package org.uberfire.backend.server.security;

import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import org.jboss.errai.security.shared.api.GroupImpl;
import org.jboss.errai.security.shared.api.RoleImpl;
import org.jboss.errai.security.shared.api.identity.User;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentMatchers;
import org.mockito.InOrder;
import org.mockito.Mockito;
import org.powermock.api.mockito.PowerMockito;
import org.powermock.core.classloader.annotations.PowerMockIgnore;
import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.junit4.PowerMockRunner;
import org.powermock.reflect.Whitebox;
import org.uberfire.backend.server.security.adapter.WebSphereGroupsAdapter;

@PrepareForTest({JAASAuthenticationService.class})
@RunWith(PowerMockRunner.class)
@PowerMockIgnore({"javax.security.*", "javax.naming.*"})
/* loaded from: input_file:org/uberfire/backend/server/security/JAASAuthenticationServiceTest.class */
public class JAASAuthenticationServiceTest {
    private JAASAuthenticationService tested;

    @Before
    public void setup() {
        RoleRegistry.get().clear();
        RoleRegistry.get().registerRole("admin");
        RoleRegistry.get().registerRole("role1");
        this.tested = (JAASAuthenticationService) Mockito.spy(new JAASAuthenticationService("ApplicationRealm"));
    }

    @Test
    public void testNoLogin() throws Exception {
        Assert.assertEquals(User.ANONYMOUS, this.tested.getUser());
    }

    @Test
    public void testGetAnnonymous() throws Exception {
        Assert.assertFalse(this.tested.isLoggedIn());
    }

    @Test
    public void testLogin() throws Exception {
        Set<Principal> mockPrincipals = mockPrincipals("admin", "role1", "group1");
        Subject subject = new Subject();
        subject.getPrincipals().addAll(mockPrincipals);
        LoginContext loginContext = (LoginContext) Mockito.mock(LoginContext.class);
        Mockito.when(loginContext.getSubject()).thenReturn(subject);
        ((JAASAuthenticationService) Mockito.doReturn(loginContext).when(this.tested)).createLoginContext(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
        User login = this.tested.login("user1", "password1");
        Assert.assertNotNull(login);
        Assert.assertEquals("user1", login.getIdentifier());
        Assert.assertEquals(2L, login.getRoles().size());
        Assert.assertTrue(login.getRoles().contains(new RoleImpl("admin")));
        Assert.assertTrue(login.getRoles().contains(new RoleImpl("role1")));
        Assert.assertEquals(1L, login.getGroups().size());
        Assert.assertTrue(login.getGroups().contains(new GroupImpl("group1")));
    }

    @Test
    public void testLoginSwitchesClassloaderForJsm() throws Exception {
        PowerMockito.mockStatic(JAASAuthenticationService.class, new Class[0]);
        PowerMockito.mockStatic(Thread.class, new Class[0]);
        PowerMockito.mockStatic(System.class, new Class[0]);
        ClassLoader classLoader = (ClassLoader) Mockito.mock(ClassLoader.class);
        Thread thread = (Thread) Mockito.mock(Thread.class);
        Mockito.when(Thread.currentThread()).thenReturn(thread);
        Mockito.when(System.getSecurityManager()).thenReturn((SecurityManager) Mockito.mock(SecurityManager.class));
        Mockito.when(thread.getContextClassLoader()).thenReturn(classLoader);
        Set<Principal> mockPrincipals = mockPrincipals("admin", "role1", "group1");
        Subject subject = new Subject();
        subject.getPrincipals().addAll(mockPrincipals);
        LoginContext loginContext = (LoginContext) Mockito.mock(LoginContext.class);
        Mockito.when(loginContext.getSubject()).thenReturn(subject);
        ((JAASAuthenticationService) Mockito.doReturn(loginContext).when(this.tested)).createLoginContext(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
        this.tested.login("user1", "password1");
        InOrder inOrder = Mockito.inOrder(new Object[]{thread});
        ((Thread) inOrder.verify(thread)).setContextClassLoader(this.tested.getClass().getClassLoader());
        ((Thread) inOrder.verify(thread)).setContextClassLoader((ClassLoader) ArgumentMatchers.same(classLoader));
    }

    @Test
    public void testLoginNoPrincipal() throws Exception {
        Subject subject = new Subject();
        LoginContext loginContext = (LoginContext) Mockito.mock(LoginContext.class);
        Mockito.when(loginContext.getSubject()).thenReturn(subject);
        ((JAASAuthenticationService) Mockito.doReturn(loginContext).when(this.tested)).createLoginContext(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
        User login = this.tested.login("user1", "password1");
        Assert.assertNotNull(login);
        Assert.assertEquals("user1", login.getIdentifier());
        Assert.assertEquals(0L, login.getRoles().size());
        Assert.assertEquals(0L, login.getGroups().size());
    }

