package net.shibboleth.idp.authn.impl;

import com.unboundid.ldap.listener.InMemoryDirectoryServer;
import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
import com.unboundid.ldap.listener.InMemoryListenerConfig;
import com.unboundid.ldap.sdk.LDAPException;
import java.time.ZonedDateTime;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.function.Function;
import java.util.regex.Pattern;
import net.shibboleth.idp.authn.AuthenticationResult;
import net.shibboleth.idp.authn.TemplateSearchDnResolver;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.AuthenticationErrorContext;
import net.shibboleth.idp.authn.context.AuthenticationWarningContext;
import net.shibboleth.idp.authn.context.LDAPResponseContext;
import net.shibboleth.idp.authn.context.UsernamePasswordContext;
import net.shibboleth.idp.authn.impl.testing.BaseAuthenticationContextTest;
import net.shibboleth.idp.authn.principal.UsernamePrincipal;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.utilities.java.support.velocity.VelocityEngine;
import org.ldaptive.DefaultConnectionFactory;
import org.ldaptive.LdapException;
import org.ldaptive.auth.AccountState;
import org.ldaptive.auth.AuthenticationResponse;
import org.ldaptive.auth.AuthenticationResponseHandler;
import org.ldaptive.auth.AuthenticationResultCode;
import org.ldaptive.auth.Authenticator;
import org.ldaptive.auth.BindAuthenticationHandler;
import org.ldaptive.auth.SearchDnResolver;
import org.ldaptive.auth.ext.PasswordPolicyAccountState;
import org.ldaptive.control.PasswordPolicyControl;
import org.ldaptive.jaas.LdapPrincipal;
import org.opensaml.profile.context.ProfileRequestContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.webflow.execution.Event;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/authn/impl/LDAPCredentialValidatorTest.class */
public class LDAPCredentialValidatorTest extends BaseAuthenticationContextTest {
    private static final String DATA_PATH = "src/test/resources/net/shibboleth/idp/authn/impl/";
    private LDAPCredentialValidator validator;
    private ValidateCredentials action;
    private InMemoryDirectoryServer directoryServer;
    private TemplateSearchDnResolver dnResolver;
    private BindAuthenticationHandler authHandler;
    private Authenticator authenticator;

    @BeforeClass
    public void setupDirectoryServer() throws LDAPException {
        InMemoryDirectoryServerConfig inMemoryDirectoryServerConfig = new InMemoryDirectoryServerConfig(new String[]{"dc=shibboleth,dc=net"});
        inMemoryDirectoryServerConfig.setListenerConfigs(new InMemoryListenerConfig[]{InMemoryListenerConfig.createLDAPConfig("default", 10389)});
        inMemoryDirectoryServerConfig.addAdditionalBindCredentials("cn=Directory Manager", "password");
        this.directoryServer = new InMemoryDirectoryServer(inMemoryDirectoryServerConfig);
        this.directoryServer.importFromLDIF(true, "src/test/resources/net/shibboleth/idp/authn/impl/loginLDAPTest.ldif");
        this.directoryServer.startListening();
    }

    @BeforeClass
    public void setupAuthenticator() {
        this.dnResolver = new TemplateSearchDnResolver(new DefaultConnectionFactory("ldap://localhost:10389"), VelocityEngine.newVelocityEngine(), "(uid=$usernamePasswordContext.username)");
        this.dnResolver.setBaseDn("ou=people,dc=shibboleth,dc=net");
        this.authHandler = new BindAuthenticationHandler(new DefaultConnectionFactory("ldap://localhost:10389"));
        this.authenticator = new Authenticator(this.dnResolver, this.authHandler);
    }

    @AfterClass
    public void teardownDirectoryServer() {
        this.directoryServer.shutDown(true);
    }

