package org.wildfly.security.ldap;

import java.security.Principal;
import java.security.spec.AlgorithmParameterSpec;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Consumer;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import org.junit.Assert;
import org.junit.Test;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.permission.LoginPermission;
import org.wildfly.security.auth.realm.CacheableSecurityRealm;
import org.wildfly.security.auth.realm.CachingModifiableSecurityRealm;
import org.wildfly.security.auth.realm.ldap.LdapSecurityRealmBuilder;
import org.wildfly.security.auth.server.ModifiableRealmIdentity;
import org.wildfly.security.auth.server.ModifiableRealmIdentityIterator;
import org.wildfly.security.auth.server.ModifiableSecurityRealm;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.auth.server.ServerAuthenticationContext;
import org.wildfly.security.auth.server.ServerUtils;
import org.wildfly.security.authz.Attributes;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.cache.RealmIdentityCache;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.PasswordGuessEvidence;
import org.wildfly.security.password.interfaces.ClearPassword;

/* loaded from: input_file:org/wildfly/security/ldap/LdapSecurityRealmIdentityCacheSuiteChild.class */
public class LdapSecurityRealmIdentityCacheSuiteChild {
    private CountDownLatch waitServerNotification = new CountDownLatch(1);
    private AtomicInteger realmHitCount = new AtomicInteger();
    private AtomicInteger credentialHitCount = new AtomicInteger();
    private AtomicInteger attributesHitCount = new AtomicInteger();
    private AtomicInteger evidencesHitCount = new AtomicInteger();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/security/ldap/LdapSecurityRealmIdentityCacheSuiteChild$MockCacheableModifiableSecurityRealm.class */
    public class MockCacheableModifiableSecurityRealm implements ModifiableSecurityRealm, CacheableSecurityRealm {
        private final ModifiableSecurityRealm realm;

        public MockCacheableModifiableSecurityRealm(ModifiableSecurityRealm modifiableSecurityRealm) {
            this.realm = modifiableSecurityRealm;
        }

        public void registerIdentityChangeListener(Consumer<Principal> consumer) {
            this.realm.registerIdentityChangeListener(principal -> {
                consumer.accept(principal);
                LdapSecurityRealmIdentityCacheSuiteChild.this.waitServerNotification.countDown();
            });
        }

        public RealmIdentity getRealmIdentity(final Principal principal) throws RealmUnavailableException {
            LdapSecurityRealmIdentityCacheSuiteChild.this.realmHitCount.incrementAndGet();
            return new RealmIdentity() { // from class: org.wildfly.security.ldap.LdapSecurityRealmIdentityCacheSuiteChild.MockCacheableModifiableSecurityRealm.1
                RealmIdentity identity;

                {
                    this.identity = MockCacheableModifiableSecurityRealm.this.realm.getRealmIdentity(principal);
                }

                public Principal getRealmIdentityPrincipal() {
                    return this.identity.getRealmIdentityPrincipal();
                }

                public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
                    LdapSecurityRealmIdentityCacheSuiteChild.this.credentialHitCount.incrementAndGet();
                    return this.identity.getCredentialAcquireSupport(cls, str, algorithmParameterSpec);
                }

                public <C extends Credential> C getCredential(Class<C> cls) throws RealmUnavailableException {
                    LdapSecurityRealmIdentityCacheSuiteChild.this.credentialHitCount.incrementAndGet();
                    return (C) this.identity.getCredential(cls);
                }

                public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
                    LdapSecurityRealmIdentityCacheSuiteChild.this.evidencesHitCount.incrementAndGet();
                    return this.identity.getEvidenceVerifySupport(cls, str);
                }

                public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
                    LdapSecurityRealmIdentityCacheSuiteChild.this.evidencesHitCount.incrementAndGet();
                    return this.identity.verifyEvidence(evidence);
                }

                public boolean exists() throws RealmUnavailableException {
                    return this.identity.exists();
                }

                public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
                    LdapSecurityRealmIdentityCacheSuiteChild.this.attributesHitCount.incrementAndGet();
                    return this.identity.getAuthorizationIdentity();
                }

                public Attributes getAttributes() throws RealmUnavailableException {
                    LdapSecurityRealmIdentityCacheSuiteChild.this.attributesHitCount.incrementAndGet();
                    return this.identity.getAttributes();
                }
            };
        }

        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            return this.realm.getCredentialAcquireSupport(cls, str, algorithmParameterSpec);
        }

        public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            return this.realm.getEvidenceVerifySupport(cls, str);
        }

        public ModifiableRealmIdentity getRealmIdentityForUpdate(Principal principal) throws RealmUnavailableException {
            return this.realm.getRealmIdentityForUpdate(principal);
        }

        public ModifiableRealmIdentityIterator getRealmIdentityIterator() throws RealmUnavailableException {
            return this.realm.getRealmIdentityIterator();
        }
    }

    @Test
    public void testCacheUpdateAfterChangeNotificationFromServer() throws Exception {
        SecurityDomain build = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", createSecurityRealm(true, false)).build().setPermissionMapper((permissionMappable, roles) -> {
            return LoginPermission.getInstance();
        }).build();
        for (int i = 0; i < 10; i++) {
            assertAuthenticationAndAuthorization("plainUser", build);
            Assert.assertEquals(1L, this.realmHitCount.get());
            Assert.assertEquals(1L, this.credentialHitCount.get());
            Assert.assertEquals(1L, this.attributesHitCount.get());
            Assert.assertEquals(0L, this.evidencesHitCount.get());
        }
        DirContext dirContext = (DirContext) LdapTestSuite.dirContextFactory.create().get();
        dirContext.modifyAttributes("uid=plainUser,dc=elytron,dc=wildfly,dc=org", new ModificationItem[]{new ModificationItem(2, new BasicAttribute("sn", "Changed SN"))});
        this.waitServerNotification.await(5L, TimeUnit.SECONDS);
        assertAuthenticationAndAuthorization("plainUser", build);
        Assert.assertEquals(2L, this.realmHitCount.get());
        Assert.assertEquals(2L, this.credentialHitCount.get());
        Assert.assertEquals(2L, this.attributesHitCount.get());
        Assert.assertEquals(0L, this.evidencesHitCount.get());
        dirContext.close();
    }

