package org.apache.qpid.server.security.auth.manager;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.security.auth.AuthenticatedPrincipalTestHelper;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase;
import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
import org.apache.qpid.server.util.BrokerTestHelper;
import org.apache.qpid.test.utils.QpidTestCase;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.class */
public class PrincipalDatabaseAuthenticationManagerTest extends QpidTestCase {
    private static final String LOCALHOST = "localhost";
    private static final String MOCK_MECH_NAME = "MOCK-MECH-NAME";
    private static final UsernamePrincipal PRINCIPAL = new UsernamePrincipal("guest");
    private PrincipalDatabaseAuthenticationManager _manager = null;
    private PrincipalDatabase _principalDatabase;
    private String _passwordFileLocation;

    /* loaded from: input_file:org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest$MySaslServer.class */
    public static final class MySaslServer implements SaslServer {
        private final boolean _throwSaslException;
        private final boolean _complete;

        public MySaslServer() {
            this(false, true);
        }

        private MySaslServer(boolean z, boolean z2) {
            this._throwSaslException = z;
            this._complete = z2;
        }

        public String getMechanismName() {
            return null;
        }

        public byte[] evaluateResponse(byte[] bArr) throws SaslException {
            if (this._throwSaslException) {
                throw new SaslException("Mocked exception");
            }
            return null;
        }

        public boolean isComplete() {
            return this._complete;
        }

        public String getAuthorizationID() {
            if (this._complete) {
                return "guest";
            }
            return null;
        }

        public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
            return null;
        }

        public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
            return null;
        }

        public Object getNegotiatedProperty(String str) {
            return null;
        }

        public void dispose() throws SaslException {
        }
    }

    /* loaded from: input_file:org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest$MySaslServerFactory.class */
    public static class MySaslServerFactory implements SaslServerFactory {
        public SaslServer createSaslServer(String str, String str2, String str3, Map<String, ?> map, CallbackHandler callbackHandler) throws SaslException {
            if (PrincipalDatabaseAuthenticationManagerTest.MOCK_MECH_NAME.equals(str)) {
                return new MySaslServer();
            }
            return null;
        }

        public String[] getMechanismNames(Map<String, ?> map) {
            return new String[]{PrincipalDatabaseAuthenticationManagerTest.MOCK_MECH_NAME};
        }
    }

    public void setUp() throws Exception {
        super.setUp();
        this._passwordFileLocation = TMP_FOLDER + File.separator + PrincipalDatabaseAuthenticationManagerTest.class.getSimpleName() + "-" + getName();
        deletePasswordFileIfExists();
    }

    public void tearDown() throws Exception {
        try {
            if (this._manager != null) {
                this._manager.close();
            }
            super.tearDown();
        } finally {
            deletePasswordFileIfExists();
        }
    }

    private void setupMocks() throws Exception {
        setUpPrincipalDatabase();
        setupManager(false);
        this._manager.initialise();
    }

    private void setUpPrincipalDatabase() throws SaslException {
        this._principalDatabase = (PrincipalDatabase) Mockito.mock(PrincipalDatabase.class);
        Mockito.when(this._principalDatabase.getMechanisms()).thenReturn(Collections.singletonList(MOCK_MECH_NAME));
        Mockito.when(this._principalDatabase.createSaslServer(MOCK_MECH_NAME, LOCALHOST, (Principal) null)).thenReturn(new MySaslServer(false, true));
    }

    private void setupManager(boolean z) {
        HashMap hashMap = new HashMap();
        hashMap.put("id", UUID.randomUUID());
        hashMap.put("name", getTestName());
        hashMap.put("path", this._passwordFileLocation);
        this._manager = getPrincipalDatabaseAuthenticationManager(hashMap);
        if (z) {
            this._manager.open();
        } else {
            this._manager.create();
        }
    }

    public void testInitialiseWhenPasswordFileNotFound() throws Exception {
        this._principalDatabase = new PlainPasswordFilePrincipalDatabase();
        setupManager(true);
        try {
            this._manager.initialise();
            fail("Initialisiation should fail when users file does not exist");
        } catch (IllegalConfigurationException e) {
            assertTrue(e.getCause() instanceof FileNotFoundException);
        }
    }

    public void testInitialiseWhenPasswordFileExists() throws Exception {
        this._principalDatabase = new PlainPasswordFilePrincipalDatabase();
        setupManager(true);
        File file = new File(this._passwordFileLocation);
        file.createNewFile();
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = new FileOutputStream(file);
            fileOutputStream.write("admin:admin".getBytes());
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            this._manager.initialise();
            assertEquals("Unexpected uses size", 1, this._principalDatabase.getUsers().size());
            assertEquals("Unexpected principal name", "admin", this._principalDatabase.getUser("admin").getName());
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            throw th;
        }
    }

