package org.apache.qpid.server.security.auth.jmx;

import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import junit.framework.TestCase;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
import org.mockito.Matchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/qpid/server/security/auth/jmx/JMXPasswordAuthenticatorTest.class */
public class JMXPasswordAuthenticatorTest extends TestCase {
    static final String USER_NOT_AUTHORISED_FOR_MANAGEMENT = "User not authorised for management";
    private static final String USERNAME = "guest";
    private static final String PASSWORD = "password";
    private JMXPasswordAuthenticator _rmipa;
    private final Broker _broker = (Broker) Mockito.mock(Broker.class);
    private final SecurityManager _securityManager = (SecurityManager) Mockito.mock(SecurityManager.class);
    private final Subject _loginSubject = new Subject();
    private final String[] _credentials = {USERNAME, PASSWORD};
    private SubjectCreator _usernamePasswordOkaySubjectCreator = createMockSubjectCreator(true, null);
    private SubjectCreator _badPasswordSubjectCreator = createMockSubjectCreator(false, null);

    protected void setUp() throws Exception {
        Mockito.when(this._broker.getSecurityManager()).thenReturn(this._securityManager);
        this._rmipa = new JMXPasswordAuthenticator(this._broker, new InetSocketAddress(8999), false);
    }

    public void testAuthenticationSuccess() {
        Mockito.when(this._broker.getSubjectCreator((SocketAddress) Matchers.any(SocketAddress.class), Matchers.anyBoolean())).thenReturn(this._usernamePasswordOkaySubjectCreator);
        assertSame("Subject must be unchanged", this._loginSubject, this._rmipa.authenticate(this._credentials));
    }

    public void testUsernameOrPasswordInvalid() {
        Mockito.when(this._broker.getSubjectCreator((SocketAddress) Matchers.any(SocketAddress.class), Matchers.anyBoolean())).thenReturn(this._badPasswordSubjectCreator);
        try {
            this._rmipa.authenticate(this._credentials);
            fail("Exception not thrown");
        } catch (SecurityException e) {
            assertEquals("Unexpected exception message", "Invalid user details supplied", e.getMessage());
        }
    }

    public void testAuthorisationFailure() {
        Mockito.when(this._broker.getSubjectCreator((SocketAddress) Matchers.any(SocketAddress.class), Matchers.anyBoolean())).thenReturn(this._usernamePasswordOkaySubjectCreator);
        ((SecurityManager) Mockito.doThrow(new AccessControlException(USER_NOT_AUTHORISED_FOR_MANAGEMENT)).when(this._securityManager)).accessManagement();
        try {
            this._rmipa.authenticate(this._credentials);
            fail("Exception not thrown");
        } catch (SecurityException e) {
            assertEquals("Unexpected exception message", USER_NOT_AUTHORISED_FOR_MANAGEMENT, e.getMessage());
        }
    }

    public void testSubjectCreatorInternalFailure() {
        Exception exc = new Exception("Mock Auth system failure");
        Mockito.when(this._broker.getSubjectCreator((SocketAddress) Matchers.any(SocketAddress.class), Matchers.anyBoolean())).thenReturn(createMockSubjectCreator(false, exc));
        try {
            this._rmipa.authenticate(this._credentials);
            fail("Exception not thrown");
        } catch (SecurityException e) {
            assertEquals("Initial cause not found", exc, e.getCause());
        }
    }

    public void testNullSubjectCreator() throws Exception {
        Mockito.when(this._broker.getSubjectCreator((SocketAddress) Matchers.any(SocketAddress.class), Matchers.anyBoolean())).thenReturn((Object) null);
        try {
            this._rmipa.authenticate(this._credentials);
            fail("SecurityException expected due to lack of authentication manager");
        } catch (SecurityException e) {
            assertTrue("Unexpected exception message", Pattern.matches("Can't get subject creator for .*:8999", e.getMessage()));
        }
    }

    public void testWithNonStringArrayArgument() {
        try {
            this._rmipa.authenticate(new Object[]{USERNAME, PASSWORD});
            fail("SecurityException expected due to non string[] credentials");
        } catch (SecurityException e) {
            assertEquals("Unexpected exception message", "User details should be String[]", e.getMessage());
        }
    }

    public void testWithIllegalNumberOfArguments() {
        try {
            this._rmipa.authenticate(new String[]{USERNAME, PASSWORD, PASSWORD});
            fail("SecurityException expected due to supplying wrong number of credentials");
        } catch (SecurityException e) {
            assertEquals("Unexpected exception message", "User details should have 2 elements, username, password", e.getMessage());
        }
        try {
            this._rmipa.authenticate((Object) null);
            fail("SecurityException expected due to not supplying an array of credentials");
        } catch (SecurityException e2) {
            assertEquals("Unexpected exception message", "User details are required. Please ensure you are using an up to date management console to connect.", e2.getMessage());
        }
        try {
            this._rmipa.authenticate(new String[]{USERNAME, null});
            fail("SecurityException expected due to sending a null password");
        } catch (SecurityException e3) {
            assertEquals("Unexpected exception message", "Supplied username and password should be non-null", e3.getMessage());
        }
        try {
            this._rmipa.authenticate(new String[]{null, PASSWORD});
            fail("SecurityException expected due to sending a null username");
        } catch (SecurityException e4) {
            assertEquals("Unexpected exception message", "Supplied username and password should be non-null", e4.getMessage());
        }
    }

    private SubjectCreator createMockSubjectCreator(boolean z, Exception exc) {
        SubjectCreator subjectCreator = (SubjectCreator) Mockito.mock(SubjectCreator.class);
        Mockito.when(subjectCreator.authenticate(Matchers.anyString(), Matchers.anyString())).thenReturn(exc != null ? new SubjectAuthenticationResult(new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, exc)) : z ? new SubjectAuthenticationResult(new AuthenticationResult((Principal) Mockito.mock(Principal.class)), this._loginSubject) : new SubjectAuthenticationResult(new AuthenticationResult(AuthenticationResult.AuthenticationStatus.CONTINUE)));
        return subjectCreator;
    }
}
