package org.apache.kylin.rest.service;

import com.google.common.cache.Cache;
import com.google.common.collect.ImmutableMap;
import com.unboundid.ldap.listener.InMemoryDirectoryServer;
import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
import com.unboundid.ldap.listener.InMemoryListenerConfig;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.util.EncryptUtil;
import org.apache.kylin.common.util.NLocalFileMetadataTestCase;
import org.apache.kylin.helper.UpdateUserAclToolHelper;
import org.apache.kylin.metadata.epoch.EpochManager;
import org.apache.kylin.metadata.user.ManagedUser;
import org.apache.kylin.metadata.usergroup.UserGroup;
import org.apache.kylin.rest.security.AclPermission;
import org.apache.kylin.rest.security.UserAclManager;
import org.apache.kylin.rest.util.AclEvaluate;
import org.apache.kylin.rest.util.AclUtil;
import org.apache.kylin.rest.util.SpringContext;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.core.io.ClassPathResource;
import org.springframework.ldap.test.unboundid.LdapTestUtils;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders;
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers;
import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.ContextHierarchy;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.util.ReflectionTestUtils;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.context.WebApplicationContext;

@WebAppConfiguration("src/main/resources")
@ContextHierarchy({@ContextConfiguration(locations = {"classpath:applicationContext.xml"}), @ContextConfiguration(locations = {"classpath:kylinSecurity.xml"})})
@RunWith(SpringJUnit4ClassRunner.class)
@ActiveProfiles({"ldap", "ldap-test", "test"})
/* loaded from: input_file:org/apache/kylin/rest/service/LdapUserServiceTest.class */
public class LdapUserServiceTest extends NLocalFileMetadataTestCase {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(LdapUserServiceTest.class);
    private static final String LDAP_CONFIG = "ut_ldap/ldap-config.properties";
    private static final String LDAP_SERVER = "ut_ldap/ldap-server.ldif";
    private static InMemoryDirectoryServer directoryServer;

    @Autowired
    private WebApplicationContext context;
    private MockMvc mockMvc;

    @Mock
    private final AclEvaluate aclEvaluate = (AclEvaluate) Mockito.spy(AclEvaluate.class);

    @Autowired
    @Qualifier("userService")
    LdapUserService ldapUserService;

    @Autowired
    @Qualifier("userGroupService")
    LdapUserGroupService userGroupService;

    @BeforeClass
    public static void setupResource() throws Exception {
        staticCreateTestMetadata(new String[0]);
        Properties properties = new Properties();
        properties.load(Files.newInputStream(new ClassPathResource(LDAP_CONFIG).getFile().toPath(), new OpenOption[0]));
        KylinConfig testConfig = getTestConfig();
        overwriteSystemPropBeforeClass("kylin.security.ldap.max-page-size", "1");
        properties.forEach((obj, obj2) -> {
            testConfig.setProperty(obj.toString(), obj2.toString());
        });
        String property = properties.getProperty("kylin.security.ldap.connection-username");
        String property2 = properties.getProperty("kylin.security.ldap.connection-password");
        InMemoryDirectoryServerConfig inMemoryDirectoryServerConfig = new InMemoryDirectoryServerConfig(new String[]{"dc=example,dc=com"});
        inMemoryDirectoryServerConfig.addAdditionalBindCredentials(property, EncryptUtil.decrypt(property2));
        inMemoryDirectoryServerConfig.setListenerConfigs(new InMemoryListenerConfig[]{InMemoryListenerConfig.createLDAPConfig("LDAP", 8389)});
        inMemoryDirectoryServerConfig.setEnforceSingleStructuralObjectClass(false);
        inMemoryDirectoryServerConfig.setEnforceAttributeSyntaxCompliance(true);
        inMemoryDirectoryServerConfig.setMaxSizeLimit(1);
        directoryServer = new InMemoryDirectoryServer(inMemoryDirectoryServerConfig);
        directoryServer.startListening();
        log.info("current directory server listen on {}", Integer.valueOf(directoryServer.getListenPort()));
        LdapTestUtils.loadLdif(directoryServer, new ClassPathResource(LDAP_SERVER));
    }

    @AfterClass
    public static void cleanupResource() {
        directoryServer.shutDown(true);
        staticCleanupTestMetadata();
    }

    @Before
    public void setup() {
        this.mockMvc = MockMvcBuilders.webAppContextSetup(this.context).apply(SecurityMockMvcConfigurers.springSecurity()).build();
    }