    public void testSaslMechanismCreation() throws Exception {
        setupMocks();
        assertNotNull(this._manager.createSaslServer(MOCK_MECH_NAME, LOCALHOST, (Principal) null));
    }

    public void testSaslAuthenticationSuccess() throws Exception {
        setupMocks();
        AuthenticationResult authenticate = this._manager.authenticate(createTestSaslServer(true, false), "12345".getBytes());
        AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped(PRINCIPAL, authenticate.getPrincipals());
        assertEquals(AuthenticationResult.AuthenticationStatus.SUCCESS, authenticate.getStatus());
    }

    public void testSaslAuthenticationNotCompleted() throws Exception {
        setupMocks();
        AuthenticationResult authenticate = this._manager.authenticate(createTestSaslServer(false, false), "12345".getBytes());
        assertEquals("Principals was not expected size", 0, authenticate.getPrincipals().size());
        assertEquals(AuthenticationResult.AuthenticationStatus.CONTINUE, authenticate.getStatus());
    }

    public void testSaslAuthenticationError() throws Exception {
        setupMocks();
        AuthenticationResult authenticate = this._manager.authenticate(createTestSaslServer(false, true), "12345".getBytes());
        assertEquals("Principals was not expected size", 0, authenticate.getPrincipals().size());
        assertEquals(AuthenticationResult.AuthenticationStatus.ERROR, authenticate.getStatus());
    }

    public void testNonSaslAuthenticationSuccess() throws Exception {
        setupMocks();
        Mockito.when(Boolean.valueOf(this._principalDatabase.verifyPassword("guest", "guest".toCharArray()))).thenReturn(true);
        AuthenticationResult authenticate = this._manager.authenticate("guest", "guest");
        AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped(PRINCIPAL, authenticate.getPrincipals());
        assertEquals(AuthenticationResult.AuthenticationStatus.SUCCESS, authenticate.getStatus());
    }

    public void testNonSaslAuthenticationNotCompleted() throws Exception {
        setupMocks();
        Mockito.when(Boolean.valueOf(this._principalDatabase.verifyPassword("guest", "wrongpassword".toCharArray()))).thenReturn(false);
        AuthenticationResult authenticate = this._manager.authenticate("guest", "wrongpassword");
        assertEquals("Principals was not expected size", 0, authenticate.getPrincipals().size());
        assertEquals(AuthenticationResult.AuthenticationStatus.CONTINUE, authenticate.getStatus());
    }

    public void testOnCreate() throws Exception {
        setupMocks();
        assertTrue("Password file was not created", new File(this._passwordFileLocation).exists());
    }

    public void testOnDelete() throws Exception {
        setupMocks();
        assertTrue("Password file was not created", new File(this._passwordFileLocation).exists());
        this._manager.delete();
        assertFalse("Password file was not deleted", new File(this._passwordFileLocation).exists());
    }

    public void testCreateForInvalidPath() throws Exception {
        setUpPrincipalDatabase();
        HashMap hashMap = new HashMap();
        hashMap.put("id", UUID.randomUUID());
        hashMap.put("name", getTestName());
        String str = TMP_FOLDER + File.separator + getTestName() + System.nanoTime() + File.separator + "users";
        hashMap.put("path", str);
        this._manager = getPrincipalDatabaseAuthenticationManager(hashMap);
        try {
            this._manager.create();
            fail("Creation with invalid path should have failed");
        } catch (IllegalConfigurationException e) {
            assertEquals("Unexpected exception message:" + e.getMessage(), String.format("Cannot create password file at '%s'", str), e.getMessage());
        }
    }

    PrincipalDatabaseAuthenticationManager getPrincipalDatabaseAuthenticationManager(Map<String, Object> map) {
        return new PrincipalDatabaseAuthenticationManager(map, BrokerTestHelper.createBrokerMock()) { // from class: org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManagerTest.1
            protected PrincipalDatabase createDatabase() {
                return PrincipalDatabaseAuthenticationManagerTest.this._principalDatabase;
            }
        };
    }

    private void deletePasswordFileIfExists() {
        File file = new File(this._passwordFileLocation);
        if (file.exists()) {
            file.delete();
        }
    }

    private SaslServer createTestSaslServer(boolean z, boolean z2) {
        return new MySaslServer(z2, z);
    }
}
