package org.apache.hive.service.auth;

import java.io.IOException;
import java.util.Arrays;
import javax.naming.NamingException;
import javax.security.sasl.AuthenticationException;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hive.service.auth.ldap.DirSearch;
import org.apache.hive.service.auth.ldap.DirSearchFactory;
import org.apache.hive.service.auth.ldap.LdapSearchFactory;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:org/apache/hive/service/auth/TestLdapAuthenticationProviderImpl.class */
public class TestLdapAuthenticationProviderImpl {

    @Rule
    public ExpectedException thrown = ExpectedException.none();
    public HiveConf conf;
    public LdapAuthenticationProviderImpl auth;

    @Mock
    public DirSearchFactory factory;

    @Mock
    public DirSearch search;

    @Before
    public void setup() throws AuthenticationException {
        this.conf = new HiveConf();
        this.conf.set("hive.root.logger", "DEBUG,console");
        this.conf.set("hive.server2.authentication.ldap.url", "localhost");
        Mockito.when(this.factory.getInstance((HiveConf) Mockito.any(HiveConf.class), Mockito.anyString(), Mockito.anyString())).thenReturn(this.search);
    }

    @Test
    public void authenticateGivenBlankPassword() throws Exception {
        this.auth = new LdapAuthenticationProviderImpl(this.conf, new LdapSearchFactory());
        expectAuthenticationExceptionForInvalidPassword();
        this.auth.Authenticate("user", "");
    }

    @Test
    public void authenticateGivenStringWithNullCharacterForPassword() throws Exception {
        this.auth = new LdapAuthenticationProviderImpl(this.conf, new LdapSearchFactory());
        expectAuthenticationExceptionForInvalidPassword();
        this.auth.Authenticate("user", "��");
    }

    @Test
    public void authenticateGivenNullForPassword() throws Exception {
        this.auth = new LdapAuthenticationProviderImpl(this.conf, new LdapSearchFactory());
        expectAuthenticationExceptionForInvalidPassword();
        this.auth.Authenticate("user", (String) null);
    }

    @Test
    public void testAuthenticateNoUserOrGroupFilter() throws NamingException, AuthenticationException, IOException {
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN, "cn=%s,ou=Users,dc=mycorp,dc=com:cn=%s,ou=PowerUsers,dc=mycorp,dc=com");
        DirSearchFactory dirSearchFactory = (DirSearchFactory) Mockito.mock(DirSearchFactory.class);
        Mockito.lenient().when(this.search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com");
        Mockito.when(dirSearchFactory.getInstance(this.conf, "cn=user1,ou=PowerUsers,dc=mycorp,dc=com", "Blah")).thenReturn(this.search);
        Mockito.when(dirSearchFactory.getInstance(this.conf, "cn=user1,ou=Users,dc=mycorp,dc=com", "Blah")).thenThrow(AuthenticationException.class);
        this.auth = new LdapAuthenticationProviderImpl(this.conf, dirSearchFactory);
        this.auth.Authenticate("user1", "Blah");
        ((DirSearchFactory) Mockito.verify(dirSearchFactory, Mockito.times(2))).getInstance((HiveConf) Mockito.isA(HiveConf.class), Mockito.anyString(), (String) Mockito.eq("Blah"));
        ((DirSearch) Mockito.verify(this.search, Mockito.atLeastOnce())).close();
    }

    @Test
    public void testAuthenticateWhenUserFilterPasses() throws NamingException, AuthenticationException, IOException {
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user1,user2");
        Mockito.when(this.search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com");
        Mockito.when(this.search.findUserDn("user2")).thenReturn("cn=user2,ou=PowerUsers,dc=mycorp,dc=com");
        authenticateUserAndCheckSearchIsClosed("user1");
        authenticateUserAndCheckSearchIsClosed("user2");
    }

    @Test
    public void testAuthenticateWhenLoginWithDomainAndUserFilterPasses() throws NamingException, AuthenticationException, IOException {
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user1");
        Mockito.when(this.search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com");
        authenticateUserAndCheckSearchIsClosed("user1@mydomain.com");
    }

    @Test
    public void testAuthenticateWhenLoginWithDnAndUserFilterPasses() throws NamingException, AuthenticationException, IOException {
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user1");
        Mockito.when(this.search.findUserDn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com");
        authenticateUserAndCheckSearchIsClosed("cn=user1,ou=PowerUsers,dc=mycorp,dc=com");
    }

