package org.wildfly.security.auth.realm.cache;

import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.FileVisitResult;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.SimpleFileVisitor;
import java.nio.file.attribute.BasicFileAttributes;
import java.nio.file.attribute.FileAttribute;
import java.security.Principal;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Consumer;
import org.junit.Assert;
import org.junit.Test;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.permission.LoginPermission;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.realm.CacheableSecurityRealm;
import org.wildfly.security.auth.realm.CachingModifiableSecurityRealm;
import org.wildfly.security.auth.realm.FileSystemSecurityRealm;
import org.wildfly.security.auth.server.ModifiableRealmIdentity;
import org.wildfly.security.auth.server.ModifiableRealmIdentityIterator;
import org.wildfly.security.auth.server.ModifiableSecurityRealm;
import org.wildfly.security.auth.server.NameRewriter;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.auth.server.ServerAuthenticationContext;
import org.wildfly.security.auth.server.ServerUtils;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.cache.LRURealmIdentityCache;
import org.wildfly.security.cache.RealmIdentityCache;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.PasswordGuessEvidence;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.password.spec.Encoding;

/* loaded from: input_file:org/wildfly/security/auth/realm/cache/ModifiableSecurityRealmIdentityCacheTest.class */
public class ModifiableSecurityRealmIdentityCacheTest {
    private AtomicInteger realmHitCount = new AtomicInteger();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/security/auth/realm/cache/ModifiableSecurityRealmIdentityCacheTest$MockCacheableModifiableSecurityRealm.class */
    public class MockCacheableModifiableSecurityRealm implements ModifiableSecurityRealm, CacheableSecurityRealm {
        private final FileSystemSecurityRealm realm;

        public MockCacheableModifiableSecurityRealm(FileSystemSecurityRealm fileSystemSecurityRealm) {
            this.realm = fileSystemSecurityRealm;
        }

        public void registerIdentityChangeListener(Consumer<Principal> consumer) {
            this.realm.registerIdentityChangeListener(consumer);
        }

        public RealmIdentity getRealmIdentity(Principal principal) throws RealmUnavailableException {
            ModifiableSecurityRealmIdentityCacheTest.this.realmHitCount.incrementAndGet();
            return this.realm.getRealmIdentity(principal);
        }

        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            return this.realm.getCredentialAcquireSupport(cls, str, algorithmParameterSpec);
        }

        public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            return this.realm.getEvidenceVerifySupport(cls, str);
        }

        public ModifiableRealmIdentity getRealmIdentityForUpdate(Principal principal) throws RealmUnavailableException {
            return this.realm.getRealmIdentityForUpdate(principal);
        }

        public ModifiableRealmIdentityIterator getRealmIdentityIterator() throws RealmUnavailableException {
            return this.realm.getRealmIdentityIterator();
        }
    }

    @Test
    public void testInvalidateEntryAfterChangingAttributes() throws Exception {
        ModifiableSecurityRealm createSecurityRealm = createSecurityRealm();
        SecurityDomain build = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", createSecurityRealm).build().setPermissionMapper((permissionMappable, roles) -> {
            return LoginPermission.getInstance();
        }).build();
        Assert.assertTrue(assertAuthenticationAndAuthorization("joe", "password", build).getAttributes().get("someAttribute").isEmpty());
        Assert.assertEquals(1L, this.realmHitCount.get());
        ModifiableRealmIdentity realmIdentityForUpdate = createSecurityRealm.getRealmIdentityForUpdate(new NamePrincipal("joe"));
        MapAttributes mapAttributes = new MapAttributes();
        mapAttributes.addFirst("someAttribute", "value");
        realmIdentityForUpdate.setAttributes(mapAttributes);
        realmIdentityForUpdate.dispose();
        SecurityIdentity assertAuthenticationAndAuthorization = assertAuthenticationAndAuthorization("joe", "password", build);
        Assert.assertEquals(2L, this.realmHitCount.get());
        Assert.assertFalse(assertAuthenticationAndAuthorization.getAttributes().get("someAttribute").isEmpty());
    }