    @Test
    public void testLoginSubjectGroups() throws Exception {
        Set<Principal> mockPrincipals = mockPrincipals("admin", "role1", "group1");
        Group group = (Group) Mockito.mock(Group.class);
        ((Group) Mockito.doReturn("Roles").when(group)).getName();
        ((Group) Mockito.doReturn(Collections.enumeration(mockPrincipals("g1", "g2"))).when(group)).members();
        Subject subject = new Subject();
        subject.getPrincipals().addAll(mockPrincipals);
        subject.getPrincipals().add(group);
        LoginContext loginContext = (LoginContext) Mockito.mock(LoginContext.class);
        Mockito.when(loginContext.getSubject()).thenReturn(subject);
        ((JAASAuthenticationService) Mockito.doReturn(loginContext).when(this.tested)).createLoginContext(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
        User login = this.tested.login("user1", "password1");
        Assert.assertNotNull(login);
        Assert.assertEquals("user1", login.getIdentifier());
        Assert.assertEquals(2L, login.getRoles().size());
        Assert.assertTrue(login.getRoles().contains(new RoleImpl("admin")));
        Assert.assertTrue(login.getRoles().contains(new RoleImpl("role1")));
        Assert.assertEquals(3L, login.getGroups().size());
        Assert.assertTrue(login.getGroups().contains(new GroupImpl("group1")));
        Assert.assertTrue(login.getGroups().contains(new GroupImpl("g1")));
        Assert.assertTrue(login.getGroups().contains(new GroupImpl("g2")));
    }

    @Test
    public void testLoginSubjectGroupsWithRegexRoleMapper() throws Exception {
        RoleRegistry.get().clear();
        RoleRegistry.get().registerRole("admin");
        RoleRegistry.get().registerRole("user");
        RoleRegistry.get().registerRole("role1");
        System.setProperty("org.uberfire.regex.role_mapper", "cn[\\ ]*=[\\ ]*role");
        JAASAuthenticationService jAASAuthenticationService = (JAASAuthenticationService) Mockito.spy(new JAASAuthenticationService("ApplicationRealm"));
        Set<Principal> mockPrincipals = mockPrincipals("ldap", "role1");
        Group group = (Group) Mockito.mock(Group.class);
        ((Group) Mockito.doReturn("Roles").when(group)).getName();
        ((Group) Mockito.doReturn(Collections.enumeration(mockPrincipals("g1", "g2"))).when(group)).members();
        Subject subject = new Subject();
        subject.getPrincipals().addAll(mockPrincipals);
        subject.getPrincipals().add(group);
        LoginContext loginContext = (LoginContext) Mockito.mock(LoginContext.class);
        Mockito.when(loginContext.getSubject()).thenReturn(subject);
        ((JAASAuthenticationService) Mockito.doReturn(loginContext).when(jAASAuthenticationService)).createLoginContext(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
        WebSphereGroupsAdapter webSphereGroupsAdapter = (WebSphereGroupsAdapter) Mockito.mock(WebSphereGroupsAdapter.class);
        ((WebSphereGroupsAdapter) Mockito.doReturn(mockGroups("cn=admin,ou=groups,dc=com,dc=example", "cn=user")).when(webSphereGroupsAdapter)).getGroups(ArgumentMatchers.anyString(), Mockito.anyObject());
        ArrayList arrayList = new ArrayList();
        arrayList.add(webSphereGroupsAdapter);
        Whitebox.setInternalState(jAASAuthenticationService, "groupsAdapters", arrayList);
        User login = jAASAuthenticationService.login("user1", "password1");
        Assert.assertNotNull(login);
        Assert.assertEquals("user1", login.getIdentifier());
        Assert.assertEquals(3L, login.getRoles().size());
        Assert.assertTrue(login.getRoles().contains(new RoleImpl("admin")));
        Assert.assertTrue(login.getRoles().contains(new RoleImpl("user")));
        Assert.assertTrue(login.getRoles().contains(new RoleImpl("role1")));
        Assert.assertEquals(3L, login.getGroups().size());
        Assert.assertTrue(login.getGroups().contains(new GroupImpl("g1")));
        Assert.assertTrue(login.getGroups().contains(new GroupImpl("g2")));
        Assert.assertTrue(login.getGroups().contains(new GroupImpl("ldap")));
    }

    @Test
    public void testLoggedIn() throws Exception {
        Set<Principal> mockPrincipals = mockPrincipals("admin");
        Subject subject = new Subject();
        subject.getPrincipals().addAll(mockPrincipals);
        LoginContext loginContext = (LoginContext) Mockito.mock(LoginContext.class);
        Mockito.when(loginContext.getSubject()).thenReturn(subject);
        ((JAASAuthenticationService) Mockito.doReturn(loginContext).when(this.tested)).createLoginContext(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
        this.tested.login("user1", "password1");
        Assert.assertTrue(this.tested.isLoggedIn());
    }

    @Test
    public void testGetUser() throws Exception {
        RoleRegistry.get().registerRole("admin");
        Set<Principal> mockPrincipals = mockPrincipals("admin");
        Subject subject = new Subject();
        subject.getPrincipals().addAll(mockPrincipals);
        LoginContext loginContext = (LoginContext) Mockito.mock(LoginContext.class);
        Mockito.when(loginContext.getSubject()).thenReturn(subject);
        ((JAASAuthenticationService) Mockito.doReturn(loginContext).when(this.tested)).createLoginContext(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
        Assert.assertEquals(this.tested.login("user1", "password1"), this.tested.getUser());
    }

    private Set<Principal> mockPrincipals(String... strArr) {
        HashSet hashSet = new HashSet();
        for (String str : strArr) {
            Principal principal = (Principal) Mockito.mock(Principal.class);
            Mockito.when(principal.getName()).thenReturn(str);
            hashSet.add(principal);
        }
        return hashSet;
    }

    private List<org.jboss.errai.security.shared.api.Group> mockGroups(String... strArr) {
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            org.jboss.errai.security.shared.api.Group group = (org.jboss.errai.security.shared.api.Group) Mockito.mock(org.jboss.errai.security.shared.api.Group.class);
            Mockito.when(group.getName()).thenReturn(str);
            arrayList.add(group);
        }
        return arrayList;
    }
}