    @Test
    public void testAuthenticateWhenUserSearchFails() throws NamingException, AuthenticationException, IOException {
        this.thrown.expect(AuthenticationException.class);
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user1,user2");
        Mockito.when(this.search.findUserDn("user1")).thenReturn((Object) null);
        authenticateUserAndCheckSearchIsClosed("user1");
    }

    @Test
    public void testAuthenticateWhenUserFilterFails() throws NamingException, AuthenticationException, IOException {
        this.thrown.expect(AuthenticationException.class);
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user1,user2");
        Mockito.when(this.search.findUserDn("user3")).thenReturn("cn=user3,ou=PowerUsers,dc=mycorp,dc=com");
        authenticateUserAndCheckSearchIsClosed("user3");
    }

    @Test
    public void testAuthenticateWhenGroupMembershipKeyFilterPasses() throws NamingException, AuthenticationException, IOException {
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER, "group1,group2");
        Mockito.when(this.search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com");
        Mockito.when(this.search.findUserDn("user2")).thenReturn("cn=user2,ou=PowerUsers,dc=mycorp,dc=com");
        Mockito.when(this.search.findGroupsForUser("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")).thenReturn(Arrays.asList("cn=testGroup,ou=Groups,dc=mycorp,dc=com", "cn=group1,ou=Groups,dc=mycorp,dc=com"));
        Mockito.when(this.search.findGroupsForUser("cn=user2,ou=PowerUsers,dc=mycorp,dc=com")).thenReturn(Arrays.asList("cn=testGroup,ou=Groups,dc=mycorp,dc=com", "cn=group2,ou=Groups,dc=mycorp,dc=com"));
        authenticateUserAndCheckSearchIsClosed("user1");
        authenticateUserAndCheckSearchIsClosed("user2");
    }

    @Test
    public void testAuthenticateWhenUserAndGroupMembershipKeyFiltersPass() throws NamingException, AuthenticationException, IOException {
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER, "group1,group2");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user1,user2");
        Mockito.when(this.search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com");
        Mockito.when(this.search.findUserDn("user2")).thenReturn("cn=user2,ou=PowerUsers,dc=mycorp,dc=com");
        Mockito.when(this.search.findGroupsForUser("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")).thenReturn(Arrays.asList("cn=testGroup,ou=Groups,dc=mycorp,dc=com", "cn=group1,ou=Groups,dc=mycorp,dc=com"));
        Mockito.when(this.search.findGroupsForUser("cn=user2,ou=PowerUsers,dc=mycorp,dc=com")).thenReturn(Arrays.asList("cn=testGroup,ou=Groups,dc=mycorp,dc=com", "cn=group2,ou=Groups,dc=mycorp,dc=com"));
        authenticateUserAndCheckSearchIsClosed("user1");
        authenticateUserAndCheckSearchIsClosed("user2");
    }

    @Test
    public void testAuthenticateWhenUserFilterPassesAndGroupMembershipKeyFilterFails() throws NamingException, AuthenticationException, IOException {
        this.thrown.expect(AuthenticationException.class);
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER, "group1,group2");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user1,user2");
        Mockito.when(this.search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com");
        Mockito.when(this.search.findGroupsForUser("cn=user1,ou=PowerUsers,dc=mycorp,dc=com")).thenReturn(Arrays.asList("cn=testGroup,ou=Groups,dc=mycorp,dc=com", "cn=OtherGroup,ou=Groups,dc=mycorp,dc=com"));
        authenticateUserAndCheckSearchIsClosed("user1");
    }

    @Test
    public void testAuthenticateWhenUserFilterFailsAndGroupMembershipKeyFilterPasses() throws NamingException, AuthenticationException, IOException {
        this.thrown.expect(AuthenticationException.class);
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER, "group3");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user1,user2");
        Mockito.when(this.search.findUserDn("user3")).thenReturn("cn=user3,ou=PowerUsers,dc=mycorp,dc=com");
        Mockito.lenient().when(this.search.findGroupsForUser("cn=user3,ou=PowerUsers,dc=mycorp,dc=com")).thenReturn(Arrays.asList("cn=testGroup,ou=Groups,dc=mycorp,dc=com", "cn=group3,ou=Groups,dc=mycorp,dc=com"));
        authenticateUserAndCheckSearchIsClosed("user3");
    }

