package org.apache.qpid.server.security.auth.manager.ldap;

import java.io.File;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.cert.Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.BrokerTestHelper;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
import org.apache.qpid.server.security.encryption.AESKeyFileEncrypterTest;
import org.apache.qpid.server.util.FileUtils;
import org.apache.qpid.test.utils.PortHelper;
import org.apache.qpid.test.utils.UnitTestBase;
import org.apache.qpid.test.utils.tls.AlternativeName;
import org.apache.qpid.test.utils.tls.CertificateEntry;
import org.apache.qpid.test.utils.tls.KeyCertificatePair;
import org.apache.qpid.test.utils.tls.KeyStoreEntry;
import org.apache.qpid.test.utils.tls.PrivateKeyEntry;
import org.apache.qpid.test.utils.tls.TlsResource;
import org.apache.qpid.test.utils.tls.TlsResourceBuilder;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/ldap/SimpleLDAPAuthenticationManagerTest.class */
public class SimpleLDAPAuthenticationManagerTest extends UnitTestBase {

    @RegisterExtension
    public static final TlsResource TLS_RESOURCE = new TlsResource("pk", "localhost", AESKeyFileEncrypterTest.PLAINTEXT, "pkcs12");
    private static final String LDAP_FOLDER = TMP_FOLDER + File.separator + "test-ldap";
    private static final PortHelper PORT_HELPER = new PortHelper();
    private static final int PORT = PORT_HELPER.getNextAvailable();
    private static final String DN_LOCALHOST = "CN=localhost";
    private static final String LDAP_USERNAME = "test1";
    private static final String LDAP_PASSWORD = "password1";
    private static Broker<?> _broker;
    private static EmbeddedLDAPServer _ldapServer;
    private static SimpleLDAPAuthenticationManager<?> _authenticationManager;

    @BeforeAll
    public static void setUp() throws Exception {
        _broker = BrokerTestHelper.createBrokerMock();
        KeyCertificatePair createSelfSigned = TlsResourceBuilder.createSelfSigned(DN_LOCALHOST, new AlternativeName[0]);
        KeyStoreEntry privateKeyEntry = new PrivateKeyEntry(TLS_RESOURCE.getPrivateKeyAlias(), createSelfSigned.getPrivateKey(), new Certificate[]{createSelfSigned.getCertificate()});
        KeyStoreEntry certificateEntry = new CertificateEntry(TLS_RESOURCE.getCertificateAlias(), createSelfSigned.getCertificate());
        Path createKeyStore = TLS_RESOURCE.createKeyStore("pkcs12", new KeyStoreEntry[]{privateKeyEntry});
        Path createKeyStore2 = TLS_RESOURCE.createKeyStore("pkcs12", new KeyStoreEntry[]{certificateEntry});
        File file = new File(LDAP_FOLDER);
        if (file.exists()) {
            FileUtils.delete(new File(LDAP_FOLDER), true);
        }
        Files.createDirectory(file.toPath(), new FileAttribute[0]);
        _ldapServer = new EmbeddedLDAPServer(file, createKeyStore.toString(), TLS_RESOURCE.getSecret(), PORT);
        _ldapServer.startServer();
        _authenticationManager = createSimpleLDAPAuthenticationManager(createKeyStore2);
    }

    @AfterAll
    public static void tearDown() throws Exception {
        if (_authenticationManager != null) {
            _authenticationManager.close();
        }
        if (_ldapServer != null) {
            _ldapServer.stopServer();
        }
        FileUtils.delete(new File(LDAP_FOLDER), true);
    }

    @Test
    public void authenticateSuccess() {
        Assertions.assertEquals(AuthenticationResult.AuthenticationStatus.SUCCESS, _authenticationManager.authenticate(LDAP_USERNAME, LDAP_PASSWORD).getStatus());
    }

    @Test
    public void authenticateFailure() {
        Assertions.assertEquals(AuthenticationResult.AuthenticationStatus.ERROR, _authenticationManager.authenticate(LDAP_USERNAME, "password11").getStatus());
    }

    private static TrustStore<?> createTrustStore(Path path) {
        HashMap hashMap = new HashMap();
        hashMap.put("name", path.getFileName());
        hashMap.put("type", "FileTrustStore");
        hashMap.put("storeUrl", path.toUri());
        hashMap.put("password", TLS_RESOURCE.getSecret());
        return _broker.getObjectFactory().create(TrustStore.class, hashMap, _broker);
    }

    private static SimpleLDAPAuthenticationManager<?> createSimpleLDAPAuthenticationManager(Path path) {
        TrustStore<?> createTrustStore = createTrustStore(path);
        String str = "ldaps://localhost:" + PORT;
        HashMap hashMap = new HashMap();
        hashMap.put("name", "SimpleLDAPAuthenticationManager");
        hashMap.put("id", UUID.randomUUID());
        hashMap.put("type", "SimpleLDAP");
        hashMap.put("searchContext", "ou=users,dc=qpid,dc=org");
        hashMap.put("providerUrl", str);
        hashMap.put("searchFilter", "(uid={0})");
        hashMap.put("context", Map.of("qpid.auth.cache.size", "0"));
        hashMap.put("trustStore", createTrustStore);
        return _broker.getObjectFactory().create(AuthenticationProvider.class, hashMap, _broker);
    }
}