    @Override // net.shibboleth.idp.authn.impl.testing.BaseAuthenticationContextTest
    @BeforeMethod
    public void setUp() throws Exception {
        super.setUp();
        this.validator = new LDAPCredentialValidator();
        this.validator.setId("ldaptest");
        this.action = new ValidateCredentials();
        this.action.setValidators(Collections.singletonList(this.validator));
        HashMap hashMap = new HashMap();
        hashMap.put("UnknownUsername", Collections.singleton("DN_RESOLUTION_FAILURE"));
        hashMap.put("InvalidPassword", Collections.singleton("INVALID_CREDENTIALS"));
        hashMap.put("ExpiringPassword", Collections.singleton("ACCOUNT_WARNING"));
        hashMap.put("ExpiredPassword", Arrays.asList("PASSWORD_EXPIRED", "CHANGE_AFTER_RESET"));
        this.action.setClassifiedMessages(hashMap);
        this.action.setHttpServletRequest(new MockHttpServletRequest());
    }

    @Test
    public void testMissingFlow() throws Exception {
        this.validator.setAuthenticator(this.authenticator);
        this.validator.initialize();
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidAuthenticationContext");
    }

    @Test
    public void testMissingUser() throws Exception {
        this.prc.getSubcontext(AuthenticationContext.class).setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(this.authenticator);
        this.validator.initialize();
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "NoCredentials");
    }

    @Test
    public void testMissingUser2() throws Exception {
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        subcontext.getSubcontext(UsernamePasswordContext.class, true);
        this.validator.setAuthenticator(this.authenticator);
        this.validator.initialize();
        this.action.initialize();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        Assert.assertNull(subcontext.getSubcontext(AuthenticationErrorContext.class));
        ActionTestingSupport.assertEvent(execute, "NoCredentials");
    }

    @Test
    public void testUnmatchedUser() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "foo");
        this.action.getHttpServletRequest().addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        subcontext.getSubcontext(UsernamePasswordContext.class, true);
        this.validator.setAuthenticator(this.authenticator);
        this.validator.setMatchExpression(Pattern.compile("foo.+"));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "RequestUnsupported");
    }

    @Test
    public void testBadConfig() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "foo");
        this.action.getHttpServletRequest().addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(new Authenticator(new SearchDnResolver(), this.authHandler));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.DN_RESOLUTION_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        Assert.assertNotNull(subcontext3);
        ActionTestingSupport.assertEvent(execute, "UnknownUsername");
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 1);
        Assert.assertTrue(subcontext3.isClassifiedError("UnknownUsername"));
    }

    @Test
    public void testBadConfig2() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(new Authenticator(this.dnResolver, new BindAuthenticationHandler(new DefaultConnectionFactory("ldap://unknown:389"))));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        Assert.assertNotNull(subcontext3);
        ActionTestingSupport.assertEvent(execute, "AuthenticationException");
        System.err.println("EXCEPTIONS:: " + subcontext3.getExceptions());
        Assert.assertEquals(subcontext3.getExceptions().size(), 1);
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 0);
    }

    @Test
    public void testBadUsername() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "foo");
        this.action.getHttpServletRequest().addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(this.authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.DN_RESOLUTION_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        Assert.assertNotNull(subcontext3);
        ActionTestingSupport.assertEvent(execute, "UnknownUsername");
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 1);
        Assert.assertTrue(subcontext3.isClassifiedError("UnknownUsername"));
    }

    @Test
    public void testEmptyPassword() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(this.authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        Assert.assertNull(subcontext.getSubcontext(AuthenticationErrorContext.class));
        ActionTestingSupport.assertEvent(execute, "InvalidCredentials");
    }

    @Test
    public void testBadPassword() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(this.authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        Assert.assertNotNull(subcontext3);
        ActionTestingSupport.assertEvent(execute, "InvalidPassword");
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 1);
        Assert.assertTrue(subcontext3.isClassifiedError("InvalidPassword"));
    }

