package org.apache.qpid.server.security;

import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import javax.security.auth.Subject;
import org.apache.qpid.server.logging.EventLogger;
import org.apache.qpid.server.logging.LogMessage;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.GroupProvider;
import org.apache.qpid.server.model.NamedAddressSpace;
import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
import org.apache.qpid.test.utils.UnitTestBase;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/qpid/server/security/SubjectCreatorTest.class */
public class SubjectCreatorTest extends UnitTestBase {
    private static final UsernamePrincipal USERNAME_PRINCIPAL = new UsernamePrincipal("username", (AuthenticationProvider) null);
    private static final String PASSWORD = "password";
    private final AuthenticationProvider<?> _authenticationProvider = (AuthenticationProvider) Mockito.mock(AuthenticationProvider.class);
    private final GroupProvider<?> _groupManager1 = (GroupProvider) Mockito.mock(GroupProvider.class);
    private final GroupProvider<?> _groupManager2 = (GroupProvider) Mockito.mock(GroupProvider.class);
    private final Principal _group1 = (Principal) Mockito.mock(Principal.class);
    private final Principal _group2 = (Principal) Mockito.mock(Principal.class);
    private final SaslNegotiator _testSaslNegotiator = (SaslNegotiator) Mockito.mock(SaslNegotiator.class);
    private final byte[] _saslResponseBytes = PASSWORD.getBytes();
    private SubjectCreator _subjectCreator;
    private AuthenticationResult _authenticationResult;
    private EventLogger _eventLogger;

    @Before
    public void setUp() {
        Mockito.when(this._groupManager1.getGroupPrincipalsForUser(USERNAME_PRINCIPAL)).thenReturn(Collections.singleton(this._group1));
        Mockito.when(this._groupManager2.getGroupPrincipalsForUser(USERNAME_PRINCIPAL)).thenReturn(Collections.singleton(this._group2));
        this._subjectCreator = new SubjectCreator(this._authenticationProvider, new HashSet(Arrays.asList(this._groupManager1, this._groupManager2)), (NamedAddressSpace) null);
        this._eventLogger = (EventLogger) Mockito.mock(EventLogger.class);
        Mockito.when(this._authenticationProvider.getEventLogger()).thenReturn(this._eventLogger);
        this._authenticationResult = new AuthenticationResult(USERNAME_PRINCIPAL);
    }

    @Test
    public void testSaslAuthenticationSuccessReturnsSubjectWithUserAndGroupPrincipals() throws Exception {
        Mockito.when(this._testSaslNegotiator.handleResponse(this._saslResponseBytes)).thenReturn(this._authenticationResult);
        Subject subject = this._subjectCreator.authenticate(this._testSaslNegotiator, this._saslResponseBytes).getSubject();
        Assert.assertEquals("Should contain one user principal and two groups ", 3L, subject.getPrincipals().size());
        Assert.assertTrue(subject.getPrincipals().contains(new AuthenticatedPrincipal(USERNAME_PRINCIPAL)));
        Assert.assertTrue(subject.getPrincipals().contains(this._group1));
        Assert.assertTrue(subject.getPrincipals().contains(this._group2));
        Assert.assertTrue(subject.isReadOnly());
    }

    @Test
    public void testAuthenticateUnsuccessfulReturnsNullSubjectAndCorrectStatus() {
        testUnsuccessfulAuthentication(AuthenticationResult.AuthenticationStatus.CONTINUE);
        testUnsuccessfulAuthentication(AuthenticationResult.AuthenticationStatus.ERROR);
    }

    private void testUnsuccessfulAuthentication(AuthenticationResult.AuthenticationStatus authenticationStatus) {
        Mockito.when(this._testSaslNegotiator.handleResponse(this._saslResponseBytes)).thenReturn(new AuthenticationResult(authenticationStatus));
        SubjectAuthenticationResult authenticate = this._subjectCreator.authenticate(this._testSaslNegotiator, this._saslResponseBytes);
        Assert.assertSame(authenticationStatus, authenticate.getStatus());
        Assert.assertNull(authenticate.getSubject());
        if (authenticationStatus == AuthenticationResult.AuthenticationStatus.ERROR) {
            ArgumentCaptor forClass = ArgumentCaptor.forClass(LogMessage.class);
            ((EventLogger) Mockito.verify(this._eventLogger)).message((LogMessage) forClass.capture());
            Assert.assertTrue("Unexpected operational log message", ((LogMessage) forClass.getValue()).toString().startsWith("ATH-1010"));
        }
    }

    @Test
    public void testGetGroupPrincipals() {
        getAndAssertGroupPrincipals(this._group1, this._group2);
    }

    @Test
    public void testGetGroupPrincipalsWhenAGroupManagerReturnsNull() {
        Mockito.when(this._groupManager1.getGroupPrincipalsForUser(USERNAME_PRINCIPAL)).thenReturn((Object) null);
        getAndAssertGroupPrincipals(this._group2);
    }

    @Test
    public void testGetGroupPrincipalsWhenAGroupManagerReturnsEmptySet() {
        Mockito.when(this._groupManager2.getGroupPrincipalsForUser(USERNAME_PRINCIPAL)).thenReturn(new HashSet());
        getAndAssertGroupPrincipals(this._group1);
    }

    private void getAndAssertGroupPrincipals(Principal... principalArr) {
        Assert.assertEquals(new HashSet(Arrays.asList(principalArr)), this._subjectCreator.getGroupPrincipals(USERNAME_PRINCIPAL));
    }
}
