package org.wildfly.security.ldap;

import org.junit.Assert;
import org.junit.Test;
import org.wildfly.security.auth.permission.LoginPermission;
import org.wildfly.security.auth.realm.AggregateSecurityRealm;
import org.wildfly.security.auth.realm.LegacyPropertiesSecurityRealm;
import org.wildfly.security.auth.realm.ldap.AttributeMapping;
import org.wildfly.security.auth.realm.ldap.LdapSecurityRealmBuilder;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.permission.PermissionVerifier;

/* loaded from: input_file:org/wildfly/security/ldap/RoleMappingSuiteChild.class */
public class RoleMappingSuiteChild extends AbstractAttributeMappingSuiteChild {
    @Test
    public void testRoleMappingWithMemberOf() throws Exception {
        assertAttributes("userWithMemberOfRoles", attributes -> {
            Assert.assertEquals("Expected a single attribute.", 1L, attributes.size());
            assertAttributeValue(attributes.get("Roles"), "roleByMemberOf");
        }, AttributeMapping.fromIdentity().from("memberOf").extractRdn("CN").to("Roles").build());
    }

    @Test
    public void testRoleMappingWithMemberOfAttribute() throws Exception {
        assertAttributes("userWithMemberOfRoles", attributes -> {
            Assert.assertEquals("Expected a single attribute.", 1L, attributes.size());
            assertAttributeValue(attributes.get("Roles"), "roleByMemberOfDescription");
        }, AttributeMapping.fromReference("memberOf").from("description").to("Roles").build());
    }

    @Test
    public void testRoleMappingWithMemberOfRecursive() throws Exception {
        assertAttributes("userWithMemberOfRoles", attributes -> {
            Assert.assertEquals("Expected a single attribute.", 1L, attributes.size());
            assertAttributeValue(attributes.get("Roles"), "roleByMemberOfDescription", "roleOfRoleByMemberOfDescription");
        }, AttributeMapping.fromReference("memberOf").roleRecursion(3).from("description").to("Roles").build());
    }

    @Test
    public void testRoleMappingFromSpecificBaseDN() throws Exception {
        assertAttributes("userWithRoles", attributes -> {
            Assert.assertEquals("Expected a single attribute.", 1L, attributes.size());
            assertAttributeValue(attributes.get("Roles"), "RoleFromRolesOu");
        }, AttributeMapping.fromFilter("(&(objectClass=groupOfNames)(member={1}))").from("CN").searchDn("ou=Roles,dc=elytron,dc=wildfly,dc=org").to("Roles").build());
    }

    @Test
    public void testRoleMappingRecursiveFromBaseDN() throws Exception {
        assertAttributes("userWithRoles", attributes -> {
            Assert.assertEquals("Expected a single attribute.", 1L, attributes.size());
            assertAttributeValue(attributes.get("Roles"), "RoleFromRolesOu", "RoleFromBaseDN");
        }, AttributeMapping.fromFilter("(&(objectClass=groupOfNames)(member={1}))").from("CN").to("Roles").build());
    }

    @Test
    public void testRoleMappingNoRecursiveOnlyFromBaseDN() throws Exception {
        assertAttributes("userWithRoles", attributes -> {
            Assert.assertEquals("Expected a single attribute.", 1L, attributes.size());
            assertAttributeValue(attributes.get("Roles"), "RoleFromBaseDN");
        }, AttributeMapping.fromFilter("(&(objectClass=groupOfNames)(member={1}))").from("CN").to("Roles").searchRecursively(false).build());
    }

    @Test
    public void testRecursiveRoles() throws Exception {
        assertAttributes("jduke", attributes -> {
            Assert.assertEquals("Expected a single attribute.", 1L, attributes.size());
            assertAttributeValue(attributes.get("Roles"), "R1", "R2");
        }, AttributeMapping.fromFilter("(&(objectClass=groupOfNames)(member={1}))").from("cn").roleRecursion(1).to("Roles").build());
    }

    @Test
    public void testRecursiveRolesCycle() throws Exception {
        assertAttributes("jduke", attributes -> {
            Assert.assertEquals("Expected a single attribute.", 1L, attributes.size());
            assertAttributeValue(attributes.get("Roles"), "R1", "R2", "R3");
        }, AttributeMapping.fromFilter("(&(objectClass=groupOfNames)(member={1}))").from("cn").roleRecursion(10).to("Roles").build());
    }

    @Test
    public void testRecursiveRolesMoreWaysToOneRole() throws Exception {
        assertAttributes("ranvir", attributes -> {
            Assert.assertEquals("Expected a single attribute.", 1L, attributes.size());
            assertAttributeValue(attributes.get("Roles"), "MWR1", "MWR2", "MWR3");
        }, AttributeMapping.fromFilter("(&(objectClass=groupOfNames)(member={1}))").from("cn").roleRecursion(1).to("Roles").build());
    }

    @Test
    public void testRecursiveRolesByName() throws Exception {
        assertAttributes("falith", attributes -> {
            Assert.assertEquals("Expected a single attribute.", 1L, attributes.size());
            assertAttributeValue(attributes.get("Roles"), "RN1", "RN2");
        }, AttributeMapping.fromFilter("description={0}").from("cn").roleRecursionName("cn").roleRecursion(1).to("Roles").build());
    }

    @Test
    public void testAuthorizationWithDifferentAuthenticationRealm() throws Exception {
        SecurityDomain.Builder build = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", new AggregateSecurityRealm(LegacyPropertiesSecurityRealm.builder().setUsersStream(getClass().getResourceAsStream("/org/wildfly/security/auth/realm/nonldap.properties")).setPlainText(true).build(), LdapSecurityRealmBuilder.builder().setDirContextSupplier(LdapTestSuite.dirContextFactory.create()).identityMapping().setSearchDn("dc=elytron,dc=wildfly,dc=org").searchRecursive().setRdnIdentifier("uid").map(new AttributeMapping[]{AttributeMapping.fromFilter("description={0}").from("cn").roleRecursionName("cn").roleRecursion(2).to("Roles").build()}).build().build())).build();
        build.setPermissionMapper((permissionMappable, roles) -> {
            return PermissionVerifier.from(new LoginPermission());
        });
        assertAttributes(build.build(), "hybridUser", attributes -> {
            Assert.assertEquals("Expected a single attribute.", 1L, attributes.size());
            assertAttributeValue(attributes.get("Roles"), "RN3");
        });
    }
}