    @Test
    public void testAuthenticateWhenCustomQueryFilterPasses() throws NamingException, AuthenticationException, IOException {
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN, "dc=mycorp,dc=com");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_CUSTOMLDAPQUERY, "(&(objectClass=person)(|(memberOf=CN=Domain Admins,CN=Users,DC=apache,DC=org)(memberOf=CN=Administrators,CN=Builtin,DC=apache,DC=org)))");
        Mockito.when(this.search.executeCustomQuery(Mockito.anyString())).thenReturn(Arrays.asList("cn=user1,ou=PowerUsers,dc=mycorp,dc=com", "cn=user2,ou=PowerUsers,dc=mycorp,dc=com"));
        authenticateUserAndCheckSearchIsClosed("user1");
    }

    @Test
    public void testAuthenticateWhenCustomQueryFilterFailsAndUserFilterPasses() throws NamingException, AuthenticationException, IOException {
        this.thrown.expect(AuthenticationException.class);
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN, "dc=mycorp,dc=com");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_CUSTOMLDAPQUERY, "(&(objectClass=person)(|(memberOf=CN=Domain Admins,CN=Users,DC=apache,DC=org)(memberOf=CN=Administrators,CN=Builtin,DC=apache,DC=org)))");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERFILTER, "user3");
        Mockito.lenient().when(this.search.findUserDn("user3")).thenReturn("cn=user3,ou=PowerUsers,dc=mycorp,dc=com");
        Mockito.when(this.search.executeCustomQuery(Mockito.anyString())).thenReturn(Arrays.asList("cn=user1,ou=PowerUsers,dc=mycorp,dc=com", "cn=user2,ou=PowerUsers,dc=mycorp,dc=com"));
        authenticateUserAndCheckSearchIsClosed("user3");
    }

    @Test
    public void testAuthenticateWhenUserMembershipKeyFilterPasses() throws NamingException, AuthenticationException, IOException {
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER, "HIVE-USERS");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN, "dc=mycorp,dc=com");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERMEMBERSHIP_KEY, "memberOf");
        Mockito.when(this.search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com");
        Mockito.when(this.search.findGroupDn("HIVE-USERS")).thenReturn("cn=HIVE-USERS,ou=Groups,dc=mycorp,dc=com");
        Mockito.when(Boolean.valueOf(this.search.isUserMemberOfGroup("user1", "cn=HIVE-USERS,ou=Groups,dc=mycorp,dc=com"))).thenReturn(true);
        this.auth = new LdapAuthenticationProviderImpl(this.conf, this.factory);
        this.auth.Authenticate("user1", "Blah");
        ((DirSearchFactory) Mockito.verify(this.factory, Mockito.times(1))).getInstance((HiveConf) Mockito.isA(HiveConf.class), Mockito.anyString(), (String) Mockito.eq("Blah"));
        ((DirSearch) Mockito.verify(this.search, Mockito.times(1))).findGroupDn(Mockito.anyString());
        ((DirSearch) Mockito.verify(this.search, Mockito.times(1))).isUserMemberOfGroup(Mockito.anyString(), Mockito.anyString());
        ((DirSearch) Mockito.verify(this.search, Mockito.atLeastOnce())).close();
    }

    @Test
    public void testAuthenticateWhenUserMembershipKeyFilterFails() throws NamingException, AuthenticationException, IOException {
        this.thrown.expect(AuthenticationException.class);
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER, "HIVE-USERS");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN, "dc=mycorp,dc=com");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERMEMBERSHIP_KEY, "memberOf");
        Mockito.when(this.search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com");
        Mockito.when(this.search.findGroupDn("HIVE-USERS")).thenReturn("cn=HIVE-USERS,ou=Groups,dc=mycorp,dc=com");
        Mockito.when(Boolean.valueOf(this.search.isUserMemberOfGroup("user1", "cn=HIVE-USERS,ou=Groups,dc=mycorp,dc=com"))).thenReturn(false);
        this.auth = new LdapAuthenticationProviderImpl(this.conf, this.factory);
        this.auth.Authenticate("user1", "Blah");
    }