    @After
    public void cleanup() {
    }

    @Test
    public void testLoginWithValidUser() throws Exception {
        SecurityMockMvcRequestBuilders.FormLoginRequestBuilder password = SecurityMockMvcRequestBuilders.formLogin().user("johnny").password("example123");
        this.mockMvc.perform(password).andExpect(SecurityMockMvcResultMatchers.authenticated().withUsername("johnny"));
        this.mockMvc.perform(password).andExpect(SecurityMockMvcResultMatchers.authenticated().withUsername("johnny"));
    }

    @Test
    public void testLoginWithInvalidUser() throws Exception {
        this.mockMvc.perform(SecurityMockMvcRequestBuilders.formLogin().user("invaliduser").password("invalidpassword")).andExpect(SecurityMockMvcResultMatchers.unauthenticated());
    }

    @Test
    public void testCreateUser() {
        Assert.assertThrows(UnsupportedOperationException.class, () -> {
            this.ldapUserService.createUser((UserDetails) null);
        });
    }

    @Test
    public void testUpdateUser() {
        Assert.assertThrows(UnsupportedOperationException.class, () -> {
            this.ldapUserService.updateUser((UserDetails) null);
        });
    }

    @Test
    public void testDeleteUser() {
        Assert.assertThrows(UnsupportedOperationException.class, () -> {
            this.ldapUserService.deleteUser("ben");
        });
    }

    @Test
    public void testChangePassword() {
        Assert.assertThrows(UnsupportedOperationException.class, () -> {
            this.ldapUserService.changePassword("old", "new");
        });
    }

    @Test
    public void testUserExists() {
        Assert.assertTrue(this.ldapUserService.userExists("johnny"));
        Assert.assertTrue(this.ldapUserService.userExists("JOHNNY"));
    }

    @Test
    public void testUserNotExists() {
        Assert.assertFalse(this.ldapUserService.userExists("ben"));
    }

    @Test
    public void testListUsers() {
        Assert.assertEquals(6L, ((Set) this.ldapUserService.listUsers().stream().map((v0) -> {
            return v0.getUsername();
        }).collect(Collectors.toSet())).size());
        Iterator it = this.ldapUserService.listUsers().iterator();
        while (it.hasNext()) {
            Assert.assertTrue(((ManagedUser) it.next()).getAuthorities().size() >= 1);
        }
    }

    @Test
    public void testListAdminUsers() throws Exception {
        Assert.assertEquals("jenny", this.ldapUserService.listAdminUsers().get(0));
    }

    @Test
    public void testListSuperAdminUsers() {
        getTestConfig().setProperty("kylin.security.acl.super-admin-username", "jenny");
        Assert.assertEquals("jenny", this.ldapUserService.listSuperAdminUsers().get(0));
    }

    @Test
    public void testLoadUserByUsername() {
        Assert.assertTrue(((Set) this.ldapUserService.loadUserByUsername("jenny").getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collectors.toSet())).contains("ROLE_ADMIN"));
    }

    @Test
    public void testCompleteUserInfoInternal() {
        ManagedUser managedUser = new ManagedUser("oliver", "", false, new String[0]);
        this.ldapUserService.completeUserInfoInternal(managedUser);
        Set set = (Set) managedUser.getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collectors.toSet());
        Assert.assertFalse(set.contains("ROLE_ADMIN"));
        Assert.assertTrue(set.contains("itpeople"));
    }

    @Test
    public void testCompleteUserInfoWithNotExistUser() {
        ManagedUser managedUser = new ManagedUser("NotExist", "", false, new String[0]);
        this.ldapUserService.completeUserInfo(managedUser);
        Assert.assertEquals("NotExist", managedUser.getUsername());
        Assert.assertEquals("", managedUser.getPassword());
        Assert.assertFalse(managedUser.isDefaultPassword());
    }

    @Test
    public void testOnNewUserAdded() {
        Assert.assertTrue(this.ldapUserService.userExists("rick"));
        this.ldapUserService.onUserAuthenticated("rick");
        Assert.assertTrue(this.ldapUserService.userExists("rick"));
    }

    @Test
    public void testOnUserWithoutPassword() {
        this.ldapUserService.onUserAuthenticated("ricky");
        Assert.assertTrue(this.ldapUserService.userExists("ricky"));
    }

    @Test
    public void testAddGroup() {
        Assert.assertThrows(UnsupportedOperationException.class, () -> {
            this.userGroupService.addGroup("gg");
        });
    }

    @Test
    public void testUpdateUserGroup() {
        List emptyList = Collections.emptyList();
        Assert.assertThrows(UnsupportedOperationException.class, () -> {
            this.userGroupService.modifyGroupUsers("gg", emptyList);
        });
    }

