package org.apache.qpid.server.security.auth.manager;

import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.UUID;
import javax.security.auth.x500.X500Principal;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.security.auth.AuthenticatedPrincipalTestHelper;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.util.BrokerTestHelper;
import org.apache.qpid.test.utils.QpidTestCase;

/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.class */
public class ExternalAuthenticationManagerTest extends QpidTestCase {
    private ExternalAuthenticationManager _manager;
    private ExternalAuthenticationManager _managerUsingFullDN;

    public void setUp() throws Exception {
        super.setUp();
        HashMap hashMap = new HashMap();
        hashMap.put("id", UUID.randomUUID());
        hashMap.put("name", getTestName());
        hashMap.put("useFullDN", false);
        this._manager = new ExternalAuthenticationManagerImpl(hashMap, BrokerTestHelper.createBrokerMock());
        this._manager.open();
        HashMap hashMap2 = new HashMap();
        hashMap2.put("id", UUID.randomUUID());
        hashMap2.put("name", getTestName() + "FullDN");
        hashMap2.put("useFullDN", true);
        this._managerUsingFullDN = new ExternalAuthenticationManagerImpl(hashMap2, BrokerTestHelper.createBrokerMock());
        this._managerUsingFullDN.open();
    }

    public void testGetMechanisms() throws Exception {
        assertEquals(Collections.singletonList("EXTERNAL"), this._manager.getMechanisms());
    }

    public void testCreateSaslServer() throws Exception {
        createSaslServerTestImpl(this._manager);
    }

    public void testAuthenticatePrincipalNull_CausesAuthError() throws Exception {
        SaslServer createSaslServer = this._manager.createSaslServer("EXTERNAL", "example.example.com", (Principal) null);
        AuthenticationResult authenticate = this._manager.authenticate(createSaslServer, new byte[0]);
        assertNotNull(authenticate);
        assertEquals("Expected authentication to be unsuccessful", AuthenticationResult.AuthenticationStatus.ERROR, authenticate.getStatus());
        assertNull(createSaslServer.getAuthorizationID());
    }

    public void testAuthenticatePrincipalNoCn_CausesAuthError() throws Exception {
        SaslServer createSaslServer = this._manager.createSaslServer("EXTERNAL", "example.example.com", new X500Principal("DC=example, DC=com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB"));
        AuthenticationResult authenticate = this._manager.authenticate(createSaslServer, new byte[0]);
        assertNotNull(authenticate);
        assertEquals("Expected authentication to be unsuccessful", AuthenticationResult.AuthenticationStatus.ERROR, authenticate.getStatus());
        assertNull(createSaslServer.getAuthorizationID());
    }

    public void testAuthenticatePrincipalEmptyCn_CausesAuthError() throws Exception {
        SaslServer createSaslServer = this._manager.createSaslServer("EXTERNAL", "example.example.com", new X500Principal("CN=, DC=example, DC=com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB"));
        AuthenticationResult authenticate = this._manager.authenticate(createSaslServer, new byte[0]);
        assertNotNull(authenticate);
        assertEquals("Expected authentication to be unsuccessful", AuthenticationResult.AuthenticationStatus.ERROR, authenticate.getStatus());
        assertNull(createSaslServer.getAuthorizationID());
    }

    public void testAuthenticatePrincipalCnOnly() throws Exception {
        X500Principal x500Principal = new X500Principal("CN=person");
        UsernamePrincipal usernamePrincipal = new UsernamePrincipal("person");
        SaslServer createSaslServer = this._manager.createSaslServer("EXTERNAL", "example.example.com", x500Principal);
        AuthenticationResult authenticate = this._manager.authenticate(createSaslServer, new byte[0]);
        assertNotNull(authenticate);
        assertEquals("Expected authentication to be successful", AuthenticationResult.AuthenticationStatus.SUCCESS, authenticate.getStatus());
        AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped(usernamePrincipal, authenticate.getPrincipals());
        assertEquals("person", createSaslServer.getAuthorizationID());
    }