    @Test
    public void testExpiredPassword() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        Authenticator authenticator = new Authenticator(this.dnResolver, this.authHandler);
        authenticator.setAuthenticationResponseHandlers(new AuthenticationResponseHandler[]{new AuthenticationResponseHandler() { // from class: net.shibboleth.idp.authn.impl.LDAPCredentialValidatorTest.1
            public void handle(AuthenticationResponse authenticationResponse) throws LdapException {
                authenticationResponse.setAccountState(new PasswordPolicyAccountState(PasswordPolicyControl.Error.PASSWORD_EXPIRED));
            }
        }});
        this.validator.setAuthenticator(authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        Assert.assertNotNull(subcontext3);
        ActionTestingSupport.assertEvent(execute, "ExpiredPassword");
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 2);
        Assert.assertTrue(subcontext3.isClassifiedError("ExpiredPassword"));
        Assert.assertTrue(subcontext3.isClassifiedError("InvalidPassword"));
    }

    @Test
    public void testChangeAfterReset() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        Authenticator authenticator = new Authenticator(this.dnResolver, this.authHandler);
        authenticator.setAuthenticationResponseHandlers(new AuthenticationResponseHandler[]{new AuthenticationResponseHandler() { // from class: net.shibboleth.idp.authn.impl.LDAPCredentialValidatorTest.2
            public void handle(AuthenticationResponse authenticationResponse) throws LdapException {
                authenticationResponse.setAccountState(new PasswordPolicyAccountState(PasswordPolicyControl.Error.CHANGE_AFTER_RESET));
            }
        }});
        this.validator.setAuthenticator(authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        AuthenticationResult authenticationResult = subcontext.getAuthenticationResult();
        Assert.assertNotNull(authenticationResult);
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_SUCCESS);
        Assert.assertNull(subcontext.getSubcontext(AuthenticationErrorContext.class));
        AuthenticationWarningContext subcontext3 = subcontext.getSubcontext(AuthenticationWarningContext.class);
        Assert.assertNotNull(subcontext3);
        ActionTestingSupport.assertEvent(execute, "ExpiredPassword");
        Assert.assertEquals(subcontext3.getClassifiedWarnings().size(), 1);
        Assert.assertTrue(subcontext3.isClassifiedWarning("ExpiredPassword"));
        UsernamePrincipal usernamePrincipal = (UsernamePrincipal) authenticationResult.getSubject().getPrincipals(UsernamePrincipal.class).iterator().next();
        Assert.assertNotNull(usernamePrincipal);
        Assert.assertEquals(usernamePrincipal.getName(), "PETER_THE_PRINCIPAL");
        LdapPrincipal ldapPrincipal = (LdapPrincipal) authenticationResult.getSubject().getPrincipals(LdapPrincipal.class).iterator().next();
        Assert.assertNotNull(ldapPrincipal);
        Assert.assertEquals(ldapPrincipal.getName(), "PETER_THE_PRINCIPAL");
        Assert.assertNotNull(ldapPrincipal.getLdapEntry());
    }

    @Test
    public void testExpiringPassword() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        Authenticator authenticator = new Authenticator(this.dnResolver, this.authHandler);
        authenticator.setAuthenticationResponseHandlers(new AuthenticationResponseHandler[]{new AuthenticationResponseHandler() { // from class: net.shibboleth.idp.authn.impl.LDAPCredentialValidatorTest.3
            public void handle(AuthenticationResponse authenticationResponse) throws LdapException {
                authenticationResponse.setAccountState(new AccountState(new AccountState.Warning[]{new AccountState.DefaultWarning(ZonedDateTime.now(), 10)}));
            }
        }});
        this.validator.setAuthenticator(authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getSubcontext(AuthenticationErrorContext.class));
        AuthenticationResult authenticationResult = subcontext.getAuthenticationResult();
        Assert.assertNotNull(authenticationResult);
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_SUCCESS);
        ActionTestingSupport.assertEvent(execute, "ExpiringPassword");
        AuthenticationWarningContext subcontext3 = subcontext.getSubcontext(AuthenticationWarningContext.class);
        Assert.assertNotNull(subcontext3);
        Assert.assertEquals(subcontext3.getClassifiedWarnings().size(), 1);
        Assert.assertTrue(subcontext3.isClassifiedWarning("ExpiringPassword"));
        UsernamePrincipal usernamePrincipal = (UsernamePrincipal) authenticationResult.getSubject().getPrincipals(UsernamePrincipal.class).iterator().next();
        Assert.assertNotNull(usernamePrincipal);
        Assert.assertEquals(usernamePrincipal.getName(), "PETER_THE_PRINCIPAL");
        LdapPrincipal ldapPrincipal = (LdapPrincipal) authenticationResult.getSubject().getPrincipals(LdapPrincipal.class).iterator().next();
        Assert.assertNotNull(ldapPrincipal);
        Assert.assertEquals(ldapPrincipal.getName(), "PETER_THE_PRINCIPAL");
        Assert.assertNotNull(ldapPrincipal.getLdapEntry());
    }

