package org.apache.qpid.server.security.auth.manager;

import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ExecutionException;
import javax.security.auth.login.AccountNotFoundException;
import junit.framework.TestCase;
import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
import org.apache.qpid.server.configuration.updater.TaskExecutor;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.BrokerTestHelper;
import org.apache.qpid.server.model.NamedAddressSpace;
import org.apache.qpid.server.model.User;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.sasl.SaslSettings;
import org.apache.qpid.test.utils.UnitTestBase;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/ManagedAuthenticationManagerTestBase.class */
abstract class ManagedAuthenticationManagerTestBase extends UnitTestBase {
    private static final String TEST_USER_NAME = "admin";
    private static final String TEST_USER_PASSWORD = "admin";
    private ConfigModelPasswordManagingAuthenticationProvider<?> _authManager;
    private Broker _broker;
    private TaskExecutor _executor;

    @Before
    public void setUp() throws Exception {
        this._executor = new CurrentThreadTaskExecutor();
        this._executor.start();
        this._broker = BrokerTestHelper.createBrokerMock();
        Mockito.when(this._broker.getTaskExecutor()).thenReturn(this._executor);
        Mockito.when(this._broker.getChildExecutor()).thenReturn(this._executor);
        HashMap hashMap = new HashMap();
        hashMap.put("name", getTestName());
        hashMap.put("id", UUID.randomUUID());
        this._authManager = createAuthManager(hashMap);
        this._authManager.open();
    }

    @After
    public void tearDown() throws Exception {
        this._executor.stop();
    }

    protected abstract ConfigModelPasswordManagingAuthenticationProvider createAuthManager(Map<String, Object> map);

    public Broker getBroker() {
        return this._broker;
    }

    public ConfigModelPasswordManagingAuthenticationProvider<?> getAuthManager() {
        return this._authManager;
    }

    @Test
    public void testMechanisms() {
        Assert.assertFalse("PLAIN authentication should not be available on an insecure connection", this._authManager.getAvailableMechanisms(false).contains("PLAIN"));
        Assert.assertTrue("PLAIN authentication should be available on a secure connection", this._authManager.getAvailableMechanisms(true).contains("PLAIN"));
    }

    @Test
    public void testAddChildAndThenDelete() throws ExecutionException, InterruptedException {
        Assert.assertEquals("No users should be present before the test starts", 0L, this._authManager.getChildren(User.class).size());
        Assert.assertEquals("No users should be present before the test starts", 0L, this._authManager.getUsers().size());
        HashMap hashMap = new HashMap();
        hashMap.put("name", getTestName());
        hashMap.put("password", "password");
        User user = (User) this._authManager.addChildAsync(User.class, hashMap).get();
        Assert.assertNotNull("User should be created but addChild returned null", user);
        Assert.assertEquals(getTestName(), user.getName());
        if (!isPlain()) {
            Assert.assertFalse("Password shouldn't actually be the given string, but instead hashed value", "password".equals(user.getPassword()));
        }
        Assert.assertEquals("User should authenticate with given password", AuthenticationResult.AuthenticationStatus.SUCCESS, this._authManager.authenticate(getTestName(), "password").getStatus());
        Assert.assertEquals("Manager should have exactly one user child", 1L, this._authManager.getChildren(User.class).size());
        Assert.assertEquals("Manager should have exactly one user child", 1L, this._authManager.getUsers().size());
        user.delete();
        Assert.assertEquals("No users should be present after child deletion", 0L, this._authManager.getChildren(User.class).size());
        Assert.assertEquals("User should no longer authenticate with given password", AuthenticationResult.AuthenticationStatus.ERROR, this._authManager.authenticate(getTestName(), "password").getStatus());
    }

    @Test
    public void testCreateUser() throws ExecutionException, InterruptedException {
        Assert.assertEquals("No users should be present before the test starts", 0L, this._authManager.getChildren(User.class).size());
        Assert.assertTrue(this._authManager.createUser(getTestName(), "password", Collections.emptyMap()));
        Assert.assertEquals("Manager should have exactly one user child", 1L, this._authManager.getChildren(User.class).size());
        User user = (User) this._authManager.getChildren(User.class).iterator().next();
        Assert.assertEquals(getTestName(), user.getName());
        if (!isPlain()) {
            Assert.assertFalse("Password shouldn't actually be the given string, but instead salt and the hashed value", "password".equals(user.getPassword()));
        }
        HashMap hashMap = new HashMap();
        hashMap.put("name", getTestName());
        hashMap.put("password", "password");
        try {
            Assert.fail("Should not be able to create a second user with the same name");
        } catch (IllegalArgumentException e) {
        }
        try {
            this._authManager.deleteUser(getTestName());
        } catch (AccountNotFoundException e2) {
            Assert.fail("AccountNotFoundException thrown when none was expected: " + e2.getMessage());
        }
        try {
            this._authManager.deleteUser(getTestName());
            Assert.fail("AccountNotFoundException not thrown when was expected");
        } catch (AccountNotFoundException e3) {
        }
    }

    protected abstract boolean isPlain();