    public void testAuthenticatePrincipalCnAndDc() throws Exception {
        X500Principal x500Principal = new X500Principal("CN=person, DC=example, DC=com");
        UsernamePrincipal usernamePrincipal = new UsernamePrincipal("person@example.com");
        SaslServer createSaslServer = this._manager.createSaslServer("EXTERNAL", "example.example.com", x500Principal);
        AuthenticationResult authenticate = this._manager.authenticate(createSaslServer, new byte[0]);
        assertNotNull(authenticate);
        assertEquals("Expected authentication to be successful", AuthenticationResult.AuthenticationStatus.SUCCESS, authenticate.getStatus());
        AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped(usernamePrincipal, authenticate.getPrincipals());
        assertEquals("person@example.com", createSaslServer.getAuthorizationID());
    }

    public void testAuthenticatePrincipalCnDc_OtherComponentsIgnored() throws Exception {
        X500Principal x500Principal = new X500Principal("CN=person, DC=example, DC=com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB");
        UsernamePrincipal usernamePrincipal = new UsernamePrincipal("person@example.com");
        SaslServer createSaslServer = this._manager.createSaslServer("EXTERNAL", "example.example.com", x500Principal);
        AuthenticationResult authenticate = this._manager.authenticate(createSaslServer, new byte[0]);
        assertNotNull(authenticate);
        assertEquals("Expected authentication to be successful", AuthenticationResult.AuthenticationStatus.SUCCESS, authenticate.getStatus());
        AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped(usernamePrincipal, authenticate.getPrincipals());
        assertEquals("person@example.com", createSaslServer.getAuthorizationID());
    }

    public void testAuthenticatePrincipalCn_OtherComponentsIgnored() throws Exception {
        X500Principal x500Principal = new X500Principal("CN=person, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB");
        UsernamePrincipal usernamePrincipal = new UsernamePrincipal("person");
        SaslServer createSaslServer = this._manager.createSaslServer("EXTERNAL", "example.example.com", x500Principal);
        AuthenticationResult authenticate = this._manager.authenticate(createSaslServer, new byte[0]);
        assertNotNull(authenticate);
        assertEquals("Expected authentication to be successful", AuthenticationResult.AuthenticationStatus.SUCCESS, authenticate.getStatus());
        AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped(usernamePrincipal, authenticate.getPrincipals());
        assertEquals("person", createSaslServer.getAuthorizationID());
    }

    public void testFullDNMode_CreateSaslServer() throws Exception {
        createSaslServerTestImpl(this._managerUsingFullDN);
    }

    public void testFullDNMode_Authenticate() throws Exception {
        X500Principal x500Principal = new X500Principal("CN=person, DC=example, DC=com");
        SaslServer createSaslServer = this._managerUsingFullDN.createSaslServer("EXTERNAL", "example.example.com", x500Principal);
        AuthenticationResult authenticate = this._managerUsingFullDN.authenticate(createSaslServer, new byte[0]);
        assertNotNull(authenticate);
        assertEquals("Expected authentication to be successful", AuthenticationResult.AuthenticationStatus.SUCCESS, authenticate.getStatus());
        AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped(x500Principal, authenticate.getPrincipals());
        assertEquals("CN=person,DC=example,DC=com", createSaslServer.getAuthorizationID());
    }

    public void testFullDNMode_AuthenticatePrincipalNull_CausesAuthError() throws Exception {
        SaslServer createSaslServer = this._managerUsingFullDN.createSaslServer("EXTERNAL", "example.example.com", (Principal) null);
        AuthenticationResult authenticate = this._managerUsingFullDN.authenticate(createSaslServer, new byte[0]);
        assertNotNull(authenticate);
        assertEquals("Expected authentication to be unsuccessful", AuthenticationResult.AuthenticationStatus.ERROR, authenticate.getStatus());
        assertNull(createSaslServer.getAuthorizationID());
    }

    private void createSaslServerTestImpl(AuthenticationProvider<?> authenticationProvider) throws Exception {
        assertEquals("Sasl Server mechanism name is not as expected", "EXTERNAL", authenticationProvider.createSaslServer("EXTERNAL", "example.example.com", (Principal) null).getMechanismName());
        try {
            authenticationProvider.createSaslServer("PLAIN", "example.example.com", (Principal) null);
            fail("Expected creating SaslServer with incorrect mechanism to throw an exception");
        } catch (SaslException e) {
        }
    }
}
