package net.shibboleth.idp.authn.impl;

import java.time.ZonedDateTime;
import java.util.HashMap;
import java.util.function.Function;
import java.util.regex.Pattern;
import net.shibboleth.idp.authn.AuthenticationResult;
import net.shibboleth.idp.authn.TemplateSearchDnResolver;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.AuthenticationErrorContext;
import net.shibboleth.idp.authn.context.AuthenticationWarningContext;
import net.shibboleth.idp.authn.context.LDAPResponseContext;
import net.shibboleth.idp.authn.context.UsernamePasswordContext;
import net.shibboleth.idp.authn.impl.testing.BaseAuthenticationContextTest;
import net.shibboleth.idp.authn.principal.UsernamePrincipal;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.testing.ConstantSupplier;
import net.shibboleth.shared.testing.InMemoryDirectory;
import net.shibboleth.shared.testing.VelocityEngine;
import org.ldaptive.DefaultConnectionFactory;
import org.ldaptive.auth.AccountState;
import org.ldaptive.auth.AuthenticationResponse;
import org.ldaptive.auth.AuthenticationResponseHandler;
import org.ldaptive.auth.AuthenticationResultCode;
import org.ldaptive.auth.Authenticator;
import org.ldaptive.auth.FormatDnResolver;
import org.ldaptive.auth.SearchDnResolver;
import org.ldaptive.auth.SimpleBindAuthenticationHandler;
import org.ldaptive.auth.ext.PasswordPolicyAccountState;
import org.ldaptive.control.PasswordPolicyControl;
import org.ldaptive.jaas.LdapPrincipal;
import org.opensaml.profile.context.ProfileRequestContext;
import org.springframework.core.io.ClassPathResource;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.webflow.execution.Event;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/authn/impl/LDAPCredentialValidatorTest.class */
public class LDAPCredentialValidatorTest extends BaseAuthenticationContextTest {
    private static final String DATA_PATH = "/net/shibboleth/idp/authn/impl/";
    private LDAPCredentialValidator validator;
    private ValidateCredentials action;
    private InMemoryDirectory directoryServer;
    private TemplateSearchDnResolver dnResolver;
    private SimpleBindAuthenticationHandler authHandler;
    private Authenticator authenticator;
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeClass
    public void setupDirectoryServer() {
        this.directoryServer = new InMemoryDirectory(new String[]{"dc=shibboleth,dc=net"}, new ClassPathResource("/net/shibboleth/idp/authn/impl/loginLDAPTest.ldif"), 10389);
        this.directoryServer.start();
    }

    @BeforeClass
    public void setupAuthenticator() {
        this.dnResolver = new TemplateSearchDnResolver(new DefaultConnectionFactory("ldap://localhost:10389"), VelocityEngine.newVelocityEngine(), "(uid=$usernamePasswordContext.username)");
        this.dnResolver.setBaseDn("ou=people,dc=shibboleth,dc=net");
        this.authHandler = new SimpleBindAuthenticationHandler(new DefaultConnectionFactory("ldap://localhost:10389"));
        this.authenticator = new Authenticator(this.dnResolver, this.authHandler);
    }

    @AfterClass
    public void teardownDirectoryServer() throws Exception {
        if (this.directoryServer.openConnectionCount() > 0) {
            Thread.sleep(100L);
        }
        Assert.assertEquals(this.directoryServer.openConnectionCount(), 0L);
        this.directoryServer.stop(true);
    }

    @Override // net.shibboleth.idp.authn.impl.testing.BaseAuthenticationContextTest
    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        super.setUp();
        this.validator = new LDAPCredentialValidator();
        this.validator.setId("ldaptest");
        this.action = new ValidateCredentials();
        if (!$assertionsDisabled && this.validator == null) {
            throw new AssertionError();
        }
        this.action.setValidators(CollectionSupport.singletonList(this.validator));
        HashMap hashMap = new HashMap();
        hashMap.put("UnknownUsername", CollectionSupport.listOf("DN_RESOLUTION_FAILURE", "INVALID_DN_SYNTAX"));
        hashMap.put("InvalidPassword", CollectionSupport.singleton("INVALID_CREDENTIALS"));
        hashMap.put("ExpiringPassword", CollectionSupport.singleton("ACCOUNT_WARNING"));
        hashMap.put("ExpiredPassword", CollectionSupport.listOf("PASSWORD_EXPIRED", "CHANGE_AFTER_RESET"));
        this.action.setClassifiedMessages(hashMap);
        this.action.setHttpServletRequestSupplier(new ConstantSupplier(new MockHttpServletRequest()));
    }

