package org.wildfly.security.auth.realm.cache;

import java.security.Principal;
import java.security.Security;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Consumer;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.permission.LoginPermission;
import org.wildfly.security.auth.realm.CacheableSecurityRealm;
import org.wildfly.security.auth.realm.CachingSecurityRealm;
import org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm;
import org.wildfly.security.auth.realm.SimpleRealmEntry;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.auth.server.ServerAuthenticationContext;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.cache.LRURealmIdentityCache;
import org.wildfly.security.cache.RealmIdentityCache;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.PasswordGuessEvidence;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.WildFlyElytronPasswordProvider;
import org.wildfly.security.password.spec.ClearPasswordSpec;

/* loaded from: input_file:org/wildfly/security/auth/realm/cache/SecurityRealmIdentityCacheTest.class */
public class SecurityRealmIdentityCacheTest {
    private AtomicInteger realmHitCount = new AtomicInteger();

    @Before
    public void onBefore() {
        Security.addProvider(WildFlyElytronPasswordProvider.getInstance());
    }

    @Test
    public void testRealmIdentitySimpleJavaMapCache() throws Exception {
        SecurityDomain build = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", createSecurityRealm(createRealmIdentityLRUCache())).build().setPermissionMapper((permissionMappable, roles) -> {
            return LoginPermission.getInstance();
        }).build();
        for (int i = 0; i < 10; i++) {
            assertAuthenticationAndAuthorization("joe", build);
            Assert.assertEquals(1L, this.realmHitCount.get());
        }
        for (int i2 = 0; i2 < 10; i2++) {
            assertAuthenticationAndAuthorization("bob", build);
            Assert.assertEquals(2L, this.realmHitCount.get());
        }
    }

    @Test
    public void testRealmIdentityNoCache() throws Exception {
        SecurityDomain build = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", createSecurityRealm(null)).build().setPermissionMapper((permissionMappable, roles) -> {
            return LoginPermission.getInstance();
        }).build();
        for (int i = 0; i < 10; i++) {
            assertAuthenticationAndAuthorization("joe", build);
        }
        Assert.assertEquals(10L, this.realmHitCount.get());
    }

    @Test
    public void testMaxAge() throws Exception {
        SecurityDomain build = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", createSecurityRealm(createRealmIdentityLRUCache(2000))).build().setPermissionMapper((permissionMappable, roles) -> {
            return LoginPermission.getInstance();
        }).build();
        assertAuthenticationAndAuthorization("joe", build);
        assertAuthenticationAndAuthorization("joe", build);
        assertAuthenticationAndAuthorization("joe", build);
        Assert.assertEquals(1L, this.realmHitCount.get());
        Thread.sleep(3000L);
        assertAuthenticationAndAuthorization("joe", build);
        assertAuthenticationAndAuthorization("joe", build);
        assertAuthenticationAndAuthorization("joe", build);
        Assert.assertEquals(2L, this.realmHitCount.get());
    }

    private SecurityRealm createSecurityRealm(RealmIdentityCache realmIdentityCache) {
        final SimpleMapBackedSecurityRealm simpleMapBackedSecurityRealm = new SimpleMapBackedSecurityRealm();
        HashMap hashMap = new HashMap();
        addUser(hashMap, "joe", "User");
        addUser(hashMap, "bob", "User");
        simpleMapBackedSecurityRealm.setIdentityMap(hashMap);
        if (realmIdentityCache == null) {
            realmIdentityCache = new RealmIdentityCache() { // from class: org.wildfly.security.auth.realm.cache.SecurityRealmIdentityCacheTest.1
                public void put(Principal principal, RealmIdentity realmIdentity) {
                }

                public RealmIdentity get(Principal principal) {
                    return null;
                }

                public void remove(Principal principal) {
                }

                public void clear() {
                }
            };
        }
        return new CachingSecurityRealm(new CacheableSecurityRealm() { // from class: org.wildfly.security.auth.realm.cache.SecurityRealmIdentityCacheTest.2
            public void registerIdentityChangeListener(Consumer<Principal> consumer) {
            }

            public RealmIdentity getRealmIdentity(Principal principal) throws RealmUnavailableException {
                SecurityRealmIdentityCacheTest.this.realmHitCount.incrementAndGet();
                return simpleMapBackedSecurityRealm.getRealmIdentity(principal);
            }

            public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
                return simpleMapBackedSecurityRealm.getCredentialAcquireSupport(cls, str, algorithmParameterSpec);
            }

            public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
                return getEvidenceVerifySupport(cls, str);
            }
        }, realmIdentityCache) { // from class: org.wildfly.security.auth.realm.cache.SecurityRealmIdentityCacheTest.3
        };
    }

    private void addUser(Map<String, SimpleRealmEntry> map, String str, String str2) {
        try {
            List singletonList = Collections.singletonList(new PasswordCredential(PasswordFactory.getInstance("clear").generatePassword(new ClearPasswordSpec("password".toCharArray()))));
            MapAttributes mapAttributes = new MapAttributes();
            mapAttributes.addAll("Roles", Collections.singletonList(str2));
            map.put(str, new SimpleRealmEntry(singletonList, mapAttributes));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private void assertAuthenticationAndAuthorization(String str, SecurityDomain securityDomain) throws RealmUnavailableException {
        ServerAuthenticationContext createNewAuthenticationContext = securityDomain.createNewAuthenticationContext();
        createNewAuthenticationContext.setAuthenticationName(str);
        Assert.assertTrue(createNewAuthenticationContext.verifyEvidence(new PasswordGuessEvidence("password".toCharArray())));
        Assert.assertTrue(createNewAuthenticationContext.authorize(str));
        SecurityIdentity authorizedIdentity = createNewAuthenticationContext.getAuthorizedIdentity();
        Assert.assertNotNull(authorizedIdentity);
        Assert.assertEquals(str, authorizedIdentity.getPrincipal().getName());
    }

    private RealmIdentityCache createRealmIdentityLRUCache(int i) {
        return new LRURealmIdentityCache(1, i);
    }

    private RealmIdentityCache createRealmIdentityLRUCache() {
        return createRealmIdentityLRUCache(-1);
    }
}
