package org.apache.qpid.server.security.auth.manager;

import java.security.Principal;
import java.util.HashMap;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.qpid.server.model.BrokerTestHelper;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.sasl.SaslUtil;
import org.apache.qpid.test.utils.QpidTestCase;

/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.class */
public class SimpleAuthenticationManagerTest extends QpidTestCase {
    private static final String TEST_USER = "testUser";
    private static final String TEST_PASSWORD = "testPassword";
    private SimpleAuthenticationManager _authenticationManager;

    public void setUp() throws Exception {
        super.setUp();
        HashMap hashMap = new HashMap();
        hashMap.put("name", "MANAGEMENT_MODE_AUTHENTICATION");
        hashMap.put("id", UUID.randomUUID());
        SimpleAuthenticationManager simpleAuthenticationManager = new SimpleAuthenticationManager(hashMap, BrokerTestHelper.createBrokerMock());
        simpleAuthenticationManager.addUser("testUser", TEST_PASSWORD);
        this._authenticationManager = simpleAuthenticationManager;
    }

    public void testGetMechanisms() {
        List mechanisms = this._authenticationManager.getMechanisms();
        assertEquals("Unexpected number of mechanisms", 4, mechanisms.size());
        assertTrue("PLAIN was not present: " + mechanisms, mechanisms.contains("PLAIN"));
        assertTrue("CRAM-MD5 was not present: " + mechanisms, mechanisms.contains("CRAM-MD5"));
        assertTrue("SCRAM-SHA-1 was not present: " + mechanisms, mechanisms.contains("SCRAM-SHA-1"));
        assertTrue("SCRAM-SHA-256 was not present: " + mechanisms, mechanisms.contains("SCRAM-SHA-256"));
    }

    public void testCreateSaslServerForUnsupportedMechanisms() throws Exception {
        for (String str : new String[]{"EXTERNAL", "CRAM-MD5-HEX", "CRAM-MD5-HASHED", "ANONYMOUS", "GSSAPI"}) {
            try {
                this._authenticationManager.createSaslServer(str, MD5AuthenticationManagerTest.USER_NAME, (Principal) null);
                fail("Mechanism " + str + " should not be supported by SimpleAuthenticationManager");
            } catch (SaslException e) {
            }
        }
    }

    public void testAuthenticateWithPlainSaslServer() throws Exception {
        assertAuthenticated(authenticatePlain("testUser", TEST_PASSWORD));
    }

    public void testAuthenticateWithPlainSaslServerInvalidPassword() throws Exception {
        assertUnauthenticated(authenticatePlain("testUser", "wrong-password"));
    }

    public void testAuthenticateWithPlainSaslServerInvalidUsername() throws Exception {
        assertUnauthenticated(authenticatePlain("wrong-user", TEST_PASSWORD));
    }

    public void testAuthenticateWithCramMd5SaslServer() throws Exception {
        assertAuthenticated(authenticateCramMd5("testUser", TEST_PASSWORD));
    }

    public void testAuthenticateWithCramMd5SaslServerInvalidPassword() throws Exception {
        assertUnauthenticated(authenticateCramMd5("testUser", "wrong-password"));
    }

    public void testAuthenticateWithCramMd5SaslServerInvalidUsername() throws Exception {
        assertUnauthenticated(authenticateCramMd5("wrong-user", TEST_PASSWORD));
    }

    public void testAuthenticateValidCredentials() {
        AuthenticationResult authenticate = this._authenticationManager.authenticate("testUser", TEST_PASSWORD);
        assertEquals("Unexpected authentication result", AuthenticationResult.AuthenticationStatus.SUCCESS, authenticate.getStatus());
        assertAuthenticated(authenticate);
    }

    public void testAuthenticateInvalidPassword() {
        assertUnauthenticated(this._authenticationManager.authenticate("testUser", "invalid"));
    }

    public void testAuthenticateInvalidUserName() {
        assertUnauthenticated(this._authenticationManager.authenticate("invalid", TEST_PASSWORD));
    }

    private void assertAuthenticated(AuthenticationResult authenticationResult) {
        assertEquals("Unexpected authentication result", AuthenticationResult.AuthenticationStatus.SUCCESS, authenticationResult.getStatus());
        assertEquals("Unexpected principal name", "testUser", authenticationResult.getMainPrincipal().getName());
        Set principals = authenticationResult.getPrincipals();
        assertEquals("Unexpected principals size", 1, principals.size());
        assertEquals("Unexpected principal name", "testUser", ((Principal) principals.iterator().next()).getName());
    }

    private void assertUnauthenticated(AuthenticationResult authenticationResult) {
        assertEquals("Unexpected authentication result", AuthenticationResult.AuthenticationStatus.ERROR, authenticationResult.getStatus());
        assertNull("Unexpected principal", authenticationResult.getMainPrincipal());
        assertEquals("Unexpected principals size", 0, authenticationResult.getPrincipals().size());
    }

    private AuthenticationResult authenticatePlain(String str, String str2) throws SaslException, Exception {
        return this._authenticationManager.authenticate(this._authenticationManager.createSaslServer("PLAIN", MD5AuthenticationManagerTest.USER_NAME, (Principal) null), SaslUtil.generatePlainClientResponse(str, str2));
    }

    private AuthenticationResult authenticateCramMd5(String str, String str2) throws SaslException, Exception {
        SaslServer createSaslServer = this._authenticationManager.createSaslServer("CRAM-MD5", MD5AuthenticationManagerTest.USER_NAME, (Principal) null);
        return this._authenticationManager.authenticate(createSaslServer, SaslUtil.generateCramMD5ClientResponse(str, str2, createSaslServer.evaluateResponse(new byte[0])));
    }
}
