package org.apache.jackrabbit.oak.security.authentication.ldap;

import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import javax.jcr.SimpleCredentials;
import javax.security.auth.login.LoginException;
import junit.framework.Assert;
import org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentity;
import org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider;
import org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapProviderConfig;
import org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapUser;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.apache.jackrabbit.util.Text;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.class */
public class LdapProviderTest {
    protected static final boolean USE_COMMON_LDAP_FIXTURE = false;
    private static final String TUTORIAL_LDIF = "apache-ds-tutorial.ldif";
    private static final String ERRONEOUS_LDIF = "erroneous.ldif";
    public static final String IDP_NAME = "ldap";
    protected LdapIdentityProvider idp;
    protected LdapProviderConfig providerConfig;
    public static final String TEST_USER0_UID = "ratty";
    public static final String TEST_USER1_UID = "hhornblo";
    public static final String TEST_USER1_PATH = "cn=Horatio Hornblower/ou=users/ou=system";
    public static final String TEST_USER5_UID = "=007=";
    public static final String TEST_USER5_DN = "cn=Special\\, Agent [007],ou=users,ou=system";
    public static final String TEST_USER5_PATH = "cn=Special\\, Agent %5B007%5D/ou=users/ou=system";
    public static final String TEST_GROUP1_NAME = "HMS Lydia";
    public static final String TEST_GROUP2_NAME = "HMS Victory";
    public static final String TEST_GROUP3_NAME = "HMS Bounty";
    protected static final InternalLdapServer LDAP_SERVER = new InternalLdapServer();
    public static final String TEST_USER0_DN = "cn=Rat Ratterson,ou=users,ou=system";
    public static final String TEST_USER1_DN = "cn=Horatio Hornblower,ou=users,ou=system";
    public static final String TEST_USER2_DN = "cn=William Bush,ou=users,ou=system";
    public static final String TEST_USER3_DN = "cn=Thomas Quist,ou=users,ou=system";
    public static final String TEST_USER4_DN = "cn=Moultrie Crystal,ou=users,ou=system";
    public static final String[] TEST_GROUP1_MEMBERS = {TEST_USER0_DN, TEST_USER1_DN, TEST_USER2_DN, TEST_USER3_DN, TEST_USER4_DN};
    public static final String TEST_GROUP1_DN = "cn=HMS Lydia,ou=crews,ou=groups,ou=system";
    public static final String TEST_GROUP2_DN = "cn=HMS Victory,ou=crews,ou=groups,ou=system";
    public static final String TEST_GROUP3_DN = "cn=HMS Bounty,ou=crews,ou=groups,ou=system";
    public static final String[] TEST_USER0_GROUPS = {TEST_GROUP1_DN, TEST_GROUP2_DN, TEST_GROUP3_DN};
    public static final String[] TEST_USER1_GROUPS = {TEST_GROUP1_DN};

    @BeforeClass
    public static void beforeClass() throws Exception {
    }

    @AfterClass
    public static void afterClass() throws Exception {
    }

    @Before
    public void before() throws Exception {
        LDAP_SERVER.setUp();
        initLdapFixture(LDAP_SERVER);
        this.idp = createIDP();
    }

    @After
    public void after() throws Exception {
        LDAP_SERVER.tearDown();
        if (this.idp != null) {
            this.idp.close();
            this.idp = null;
        }
    }

    protected LdapIdentityProvider createIDP() {
        return createIDP(new String[]{"objectclass", "uid", "givenname", "description", "sn"});
    }

    protected LdapIdentityProvider createIDP(String[] strArr) {
        this.providerConfig = new LdapProviderConfig().setName("ldap").setHostname("127.0.0.1").setPort(LDAP_SERVER.getPort()).setBindDN("uid=admin,ou=system").setBindPassword(InternalLdapServer.ADMIN_PW).setGroupMemberAttribute("uniquemember").setCustomAttributes(strArr);
        this.providerConfig.getUserConfig().setBaseDN("ou=users,ou=system").setObjectClasses(new String[]{"inetOrgPerson"});
        this.providerConfig.getGroupConfig().setBaseDN("ou=groups,ou=system").setObjectClasses(new String[]{"groupOfUniqueNames"});
        this.providerConfig.getAdminPoolConfig().setMaxActive(USE_COMMON_LDAP_FIXTURE);
        this.providerConfig.getUserPoolConfig().setMaxActive(USE_COMMON_LDAP_FIXTURE);
        return new LdapIdentityProvider(this.providerConfig);
    }

    protected static void initLdapFixture(InternalLdapServer internalLdapServer) throws Exception {
        internalLdapServer.loadLdif(LdapProviderTest.class.getResourceAsStream(TUTORIAL_LDIF));
    }