    @Test
    public void testUpdateUser() {
        Assert.assertTrue(this._authManager.createUser(getTestName(), "password", Collections.emptyMap()));
        Assert.assertTrue(this._authManager.createUser(getTestName() + "_2", "password", Collections.emptyMap()));
        Assert.assertEquals("Manager should have exactly two user children", 2L, this._authManager.getChildren(User.class).size());
        Assert.assertEquals("User should authenticate with given password", AuthenticationResult.AuthenticationStatus.SUCCESS, this._authManager.authenticate(getTestName(), "password").getStatus());
        Assert.assertEquals("User should authenticate with given password", AuthenticationResult.AuthenticationStatus.SUCCESS, this._authManager.authenticate(getTestName() + "_2", "password").getStatus());
        for (User user : this._authManager.getChildren(User.class)) {
            if (user.getName().equals(getTestName())) {
                user.setAttributes(Collections.singletonMap("password", "newpassword"));
            }
        }
        Assert.assertEquals("User should authenticate with updated password", AuthenticationResult.AuthenticationStatus.SUCCESS, this._authManager.authenticate(getTestName(), "newpassword").getStatus());
        Assert.assertEquals("User should authenticate with original password", AuthenticationResult.AuthenticationStatus.SUCCESS, this._authManager.authenticate(getTestName() + "_2", "password").getStatus());
        Assert.assertEquals("User not authenticate with original password", AuthenticationResult.AuthenticationStatus.ERROR, this._authManager.authenticate(getTestName(), "password").getStatus());
        for (User user2 : this._authManager.getChildren(User.class)) {
            if (user2.getName().equals(getTestName())) {
                user2.setPassword("newerpassword");
            }
        }
        Assert.assertEquals("User should authenticate with updated password", AuthenticationResult.AuthenticationStatus.SUCCESS, this._authManager.authenticate(getTestName(), "newerpassword").getStatus());
    }

    @Test
    public void testGetMechanisms() throws Exception {
        Assert.assertFalse("Should support at least one mechanism", this._authManager.getMechanisms().isEmpty());
    }

    @Test
    public void testAuthenticateValidCredentials() throws Exception {
        this._authManager.createUser("admin", "admin", Collections.emptyMap());
        AuthenticationResult authenticate = this._authManager.authenticate("admin", "admin");
        Assert.assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.SUCCESS, authenticate.getStatus());
        Assert.assertEquals("Unexpected result principal", "admin", authenticate.getMainPrincipal().getName());
    }

    @Test
    public void testAuthenticateInvalidCredentials() throws Exception {
        this._authManager.createUser("admin", "admin", Collections.emptyMap());
        AuthenticationResult authenticate = this._authManager.authenticate("admin", "admin1");
        Assert.assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.ERROR, authenticate.getStatus());
        TestCase.assertNull("Unexpected result principal", authenticate.getMainPrincipal());
    }

    @Test
    public void testAllSaslMechanisms() throws Exception {
        SaslSettings saslSettings = (SaslSettings) Mockito.mock(SaslSettings.class);
        Mockito.when(saslSettings.getLocalFQDN()).thenReturn("testhost.example.com");
        for (String str : this._authManager.getMechanisms()) {
            Assert.assertNotNull(String.format("Could not create SASL negotiator for mechanism '%s'", str), this._authManager.createSaslNegotiator(str, saslSettings, (NamedAddressSpace) null));
        }
    }

    @Test
    public void testUnsupportedSaslMechanisms() throws Exception {
        SaslSettings saslSettings = (SaslSettings) Mockito.mock(SaslSettings.class);
        Mockito.when(saslSettings.getLocalFQDN()).thenReturn("testhost.example.com");
        TestCase.assertNull("Should not be able to create SASL negotiator for unsupported mechanism", this._authManager.createSaslNegotiator("UNSUPPORTED MECHANISM", saslSettings, (NamedAddressSpace) null));
    }
}
