package org.apache.qpid.server.security.auth.manager;

import java.util.Collections;
import java.util.Map;
import javax.security.auth.x500.X500Principal;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.BrokerTestHelper;
import org.apache.qpid.server.model.NamedAddressSpace;
import org.apache.qpid.server.security.auth.AuthenticatedPrincipalTestHelper;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.sasl.SaslSettings;
import org.apache.qpid.test.utils.UnitTestBase;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.class */
public class ExternalAuthenticationManagerTest extends UnitTestBase {
    private ExternalAuthenticationManager<?> _manager;
    private ExternalAuthenticationManager<?> _managerUsingFullDN;
    private SaslSettings _saslSettings;

    @BeforeEach
    public void setUp() throws Exception {
        this._manager = new ExternalAuthenticationManagerImpl(Map.of("id", randomUUID(), "name", getTestName(), "useFullDN", false), BrokerTestHelper.createBrokerMock());
        this._manager.open();
        this._managerUsingFullDN = new ExternalAuthenticationManagerImpl(Map.of("id", randomUUID(), "name", getTestName() + "FullDN", "useFullDN", true), BrokerTestHelper.createBrokerMock());
        this._managerUsingFullDN.open();
        this._saslSettings = (SaslSettings) Mockito.mock(SaslSettings.class);
        Mockito.when(this._saslSettings.getLocalFQDN()).thenReturn("example.example.com");
    }

    @Test
    public void testGetMechanisms() {
        Assertions.assertEquals(Collections.singletonList("EXTERNAL"), this._manager.getMechanisms());
    }

    @Test
    public void testCreateSaslNegotiator() {
        createSaslNegotiatorTestImpl(this._manager);
    }

    @Test
    public void testAuthenticatePrincipalNull_CausesAuthError() {
        AuthenticationResult handleResponse = this._manager.createSaslNegotiator("EXTERNAL", this._saslSettings, (NamedAddressSpace) null).handleResponse(new byte[0]);
        Assertions.assertNotNull(handleResponse);
        Assertions.assertEquals(AuthenticationResult.AuthenticationStatus.ERROR, handleResponse.getStatus(), "Expected authentication to be unsuccessful");
        Assertions.assertNull(handleResponse.getMainPrincipal());
    }

    @Test
    public void testAuthenticatePrincipalNoCn_CausesAuthError() {
        Mockito.when(this._saslSettings.getExternalPrincipal()).thenReturn(new X500Principal("DC=example, DC=com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB"));
        AuthenticationResult handleResponse = this._manager.createSaslNegotiator("EXTERNAL", this._saslSettings, (NamedAddressSpace) null).handleResponse(new byte[0]);
        Assertions.assertNotNull(handleResponse);
        Assertions.assertEquals(AuthenticationResult.AuthenticationStatus.ERROR, handleResponse.getStatus(), "Expected authentication to be unsuccessful");
        Assertions.assertNull(handleResponse.getMainPrincipal());
    }

    @Test
    public void testAuthenticatePrincipalEmptyCn_CausesAuthError() {
        Mockito.when(this._saslSettings.getExternalPrincipal()).thenReturn(new X500Principal("CN=, DC=example, DC=com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB"));
        AuthenticationResult handleResponse = this._manager.createSaslNegotiator("EXTERNAL", this._saslSettings, (NamedAddressSpace) null).handleResponse(new byte[0]);
        Assertions.assertNotNull(handleResponse);
        Assertions.assertEquals(AuthenticationResult.AuthenticationStatus.ERROR, handleResponse.getStatus(), "Expected authentication to be unsuccessful");
        Assertions.assertNull(handleResponse.getMainPrincipal());
    }

    @Test
    public void testAuthenticatePrincipalCnOnly() {
        X500Principal x500Principal = new X500Principal("CN=person");
        UsernamePrincipal usernamePrincipal = new UsernamePrincipal("person", this._manager);
        Mockito.when(this._saslSettings.getExternalPrincipal()).thenReturn(x500Principal);
        AuthenticationResult handleResponse = this._manager.createSaslNegotiator("EXTERNAL", this._saslSettings, (NamedAddressSpace) null).handleResponse(new byte[0]);
        Assertions.assertNotNull(handleResponse);
        Assertions.assertEquals(AuthenticationResult.AuthenticationStatus.SUCCESS, handleResponse.getStatus(), "Expected authentication to be successful");
        AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped(usernamePrincipal, handleResponse.getPrincipals());
        Assertions.assertEquals("person", handleResponse.getMainPrincipal().getName());
    }