    @Test
    public void testAuthorized() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(this.authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNull(subcontext.getSubcontext(AuthenticationErrorContext.class));
        AuthenticationResult authenticationResult = subcontext.getAuthenticationResult();
        Assert.assertNotNull(authenticationResult);
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_SUCCESS);
        UsernamePrincipal usernamePrincipal = (UsernamePrincipal) authenticationResult.getSubject().getPrincipals(UsernamePrincipal.class).iterator().next();
        Assert.assertNotNull(usernamePrincipal);
        Assert.assertEquals(usernamePrincipal.getName(), "PETER_THE_PRINCIPAL");
        LdapPrincipal ldapPrincipal = (LdapPrincipal) authenticationResult.getSubject().getPrincipals(LdapPrincipal.class).iterator().next();
        Assert.assertNotNull(ldapPrincipal);
        Assert.assertEquals(ldapPrincipal.getName(), "PETER_THE_PRINCIPAL");
        Assert.assertNotNull(ldapPrincipal.getLdapEntry());
    }

    @Test
    public void testComputedAndAuthorized() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "change");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(this.authenticator);
        this.validator.setPasswordLookupStrategy(new Function<ProfileRequestContext, char[]>() { // from class: net.shibboleth.idp.authn.impl.LDAPCredentialValidatorTest.4
            @Override // java.util.function.Function
            public char[] apply(ProfileRequestContext profileRequestContext) {
                return (profileRequestContext.getSubcontext(AuthenticationContext.class).getSubcontext(UsernamePasswordContext.class).getPassword() + "it").toCharArray();
            }
        });
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNull(subcontext.getSubcontext(AuthenticationErrorContext.class));
        AuthenticationResult authenticationResult = subcontext.getAuthenticationResult();
        Assert.assertNotNull(authenticationResult);
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_SUCCESS);
        UsernamePrincipal usernamePrincipal = (UsernamePrincipal) authenticationResult.getSubject().getPrincipals(UsernamePrincipal.class).iterator().next();
        Assert.assertNotNull(usernamePrincipal);
        Assert.assertEquals(usernamePrincipal.getName(), "PETER_THE_PRINCIPAL");
        LdapPrincipal ldapPrincipal = (LdapPrincipal) authenticationResult.getSubject().getPrincipals(LdapPrincipal.class).iterator().next();
        Assert.assertNotNull(ldapPrincipal);
        Assert.assertEquals(ldapPrincipal.getName(), "PETER_THE_PRINCIPAL");
        Assert.assertNotNull(ldapPrincipal.getLdapEntry());
    }

    @Test
    public void testDefaultFilterSyntax() throws Exception {
        TemplateSearchDnResolver templateSearchDnResolver = new TemplateSearchDnResolver(new DefaultConnectionFactory("ldap://localhost:10389"), VelocityEngine.newVelocityEngine(), "(uid={user})");
        templateSearchDnResolver.setBaseDn("ou=people,dc=shibboleth,dc=net");
        Authenticator authenticator = new Authenticator(templateSearchDnResolver, this.authHandler);
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNull(subcontext.getSubcontext(AuthenticationErrorContext.class));
        AuthenticationResult authenticationResult = subcontext.getAuthenticationResult();
        Assert.assertNotNull(authenticationResult);
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_SUCCESS);
        UsernamePrincipal usernamePrincipal = (UsernamePrincipal) authenticationResult.getSubject().getPrincipals(UsernamePrincipal.class).iterator().next();
        Assert.assertNotNull(usernamePrincipal);
        Assert.assertEquals(usernamePrincipal.getName(), "PETER_THE_PRINCIPAL");
        LdapPrincipal ldapPrincipal = (LdapPrincipal) authenticationResult.getSubject().getPrincipals(LdapPrincipal.class).iterator().next();
        Assert.assertNotNull(ldapPrincipal);
        Assert.assertEquals(ldapPrincipal.getName(), "PETER_THE_PRINCIPAL");
        Assert.assertNotNull(ldapPrincipal.getLdapEntry());
    }