    @Test
    public void testCacheUpdateAfterRemoveNotificationFromServer() throws Exception {
        SecurityDomain build = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", createSecurityRealm(true, false)).build().setPermissionMapper((permissionMappable, roles) -> {
            return LoginPermission.getInstance();
        }).build();
        assertAuthenticationAndAuthorization("userToRemove", build);
        assertAuthenticationAndAuthorization("userToRemove", build);
        Assert.assertEquals(1L, this.realmHitCount.get());
        DirContext dirContext = (DirContext) LdapTestSuite.dirContextFactory.create().get();
        dirContext.destroySubcontext("uid=userToRemove,dc=elytron,dc=wildfly,dc=org");
        this.waitServerNotification.await(5L, TimeUnit.SECONDS);
        Assert.assertFalse(createServerAuthenticationContext("userToRemove", build).exists());
        dirContext.close();
    }

    @Test
    public void testDirectVerificationCaching() throws Exception {
        SecurityDomain build = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", createSecurityRealm(false, true)).build().setPermissionMapper((permissionMappable, roles) -> {
            return LoginPermission.getInstance();
        }).build();
        for (int i = 0; i < 5; i++) {
            org.wildfly.common.Assert.assertTrue(createServerAuthenticationContext("plainUser", build).verifyEvidence(new PasswordGuessEvidence("plainPassword".toCharArray())));
            Assert.assertEquals(1L, this.realmHitCount.get());
            Assert.assertEquals(1L, this.credentialHitCount.get());
            Assert.assertEquals(0L, this.attributesHitCount.get());
            Assert.assertEquals(1L, this.evidencesHitCount.get());
        }
    }

    private void assertAuthenticationAndAuthorization(String str, SecurityDomain securityDomain) throws RealmUnavailableException {
        ServerAuthenticationContext createServerAuthenticationContext = createServerAuthenticationContext(str, securityDomain);
        org.wildfly.common.Assert.assertTrue(createServerAuthenticationContext.verifyEvidence(new PasswordGuessEvidence("plainPassword".toCharArray())));
        Assert.assertEquals(SupportLevel.SUPPORTED, createServerAuthenticationContext.getCredentialAcquireSupport(PasswordCredential.class, "clear"));
        Assert.assertEquals("plainPassword", new String(createServerAuthenticationContext.getCredential(PasswordCredential.class).getPassword().castAs(ClearPassword.class, "clear").getPassword()));
        org.wildfly.common.Assert.assertTrue(createServerAuthenticationContext.verifyEvidence(new PasswordGuessEvidence("plainPassword".toCharArray())));
        org.wildfly.common.Assert.assertTrue(createServerAuthenticationContext.authorize(str));
        SecurityIdentity authorizedIdentity = createServerAuthenticationContext.getAuthorizedIdentity();
        org.wildfly.common.Assert.assertNotNull(authorizedIdentity);
        org.wildfly.common.Assert.assertNotNull(authorizedIdentity.getAttributes());
        Assert.assertEquals(str, authorizedIdentity.getPrincipal().getName());
    }

    private ServerAuthenticationContext createServerAuthenticationContext(String str, SecurityDomain securityDomain) throws RealmUnavailableException {
        ServerAuthenticationContext createNewAuthenticationContext = securityDomain.createNewAuthenticationContext();
        createNewAuthenticationContext.setAuthenticationName(str);
        return createNewAuthenticationContext;
    }

    private ModifiableSecurityRealm createSecurityRealm(boolean z, boolean z2) {
        LdapSecurityRealmBuilder build = LdapSecurityRealmBuilder.builder().setProviders(ServerUtils.ELYTRON_PASSWORD_PROVIDERS).setDirContextSupplier(LdapTestSuite.dirContextFactory.create()).identityMapping().setSearchDn("dc=elytron,dc=wildfly,dc=org").setRdnIdentifier("uid").build();
        if (z) {
            build.userPasswordCredentialLoader().build();
        }
        if (z2) {
            build.addDirectEvidenceVerification();
        }
        return new CachingModifiableSecurityRealm(new MockCacheableModifiableSecurityRealm(build.build()), createRealmIdentitySimpleJavaMapCache(), ServerUtils.ELYTRON_PASSWORD_PROVIDERS);
    }

    private RealmIdentityCache createRealmIdentitySimpleJavaMapCache() {
        return new RealmIdentityCache() { // from class: org.wildfly.security.ldap.LdapSecurityRealmIdentityCacheSuiteChild.1
            private Map<Principal, RealmIdentity> cache = new HashMap();

            public void put(Principal principal, RealmIdentity realmIdentity) {
                this.cache.put(principal, realmIdentity);
            }

            public RealmIdentity get(Principal principal) {
                return this.cache.get(principal);
            }

            public void remove(Principal principal) {
                this.cache.remove(principal);
            }

            public void clear() {
                this.cache.clear();
            }
        };
    }
}
