package org.apereo.cas.adaptors.jdbc;

import java.sql.Connection;
import java.sql.Statement;
import java.util.Set;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import javax.sql.DataSource;
import org.apache.shiro.crypto.hash.DefaultHashService;
import org.apache.shiro.crypto.hash.HashRequest;
import org.apache.shiro.util.ByteSource;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.exceptions.AccountDisabledException;
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.configuration.model.support.jdbc.authn.QueryEncodeJdbcAuthenticationProperties;
import org.apereo.cas.jpa.JpaPersistenceProviderContext;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.transforms.PrefixSuffixPrincipalNameTransformer;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.security.crypto.password.PasswordEncoder;

@Tag("JDBC")
@Import({DatabaseTestConfiguration.class})
/* loaded from: input_file:org/apereo/cas/adaptors/jdbc/QueryAndEncodeDatabaseAuthenticationHandlerTests.class */
public class QueryAndEncodeDatabaseAuthenticationHandlerTests extends BaseDatabaseAuthenticationHandlerTests {
    private static final String ALG_NAME = "SHA-512";
    private static final String SQL = "SELECT * FROM users where %s";
    private static final int NUM_ITERATIONS = 5;
    private static final String STATIC_SALT = "STATIC_SALT";
    private static final String PASSWORD_FIELD_NAME = "password";
    private static final String EXPIRED_FIELD_NAME = "expired";
    private static final String DISABLED_FIELD_NAME = "disabled";
    private static final String NUM_ITERATIONS_FIELD_NAME = "numIterations";

    @Autowired
    @Qualifier("dataSource")
    private DataSource dataSource;

    @TestConfiguration("TestConfiguration")
    /* loaded from: input_file:org/apereo/cas/adaptors/jdbc/QueryAndEncodeDatabaseAuthenticationHandlerTests$DatabaseTestConfiguration.class */
    public static class DatabaseTestConfiguration {
        @Bean
        public JpaPersistenceProviderContext persistenceProviderContext() {
            return new JpaPersistenceProviderContext().setIncludeEntityClasses(Set.of(UsersTable.class.getName()));
        }
    }

    @Entity(name = "users")
    /* loaded from: input_file:org/apereo/cas/adaptors/jdbc/QueryAndEncodeDatabaseAuthenticationHandlerTests$UsersTable.class */
    public static class UsersTable {

        @Id
        @GeneratedValue(strategy = GenerationType.IDENTITY)
        private Long id;
        private String username;
        private String password;
        private String salt;
        private String expired;
        private String disabled;
        private long numIterations;
    }

    private static String getSqlInsertStatementToCreateUserAccount(int i, String str, String str2) {
        return String.format("insert into users (username, password, salt, numIterations, expired, disabled) values('%s', '%s', '%s', %s, '%s', '%s');", "user" + i, genPassword("user" + i, "salt" + i, NUM_ITERATIONS), "salt" + i, Integer.valueOf(NUM_ITERATIONS), str, str2);
    }

    private static String buildSql(String str) {
        return String.format(SQL, str);
    }

    private static String buildSql() {
        return String.format(SQL, "username=?;");
    }

    private static String genPassword(String str, String str2, int i) {
        DefaultHashService defaultHashService = new DefaultHashService();
        defaultHashService.setPrivateSalt(ByteSource.Util.bytes(STATIC_SALT));
        defaultHashService.setHashIterations(i);
        defaultHashService.setGeneratePublicSalt(false);
        defaultHashService.setHashAlgorithmName(ALG_NAME);
        return defaultHashService.computeHash(new HashRequest.Builder().setSource(str).setSalt(str2).setIterations(i).build()).toHex();
    }

    @BeforeEach
    public void initialize() throws Exception {
        Connection connection = this.dataSource.getConnection();
        try {
            Statement createStatement = connection.createStatement();
            try {
                connection.setAutoCommit(true);
                createStatement.execute(getSqlInsertStatementToCreateUserAccount(0, Boolean.FALSE.toString(), Boolean.FALSE.toString()));
                for (int i = 0; i < 10; i++) {
                    createStatement.execute(getSqlInsertStatementToCreateUserAccount(i, Boolean.FALSE.toString(), Boolean.FALSE.toString()));
                }
                createStatement.execute(getSqlInsertStatementToCreateUserAccount(20, Boolean.TRUE.toString(), Boolean.FALSE.toString()));
                createStatement.execute(getSqlInsertStatementToCreateUserAccount(21, Boolean.FALSE.toString(), Boolean.TRUE.toString()));
                if (createStatement != null) {
                    createStatement.close();
                }
                if (connection != null) {
                    connection.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @AfterEach
    public void afterEachTest() throws Exception {
        Connection connection = this.dataSource.getConnection();
        try {
            Statement createStatement = connection.createStatement();
            try {
                connection.setAutoCommit(true);
                createStatement.execute("delete from users;");
                if (createStatement != null) {
                    createStatement.close();
                }
                if (connection != null) {
                    connection.close();
                }
            } finally {
            }
        } catch (Throwable th) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void verifyAuthenticationFailsToFindUser() {
        QueryAndEncodeDatabaseAuthenticationHandler queryAndEncodeDatabaseAuthenticationHandler = new QueryAndEncodeDatabaseAuthenticationHandler(new QueryEncodeJdbcAuthenticationProperties().setAlgorithmName(ALG_NAME).setSql(buildSql()).setPasswordFieldName(PASSWORD_FIELD_NAME).setSaltFieldName("salt").setDisabledFieldName("ops"), (ServicesManager) null, PrincipalFactoryUtils.newPrincipalFactory(), this.dataSource);
        Assertions.assertThrows(AccountNotFoundException.class, () -> {
            queryAndEncodeDatabaseAuthenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword());
        });
    }