    @Test
    public void testGetUserByRef() throws Exception {
        ExternalIdentity identity = this.idp.getIdentity(new ExternalIdentityRef(TEST_USER1_DN, "ldap"));
        Assert.assertTrue("User instance", identity instanceof ExternalUser);
        Assert.assertEquals("User ID", TEST_USER1_UID, identity.getId());
    }

    @Test
    public void testListUsersWithMissingUid() throws Exception {
        LDAP_SERVER.loadLdif(LdapProviderTest.class.getResourceAsStream(ERRONEOUS_LDIF));
        Iterator listUsers = this.idp.listUsers();
        while (listUsers.hasNext()) {
            Assert.assertTrue(!((ExternalUser) listUsers.next()).getPrincipalName().startsWith("cn=Faulty Entry"));
        }
    }

    @Test
    public void testGetUserByUserId() throws Exception {
        LdapUser user = this.idp.getUser(TEST_USER1_UID);
        Assert.assertNotNull("User 1 must exist", user);
        Assert.assertEquals("User Ref", TEST_USER1_DN, user.getEntry().getDn().getName());
    }

    @Test
    public void testGetUserProperties() throws Exception {
        ExternalUser user = this.idp.getUser(TEST_USER1_UID);
        Assert.assertNotNull("User 1 must exist", user);
        Map properties = user.getProperties();
        org.junit.Assert.assertThat(properties, Matchers.hasEntry(Matchers.equalTo("objectclass"), Matchers.containsInAnyOrder(new String[]{"inetOrgPerson", "top", "person", "organizationalPerson"})));
        org.junit.Assert.assertThat(properties, Matchers.hasEntry("uid", TEST_USER1_UID));
        org.junit.Assert.assertThat(properties, Matchers.hasEntry("givenname", "Horatio"));
        org.junit.Assert.assertThat(properties, Matchers.hasEntry("description", "Capt. Horatio Hornblower, R.N"));
        org.junit.Assert.assertThat(properties, Matchers.hasEntry("sn", "Hornblower"));
        org.junit.Assert.assertThat(properties, Matchers.not(Matchers.hasEntry("mail", "hhornblo@royalnavy.mod.uk")));
    }

    private void authenticateInternal(LdapIdentityProvider ldapIdentityProvider, String str) throws Exception {
        LdapUser authenticate = ldapIdentityProvider.authenticate(new SimpleCredentials(TEST_USER1_UID, "pass".toCharArray()));
        Assert.assertNotNull("User 1 must authenticate", authenticate);
        Assert.assertEquals("User Ref", TEST_USER1_DN, authenticate.getEntry().getDn().getName());
        Assert.assertEquals("User Ref", str, authenticate.getExternalId().getId());
    }

    @Test
    public void testAuthenticate() throws Exception {
        authenticateInternal(this.idp, TEST_USER1_DN);
        this.providerConfig.setUseUidForExtId(true);
        this.idp.close();
        this.idp = new LdapIdentityProvider(this.providerConfig);
        authenticateInternal(this.idp, TEST_USER1_UID);
    }

    private void authenticateValidateInternal(LdapIdentityProvider ldapIdentityProvider, String str) throws Exception {
        SimpleCredentials simpleCredentials = new SimpleCredentials(TEST_USER1_UID, "pass".toCharArray());
        for (int i = USE_COMMON_LDAP_FIXTURE; i < 8; i++) {
            LdapUser authenticate = this.idp.authenticate(simpleCredentials);
            Assert.assertNotNull("User 1 must authenticate (i=" + i + ")", authenticate);
            Assert.assertEquals("User Ref", TEST_USER1_DN, authenticate.getEntry().getDn().getName());
            Assert.assertEquals("User Ref", str, authenticate.getExternalId().getId());
        }
    }

    @Test
    public void testAuthenticateValidateFalseFalse() throws Exception {
        this.providerConfig.getAdminPoolConfig().setMaxActive(2).setLookupOnValidate(false);
        this.providerConfig.getUserPoolConfig().setMaxActive(2).setLookupOnValidate(false);
        this.idp.close();
        this.idp = new LdapIdentityProvider(this.providerConfig);
        authenticateValidateInternal(this.idp, TEST_USER1_DN);
        this.providerConfig.setUseUidForExtId(true);
        this.idp.close();
        this.idp = new LdapIdentityProvider(this.providerConfig);
        authenticateValidateInternal(this.idp, TEST_USER1_UID);
    }