    @Test
    public void testInvalidateEntryAfterChangingCredentials() throws Exception {
        ModifiableSecurityRealm createSecurityRealm = createSecurityRealm();
        SecurityDomain build = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", createSecurityRealm).build().setPermissionMapper((permissionMappable, roles) -> {
            return LoginPermission.getInstance();
        }).build();
        assertAuthenticationAndAuthorization("joe", "password", build);
        Assert.assertEquals(1L, this.realmHitCount.get());
        ModifiableRealmIdentity realmIdentityForUpdate = createSecurityRealm.getRealmIdentityForUpdate(new NamePrincipal("joe"));
        try {
            realmIdentityForUpdate.setCredentials(Collections.singletonList(new PasswordCredential(PasswordFactory.getInstance("clear", ServerUtils.ELYTRON_PASSWORD_PROVIDERS).generatePassword(new ClearPasswordSpec("password_changed".toCharArray())))));
            realmIdentityForUpdate.dispose();
            assertAuthenticationAndAuthorization("joe", "password_changed", build);
            Assert.assertEquals(2L, this.realmHitCount.get());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Test
    public void testInvalidateEntryAfterChangingCredentialsFromIterator() throws Exception {
        ModifiableSecurityRealm createSecurityRealm = createSecurityRealm();
        SecurityDomain build = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", createSecurityRealm).build().setPermissionMapper((permissionMappable, roles) -> {
            return LoginPermission.getInstance();
        }).build();
        assertAuthenticationAndAuthorization("joe", "password", build);
        Assert.assertEquals(1L, this.realmHitCount.get());
        ModifiableRealmIdentity modifiableRealmIdentity = (ModifiableRealmIdentity) createSecurityRealm.getRealmIdentityIterator().next();
        try {
            modifiableRealmIdentity.setCredentials(Collections.singletonList(new PasswordCredential(PasswordFactory.getInstance("clear", ServerUtils.ELYTRON_PASSWORD_PROVIDERS).generatePassword(new ClearPasswordSpec("password_changed".toCharArray())))));
            modifiableRealmIdentity.dispose();
            assertAuthenticationAndAuthorization("joe", "password_changed", build);
            Assert.assertEquals(2L, this.realmHitCount.get());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private ModifiableSecurityRealm createSecurityRealm() throws Exception {
        FileSystemSecurityRealm fileSystemSecurityRealm = new FileSystemSecurityRealm(getRootPath(true), NameRewriter.IDENTITY_REWRITER, 2, true, Encoding.BASE64, StandardCharsets.UTF_8, ServerUtils.ELYTRON_PASSWORD_PROVIDERS);
        addUser(fileSystemSecurityRealm, "joe", "User");
        return new CachingModifiableSecurityRealm(new MockCacheableModifiableSecurityRealm(fileSystemSecurityRealm), createRealmIdentitySimpleJavaMapCache(), ServerUtils.ELYTRON_PASSWORD_PROVIDERS);
    }

    private void addUser(ModifiableSecurityRealm modifiableSecurityRealm, String str, String str2) throws RealmUnavailableException {
        try {
            List singletonList = Collections.singletonList(new PasswordCredential(PasswordFactory.getInstance("clear", ServerUtils.ELYTRON_PASSWORD_PROVIDERS).generatePassword(new ClearPasswordSpec("password".toCharArray()))));
            MapAttributes mapAttributes = new MapAttributes();
            mapAttributes.addAll("Roles", Collections.singletonList(str2));
            ModifiableRealmIdentity realmIdentityForUpdate = modifiableSecurityRealm.getRealmIdentityForUpdate(new NamePrincipal(str));
            realmIdentityForUpdate.create();
            realmIdentityForUpdate.setAttributes(mapAttributes);
            realmIdentityForUpdate.setCredentials(singletonList);
            realmIdentityForUpdate.dispose();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private SecurityIdentity assertAuthenticationAndAuthorization(String str, String str2, SecurityDomain securityDomain) throws Exception {
        ServerAuthenticationContext createNewAuthenticationContext = securityDomain.createNewAuthenticationContext();
        createNewAuthenticationContext.setAuthenticationName(str);
        Assert.assertTrue(createNewAuthenticationContext.verifyEvidence(new PasswordGuessEvidence(str2.toCharArray())));
        Assert.assertTrue(createNewAuthenticationContext.authorize(str));
        createNewAuthenticationContext.succeed();
        SecurityIdentity authorizedIdentity = createNewAuthenticationContext.getAuthorizedIdentity();
        Assert.assertNotNull(authorizedIdentity);
        Assert.assertEquals(str, authorizedIdentity.getPrincipal().getName());
        return authorizedIdentity;
    }

    private RealmIdentityCache createRealmIdentitySimpleJavaMapCache() {
        return new LRURealmIdentityCache(16);
    }

    private Path getRootPath(boolean z) throws Exception {
        Path resolve = Paths.get(getClass().getResource(File.separator).toURI()).resolve("filesystem-realm-cache");
        if (!resolve.toFile().exists()) {
            resolve = Files.createDirectory(resolve, new FileAttribute[0]);
        } else if (!z) {
            return resolve;
        }
        return Files.walkFileTree(resolve, new SimpleFileVisitor<Path>() { // from class: org.wildfly.security.auth.realm.cache.ModifiableSecurityRealmIdentityCacheTest.1
            @Override // java.nio.file.SimpleFileVisitor, java.nio.file.FileVisitor
            public FileVisitResult visitFile(Path path, BasicFileAttributes basicFileAttributes) throws IOException {
                Files.delete(path);
                return FileVisitResult.CONTINUE;
            }

            @Override // java.nio.file.SimpleFileVisitor, java.nio.file.FileVisitor
            public FileVisitResult postVisitDirectory(Path path, IOException iOException) throws IOException {
                return FileVisitResult.CONTINUE;
            }
        });
    }
}