    @Test
    public void testDeleteUserGroup() {
        Assert.assertThrows(UnsupportedOperationException.class, () -> {
            this.userGroupService.deleteGroup("gg");
        });
    }

    @Test
    public void testGetAllUserGroups() {
        List allUserGroups = this.userGroupService.getAllUserGroups();
        Assert.assertTrue(allUserGroups.contains("admin"));
        Assert.assertTrue(allUserGroups.contains("itpeople"));
        Assert.assertTrue(allUserGroups.contains("empty"));
    }

    @Test
    public void testGetUserAndUserGroup() {
        Map userAndUserGroup = this.userGroupService.getUserAndUserGroup();
        Assert.assertTrue(userAndUserGroup.containsKey("admin"));
        Assert.assertTrue(userAndUserGroup.containsKey("itpeople"));
        Assert.assertTrue(((List) userAndUserGroup.get("admin")).contains("jenny"));
        Assert.assertTrue(((List) userAndUserGroup.get("itpeople")).contains("johnny"));
        Assert.assertTrue(((List) userAndUserGroup.get("itpeople")).contains("oliver"));
        Assert.assertTrue(((List) userAndUserGroup.get("empty")).isEmpty());
    }

    @Test
    public void testGetGroupMembersByName() {
        Set set = (Set) this.userGroupService.getGroupMembersByName("itpeople").stream().map((v0) -> {
            return v0.getUsername();
        }).collect(Collectors.toSet());
        Assert.assertTrue(set.contains("johnny"));
        Assert.assertTrue(set.contains("oliver"));
        Iterator it = this.userGroupService.getGroupMembersByName("itpeople").iterator();
        while (it.hasNext()) {
            Assert.assertTrue(((ManagedUser) it.next()).getAuthorities().contains(new SimpleGrantedAuthority("itpeople")));
        }
        Assert.assertTrue(((Set) this.userGroupService.getGroupMembersByName("empty").stream().map((v0) -> {
            return v0.getUsername();
        }).collect(Collectors.toSet())).isEmpty());
    }

    @Test
    public void testGetUserGroupsFilterByGroupName() {
        ReflectionTestUtils.setField(this.aclEvaluate, "aclUtil", Mockito.spy(AclUtil.class));
        ReflectionTestUtils.setField(this.userGroupService, "aclEvaluate", this.aclEvaluate);
        Assert.assertEquals(3L, this.userGroupService.getUserGroupsFilterByGroupName((String) null).size());
        Assert.assertEquals(3L, this.userGroupService.getUserGroupsFilterByGroupName("").size());
        List userGroupsFilterByGroupName = this.userGroupService.getUserGroupsFilterByGroupName("i");
        Assert.assertEquals(2L, userGroupsFilterByGroupName.size());
        Assert.assertTrue(userGroupsFilterByGroupName.stream().map((v0) -> {
            return v0.getGroupName();
        }).anyMatch(str -> {
            return str.contains("admin");
        }));
        Assert.assertTrue(userGroupsFilterByGroupName.stream().map((v0) -> {
            return v0.getGroupName();
        }).anyMatch(str2 -> {
            return str2.contains("itpeople");
        }));
    }

    @Test
    public void testGetUserGroupResponse() throws IOException {
        Map map = (Map) this.userGroupService.getUserGroupResponse((List) this.userGroupService.getAllUserGroups().stream().map(UserGroup::new).collect(Collectors.toList())).stream().map((v0) -> {
            return v0.getUserGroupAndUsers();
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
        Assert.assertTrue(map.containsKey("admin"));
        Assert.assertTrue(map.containsKey("itpeople"));
        Assert.assertTrue(((Set) map.get("admin")).contains("jenny"));
        Assert.assertTrue(((Set) map.get("itpeople")).contains("johnny"));
        Assert.assertTrue(((Set) map.get("itpeople")).contains("oliver"));
        Assert.assertTrue(((Set) map.get("empty")).isEmpty());
    }

    @Test
    public void testGroupNameByUuidAndUuidByGroupName() throws IOException {
        this.userGroupService.getUserGroupResponse((List) this.userGroupService.getAllUserGroups().stream().map(UserGroup::new).collect(Collectors.toList())).forEach(userGroupResponseKI -> {
            Assert.assertEquals(userGroupResponseKI.getGroupName(), this.userGroupService.getUuidByGroupName(userGroupResponseKI.getGroupName()));
            Assert.assertEquals(userGroupResponseKI.getUuid(), this.userGroupService.getGroupNameByUuid(userGroupResponseKI.getUuid()));
        });
    }

