package net.shibboleth.idp.authn.impl;

import com.unboundid.ldap.listener.InMemoryDirectoryServer;
import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
import com.unboundid.ldap.listener.InMemoryListenerConfig;
import com.unboundid.ldap.sdk.LDAPException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Set;
import net.shibboleth.idp.authn.AuthenticationResult;
import net.shibboleth.idp.authn.CredentialValidator;
import net.shibboleth.idp.authn.TemplateSearchDnResolver;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.AuthenticationErrorContext;
import net.shibboleth.idp.authn.context.LDAPResponseContext;
import net.shibboleth.idp.authn.context.UsernamePasswordContext;
import net.shibboleth.idp.authn.impl.ValidateCredentials;
import net.shibboleth.idp.authn.impl.testing.BaseAuthenticationContextTest;
import net.shibboleth.idp.authn.principal.UsernamePrincipal;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.utilities.java.support.velocity.VelocityEngine;
import org.ldaptive.DefaultConnectionFactory;
import org.ldaptive.auth.AuthenticationResultCode;
import org.ldaptive.auth.Authenticator;
import org.ldaptive.auth.BindAuthenticationHandler;
import org.ldaptive.jaas.LdapPrincipal;
import org.springframework.core.io.FileSystemResource;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.webflow.execution.Event;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/authn/impl/ValidateCredentialsTest.class */
public class ValidateCredentialsTest extends BaseAuthenticationContextTest {
    private static final String DATA_PATH = "src/test/resources/net/shibboleth/idp/authn/impl/";
    private ValidateCredentials action;
    private InMemoryDirectoryServer directoryServer;
    private TemplateSearchDnResolver dnResolver;
    private BindAuthenticationHandler authHandler;
    private Authenticator authenticator;

    @BeforeClass
    public void setupDirectoryServer() throws LDAPException {
        InMemoryDirectoryServerConfig inMemoryDirectoryServerConfig = new InMemoryDirectoryServerConfig(new String[]{"dc=shibboleth,dc=net"});
        inMemoryDirectoryServerConfig.setListenerConfigs(new InMemoryListenerConfig[]{InMemoryListenerConfig.createLDAPConfig("default", 10389)});
        inMemoryDirectoryServerConfig.addAdditionalBindCredentials("cn=Directory Manager", "password");
        this.directoryServer = new InMemoryDirectoryServer(inMemoryDirectoryServerConfig);
        this.directoryServer.importFromLDIF(true, "src/test/resources/net/shibboleth/idp/authn/impl/loginLDAPTest.ldif");
        this.directoryServer.startListening();
    }

    @BeforeClass
    public void setupAuthenticator() {
        this.dnResolver = new TemplateSearchDnResolver(new DefaultConnectionFactory("ldap://localhost:10389"), VelocityEngine.newVelocityEngine(), "(uid=$usernamePasswordContext.username)");
        this.dnResolver.setBaseDn("ou=people,dc=shibboleth,dc=net");
        this.authHandler = new BindAuthenticationHandler(new DefaultConnectionFactory("ldap://localhost:10389"));
        this.authenticator = new Authenticator(this.dnResolver, this.authHandler);
    }

    @AfterClass
    public void teardownDirectoryServer() {
        this.directoryServer.shutDown(true);
    }

    @Override // net.shibboleth.idp.authn.impl.testing.BaseAuthenticationContextTest
    @BeforeMethod
    public void setUp() throws Exception {
        super.setUp();
        CredentialValidator lDAPCredentialValidator = new LDAPCredentialValidator();
        lDAPCredentialValidator.setId("ldap");
        lDAPCredentialValidator.setAuthenticator(this.authenticator);
        lDAPCredentialValidator.initialize();
        CredentialValidator hTPasswdCredentialValidator = new HTPasswdCredentialValidator();
        hTPasswdCredentialValidator.setId("htpasswd");
        hTPasswdCredentialValidator.setResource(new FileSystemResource("src/test/resources/net/shibboleth/idp/authn/impl//htpasswd.txt"));
        hTPasswdCredentialValidator.initialize();
        this.action = new ValidateCredentials();
        this.action.setValidators(Arrays.asList(lDAPCredentialValidator, hTPasswdCredentialValidator));
        HashMap hashMap = new HashMap();
        hashMap.put("UnknownUsername", Collections.singleton("DN_RESOLUTION_FAILURE"));
        hashMap.put("InvalidPassword", Collections.singleton("INVALID_CREDENTIALS"));
        hashMap.put("InvalidPassword", Collections.singleton("InvalidCredentials"));
        hashMap.put("ExpiringPassword", Collections.singleton("ACCOUNT_WARNING"));
        hashMap.put("ExpiredPassword", Arrays.asList("PASSWORD_EXPIRED", "CHANGE_AFTER_RESET"));
        this.action.setClassifiedMessages(hashMap);
        this.action.setHttpServletRequest(new MockHttpServletRequest());
    }