    @Test
    public void testAuthenticateWhenUserMembershipKeyFilter2x2PatternsPasses() throws NamingException, AuthenticationException, IOException {
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPFILTER, "HIVE-USERS1,HIVE-USERS2");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPDNPATTERN, "cn=%s,ou=Groups,ou=branch1,dc=mycorp,dc=com");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN, "cn=%s,ou=Userss,ou=branch1,dc=mycorp,dc=com");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERMEMBERSHIP_KEY, "memberOf");
        Mockito.when(this.search.findUserDn("user1")).thenReturn("cn=user1,ou=PowerUsers,dc=mycorp,dc=com");
        Mockito.when(this.search.findGroupDn("HIVE-USERS1")).thenReturn("cn=HIVE-USERS1,ou=Groups,ou=branch1,dc=mycorp,dc=com");
        Mockito.when(this.search.findGroupDn("HIVE-USERS2")).thenReturn("cn=HIVE-USERS2,ou=Groups,ou=branch1,dc=mycorp,dc=com");
        Mockito.when(Boolean.valueOf(this.search.isUserMemberOfGroup("user1", "cn=HIVE-USERS1,ou=Groups,ou=branch1,dc=mycorp,dc=com"))).thenThrow(NamingException.class);
        Mockito.when(Boolean.valueOf(this.search.isUserMemberOfGroup("user1", "cn=HIVE-USERS2,ou=Groups,ou=branch1,dc=mycorp,dc=com"))).thenReturn(true);
        this.auth = new LdapAuthenticationProviderImpl(this.conf, this.factory);
        this.auth.Authenticate("user1", "Blah");
        ((DirSearchFactory) Mockito.verify(this.factory, Mockito.times(1))).getInstance((HiveConf) Mockito.isA(HiveConf.class), Mockito.anyString(), (String) Mockito.eq("Blah"));
        ((DirSearch) Mockito.verify(this.search, Mockito.times(2))).findGroupDn(Mockito.anyString());
        ((DirSearch) Mockito.verify(this.search, Mockito.times(2))).isUserMemberOfGroup(Mockito.anyString(), Mockito.anyString());
        ((DirSearch) Mockito.verify(this.search, Mockito.atLeastOnce())).close();
    }

    @Test
    public void testAuthenticateWithBindInCredentialFilePasses() throws AuthenticationException, NamingException {
        String property = System.getProperty("build.dir");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BIND_USER, "cn=BindUser,ou=Users,ou=branch1,dc=mycorp,dc=com");
        this.conf.set("hadoop.security.credential.provider.path", "jceks://file" + property + "/test-classes/creds/test.jceks");
        System.out.println(property);
        Mockito.when(this.search.findUserDn((String) Mockito.eq("user1"))).thenReturn("cn=user1,ou=Users,ou=branch1,dc=mycorp,dc=com");
        this.auth = new LdapAuthenticationProviderImpl(this.conf, this.factory);
        this.auth.Authenticate("user1", "Blah");
        ((DirSearchFactory) Mockito.verify(this.factory, Mockito.times(1))).getInstance((HiveConf) Mockito.isA(HiveConf.class), (String) Mockito.eq("cn=BindUser,ou=Users,ou=branch1,dc=mycorp,dc=com"), (String) Mockito.eq("testPassword"));
        ((DirSearchFactory) Mockito.verify(this.factory, Mockito.times(1))).getInstance((HiveConf) Mockito.isA(HiveConf.class), (String) Mockito.eq("cn=user1,ou=Users,ou=branch1,dc=mycorp,dc=com"), (String) Mockito.eq("Blah"));
        ((DirSearch) Mockito.verify(this.search, Mockito.times(1))).findUserDn((String) Mockito.eq("user1"));
    }

    @Test
    public void testAuthenticateWithBindInMissingCredentialFilePasses() throws AuthenticationException, NamingException {
        String str = "jceks://file" + System.getProperty("build.dir") + "/test-classes/creds/nonExistent.jceks";
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BIND_USER, "cn=BindUser,ou=Users,ou=branch1,dc=mycorp,dc=com");
        this.conf.set("hadoop.security.credential.provider.path", str);
        this.auth = new LdapAuthenticationProviderImpl(this.conf, this.factory);
        this.auth.Authenticate("user1", "Blah");
        ((DirSearchFactory) Mockito.verify(this.factory, Mockito.times(1))).getInstance((HiveConf) Mockito.isA(HiveConf.class), (String) Mockito.eq("user1"), (String) Mockito.eq("Blah"));
    }

