package org.wildfly.security.auth;

import java.security.spec.AlgorithmParameterSpec;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.wildfly.security.auth.permission.LoginPermission;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.realm.JaasSecurityRealm;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.ServerAuthenticationContext;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.PublicKeyCredential;
import org.wildfly.security.evidence.PasswordGuessEvidence;

/* loaded from: input_file:org/wildfly/security/auth/JaasSecurityRealmTest.class */
public class JaasSecurityRealmTest {
    @BeforeClass
    public static void beforeClass() {
        System.setProperty("java.security.auth.login.config", JaasSecurityRealmTest.class.getResource("jaas-login.config").toString());
    }

    @AfterClass
    public static void afterClass() {
        System.clearProperty("java.security.auth.login.config");
    }

    @Test
    public void testSmokeJaasSecurityRealm() throws Exception {
        RealmIdentity realmIdentity = new JaasSecurityRealm("Entry1").getRealmIdentity(new NamePrincipal("elytron"));
        Assert.assertNotNull("Unexpected null realm identity", realmIdentity);
        Assert.assertEquals("Invalid credential support", SupportLevel.UNSUPPORTED, realmIdentity.getCredentialAcquireSupport(PasswordCredential.class, "blah", (AlgorithmParameterSpec) null));
        Assert.assertEquals("Invalid credential support", SupportLevel.UNSUPPORTED, realmIdentity.getCredentialAcquireSupport(PublicKeyCredential.class, (String) null, (AlgorithmParameterSpec) null));
        Assert.assertEquals("Invalid credential support", SupportLevel.POSSIBLY_SUPPORTED, realmIdentity.getEvidenceVerifySupport(PasswordGuessEvidence.class, "blah"));
        Assert.assertNull("Invalid non null credential", realmIdentity.getCredential(PasswordCredential.class, (String) null));
        Assert.assertTrue(realmIdentity.verifyEvidence(new PasswordGuessEvidence("passwd12#$".toCharArray())));
        Assert.assertFalse(realmIdentity.verifyEvidence(new PasswordGuessEvidence("wrongpass".toCharArray())));
        Assert.assertTrue(realmIdentity.verifyEvidence(new PasswordGuessEvidence("passwd12#$".toCharArray())));
        Assert.assertNotNull("Unexpected null authenticated realm identity", realmIdentity.getAuthorizationIdentity());
    }

    @Test(expected = IllegalArgumentException.class)
    public void testEntryCannotBeNull() {
        new JaasSecurityRealm((String) null);
    }

    @Test(expected = RealmUnavailableException.class)
    public void testPathMustExist() throws RealmUnavailableException {
        new JaasSecurityRealm("entry", "this/path/does/not/exist").getRealmIdentity(new NamePrincipal("javajoe")).verifyEvidence(new PasswordGuessEvidence("$#21pass".toCharArray()));
    }

    @Test
    public void testJaasSecurityRealmWithCustomCallbackHandler() throws Exception {
        RealmIdentity realmIdentity = new JaasSecurityRealm("Entry1", (String) null, (ClassLoader) null, new TestCallbackHandler()).getRealmIdentity(new NamePrincipal("javajoe"));
        Assert.assertTrue(realmIdentity.verifyEvidence(new PasswordGuessEvidence("$#21pass".toCharArray())));
        Assert.assertFalse(realmIdentity.verifyEvidence(new PasswordGuessEvidence("wrongpass".toCharArray())));
    }

    @Test
    public void testJaasSecurityRealmWithEntry2() throws Exception {
        JaasSecurityRealm jaasSecurityRealm = new JaasSecurityRealm("Entry2", (String) null, (ClassLoader) null, new TestCallbackHandler());
        RealmIdentity realmIdentity = jaasSecurityRealm.getRealmIdentity(new NamePrincipal("javajoe"));
        Assert.assertFalse(realmIdentity.verifyEvidence(new PasswordGuessEvidence("$#21pass".toCharArray())));
        Assert.assertFalse(realmIdentity.verifyEvidence(new PasswordGuessEvidence("wrongpass".toCharArray())));
        RealmIdentity realmIdentity2 = jaasSecurityRealm.getRealmIdentity(new NamePrincipal("userFromTestModule2"));
        Assert.assertFalse(realmIdentity2.verifyEvidence(new PasswordGuessEvidence("$#21pass".toCharArray())));
        Assert.assertTrue(realmIdentity2.verifyEvidence(new PasswordGuessEvidence("userPassword".toCharArray())));
    }

    @Test
    public void testJaasSecurityRealmWithConfiguredPathToJAASConfigFile() throws Exception {
        JaasSecurityRealm jaasSecurityRealm = new JaasSecurityRealm("Entry1", "./src/test/resources/org/wildfly/security/auth/jaas-login2.config", (ClassLoader) null);
        Assert.assertFalse(jaasSecurityRealm.getRealmIdentity(new NamePrincipal("javajoe")).verifyEvidence(new PasswordGuessEvidence("$#21pass".toCharArray())));
        RealmIdentity realmIdentity = jaasSecurityRealm.getRealmIdentity(new NamePrincipal("userFromTestModule2"));
        Assert.assertFalse(realmIdentity.verifyEvidence(new PasswordGuessEvidence("wrongpass".toCharArray())));
        Assert.assertTrue(realmIdentity.verifyEvidence(new PasswordGuessEvidence("userPassword".toCharArray())));
        ServerAuthenticationContext createNewAuthenticationContext = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", jaasSecurityRealm).build().setPermissionMapper((permissionMappable, roles) -> {
            return LoginPermission.getInstance();
        }).build().createNewAuthenticationContext();
        createNewAuthenticationContext.setAuthenticationName("userFromTestModule2");
        Assert.assertFalse(createNewAuthenticationContext.verifyEvidence(new PasswordGuessEvidence("incorrectPassword".toCharArray())));
        Assert.assertTrue(createNewAuthenticationContext.verifyEvidence(new PasswordGuessEvidence("userPassword".toCharArray())));
        Assert.assertTrue(createNewAuthenticationContext.authorize());
        Assert.assertTrue(createNewAuthenticationContext.exists());
    }