    @Test
    public void testAuthenticateValidateFalseTrue() throws Exception {
        this.providerConfig.getAdminPoolConfig().setMaxActive(2).setLookupOnValidate(false);
        this.providerConfig.getUserPoolConfig().setMaxActive(2).setLookupOnValidate(true);
        this.idp.close();
        this.idp = new LdapIdentityProvider(this.providerConfig);
        authenticateValidateInternal(this.idp, TEST_USER1_DN);
        this.providerConfig.setUseUidForExtId(true);
        this.idp.close();
        this.idp = new LdapIdentityProvider(this.providerConfig);
        authenticateValidateInternal(this.idp, TEST_USER1_UID);
    }

    @Test
    public void testAuthenticateValidateTrueFalse() throws Exception {
        this.providerConfig.getAdminPoolConfig().setMaxActive(2).setLookupOnValidate(true);
        this.providerConfig.getUserPoolConfig().setMaxActive(2).setLookupOnValidate(false);
        this.idp.close();
        this.idp = new LdapIdentityProvider(this.providerConfig);
        authenticateValidateInternal(this.idp, TEST_USER1_DN);
        this.providerConfig.setUseUidForExtId(true);
        this.idp.close();
        this.idp = new LdapIdentityProvider(this.providerConfig);
        authenticateValidateInternal(this.idp, TEST_USER1_UID);
    }

    @Test
    public void testAuthenticateValidateTrueTrue() throws Exception {
        this.providerConfig.getAdminPoolConfig().setMaxActive(2).setLookupOnValidate(true);
        this.providerConfig.getUserPoolConfig().setMaxActive(2).setLookupOnValidate(true);
        this.idp.close();
        this.idp = new LdapIdentityProvider(this.providerConfig);
        authenticateValidateInternal(this.idp, TEST_USER1_DN);
        this.providerConfig.setUseUidForExtId(true);
        this.idp.close();
        this.idp = new LdapIdentityProvider(this.providerConfig);
        authenticateValidateInternal(this.idp, TEST_USER1_UID);
    }

    @Test
    public void testAuthenticateCaseInsensitive() throws Exception {
        SimpleCredentials simpleCredentials = new SimpleCredentials(TEST_USER1_UID.toUpperCase(), "pass".toCharArray());
        LdapUser authenticate = this.idp.authenticate(simpleCredentials);
        Assert.assertNotNull("User 1 must authenticate", authenticate);
        Assert.assertEquals("User Ref", TEST_USER1_DN, authenticate.getEntry().getDn().getName());
        Assert.assertEquals("User Ref", TEST_USER1_DN, authenticate.getExternalId().getId());
        this.providerConfig.setUseUidForExtId(true);
        this.idp.close();
        this.idp = new LdapIdentityProvider(this.providerConfig);
        LdapUser authenticate2 = this.idp.authenticate(simpleCredentials);
        Assert.assertNotNull("User 1 must authenticate", authenticate2);
        Assert.assertEquals("User Ref", TEST_USER1_DN, authenticate2.getEntry().getDn().getName());
        Assert.assertEquals("User Ref", TEST_USER1_UID.toUpperCase(), authenticate2.getExternalId().getId());
    }

    @Test
    public void testAuthenticateFail() throws Exception {
        try {
            this.idp.authenticate(new SimpleCredentials(TEST_USER1_UID, "foobar".toCharArray()));
            Assert.fail("Authenticate must fail with LoginException for wrong password");
        } catch (LoginException e) {
        }
    }

    @Test
    public void testAuthenticateMissing() throws Exception {
        Assert.assertNull("Authenticate must return NULL for unknown user", this.idp.authenticate(new SimpleCredentials("foobarhhornblo", "pass".toCharArray())));
    }

    @Test
    public void testGetUserByForeignRef() throws Exception {
        Assert.assertNull("Foreign ref must be null", this.idp.getIdentity(new ExternalIdentityRef(TEST_USER1_DN, "foobar")));
    }

    @Test
    public void testGetUnknownUserByRef() throws Exception {
        Assert.assertNull("Unknown user must return null", this.idp.getIdentity(new ExternalIdentityRef("bla=foo,cn=Horatio Hornblower,ou=users,ou=system", "ldap")));
    }

    @Test
    public void testGetGroupByRef() throws Exception {
        ExternalIdentity identity = this.idp.getIdentity(new ExternalIdentityRef(TEST_GROUP1_DN, "ldap"));
        Assert.assertTrue("Group instance", identity instanceof ExternalGroup);
        Assert.assertEquals("Group Name", TEST_GROUP1_NAME, identity.getId());
    }

