {
        RealmIdentity realmIdentity = this.realm.getRealmIdentity(new SimpleEvidence("evidenceUser", false));
        Assert.assertFalse(realmIdentity.exists());
        realmIdentity.dispose();
    }

    @Test(expected = RealmUnavailableException.class)
    public void testRealmUnavailable() throws Exception {
        this.realm = new DistributedSecurityRealm(new SecurityRealm[]{this.realm1, this.realm2, this.unavailableLdapRealm, this.realm3});
        this.realm.getRealmIdentity(new NamePrincipal("user3"));
    }

    @Test(expected = RealmUnavailableException.class)
    public void testRealmUnavailableIgnoreFalse() throws Exception {
        this.realm = new DistributedSecurityRealm(false, (Consumer) null, new SecurityRealm[]{this.realm1, this.realm2, this.unavailableLdapRealm, this.realm3});
        this.realm.getRealmIdentity(new NamePrincipal("user3"));
    }

    @Test(expected = RealmUnavailableException.class)
    public void testOnlyUnavailableRealmIgnoreFalse() throws Exception {
        this.realm = new DistributedSecurityRealm(false, (Consumer) null, new SecurityRealm[]{this.unavailableLdapRealm});
        this.realm.getRealmIdentity(new NamePrincipal("user3"));
    }

    @Test
    public void testOnlyUnavailableRealmIgnoreTrueWithConsumer() throws Exception {
        int[] iArr = {-1};
        this.realm = new DistributedSecurityRealm(true, num -> {
            iArr[0] = num.intValue();
        }, new SecurityRealm[]{this.unavailableLdapRealm});
        RealmIdentity realmIdentity = this.realm.getRealmIdentity(new NamePrincipal("user3"));
        Assert.assertFalse(realmIdentity.exists());
        Assert.assertEquals(0L, iArr[0]);
        realmIdentity.dispose();
    }

    @Test
    public void testIgnoreRealmUnavailable() throws Exception {
        ignoreRealmUnavailable(this.unavailableLdapRealm);
    }

    @Test
    public void testIgnoreRealmIdentityUnavailable() throws Exception {
        ignoreRealmUnavailable(this.unavailableRealm);
    }

    @Test
    public void testIgnoreRealmUnavailableWithConsumer() throws Exception {
        ignoreRealmUnavailableWithConsumer(this.unavailableLdapRealm);
    }

    @Test
    public void testIgnoreRealmIdentityUnavailableWithConsumer() throws Exception {
        ignoreRealmUnavailableWithConsumer(this.unavailableRealm);
    }

    private void ignoreRealmUnavailable(SecurityRealm securityRealm) throws Exception {
        this.realm = new DistributedSecurityRealm(true, (Consumer) null, new SecurityRealm[]{this.realm1, this.realm2, securityRealm, this.realm3});
        RealmIdentity realmIdentity = this.realm.getRealmIdentity(new NamePrincipal("user3"));
        Assert.assertTrue(realmIdentity.exists());
        realmIdentity.dispose();
    }

    private void ignoreRealmUnavailableWithConsumer(SecurityRealm securityRealm) throws Exception {
        int[] iArr = {-1};
        this.realm = new DistributedSecurityRealm(true, num -> {
            iArr[0] = num.intValue();
        }, new SecurityRealm[]{this.realm1, this.realm2, securityRealm, this.realm3});
        RealmIdentity realmIdentity = this.realm.getRealmIdentity(new NamePrincipal("user3"));
        Assert.assertTrue(realmIdentity.exists());
        Assert.assertEquals(2L, iArr[0]);
        realmIdentity.dispose();
    }

    private static PasswordCredential createPasswordCredential(char[] cArr) throws Exception {
        return new PasswordCredential(PasswordFactory.getInstance("clear", ServerUtils.ELYTRON_PASSWORD_PROVIDERS).generatePassword(new ClearPasswordSpec(cArr)));
    }

    private static SecurityRealm createRealmWithIdentity(String str, Credential credential) {
        SimpleMapBackedSecurityRealm simpleMapBackedSecurityRealm = new SimpleMapBackedSecurityRealm(NameRewriter.IDENTITY_REWRITER, ServerUtils.ELYTRON_PASSWORD_PROVIDERS);
        if (str != null) {
            simpleMapBackedSecurityRealm.setIdentityMap(Collections.singletonMap(str, new SimpleRealmEntry(Collections.singletonList(credential))));
        } else {
            simpleMapBackedSecurityRealm.setIdentityMap(Collections.EMPTY_MAP);
        }
        return simpleMapBackedSecurityRealm;
    }

    private static ExceptionSupplier<DirContext, NamingException> createDirContextSupplier() {
        return () -> {
            return SimpleDirContextFactoryBuilder.builder().setProviderUrl(String.format("ldap://localhost:%d/", Integer.valueOf(TestKDC.LDAP_PORT))).setSecurityPrincipal(SERVER_DN).setSecurityCredential(SERVER_CREDENTIAL).build().obtainDirContext(DirContextFactory.ReferralMode.IGNORE);
        };
    }
}