    @Test
    public void testJaasAuthorizationIdentityRoles() throws Exception {
        ServerAuthenticationContext createNewAuthenticationContext = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", new JaasSecurityRealm("Entry1", (String) null, (ClassLoader) null, new TestCallbackHandler())).build().setPermissionMapper((permissionMappable, roles) -> {
            return LoginPermission.getInstance();
        }).build().createNewAuthenticationContext();
        createNewAuthenticationContext.setAuthenticationPrincipal(new NamePrincipal("javajoe"));
        Assert.assertTrue(createNewAuthenticationContext.verifyEvidence(new PasswordGuessEvidence("$#21pass".toCharArray())));
        Assert.assertTrue(createNewAuthenticationContext.authorize());
        Assert.assertTrue(createNewAuthenticationContext.exists());
        Assert.assertTrue(createNewAuthenticationContext.getAuthorizedIdentity().getRoles().contains("Admin"));
        Assert.assertTrue(createNewAuthenticationContext.getAuthorizedIdentity().getRoles().contains("User"));
        Assert.assertTrue(createNewAuthenticationContext.getAuthorizedIdentity().getRoles().contains("Guest"));
        Assert.assertFalse(createNewAuthenticationContext.getAuthorizedIdentity().getRoles().contains("Non_existent_role"));
    }

    @Test
    public void testJaasRealmAttributes() throws Exception {
        ServerAuthenticationContext createNewAuthenticationContext = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", new JaasSecurityRealm("Entry1", (String) null, (ClassLoader) null, new TestCallbackHandler())).build().setPermissionMapper((permissionMappable, roles) -> {
            return LoginPermission.getInstance();
        }).build().createNewAuthenticationContext();
        createNewAuthenticationContext.setAuthenticationPrincipal(new NamePrincipal("javajoe"));
        Assert.assertTrue(createNewAuthenticationContext.verifyEvidence(new PasswordGuessEvidence("$#21pass".toCharArray())));
        Assert.assertTrue(createNewAuthenticationContext.authorize());
        Assert.assertTrue(createNewAuthenticationContext.exists());
        Assert.assertTrue(createNewAuthenticationContext.getAuthorizedIdentity().getAttributes().containsKey("NamePrincipal"));
        Assert.assertEquals("whoami", createNewAuthenticationContext.getAuthorizedIdentity().getAttributes().get("NamePrincipal").get(0));
        Assert.assertEquals("anonymous", createNewAuthenticationContext.getAuthorizedIdentity().getAttributes().get("AnonymousPrincipal").get(0));
        Assert.assertNotEquals("non_existent_attribute", createNewAuthenticationContext.getAuthorizedIdentity().getAttributes().get("NamePrincipal").get(0));
        Assert.assertNotEquals("whoami", createNewAuthenticationContext.getAuthorizedIdentity().getAttributes().get("NonExistentAttributeKey").get(0));
        Assert.assertEquals("Admin", createNewAuthenticationContext.getAuthorizedIdentity().getAttributes().get("Roles").get(0));
        Assert.assertEquals("User", createNewAuthenticationContext.getAuthorizedIdentity().getAttributes().get("Roles").get(1));
        Assert.assertEquals("Guest", createNewAuthenticationContext.getAuthorizedIdentity().getAttributes().get("Roles").get(2));
    }

    @Test
    public void testJaasRealmWithProvidedClassLoader() throws Exception {
        ServerAuthenticationContext createNewAuthenticationContext = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", new JaasSecurityRealm("Entry1", (String) null, TestLoginModule2.class.getClassLoader())).build().setPermissionMapper((permissionMappable, roles) -> {
            return LoginPermission.getInstance();
        }).build().createNewAuthenticationContext();
        createNewAuthenticationContext.setAuthenticationPrincipal(new NamePrincipal("javajoe"));
        Assert.assertTrue(createNewAuthenticationContext.verifyEvidence(new PasswordGuessEvidence("$#21pass".toCharArray())));
        Assert.assertTrue(createNewAuthenticationContext.authorize());
        Assert.assertTrue(createNewAuthenticationContext.exists());
        Assert.assertTrue(createNewAuthenticationContext.getAuthorizedIdentity().getAttributes().containsKey("NamePrincipal"));
        Assert.assertEquals("whoami", createNewAuthenticationContext.getAuthorizedIdentity().getAttributes().get("NamePrincipal").get(0));
        Assert.assertEquals("anonymous", createNewAuthenticationContext.getAuthorizedIdentity().getAttributes().get("AnonymousPrincipal").get(0));
        Assert.assertNotEquals("non_existent_attribute", createNewAuthenticationContext.getAuthorizedIdentity().getAttributes().get("NamePrincipal").get(0));
        Assert.assertNotEquals("whoami", createNewAuthenticationContext.getAuthorizedIdentity().getAttributes().get("NonExistentAttributeKey").get(0));
        Assert.assertEquals("Admin", createNewAuthenticationContext.getAuthorizedIdentity().getAttributes().get("Roles").get(0));
        Assert.assertEquals("User", createNewAuthenticationContext.getAuthorizedIdentity().getAttributes().get("Roles").get(1));
        Assert.assertEquals("Guest", createNewAuthenticationContext.getAuthorizedIdentity().getAttributes().get("Roles").get(2));
    }
}