    @Test
    public void testCombinedFilterSyntax() throws Exception {
        TemplateSearchDnResolver templateSearchDnResolver = new TemplateSearchDnResolver(new DefaultConnectionFactory("ldap://localhost:10389"), VelocityEngine.newVelocityEngine(), "(|(mail=$usernamePasswordContext.username)(uid={user}))");
        templateSearchDnResolver.setBaseDn("ou=people,dc=shibboleth,dc=net");
        Authenticator authenticator = new Authenticator(templateSearchDnResolver, this.authHandler);
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNull(subcontext.getSubcontext(AuthenticationErrorContext.class));
        AuthenticationResult authenticationResult = subcontext.getAuthenticationResult();
        Assert.assertNotNull(authenticationResult);
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_SUCCESS);
        UsernamePrincipal usernamePrincipal = (UsernamePrincipal) authenticationResult.getSubject().getPrincipals(UsernamePrincipal.class).iterator().next();
        Assert.assertNotNull(usernamePrincipal);
        Assert.assertEquals(usernamePrincipal.getName(), "PETER_THE_PRINCIPAL");
        LdapPrincipal ldapPrincipal = (LdapPrincipal) authenticationResult.getSubject().getPrincipals(LdapPrincipal.class).iterator().next();
        Assert.assertNotNull(ldapPrincipal);
        Assert.assertEquals(ldapPrincipal.getName(), "PETER_THE_PRINCIPAL");
        Assert.assertNotNull(ldapPrincipal.getLdapEntry());
    }

    @Test
    public void testMatchAndAuthorized() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(this.authenticator);
        this.validator.setMatchExpression(Pattern.compile(".+_THE_.+"));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNull(subcontext.getSubcontext(AuthenticationErrorContext.class));
        AuthenticationResult authenticationResult = subcontext.getAuthenticationResult();
        Assert.assertNotNull(authenticationResult);
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        Assert.assertNotNull(subcontext2.getAuthenticationResponse());
        Assert.assertEquals(subcontext2.getAuthenticationResponse().getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_SUCCESS);
        UsernamePrincipal usernamePrincipal = (UsernamePrincipal) authenticationResult.getSubject().getPrincipals(UsernamePrincipal.class).iterator().next();
        Assert.assertNotNull(usernamePrincipal);
        Assert.assertEquals(usernamePrincipal.getName(), "PETER_THE_PRINCIPAL");
        LdapPrincipal ldapPrincipal = (LdapPrincipal) authenticationResult.getSubject().getPrincipals(LdapPrincipal.class).iterator().next();
        Assert.assertNotNull(ldapPrincipal);
        Assert.assertEquals(ldapPrincipal.getName(), "PETER_THE_PRINCIPAL");
        Assert.assertNotNull(ldapPrincipal.getLdapEntry());
    }

    @Test
    public void testAuthorizedAndKeepContext() throws Exception {
        this.action.getHttpServletRequest().addParameter("username", "PETER_THE_PRINCIPAL");
        this.action.getHttpServletRequest().addParameter("password", "changeit");
        this.prc.getSubcontext(AuthenticationContext.class).setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(this.authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
    }

    private void doExtract() throws Exception {
        ExtractUsernamePasswordFromFormRequest extractUsernamePasswordFromFormRequest = new ExtractUsernamePasswordFromFormRequest();
        extractUsernamePasswordFromFormRequest.setHttpServletRequest(this.action.getHttpServletRequest());
        extractUsernamePasswordFromFormRequest.initialize();
        extractUsernamePasswordFromFormRequest.execute(this.src);
    }
}
