package org.wildfly.security.auth.server;

import java.io.File;
import java.io.IOException;
import java.nio.file.FileVisitResult;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.SimpleFileVisitor;
import java.nio.file.attribute.BasicFileAttributes;
import java.nio.file.attribute.FileAttribute;
import java.util.Collections;
import org.junit.Assert;
import org.junit.Test;
import org.wildfly.security.auth.permission.LoginPermission;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.realm.FileSystemSecurityRealm;
import org.wildfly.security.authz.Attributes;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.authz.Roles;
import org.wildfly.security.authz.SourceAddressRoleDecoder;
import org.wildfly.security.permission.PermissionVerifier;

/* loaded from: input_file:org/wildfly/security/auth/server/SourceAddressRuntimeAttributesTest.class */
public class SourceAddressRuntimeAttributesTest {
    @Test
    public void testRoleDecodingWithSourceAddressMatch() throws Exception {
        FileSystemSecurityRealm createSecurityRealm = createSecurityRealm();
        SecurityDomain build = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", createSecurityRealm).build().setPermissionMapper((permissionMappable, roles) -> {
            return roles.contains("Admin") ? LoginPermission.getInstance() : PermissionVerifier.NONE;
        }).setRoleDecoder(new SourceAddressRoleDecoder("10.12.14.16", Roles.of("Admin"))).build();
        ServerAuthenticationContext createNewAuthenticationContext = build.createNewAuthenticationContext();
        createNewAuthenticationContext.setAuthenticationName("bob");
        Assert.assertFalse(createNewAuthenticationContext.authorize());
        ServerAuthenticationContext createNewAuthenticationContext2 = build.createNewAuthenticationContext();
        createNewAuthenticationContext2.addRuntimeAttributes(createRuntimeAttributes("10.12.14.16"));
        createNewAuthenticationContext2.setAuthenticationName("bob");
        Assert.assertTrue(createNewAuthenticationContext2.authorize());
        ServerAuthenticationContext createNewAuthenticationContext3 = build.createNewAuthenticationContext();
        createNewAuthenticationContext3.addRuntimeAttributes(createRuntimeAttributes(null));
        createNewAuthenticationContext3.setAuthenticationName("bob");
        Assert.assertFalse(createNewAuthenticationContext3.authorize());
        ServerAuthenticationContext createNewAuthenticationContext4 = build.createNewAuthenticationContext();
        createNewAuthenticationContext4.setAuthenticationName("alice");
        Assert.assertTrue(createNewAuthenticationContext4.authorize());
        ServerAuthenticationContext createNewAuthenticationContext5 = build.createNewAuthenticationContext();
        createNewAuthenticationContext5.addRuntimeAttributes(createRuntimeAttributes("10.12.14.16"));
        createNewAuthenticationContext5.setAuthenticationName("alice");
        Assert.assertTrue(createNewAuthenticationContext5.authorize());
        ServerAuthenticationContext createNewAuthenticationContext6 = build.createNewAuthenticationContext();
        createNewAuthenticationContext6.addRuntimeAttributes(createRuntimeAttributes(null));
        createNewAuthenticationContext6.setAuthenticationName("alice");
        Assert.assertTrue(createNewAuthenticationContext6.authorize());
    }

    @Test
    public void testRoleDecodingWithSourceAddressMismatch() throws Exception {
        FileSystemSecurityRealm createSecurityRealm = createSecurityRealm();
        SecurityDomain build = SecurityDomain.builder().setDefaultRealmName("default").addRealm("default", createSecurityRealm).build().setPermissionMapper((permissionMappable, roles) -> {
            return roles.contains("Admin") ? LoginPermission.getInstance() : PermissionVerifier.NONE;
        }).setRoleDecoder(new SourceAddressRoleDecoder("10.12.14.16", Roles.of("Admin"))).build();
        ServerAuthenticationContext createNewAuthenticationContext = build.createNewAuthenticationContext();
        createNewAuthenticationContext.setAuthenticationName("bob");
        Assert.assertFalse(createNewAuthenticationContext.authorize());
        ServerAuthenticationContext createNewAuthenticationContext2 = build.createNewAuthenticationContext();
        createNewAuthenticationContext2.addRuntimeAttributes(createRuntimeAttributes("10.12.16.16"));
        createNewAuthenticationContext2.setAuthenticationName("bob");
        Assert.assertFalse(createNewAuthenticationContext2.authorize());
        ServerAuthenticationContext createNewAuthenticationContext3 = build.createNewAuthenticationContext();
        createNewAuthenticationContext3.setAuthenticationName("alice");
        Assert.assertTrue(createNewAuthenticationContext3.authorize());
        ServerAuthenticationContext createNewAuthenticationContext4 = build.createNewAuthenticationContext();
        createNewAuthenticationContext4.addRuntimeAttributes(createRuntimeAttributes("10.12.16.16"));
        createNewAuthenticationContext4.setAuthenticationName("alice");
        Assert.assertTrue(createNewAuthenticationContext4.authorize());
    }

    private FileSystemSecurityRealm createSecurityRealm() throws Exception {
        FileSystemSecurityRealm fileSystemSecurityRealm = new FileSystemSecurityRealm(getRootPath(true));
        addUser(fileSystemSecurityRealm, "alice", "Admin");
        addUser(fileSystemSecurityRealm, "bob", "Employee");
        return fileSystemSecurityRealm;
    }

    private Path getRootPath(boolean z) throws Exception {
        Path resolve = Paths.get(getClass().getResource(File.separator).toURI()).resolve("filesystem-realm");
        return (!resolve.toFile().exists() || z) ? Files.walkFileTree(Files.createDirectories(resolve, new FileAttribute[0]), new SimpleFileVisitor<Path>() { // from class: org.wildfly.security.auth.server.SourceAddressRuntimeAttributesTest.1
            @Override // java.nio.file.SimpleFileVisitor, java.nio.file.FileVisitor
            public FileVisitResult visitFile(Path path, BasicFileAttributes basicFileAttributes) throws IOException {
                Files.delete(path);
                return FileVisitResult.CONTINUE;
            }

            @Override // java.nio.file.SimpleFileVisitor, java.nio.file.FileVisitor
            public FileVisitResult postVisitDirectory(Path path, IOException iOException) throws IOException {
                return FileVisitResult.CONTINUE;
            }
        }) : resolve;
    }

    private void addUser(ModifiableSecurityRealm modifiableSecurityRealm, String str, String str2) throws RealmUnavailableException {
        MapAttributes mapAttributes = new MapAttributes();
        mapAttributes.addAll("Roles", Collections.singletonList(str2));
        ModifiableRealmIdentity realmIdentityForUpdate = modifiableSecurityRealm.getRealmIdentityForUpdate(new NamePrincipal(str));
        realmIdentityForUpdate.create();
        realmIdentityForUpdate.setAttributes(mapAttributes);
        realmIdentityForUpdate.dispose();
    }

    private Attributes createRuntimeAttributes(String str) {
        MapAttributes mapAttributes = new MapAttributes();
        if (str != null) {
            mapAttributes.addFirst("Source-Address", str);
        }
        return mapAttributes;
    }
}
