package org.infinispan.test.integration.security.embedded;

import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.infinispan.commons.test.ThreadLeakChecker;
import org.infinispan.security.AuthorizationPermission;
import org.infinispan.security.PrincipalRoleMapper;
import org.infinispan.security.impl.IdentityRoleMapper;
import org.infinispan.test.integration.security.tasks.AbstractSecurityDomainsServerSetupTask;
import org.infinispan.test.integration.security.tasks.AbstractTraceLoggingServerSetupTask;
import org.infinispan.test.integration.security.utils.ApacheDsLdap;
import org.infinispan.test.integration.security.utils.Deployments;
import org.infinispan.test.integration.security.utils.Utils;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.TargetsContainer;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.as.arquillian.api.ServerSetup;
import org.jboss.as.arquillian.api.ServerSetupTask;
import org.jboss.as.arquillian.container.ManagementClient;
import org.jboss.as.test.integration.security.common.config.SecurityDomain;
import org.jboss.as.test.integration.security.common.config.SecurityModule;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.runner.RunWith;

@ServerSetup({SecurityDomainsSetupTask.class, SecurityTraceLoggingServerSetupTask.class, LdapServerSetupTask.class})
@RunWith(Arquillian.class)
/* loaded from: input_file:org/infinispan/test/integration/security/embedded/LdapAuthenticationIT.class */
public class LdapAuthenticationIT extends AbstractAuthentication {
    public static final String SECURITY_DOMAIN_NAME = "ispn-secure";
    public static final String ADMIN_ROLE = "admin";
    public static final String ADMIN_PASSWD = "strongPassword";
    public static final String WRITER_ROLE = "writer";
    public static final String WRITER_PASSWD = "somePassword";
    public static final String READER_ROLE = "reader";
    public static final String READER_PASSWD = "password";
    public static final String UNPRIVILEGED_ROLE = "unprivileged";
    public static final String UNPRIVILEGED_PASSWD = "weakPassword";

    /* loaded from: input_file:org/infinispan/test/integration/security/embedded/LdapAuthenticationIT$LdapServerSetupTask.class */
    static class LdapServerSetupTask implements ServerSetupTask {
        private static ApacheDsLdap ldapServer;

        LdapServerSetupTask() {
        }

        public void setup(ManagementClient managementClient, String str) throws Exception {
            ldapServer = new ApacheDsLdap();
            ldapServer.start();
        }

        public void tearDown(ManagementClient managementClient, String str) throws Exception {
            ThreadLeakChecker.ignoreThreadsContaining("pool-.*thread-");
            ldapServer.stop();
        }
    }

    /* loaded from: input_file:org/infinispan/test/integration/security/embedded/LdapAuthenticationIT$SecurityDomainsSetupTask.class */
    static class SecurityDomainsSetupTask extends AbstractSecurityDomainsServerSetupTask {
        SecurityDomainsSetupTask() {
        }

        @Override // org.infinispan.test.integration.security.tasks.AbstractSecurityDomainsServerSetupTask
        protected SecurityDomain[] getSecurityDomains() {
            return new SecurityDomain[]{new SecurityDomain.Builder().name(LdapAuthenticationIT.SECURITY_DOMAIN_NAME).cacheType("default").loginModules(new SecurityModule[]{new SecurityModule.Builder().name("org.jboss.security.auth.spi.LdapLoginModule").flag("required").putOption("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory").putOption("java.naming.provider.url", "ldap://" + Utils.getCannonicalHost(this.managementClient) + ":10389").putOption("java.naming.security.authentication", "simple").putOption("principalDNPrefix", "uid=").putOption("principalDNSuffix", ",ou=People,dc=infinispan,dc=org").putOption("rolesCtxDN", "ou=Roles,dc=infinispan,dc=org").putOption("uidAttributeID", "member").putOption("matchOnUserDN", "true").putOption("roleAttributeID", "cn").putOption("roleAttributeIsDN", "false").putOption("searchScope", "ONELEVEL_SCOPE").build()}).build()};
        }
    }

    /* loaded from: input_file:org/infinispan/test/integration/security/embedded/LdapAuthenticationIT$SecurityTraceLoggingServerSetupTask.class */
    static class SecurityTraceLoggingServerSetupTask extends AbstractTraceLoggingServerSetupTask {
        SecurityTraceLoggingServerSetupTask() {
        }

        @Override // org.infinispan.test.integration.security.tasks.AbstractTraceLoggingServerSetupTask
        protected Collection<String> getCategories(ManagementClient managementClient, String str) {
            return Arrays.asList("javax.security", "org.jboss.security", "org.picketbox", "org.wildfly.security");
        }
    }

    @Deployment
    @TargetsContainer(AbstractAuthentication.DEFAULT_DEPLOY_CONTAINER)
    public static WebArchive getDeployment() {
        return Deployments.createKrbLdapTestDeployment();
    }

    @Override // org.infinispan.test.integration.security.embedded.AbstractAuthentication
    public Map<String, AuthorizationPermission[]> getRolePermissionMap() {
        HashMap hashMap = new HashMap();
        hashMap.put(ADMIN_ROLE, new AuthorizationPermission[]{AuthorizationPermission.ALL});
        hashMap.put(WRITER_ROLE, new AuthorizationPermission[]{AuthorizationPermission.WRITE});
        hashMap.put(READER_ROLE, new AuthorizationPermission[]{AuthorizationPermission.READ});
        hashMap.put(UNPRIVILEGED_ROLE, new AuthorizationPermission[]{AuthorizationPermission.NONE});
        return hashMap;
    }

    @Override // org.infinispan.test.integration.security.embedded.AbstractAuthentication
    public PrincipalRoleMapper getPrincipalRoleMapper() {
        return new IdentityRoleMapper();
    }

    @Override // org.infinispan.test.integration.security.embedded.AbstractAuthentication
    public String getSecurityDomainName() {
        return SECURITY_DOMAIN_NAME;
    }

    @Override // org.infinispan.test.integration.security.embedded.AbstractAuthentication
    public Subject getAdminSubject() throws LoginException {
        return authenticate(ADMIN_ROLE, ADMIN_PASSWD);
    }

    @Override // org.infinispan.test.integration.security.embedded.AbstractAuthentication
    public Subject getWriterSubject() throws LoginException {
        return authenticate(WRITER_ROLE, WRITER_PASSWD);
    }

    @Override // org.infinispan.test.integration.security.embedded.AbstractAuthentication
    public Subject getReaderSubject() throws LoginException {
        return authenticate(READER_ROLE, READER_PASSWD);
    }

    @Override // org.infinispan.test.integration.security.embedded.AbstractAuthentication
    public Subject getUnprivilegedSubject() throws LoginException {
        return authenticate(UNPRIVILEGED_ROLE, UNPRIVILEGED_PASSWD);
    }
}