    @Test
    public void testAuthenticatePrincipalCnAndDc() {
        X500Principal x500Principal = new X500Principal("CN=person, DC=example, DC=com");
        UsernamePrincipal usernamePrincipal = new UsernamePrincipal("person@example.com", this._manager);
        Mockito.when(this._saslSettings.getExternalPrincipal()).thenReturn(x500Principal);
        AuthenticationResult handleResponse = this._manager.createSaslNegotiator("EXTERNAL", this._saslSettings, (NamedAddressSpace) null).handleResponse(new byte[0]);
        Assertions.assertNotNull(handleResponse);
        Assertions.assertEquals(AuthenticationResult.AuthenticationStatus.SUCCESS, handleResponse.getStatus(), "Expected authentication to be successful");
        AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped(usernamePrincipal, handleResponse.getPrincipals());
        Assertions.assertEquals("person@example.com", handleResponse.getMainPrincipal().getName());
    }

    @Test
    public void testAuthenticatePrincipalCnDc_OtherComponentsIgnored() {
        X500Principal x500Principal = new X500Principal("CN=person, DC=example, DC=com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB");
        UsernamePrincipal usernamePrincipal = new UsernamePrincipal("person@example.com", this._manager);
        Mockito.when(this._saslSettings.getExternalPrincipal()).thenReturn(x500Principal);
        AuthenticationResult handleResponse = this._manager.createSaslNegotiator("EXTERNAL", this._saslSettings, (NamedAddressSpace) null).handleResponse(new byte[0]);
        Assertions.assertNotNull(handleResponse);
        Assertions.assertEquals(AuthenticationResult.AuthenticationStatus.SUCCESS, handleResponse.getStatus(), "Expected authentication to be successful");
        AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped(usernamePrincipal, handleResponse.getPrincipals());
        Assertions.assertEquals("person@example.com", handleResponse.getMainPrincipal().getName());
    }

    @Test
    public void testAuthenticatePrincipalCn_OtherComponentsIgnored() {
        X500Principal x500Principal = new X500Principal("CN=person, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB");
        UsernamePrincipal usernamePrincipal = new UsernamePrincipal("person", this._manager);
        Mockito.when(this._saslSettings.getExternalPrincipal()).thenReturn(x500Principal);
        AuthenticationResult handleResponse = this._manager.createSaslNegotiator("EXTERNAL", this._saslSettings, (NamedAddressSpace) null).handleResponse(new byte[0]);
        Assertions.assertNotNull(handleResponse);
        Assertions.assertEquals(AuthenticationResult.AuthenticationStatus.SUCCESS, handleResponse.getStatus(), "Expected authentication to be successful");
        AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped(usernamePrincipal, handleResponse.getPrincipals());
        Assertions.assertEquals("person", handleResponse.getMainPrincipal().getName());
    }

    @Test
    public void testFullDNMode_CreateSaslNegotiator() {
        createSaslNegotiatorTestImpl(this._managerUsingFullDN);
    }

    @Test
    public void testFullDNMode_Authenticate() {
        X500Principal x500Principal = new X500Principal("CN=person, DC=example, DC=com");
        Mockito.when(this._saslSettings.getExternalPrincipal()).thenReturn(x500Principal);
        AuthenticationResult handleResponse = this._managerUsingFullDN.createSaslNegotiator("EXTERNAL", this._saslSettings, (NamedAddressSpace) null).handleResponse(new byte[0]);
        Assertions.assertNotNull(handleResponse);
        Assertions.assertEquals(AuthenticationResult.AuthenticationStatus.SUCCESS, handleResponse.getStatus(), "Expected authentication to be successful");
        AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped(x500Principal, handleResponse.getPrincipals());
        Assertions.assertEquals("CN=person,DC=example,DC=com", handleResponse.getMainPrincipal().getName());
    }

    private void createSaslNegotiatorTestImpl(AuthenticationProvider<?> authenticationProvider) {
        Assertions.assertNotNull(authenticationProvider.createSaslNegotiator("EXTERNAL", this._saslSettings, (NamedAddressSpace) null), "Could not create SASL negotiator for 'EXTERNAL' mechanism.");
        Assertions.assertNull(authenticationProvider.createSaslNegotiator("PLAIN", this._saslSettings, (NamedAddressSpace) null), "Should not be able to create SASL negotiator with incorrect mechanism.");
    }
}