    @Test
    public void testBadUsername() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "foo");
        this.action.getHttpServletRequest().addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.DN_RESOLUTION_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        Assert.assertNotNull(subcontext3);
        ActionTestingSupport.assertEvent(execute, "UnknownUsername");
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 1);
        Assert.assertTrue(subcontext3.isClassifiedError("UnknownUsername"));
    }

    @Test
    public void testEmptyPassword() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        AuthenticationErrorContext subcontext2 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        Assert.assertNotNull(subcontext2);
        ActionTestingSupport.assertEvent(execute, "InvalidPassword");
        Assert.assertEquals(subcontext2.getClassifiedErrors().size(), 1);
        Assert.assertTrue(subcontext2.isClassifiedError("InvalidPassword"));
    }

    @Test
    public void testBadPassword() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        Assert.assertNotNull(subcontext3);
        ActionTestingSupport.assertEvent(execute, "InvalidPassword");
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 1);
        Assert.assertTrue(subcontext3.isClassifiedError("InvalidPassword"));
    }

    @Test
    public void testAuthorized() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNotNull(subcontext.getSubcontext(UsernamePasswordContext.class));
        Assert.assertNull(subcontext.getSubcontext(AuthenticationErrorContext.class));
        AuthenticationResult authenticationResult = subcontext.getAuthenticationResult();
        Assert.assertNotNull(authenticationResult);
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_SUCCESS);
        UsernamePrincipal usernamePrincipal = (UsernamePrincipal) authenticationResult.getSubject().getPrincipals(UsernamePrincipal.class).iterator().next();
        Assert.assertNotNull(usernamePrincipal);
        Assert.assertEquals(usernamePrincipal.getName(), "PETER_THE_PRINCIPAL");
        LdapPrincipal ldapPrincipal = (LdapPrincipal) authenticationResult.getSubject().getPrincipals(LdapPrincipal.class).iterator().next();
        Assert.assertNotNull(ldapPrincipal);
        Assert.assertEquals(ldapPrincipal.getName(), "PETER_THE_PRINCIPAL");
        Assert.assertNotNull(ldapPrincipal.getLdapEntry());
    }

    @Test
    public void testAuthorized2() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL2");
        this.action.getHttpServletRequest().addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.action.setCleanupHook(new ValidateCredentials.UsernamePasswordCleanupHook());
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNull(subcontext.getSubcontext(UsernamePasswordContext.class));
        AuthenticationResult authenticationResult = subcontext.getAuthenticationResult();
        Assert.assertNotNull(authenticationResult);
        UsernamePrincipal usernamePrincipal = (UsernamePrincipal) authenticationResult.getSubject().getPrincipals(UsernamePrincipal.class).iterator().next();
        Assert.assertNotNull(usernamePrincipal);
        Assert.assertEquals(usernamePrincipal.getName(), "PETER_THE_PRINCIPAL2");
        Assert.assertTrue(authenticationResult.getSubject().getPrincipals(LdapPrincipal.class).isEmpty());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.DN_RESOLUTION_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        Assert.assertNotNull(subcontext3);
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 1);
        Assert.assertTrue(subcontext3.isClassifiedError("UnknownUsername"));
    }

    @Test
    public void testBadPassword2() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL2");
        this.action.getHttpServletRequest().addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.action.setRequireAll(true);
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.DN_RESOLUTION_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        Assert.assertNotNull(subcontext3);
        ActionTestingSupport.assertEvent(execute, "UnknownUsername");
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 1);
        Assert.assertTrue(subcontext3.isClassifiedError("UnknownUsername"));
    }

    @Test
    public void testAuthorizedAll() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.action.setRequireAll(true);
        this.action.setCleanupHook(new ValidateCredentials.UsernamePasswordCleanupHook());
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNull(subcontext.getSubcontext(UsernamePasswordContext.class));
        Assert.assertNull(subcontext.getSubcontext(AuthenticationErrorContext.class));
        AuthenticationResult authenticationResult = subcontext.getAuthenticationResult();
        Assert.assertNotNull(authenticationResult);
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_SUCCESS);
        Set principals = authenticationResult.getSubject().getPrincipals(UsernamePrincipal.class);
        Assert.assertEquals(principals.size(), 1);
        Assert.assertNotNull(principals.iterator().next());
        Assert.assertEquals(((UsernamePrincipal) principals.iterator().next()).getName(), "PETER_THE_PRINCIPAL");
        LdapPrincipal ldapPrincipal = (LdapPrincipal) authenticationResult.getSubject().getPrincipals(LdapPrincipal.class).iterator().next();
        Assert.assertNotNull(ldapPrincipal);
        Assert.assertEquals(ldapPrincipal.getName(), "PETER_THE_PRINCIPAL");
        Assert.assertNotNull(ldapPrincipal.getLdapEntry());
    }

    private void doExtract() throws Exception {
        ExtractUsernamePasswordFromFormRequest extractUsernamePasswordFromFormRequest = new ExtractUsernamePasswordFromFormRequest();
        extractUsernamePasswordFromFormRequest.setHttpServletRequest(this.action.getHttpServletRequest());
        extractUsernamePasswordFromFormRequest.initialize();
        extractUsernamePasswordFromFormRequest.execute(this.src);
    }
}