    @Test
    public void testGetGroupByName() throws Exception {
        LdapIdentity group = this.idp.getGroup(TEST_GROUP1_NAME);
        Assert.assertNotNull("Group 1 must exist", group);
        Assert.assertEquals("Group Ref", TEST_GROUP1_DN, group.getEntry().getDn().getName());
    }

    @Test
    public void testGetMembers() throws Exception {
        ExternalGroup identity = this.idp.getIdentity(new ExternalIdentityRef(TEST_GROUP1_DN, "ldap"));
        Assert.assertTrue("Group instance", identity instanceof ExternalGroup);
        assertIfEquals("Group members", TEST_GROUP1_MEMBERS, identity.getDeclaredMembers());
    }

    @Test
    public void testGetGroups() throws Exception {
        ExternalIdentity identity = this.idp.getIdentity(new ExternalIdentityRef(TEST_USER1_DN, "ldap"));
        Assert.assertTrue("User instance", identity instanceof ExternalUser);
        assertIfEquals("Groups", TEST_USER1_GROUPS, identity.getDeclaredGroups());
    }

    @Test
    public void testGetGroups2() throws Exception {
        ExternalIdentity identity = this.idp.getIdentity(new ExternalIdentityRef(TEST_USER0_DN, "ldap"));
        Assert.assertTrue("User instance", identity instanceof ExternalUser);
        assertIfEquals("Groups", TEST_USER0_GROUPS, identity.getDeclaredGroups());
    }

    @Test
    public void testNullIntermediatePath() throws Exception {
        this.providerConfig.getUserConfig().setMakeDnPath(false);
        ExternalUser user = this.idp.getUser(TEST_USER1_UID);
        Assert.assertNotNull("User 1 must exist", user);
        Assert.assertNull("Intermediate path must be null", user.getIntermediatePath());
    }

    @Test
    public void testSplitDNIntermediatePath() throws Exception {
        this.providerConfig.getUserConfig().setMakeDnPath(true);
        ExternalUser user = this.idp.getUser(TEST_USER1_UID);
        Assert.assertNotNull("User 1 must exist", user);
        Assert.assertEquals("Intermediate path must be the split dn", TEST_USER1_PATH, user.getIntermediatePath());
    }

    @Test
    public void testSplitDNIntermediatePath2() throws Exception {
        this.providerConfig.getUserConfig().setMakeDnPath(true);
        ExternalUser user = this.idp.getUser(TEST_USER5_UID);
        Assert.assertNotNull("User 5 must exist", user);
        Assert.assertEquals("Intermediate path must be the split dn", TEST_USER5_PATH, user.getIntermediatePath());
    }

    @Test
    public void testRemoveEmptyString() throws Exception {
        this.providerConfig.setCustomAttributes(new String[]{"a", "", "b"});
        org.junit.Assert.assertArrayEquals("Array must not contain empty strings", new String[]{"a", "b"}, this.providerConfig.getCustomAttributes());
    }

    @Test
    public void testResolvePrincipalNameUser() throws ExternalIdentityException {
        ExternalUser user = this.idp.getUser(TEST_USER5_UID);
        Assert.assertNotNull(user);
        Assert.assertEquals(user.getPrincipalName(), this.idp.fromExternalIdentityRef(user.getExternalId()));
    }

    @Test
    public void testResolvePrincipalNameGroup() throws ExternalIdentityException {
        ExternalGroup group = this.idp.getGroup(TEST_GROUP1_NAME);
        Assert.assertNotNull(group);
        Assert.assertEquals(group.getPrincipalName(), this.idp.fromExternalIdentityRef(group.getExternalId()));
    }

    @Test(expected = ExternalIdentityException.class)
    public void testResolvePrincipalNameForeignExtId() throws Exception {
        this.idp.fromExternalIdentityRef(new ExternalIdentityRef("anyId", "anotherProviderName"));
    }

    public static void assertIfEquals(String str, String[] strArr, Iterable<ExternalIdentityRef> iterable) {
        LinkedList linkedList = new LinkedList();
        Iterator<ExternalIdentityRef> it = iterable.iterator();
        while (it.hasNext()) {
            linkedList.add(it.next().getId());
        }
        Collections.sort(linkedList);
        Arrays.sort(strArr);
        Assert.assertEquals(str, Text.implode(strArr, ",\n"), Text.implode((String[]) linkedList.toArray(new String[linkedList.size()]), ",\n"));
    }
}