    @Test
    public void testMissingFlow() throws ComponentInitializationException {
        this.validator.setAuthenticator(this.authenticator);
        this.validator.initialize();
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidAuthenticationContext");
    }

    @Test
    public void testMissingUser() throws ComponentInitializationException {
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(this.authenticator);
        this.validator.initialize();
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "NoCredentials");
    }

    @Test
    public void testMissingUser2() throws ComponentInitializationException {
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        subcontext.ensureSubcontext(UsernamePasswordContext.class);
        this.validator.setAuthenticator(this.authenticator);
        this.validator.initialize();
        this.action.initialize();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        Assert.assertNull(subcontext.getSubcontext(LDAPResponseContext.class));
        ActionTestingSupport.assertEvent(execute, "NoCredentials");
        AuthenticationErrorContext subcontext2 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        Assert.assertTrue(subcontext2.isClassifiedError("NoCredentials"));
    }

    @Test
    public void testUnmatchedUser() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "foo");
        getMockHttpServletRequest(this.action).addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        subcontext.ensureSubcontext(UsernamePasswordContext.class);
        this.validator.setAuthenticator(this.authenticator);
        this.validator.setMatchExpression(Pattern.compile("foo.+"));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "RequestUnsupported");
    }

    @Test
    public void testBadConfigInvalidDnResolver() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "foo");
        getMockHttpServletRequest(this.action).addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(new Authenticator(new SearchDnResolver(), this.authHandler));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        AuthenticationResponse authenticationResponse = subcontext2.getAuthenticationResponse();
        if (!$assertionsDisabled && authenticationResponse == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(authenticationResponse.getAuthenticationResultCode(), AuthenticationResultCode.DN_RESOLUTION_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        if (!$assertionsDisabled && subcontext3 == null) {
            throw new AssertionError();
        }
        ActionTestingSupport.assertEvent(execute, "UnknownUsername");
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 1);
        Assert.assertTrue(subcontext3.isClassifiedError("UnknownUsername"));
    }

    @Test
    public void testBadConfigUnknownHost() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL");
        getMockHttpServletRequest(this.action).addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(new Authenticator(this.dnResolver, new SimpleBindAuthenticationHandler(new DefaultConnectionFactory("ldap://unknown:389"))));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        Assert.assertNull(subcontext.getSubcontext(LDAPResponseContext.class));
        AuthenticationErrorContext subcontext2 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        ActionTestingSupport.assertEvent(execute, "AuthenticationException");
        Assert.assertEquals(subcontext2.getExceptions().size(), 1);
        Assert.assertEquals(subcontext2.getClassifiedErrors().size(), 1);
        Assert.assertTrue(subcontext2.isClassifiedError("AuthenticationException"));
    }

    @Test
    public void testBadUsername() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "foo");
        getMockHttpServletRequest(this.action).addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(this.authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        AuthenticationResponse authenticationResponse = subcontext2.getAuthenticationResponse();
        if (!$assertionsDisabled && authenticationResponse == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(authenticationResponse.getAuthenticationResultCode(), AuthenticationResultCode.DN_RESOLUTION_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        if (!$assertionsDisabled && subcontext3 == null) {
            throw new AssertionError();
        }
        ActionTestingSupport.assertEvent(execute, "UnknownUsername");
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 1);
        Assert.assertTrue(subcontext3.isClassifiedError("UnknownUsername"));
    }

    @Test
    public void testBadUsernameAuthnException() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "foo");
        getMockHttpServletRequest(this.action).addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(new Authenticator(new FormatDnResolver("cn=%s,ou,dc=shibboleth,dc=net"), this.authHandler));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        AuthenticationResponse authenticationResponse = subcontext2.getAuthenticationResponse();
        if (!$assertionsDisabled && authenticationResponse == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(authenticationResponse.getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        if (!$assertionsDisabled && subcontext3 == null) {
            throw new AssertionError();
        }
        ActionTestingSupport.assertEvent(execute, "UnknownUsername");
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 1);
        Assert.assertTrue(subcontext3.isClassifiedError("UnknownUsername"));
    }