    @Test
    public void testAuthenticateWithBindUserPasses() throws AuthenticationException, NamingException {
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BIND_USER, "cn=BindUser,ou=Users,ou=branch1,dc=mycorp,dc=com");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BIND_PASSWORD, "Blah");
        Mockito.when(this.search.findUserDn((String) Mockito.eq("user1"))).thenReturn("cn=user1,ou=Users,ou=branch1,dc=mycorp,dc=com");
        this.auth = new LdapAuthenticationProviderImpl(this.conf, this.factory);
        this.auth.Authenticate("user1", "Blah2");
        ((DirSearchFactory) Mockito.verify(this.factory, Mockito.times(1))).getInstance((HiveConf) Mockito.isA(HiveConf.class), (String) Mockito.eq("cn=BindUser,ou=Users,ou=branch1,dc=mycorp,dc=com"), (String) Mockito.eq("Blah"));
        ((DirSearchFactory) Mockito.verify(this.factory, Mockito.times(1))).getInstance((HiveConf) Mockito.isA(HiveConf.class), (String) Mockito.eq("cn=user1,ou=Users,ou=branch1,dc=mycorp,dc=com"), (String) Mockito.eq("Blah2"));
        ((DirSearch) Mockito.verify(this.search, Mockito.times(1))).findUserDn((String) Mockito.eq("user1"));
    }

    @Test
    public void testAuthenticateWithBindUserFailsOnAuthentication() throws AuthenticationException, NamingException {
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BIND_USER, "cn=BindUser,ou=Users,ou=branch1,dc=mycorp,dc=com");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BIND_PASSWORD, "Blah");
        this.thrown.expect(AuthenticationException.class);
        Mockito.when(this.factory.getInstance((HiveConf) Mockito.any(HiveConf.class), (String) Mockito.eq("cn=user1,ou=Users,ou=branch1,dc=mycorp,dc=com"), (String) Mockito.eq("Blah2"))).thenThrow(AuthenticationException.class);
        Mockito.when(this.search.findUserDn((String) Mockito.eq("user1"))).thenReturn("cn=user1,ou=Users,ou=branch1,dc=mycorp,dc=com");
        this.auth = new LdapAuthenticationProviderImpl(this.conf, this.factory);
        this.auth.Authenticate("user1", "Blah2");
    }

    @Test
    public void testAuthenticateWithBindUserFailsOnGettingDn() throws AuthenticationException, NamingException {
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BIND_USER, "cn=BindUser,ou=Users,ou=branch1,dc=mycorp,dc=com");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BIND_PASSWORD, "Blah");
        this.thrown.expect(AuthenticationException.class);
        Mockito.when(this.search.findUserDn((String) Mockito.eq("user1"))).thenThrow(NamingException.class);
        this.auth = new LdapAuthenticationProviderImpl(this.conf, this.factory);
        this.auth.Authenticate("user1", "Blah2");
    }

    @Test
    public void testAuthenticateWithBindUserFailsOnBinding() throws AuthenticationException {
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BIND_USER, "cn=BindUser,ou=Users,ou=branch1,dc=mycorp,dc=com");
        this.conf.setVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BIND_PASSWORD, "Blah");
        this.thrown.expect(AuthenticationException.class);
        Mockito.when(this.factory.getInstance((HiveConf) Mockito.any(HiveConf.class), (String) Mockito.eq("cn=BindUser,ou=Users,ou=branch1,dc=mycorp,dc=com"), (String) Mockito.eq("Blah"))).thenThrow(AuthenticationException.class);
        this.auth = new LdapAuthenticationProviderImpl(this.conf, this.factory);
        this.auth.Authenticate("user1", "Blah2");
    }

    private void expectAuthenticationExceptionForInvalidPassword() {
        this.thrown.expect(AuthenticationException.class);
        this.thrown.expectMessage("a null or blank password has been provided");
    }

    private void authenticateUserAndCheckSearchIsClosed(String str) throws IOException {
        this.auth = new LdapAuthenticationProviderImpl(this.conf, this.factory);
        try {
            this.auth.Authenticate(str, "password doesn't matter");
        } finally {
            ((DirSearch) Mockito.verify(this.search, Mockito.atLeastOnce())).close();
        }
    }
}
