package org.apache.qpid.server.security.auth.jmx;

import java.security.AccessControlException;
import java.security.Principal;
import javax.security.auth.Subject;
import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
import org.apache.qpid.test.utils.QpidTestCase;
import org.mockito.Matchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/qpid/server/security/auth/jmx/JMXPasswordAuthenticatorTest.class */
public class JMXPasswordAuthenticatorTest extends QpidTestCase {
    static final String USER_NOT_AUTHORISED_FOR_MANAGEMENT = "User not authorised for management";
    private static final String USERNAME = "guest";
    private static final String PASSWORD = "password";
    private JMXPasswordAuthenticator _rmipa;
    private final SecurityManager _securityManager = (SecurityManager) Mockito.mock(SecurityManager.class);
    private final Subject _loginSubject = new Subject();
    private final String[] _credentials = {USERNAME, "password"};
    private SubjectCreator _usernamePasswordOkaySubjectCreator = createMockSubjectCreator(true, null);
    private SubjectCreator _badPasswordSubjectCreator = createMockSubjectCreator(false, null);

    public void testAuthenticationSuccess() {
        this._rmipa = new JMXPasswordAuthenticator(this._usernamePasswordOkaySubjectCreator, this._securityManager);
        assertSame("Subject must be unchanged", this._loginSubject, this._rmipa.authenticate(this._credentials));
    }

    public void testUsernameOrPasswordInvalid() {
        this._rmipa = new JMXPasswordAuthenticator(this._badPasswordSubjectCreator, this._securityManager);
        try {
            this._rmipa.authenticate(this._credentials);
            fail("Exception not thrown");
        } catch (SecurityException e) {
            assertEquals("Unexpected exception message", "Invalid user details supplied", e.getMessage());
        }
    }

    public void testAuthorisationFailure() {
        this._rmipa = new JMXPasswordAuthenticator(this._usernamePasswordOkaySubjectCreator, this._securityManager);
        ((SecurityManager) Mockito.doThrow(new AccessControlException(USER_NOT_AUTHORISED_FOR_MANAGEMENT)).when(this._securityManager)).accessManagement();
        try {
            this._rmipa.authenticate(this._credentials);
            fail("Exception not thrown");
        } catch (SecurityException e) {
            assertEquals("Unexpected exception message", USER_NOT_AUTHORISED_FOR_MANAGEMENT, e.getMessage());
        }
    }

    public void testSubjectCreatorInternalFailure() {
        Exception exc = new Exception("Mock Auth system failure");
        this._rmipa = new JMXPasswordAuthenticator(createMockSubjectCreator(false, exc), this._securityManager);
        try {
            this._rmipa.authenticate(this._credentials);
            fail("Exception not thrown");
        } catch (SecurityException e) {
            assertEquals("Initial cause not found", exc, e.getCause());
        }
    }

    private SubjectCreator createMockSubjectCreator(boolean z, Exception exc) {
        SubjectCreator subjectCreator = (SubjectCreator) Mockito.mock(SubjectCreator.class);
        Mockito.when(subjectCreator.authenticate(Matchers.anyString(), Matchers.anyString())).thenReturn(exc != null ? new SubjectAuthenticationResult(new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, exc)) : z ? new SubjectAuthenticationResult(new AuthenticationResult((Principal) Mockito.mock(Principal.class)), this._loginSubject) : new SubjectAuthenticationResult(new AuthenticationResult(AuthenticationResult.AuthenticationStatus.CONTINUE)));
        return subjectCreator;
    }
}