    @Test
    public void testEmptyPassword() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL");
        getMockHttpServletRequest(this.action).addParameter("password", "");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(this.authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        Assert.assertNull(subcontext.getSubcontext(LDAPResponseContext.class));
        ActionTestingSupport.assertEvent(execute, "InvalidCredentials");
        AuthenticationErrorContext subcontext2 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        Assert.assertTrue(subcontext2.isClassifiedError("InvalidCredentials"));
    }

    @Test
    public void testBadPassword() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL");
        getMockHttpServletRequest(this.action).addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(this.authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        AuthenticationResponse authenticationResponse = subcontext2.getAuthenticationResponse();
        if (!$assertionsDisabled && authenticationResponse == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(authenticationResponse.getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        if (!$assertionsDisabled && subcontext3 == null) {
            throw new AssertionError();
        }
        ActionTestingSupport.assertEvent(execute, "InvalidPassword");
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 1);
        Assert.assertTrue(subcontext3.isClassifiedError("InvalidPassword"));
    }

    @Test
    public void testExpiredPassword() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL");
        getMockHttpServletRequest(this.action).addParameter("password", "bar");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        Authenticator authenticator = new Authenticator(this.dnResolver, this.authHandler);
        authenticator.setResponseHandlers(new AuthenticationResponseHandler[]{authenticationResponse -> {
            authenticationResponse.setAccountState(new PasswordPolicyAccountState(PasswordPolicyControl.Error.PASSWORD_EXPIRED));
        }});
        this.validator.setAuthenticator(authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        Assert.assertNull(subcontext.getAuthenticationResult());
        LDAPResponseContext subcontext2 = subcontext.getSubcontext(LDAPResponseContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        AuthenticationResponse authenticationResponse2 = subcontext2.getAuthenticationResponse();
        if (!$assertionsDisabled && authenticationResponse2 == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(authenticationResponse2.getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_FAILURE);
        AuthenticationErrorContext subcontext3 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        if (!$assertionsDisabled && subcontext3 == null) {
            throw new AssertionError();
        }
        ActionTestingSupport.assertEvent(execute, "ExpiredPassword");
        Assert.assertEquals(subcontext3.getClassifiedErrors().size(), 2);
        Assert.assertTrue(subcontext3.isClassifiedError("ExpiredPassword"));
        Assert.assertTrue(subcontext3.isClassifiedError("InvalidPassword"));
    }

    @Test
    public void testChangeAfterReset() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL");
        getMockHttpServletRequest(this.action).addParameter("password", "changeit");
        AuthenticationContext authenticationContext = (AuthenticationContext) this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && authenticationContext == null) {
            throw new AssertionError();
        }
        authenticationContext.setAttemptedFlow(this.authenticationFlows.get(0));
        Authenticator authenticator = new Authenticator(this.dnResolver, this.authHandler);
        authenticator.setResponseHandlers(new AuthenticationResponseHandler[]{authenticationResponse -> {
            authenticationResponse.setAccountState(new PasswordPolicyAccountState(PasswordPolicyControl.Error.CHANGE_AFTER_RESET));
        }});
        this.validator.setAuthenticator(authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        assertAuthSuccess(authenticationContext, "PETER_THE_PRINCIPAL");
        AuthenticationWarningContext subcontext = authenticationContext.getSubcontext(AuthenticationWarningContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        ActionTestingSupport.assertEvent(execute, "ExpiredPassword");
        Assert.assertEquals(subcontext.getClassifiedWarnings().size(), 1);
        Assert.assertTrue(subcontext.isClassifiedWarning("ExpiredPassword"));
    }