    @Test
    public void testGetDnMapperMap() {
        ((Cache) ReflectionTestUtils.getField(LdapUserService.class, "LDAP_VALID_DN_MAP_CACHE")).invalidate(ReflectionTestUtils.getField(LdapUserService.class, "LDAP_VALID_DN_MAP_KEY").toString());
        Assert.assertTrue(this.ldapUserService.getDnMapperMap() instanceof ImmutableMap);
    }

    @Test
    public void testSameNameUserInvalidation() {
        Assert.assertFalse(((Set) this.ldapUserService.listUsers().stream().map((v0) -> {
            return v0.getUsername();
        }).collect(Collectors.toSet())).contains("user"));
        Assert.assertFalse(((Boolean) this.userGroupService.getUserAndUserGroup().values().stream().map((v1) -> {
            return new HashSet(v1);
        }).map(hashSet -> {
            return Boolean.valueOf(hashSet.contains("user"));
        }).reduce((v0, v1) -> {
            return Boolean.logicalOr(v0, v1);
        }).get()).booleanValue());
    }

    @Test
    public void testMultipleCNs() {
        Assert.assertTrue(((Set) this.ldapUserService.loadUserByUsername("user1").getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collectors.toSet())).contains("itpeople"));
    }

    @Test
    public void testGetLdapAdminUsers() {
        Properties exportToProperties = getTestConfig().exportToProperties();
        String property = exportToProperties.getProperty("kylin.security.ldap.connection-password");
        UpdateUserAclToolHelper updateUserAclToolHelper = (UpdateUserAclToolHelper) Mockito.spy(UpdateUserAclToolHelper.getInstance());
        Mockito.when(updateUserAclToolHelper.getPassword(exportToProperties)).thenReturn(EncryptUtil.decrypt(property));
        Assert.assertNotNull(updateUserAclToolHelper.getLdapAdminUsers());
    }

    @Test
    public void testSyncAdminUserAcl() throws IOException {
        EpochManager.getInstance().tryUpdateEpoch("_global", true);
        UserAclService userAclService = (UserAclService) SpringContext.getBean(UserAclService.class);
        UserAclManager userAclManager = UserAclManager.getInstance(getTestConfig());
        userAclManager.delete("jenny");
        getTestConfig().setProperty("kylin.security.acl.super-admin-username", "");
        userAclService.syncSuperAdminUserAcl();
        Assert.assertNull(userAclManager.get("jenny"));
        getTestConfig().setProperty("kylin.security.acl.super-admin-username", "jenny");
        Assert.assertEquals(1L, this.ldapUserService.getGlobalAdmin().size());
        userAclService.syncAdminUserAcl();
        Assert.assertTrue(userAclManager.get("jenny").hasPermission(AclPermission.DATA_QUERY));
        userAclManager.add("sunny");
        userAclService.syncAdminUserAcl(Arrays.asList("jenny", "sun"), true);
        Assert.assertFalse(userAclManager.exists("sunny"));
        Assert.assertTrue(userAclManager.exists("sun"));
        userAclManager.delete("jenny");
        getTestConfig().setProperty("kylin.security.acl.data-permission-default-enabled", "false");
        userAclService.syncAdminUserAcl(Collections.emptyList(), false);
        Assert.assertNull(userAclManager.get("jenny"));
        userAclService.syncAdminUserAcl(Collections.singletonList("jenny"), true);
        Assert.assertTrue(userAclManager.get("jenny").hasPermission(AclPermission.DATA_QUERY));
        getTestConfig().setProperty("kylin.security.acl.super-admin-username", "");
        userAclManager.delete("jenny");
        userAclService.syncAdminUserAcl(Collections.singletonList("jenny"), true);
        Assert.assertFalse(userAclManager.get("jenny").hasPermission(AclPermission.DATA_QUERY));
    }

    @Test
    public void testUserGroupExists() {
        Assert.assertTrue(this.userGroupService.exists("admin"));
        Assert.assertFalse(this.userGroupService.exists("not_exist_group"));
    }

    @Test
    public void testListUserGroupsByUsername() {
        Assert.assertTrue(this.ldapUserService.userExists("johnny"));
        Assert.assertFalse(this.userGroupService.listUserGroups("johnny").isEmpty());
        Assert.assertFalse(this.ldapUserService.userExists("not_exist_user"));
        Assert.assertTrue(this.userGroupService.listUserGroups("not_exist_user").isEmpty());
    }
}