    @Test
    public void verifyAuthenticationInvalidSql() {
        QueryAndEncodeDatabaseAuthenticationHandler queryAndEncodeDatabaseAuthenticationHandler = new QueryAndEncodeDatabaseAuthenticationHandler(new QueryEncodeJdbcAuthenticationProperties().setAlgorithmName(ALG_NAME).setSql(buildSql("makesNoSenseInSql")).setPasswordFieldName(PASSWORD_FIELD_NAME).setSaltFieldName("salt").setDisabledFieldName("ops"), (ServicesManager) null, PrincipalFactoryUtils.newPrincipalFactory(), this.dataSource);
        Assertions.assertThrows(PreventedException.class, () -> {
            queryAndEncodeDatabaseAuthenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword());
        });
    }

    @Test
    public void verifyAuthenticationMultipleAccounts() {
        QueryAndEncodeDatabaseAuthenticationHandler queryAndEncodeDatabaseAuthenticationHandler = new QueryAndEncodeDatabaseAuthenticationHandler(new QueryEncodeJdbcAuthenticationProperties().setAlgorithmName(ALG_NAME).setSql(buildSql()).setPasswordFieldName(PASSWORD_FIELD_NAME).setSaltFieldName("salt").setDisabledFieldName("ops"), (ServicesManager) null, PrincipalFactoryUtils.newPrincipalFactory(), this.dataSource);
        Assertions.assertThrows(FailedLoginException.class, () -> {
            queryAndEncodeDatabaseAuthenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("user0", "password0"));
        });
    }

    @Test
    public void verifyAuthenticationSuccessful() throws Exception {
        AuthenticationHandlerExecutionResult authenticate = new QueryAndEncodeDatabaseAuthenticationHandler(new QueryEncodeJdbcAuthenticationProperties().setAlgorithmName(ALG_NAME).setSql(buildSql()).setPasswordFieldName(PASSWORD_FIELD_NAME).setSaltFieldName("salt").setDisabledFieldName("ops").setNumberOfIterationsFieldName(NUM_ITERATIONS_FIELD_NAME).setStaticSalt(STATIC_SALT), (ServicesManager) null, PrincipalFactoryUtils.newPrincipalFactory(), this.dataSource).authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword("user1"));
        Assertions.assertNotNull(authenticate);
        Assertions.assertEquals("user1", authenticate.getPrincipal().getId());
    }

    @Test
    public void verifyAuthenticationWithExpiredField() {
        QueryAndEncodeDatabaseAuthenticationHandler queryAndEncodeDatabaseAuthenticationHandler = new QueryAndEncodeDatabaseAuthenticationHandler(new QueryEncodeJdbcAuthenticationProperties().setAlgorithmName(ALG_NAME).setSql(buildSql()).setPasswordFieldName(PASSWORD_FIELD_NAME).setExpiredFieldName(EXPIRED_FIELD_NAME).setStaticSalt(STATIC_SALT).setSaltFieldName("salt"), (ServicesManager) null, PrincipalFactoryUtils.newPrincipalFactory(), this.dataSource);
        Assertions.assertThrows(AccountPasswordMustChangeException.class, () -> {
            queryAndEncodeDatabaseAuthenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword("user20"));
        });
    }

    @Test
    public void verifyAuthenticationWithDisabledField() {
        QueryAndEncodeDatabaseAuthenticationHandler queryAndEncodeDatabaseAuthenticationHandler = new QueryAndEncodeDatabaseAuthenticationHandler(new QueryEncodeJdbcAuthenticationProperties().setAlgorithmName(ALG_NAME).setSql(buildSql()).setPasswordFieldName(PASSWORD_FIELD_NAME).setDisabledFieldName(DISABLED_FIELD_NAME).setStaticSalt(STATIC_SALT).setSaltFieldName("salt"), (ServicesManager) null, PrincipalFactoryUtils.newPrincipalFactory(), this.dataSource);
        Assertions.assertThrows(AccountDisabledException.class, () -> {
            queryAndEncodeDatabaseAuthenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword("user21"));
        });
    }

    @Test
    public void verifyAuthenticationSuccessfulWithAPasswordEncoder() throws Exception {
        QueryAndEncodeDatabaseAuthenticationHandler queryAndEncodeDatabaseAuthenticationHandler = new QueryAndEncodeDatabaseAuthenticationHandler(new QueryEncodeJdbcAuthenticationProperties().setAlgorithmName(ALG_NAME).setSql(buildSql()).setPasswordFieldName(PASSWORD_FIELD_NAME).setNumberOfIterationsFieldName(NUM_ITERATIONS_FIELD_NAME).setStaticSalt(STATIC_SALT).setSaltFieldName("salt"), (ServicesManager) null, PrincipalFactoryUtils.newPrincipalFactory(), this.dataSource);
        queryAndEncodeDatabaseAuthenticationHandler.setPasswordEncoder(new PasswordEncoder() { // from class: org.apereo.cas.adaptors.jdbc.QueryAndEncodeDatabaseAuthenticationHandlerTests.1
            public String encode(CharSequence charSequence) {
                return charSequence.toString().concat("1");
            }

            public boolean matches(CharSequence charSequence, String str) {
                return true;
            }
        });
        queryAndEncodeDatabaseAuthenticationHandler.setPrincipalNameTransformer(new PrefixSuffixPrincipalNameTransformer("user", (String) null));
        AuthenticationHandlerExecutionResult authenticate = queryAndEncodeDatabaseAuthenticationHandler.authenticate(CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("1", "user"));
        Assertions.assertNotNull(authenticate);
        Assertions.assertEquals("user1", authenticate.getPrincipal().getId());
    }
}