    @Test
    public void testExpiringPassword() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL");
        getMockHttpServletRequest(this.action).addParameter("password", "changeit");
        AuthenticationContext authenticationContext = (AuthenticationContext) this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && authenticationContext == null) {
            throw new AssertionError();
        }
        authenticationContext.setAttemptedFlow(this.authenticationFlows.get(0));
        Authenticator authenticator = new Authenticator(this.dnResolver, this.authHandler);
        authenticator.setResponseHandlers(new AuthenticationResponseHandler[]{authenticationResponse -> {
            authenticationResponse.setAccountState(new AccountState(new AccountState.Warning[]{new AccountState.DefaultWarning(ZonedDateTime.now(), 10)}));
        }});
        this.validator.setAuthenticator(authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        Event execute = this.action.execute(this.src);
        assertAuthSuccess(authenticationContext, "PETER_THE_PRINCIPAL");
        ActionTestingSupport.assertEvent(execute, "ExpiringPassword");
        AuthenticationWarningContext subcontext = authenticationContext.getSubcontext(AuthenticationWarningContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(subcontext.getClassifiedWarnings().size(), 1);
        Assert.assertTrue(subcontext.isClassifiedWarning("ExpiringPassword"));
    }

    @Test
    public void testAuthorized() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL");
        getMockHttpServletRequest(this.action).addParameter("password", "changeit");
        AuthenticationContext authenticationContext = (AuthenticationContext) this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && authenticationContext == null) {
            throw new AssertionError();
        }
        authenticationContext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(this.authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        assertAuthSuccess(authenticationContext, "PETER_THE_PRINCIPAL");
    }

    @Test
    public void testComputedAndAuthorized() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL");
        getMockHttpServletRequest(this.action).addParameter("password", "change");
        AuthenticationContext authenticationContext = (AuthenticationContext) this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && authenticationContext == null) {
            throw new AssertionError();
        }
        authenticationContext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(this.authenticator);
        this.validator.setPasswordLookupStrategy(new Function<ProfileRequestContext, char[]>() { // from class: net.shibboleth.idp.authn.impl.LDAPCredentialValidatorTest.1
            static final /* synthetic */ boolean $assertionsDisabled;

            @Override // java.util.function.Function
            public char[] apply(ProfileRequestContext profileRequestContext) {
                AuthenticationContext subcontext = profileRequestContext.getSubcontext(AuthenticationContext.class);
                if (!$assertionsDisabled && subcontext == null) {
                    throw new AssertionError();
                }
                UsernamePasswordContext subcontext2 = subcontext.getSubcontext(UsernamePasswordContext.class);
                if ($assertionsDisabled || subcontext2 != null) {
                    return (subcontext2.getPassword() + "it").toCharArray();
                }
                throw new AssertionError();
            }

            static {
                $assertionsDisabled = !LDAPCredentialValidatorTest.class.desiredAssertionStatus();
            }
        });
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        assertAuthSuccess(authenticationContext, "PETER_THE_PRINCIPAL");
    }

    @Test
    public void testDefaultFilterSyntax() throws ComponentInitializationException {
        TemplateSearchDnResolver templateSearchDnResolver = new TemplateSearchDnResolver(new DefaultConnectionFactory("ldap://localhost:10389"), VelocityEngine.newVelocityEngine(), "(uid={user})");
        templateSearchDnResolver.setBaseDn("ou=people,dc=shibboleth,dc=net");
        Authenticator authenticator = new Authenticator(templateSearchDnResolver, this.authHandler);
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL");
        getMockHttpServletRequest(this.action).addParameter("password", "changeit");
        AuthenticationContext authenticationContext = (AuthenticationContext) this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && authenticationContext == null) {
            throw new AssertionError();
        }
        authenticationContext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        assertAuthSuccess(authenticationContext, "PETER_THE_PRINCIPAL");
    }

    @Test
    public void testDefaultFilterSyntaxMultiByte() throws ComponentInitializationException {
        TemplateSearchDnResolver templateSearchDnResolver = new TemplateSearchDnResolver(new DefaultConnectionFactory("ldap://localhost:10389"), VelocityEngine.newVelocityEngine(), "(uid={user})");
        templateSearchDnResolver.setBaseDn("ou=people,dc=shibboleth,dc=net");
        Authenticator authenticator = new Authenticator(templateSearchDnResolver, this.authHandler);
        getMockHttpServletRequest(this.action).addParameter("username", "RAPHAËL_WEIß");
        getMockHttpServletRequest(this.action).addParameter("password", "changeit");
        AuthenticationContext authenticationContext = (AuthenticationContext) this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && authenticationContext == null) {
            throw new AssertionError();
        }
        authenticationContext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        assertAuthSuccess(authenticationContext, "RAPHAËL_WEIß");
    }

