package org.apache.qpid.server.security.auth.manager;

import java.security.Principal;
import java.util.HashMap;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import org.apache.qpid.server.model.BrokerTestHelper;
import org.apache.qpid.server.model.NamedAddressSpace;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
import org.apache.qpid.server.security.auth.sasl.SaslSettings;
import org.apache.qpid.server.security.auth.sasl.SaslUtil;
import org.apache.qpid.test.utils.UnitTestBase;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.class */
public class SimpleAuthenticationManagerTest extends UnitTestBase {
    private static final String TEST_USER = "testUser";
    private static final String TEST_PASSWORD = "testPassword";
    private SimpleAuthenticationManager _authenticationManager;

    @Before
    public void setUp() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "MANAGEMENT_MODE_AUTHENTICATION");
        hashMap.put("id", UUID.randomUUID());
        SimpleAuthenticationManager simpleAuthenticationManager = new SimpleAuthenticationManager(hashMap, BrokerTestHelper.createBrokerMock());
        simpleAuthenticationManager.addUser("testUser", TEST_PASSWORD);
        this._authenticationManager = simpleAuthenticationManager;
    }

    @Test
    public void testGetMechanisms() {
        List mechanisms = this._authenticationManager.getMechanisms();
        Assert.assertEquals("Unexpected number of mechanisms", 4L, mechanisms.size());
        Assert.assertTrue("PLAIN was not present: " + mechanisms, mechanisms.contains("PLAIN"));
        Assert.assertTrue("CRAM-MD5 was not present: " + mechanisms, mechanisms.contains("CRAM-MD5"));
        Assert.assertTrue("SCRAM-SHA-1 was not present: " + mechanisms, mechanisms.contains("SCRAM-SHA-1"));
        Assert.assertTrue("SCRAM-SHA-256 was not present: " + mechanisms, mechanisms.contains("SCRAM-SHA-256"));
    }

    @Test
    public void testCreateSaslNegotiatorForUnsupportedMechanisms() throws Exception {
        for (String str : new String[]{"EXTERNAL", "CRAM-MD5-HEX", "CRAM-MD5-HASHED", "ANONYMOUS", "GSSAPI"}) {
            Assert.assertNull("Mechanism " + str + " should not be supported by SimpleAuthenticationManager", this._authenticationManager.createSaslNegotiator(str, (SaslSettings) null, (NamedAddressSpace) null));
        }
    }

    @Test
    public void testAuthenticateWithPlainSaslServer() throws Exception {
        assertAuthenticated(authenticatePlain("testUser", TEST_PASSWORD));
    }

    @Test
    public void testAuthenticateWithPlainSaslServerInvalidPassword() throws Exception {
        assertUnauthenticated(authenticatePlain("testUser", "wrong-password"));
    }

    @Test
    public void testAuthenticateWithPlainSaslServerInvalidUsername() throws Exception {
        assertUnauthenticated(authenticatePlain("wrong-user", TEST_PASSWORD));
    }

    @Test
    public void testAuthenticateWithCramMd5SaslServer() throws Exception {
        assertAuthenticated(authenticateCramMd5("testUser", TEST_PASSWORD));
    }

    @Test
    public void testAuthenticateWithCramMd5SaslServerInvalidPassword() throws Exception {
        assertUnauthenticated(authenticateCramMd5("testUser", "wrong-password"));
    }

    @Test
    public void testAuthenticateWithCramMd5SaslServerInvalidUsername() throws Exception {
        assertUnauthenticated(authenticateCramMd5("wrong-user", TEST_PASSWORD));
    }

    @Test
    public void testAuthenticateValidCredentials() {
        AuthenticationResult authenticate = this._authenticationManager.authenticate("testUser", TEST_PASSWORD);
        Assert.assertEquals("Unexpected authentication result", AuthenticationResult.AuthenticationStatus.SUCCESS, authenticate.getStatus());
        assertAuthenticated(authenticate);
    }

    @Test
    public void testAuthenticateInvalidPassword() {
        assertUnauthenticated(this._authenticationManager.authenticate("testUser", "invalid"));
    }

    @Test
    public void testAuthenticateInvalidUserName() {
        assertUnauthenticated(this._authenticationManager.authenticate("invalid", TEST_PASSWORD));
    }

    private void assertAuthenticated(AuthenticationResult authenticationResult) {
        Assert.assertEquals("Unexpected authentication result", AuthenticationResult.AuthenticationStatus.SUCCESS, authenticationResult.getStatus());
        Assert.assertEquals("Unexpected principal name", "testUser", authenticationResult.getMainPrincipal().getName());
        Set principals = authenticationResult.getPrincipals();
        Assert.assertEquals("Unexpected principals size", 1L, principals.size());
        Assert.assertEquals("Unexpected principal name", "testUser", ((Principal) principals.iterator().next()).getName());
    }

    private void assertUnauthenticated(AuthenticationResult authenticationResult) {
        Assert.assertEquals("Unexpected authentication result", AuthenticationResult.AuthenticationStatus.ERROR, authenticationResult.getStatus());
        Assert.assertNull("Unexpected principal", authenticationResult.getMainPrincipal());
        Assert.assertEquals("Unexpected principals size", 0L, authenticationResult.getPrincipals().size());
    }

    private AuthenticationResult authenticatePlain(String str, String str2) throws Exception {
        return this._authenticationManager.createSaslNegotiator("PLAIN", (SaslSettings) Mockito.mock(SaslSettings.class), (NamedAddressSpace) null).handleResponse(SaslUtil.generatePlainClientResponse(str, str2));
    }

    private AuthenticationResult authenticateCramMd5(String str, String str2) throws Exception {
        SaslSettings saslSettings = (SaslSettings) Mockito.mock(SaslSettings.class);
        Mockito.when(saslSettings.getLocalFQDN()).thenReturn("testHost");
        SaslNegotiator createSaslNegotiator = this._authenticationManager.createSaslNegotiator("CRAM-MD5", saslSettings, (NamedAddressSpace) null);
        AuthenticationResult handleResponse = createSaslNegotiator.handleResponse(new byte[0]);
        Assert.assertEquals("Unexpected SASL status", AuthenticationResult.AuthenticationStatus.CONTINUE, handleResponse.getStatus());
        return createSaslNegotiator.handleResponse(SaslUtil.generateCramMD5ClientResponse(str, str2, handleResponse.getChallenge()));
    }
}
