package org.apache.qpid.server.security.auth.manager;

import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.UUID;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.sasl.SaslException;
import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
import org.apache.qpid.server.configuration.updater.TaskExecutor;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.User;
import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.util.BrokerTestHelper;
import org.apache.qpid.test.utils.QpidTestCase;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/ScramSHA1AuthenticationManagerTest.class */
public class ScramSHA1AuthenticationManagerTest extends QpidTestCase {
    private ScramSHA1AuthenticationManager _authManager;
    private Broker _broker;
    private SecurityManager _securityManager;
    private TaskExecutor _executor;

    public void setUp() throws Exception {
        super.setUp();
        this._executor = new CurrentThreadTaskExecutor();
        this._executor.start();
        this._broker = BrokerTestHelper.createBrokerMock();
        this._securityManager = (SecurityManager) Mockito.mock(SecurityManager.class);
        Mockito.when(this._broker.getTaskExecutor()).thenReturn(this._executor);
        Mockito.when(this._broker.getSecurityManager()).thenReturn(this._securityManager);
        HashMap hashMap = new HashMap();
        hashMap.put("name", getTestName());
        hashMap.put("id", UUID.randomUUID());
        this._authManager = new ScramSHA1AuthenticationManager(hashMap, this._broker);
        this._authManager.open();
    }

    public void tearDown() throws Exception {
        this._executor.stop();
        super.tearDown();
    }

    public void testMechanisms() {
        SubjectCreator subjectCreator = this._authManager.getSubjectCreator(false);
        assertFalse("PLAIN authentication should not be available on an insecure connection", subjectCreator.getMechanisms().contains("PLAIN"));
        SubjectCreator subjectCreator2 = this._authManager.getSubjectCreator(true);
        assertTrue("PLAIN authentication should be available on a secure connection", subjectCreator2.getMechanisms().contains("PLAIN"));
        try {
            assertNotNull(subjectCreator2.createSaslServer("PLAIN", "127.0.0.1", (Principal) null));
        } catch (SaslException e) {
            fail("Unable to create a SaslServer for PLAIN authentication on a secure connection" + e.getMessage());
        }
        try {
            subjectCreator.createSaslServer("PLAIN", "127.0.0.1", (Principal) null);
            fail("Erroneously created a SaslServer for PLAIN authentication on an insecure connection");
        } catch (SaslException e2) {
        }
    }

    public void testAddChildAndThenDelete() {
        assertEquals("No users should be present before the test starts", 0, this._authManager.getChildren(User.class).size());
        assertEquals("No users should be present before the test starts", 0, this._authManager.getUsers().size());
        HashMap hashMap = new HashMap();
        hashMap.put("name", getTestName());
        hashMap.put("password", "password");
        User addChild = this._authManager.addChild(User.class, hashMap, new ConfiguredObject[0]);
        assertNotNull("User should be created but addChild returned null", addChild);
        assertEquals(getTestName(), addChild.getName());
        assertFalse("Password shouldn't actually be the given string, but instead salt and the hashed value", "password".equals(addChild.getPassword()));
        assertEquals("User should authenticate with given password", AuthenticationResult.AuthenticationStatus.SUCCESS, this._authManager.authenticate(getTestName(), "password").getStatus());
        assertEquals("Manager should have exactly one user child", 1, this._authManager.getChildren(User.class).size());
        assertEquals("Manager should have exactly one user child", 1, this._authManager.getUsers().size());
        addChild.delete();
        assertEquals("No users should be present after child deletion", 0, this._authManager.getChildren(User.class).size());
        assertEquals("User should no longer authenticate with given password", AuthenticationResult.AuthenticationStatus.ERROR, this._authManager.authenticate(getTestName(), "password").getStatus());
    }

    public void testCreateUser() {
        assertEquals("No users should be present before the test starts", 0, this._authManager.getChildren(User.class).size());
        assertTrue(this._authManager.createUser(getTestName(), "password", Collections.emptyMap()));
        assertEquals("Manager should have exactly one user child", 1, this._authManager.getChildren(User.class).size());
        User user = (User) this._authManager.getChildren(User.class).iterator().next();
        assertEquals(getTestName(), user.getName());
        assertFalse("Password shouldn't actually be the given string, but instead salt and the hashed value", "password".equals(user.getPassword()));
        HashMap hashMap = new HashMap();
        hashMap.put("name", getTestName());
        hashMap.put("password", "password");
        try {
            this._authManager.addChild(User.class, hashMap, new ConfiguredObject[0]);
            fail("Should not be able to create a second user with the same name");
        } catch (IllegalArgumentException e) {
        }
        try {
            this._authManager.deleteUser(getTestName());
        } catch (AccountNotFoundException e2) {
            fail("AccountNotFoundException thrown when none was expected: " + e2.getMessage());
        }
        try {
            this._authManager.deleteUser(getTestName());
            fail("AccountNotFoundException not thrown when was expected");
        } catch (AccountNotFoundException e3) {
        }
    }

    public void testUpdateUser() {
        assertTrue(this._authManager.createUser(getTestName(), "password", Collections.emptyMap()));
        assertTrue(this._authManager.createUser(getTestName() + "_2", "password", Collections.emptyMap()));
        assertEquals("Manager should have exactly two user children", 2, this._authManager.getChildren(User.class).size());
        assertEquals("User should authenticate with given password", AuthenticationResult.AuthenticationStatus.SUCCESS, this._authManager.authenticate(getTestName(), "password").getStatus());
        assertEquals("User should authenticate with given password", AuthenticationResult.AuthenticationStatus.SUCCESS, this._authManager.authenticate(getTestName() + "_2", "password").getStatus());
        for (User user : this._authManager.getChildren(User.class)) {
            if (user.getName().equals(getTestName())) {
                user.setAttributes(Collections.singletonMap("password", "newpassword"));
            }
        }
        assertEquals("User should authenticate with updated password", AuthenticationResult.AuthenticationStatus.SUCCESS, this._authManager.authenticate(getTestName(), "newpassword").getStatus());
        assertEquals("User should authenticate with original password", AuthenticationResult.AuthenticationStatus.SUCCESS, this._authManager.authenticate(getTestName() + "_2", "password").getStatus());
        assertEquals("User not authenticate with original password", AuthenticationResult.AuthenticationStatus.ERROR, this._authManager.authenticate(getTestName(), "password").getStatus());
        for (User user2 : this._authManager.getChildren(User.class)) {
            if (user2.getName().equals(getTestName())) {
                user2.setPassword("newerpassword");
            }
        }
        assertEquals("User should authenticate with updated password", AuthenticationResult.AuthenticationStatus.SUCCESS, this._authManager.authenticate(getTestName(), "newerpassword").getStatus());
    }

    public void testNonASCIIUser() {
        try {
            this._authManager.createUser(getTestName() + Character.toString((char) 163), "password", Collections.emptyMap());
            fail("Expected exception when attempting to create a user with a non ascii name");
        } catch (IllegalArgumentException e) {
        }
    }
}