    @Test
    public void testVelocityFilterSyntax() throws ComponentInitializationException {
        TemplateSearchDnResolver templateSearchDnResolver = new TemplateSearchDnResolver(new DefaultConnectionFactory("ldap://localhost:10389"), VelocityEngine.newVelocityEngine(), "(uid=$usernamePasswordContext.username)");
        templateSearchDnResolver.setBaseDn("ou=people,dc=shibboleth,dc=net");
        Authenticator authenticator = new Authenticator(templateSearchDnResolver, this.authHandler);
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL");
        getMockHttpServletRequest(this.action).addParameter("password", "changeit");
        AuthenticationContext authenticationContext = (AuthenticationContext) this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && authenticationContext == null) {
            throw new AssertionError();
        }
        authenticationContext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        assertAuthSuccess(authenticationContext, "PETER_THE_PRINCIPAL");
    }

    @Test
    public void testVelocityFilterSyntaxMultiByte() throws ComponentInitializationException {
        TemplateSearchDnResolver templateSearchDnResolver = new TemplateSearchDnResolver(new DefaultConnectionFactory("ldap://localhost:10389"), VelocityEngine.newVelocityEngine(), "(uid=$usernamePasswordContext.username)");
        templateSearchDnResolver.setBaseDn("ou=people,dc=shibboleth,dc=net");
        Authenticator authenticator = new Authenticator(templateSearchDnResolver, this.authHandler);
        getMockHttpServletRequest(this.action).addParameter("username", "RAPHAËL_WEIß");
        getMockHttpServletRequest(this.action).addParameter("password", "changeit");
        AuthenticationContext authenticationContext = (AuthenticationContext) this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && authenticationContext == null) {
            throw new AssertionError();
        }
        authenticationContext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        assertAuthSuccess(authenticationContext, "RAPHAËL_WEIß");
    }

    @Test
    public void testCombinedVelocityFilterSyntax() throws ComponentInitializationException {
        TemplateSearchDnResolver templateSearchDnResolver = new TemplateSearchDnResolver(new DefaultConnectionFactory("ldap://localhost:10389"), VelocityEngine.newVelocityEngine(), "(|(mail=$usernamePasswordContext.username)(uid={user}))");
        templateSearchDnResolver.setBaseDn("ou=people,dc=shibboleth,dc=net");
        Authenticator authenticator = new Authenticator(templateSearchDnResolver, this.authHandler);
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL");
        getMockHttpServletRequest(this.action).addParameter("password", "changeit");
        AuthenticationContext authenticationContext = (AuthenticationContext) this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && authenticationContext == null) {
            throw new AssertionError();
        }
        authenticationContext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        assertAuthSuccess(authenticationContext, "PETER_THE_PRINCIPAL");
    }

    @Test
    public void testCombinedVelocityFilterSyntaxMultiByte() throws ComponentInitializationException {
        TemplateSearchDnResolver templateSearchDnResolver = new TemplateSearchDnResolver(new DefaultConnectionFactory("ldap://localhost:10389"), VelocityEngine.newVelocityEngine(), "(&(mail=$usernamePasswordContext.username)(description=März Äpfel))");
        templateSearchDnResolver.setBaseDn("ou=people,dc=shibboleth,dc=net");
        Authenticator authenticator = new Authenticator(templateSearchDnResolver, this.authHandler);
        getMockHttpServletRequest(this.action).addParameter("username", "raphaël.weiß@shibboleth.net");
        getMockHttpServletRequest(this.action).addParameter("password", "changeit");
        AuthenticationContext authenticationContext = (AuthenticationContext) this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && authenticationContext == null) {
            throw new AssertionError();
        }
        authenticationContext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        assertAuthSuccess(authenticationContext, "raphaël.weiß@shibboleth.net");
    }

    @Test
    public void testCombinedVelocityFilterSyntaxMultiByteEscaped() throws ComponentInitializationException {
        TemplateSearchDnResolver templateSearchDnResolver = new TemplateSearchDnResolver(new DefaultConnectionFactory("ldap://localhost:10389"), VelocityEngine.newVelocityEngine(), "(&(uid=$usernamePasswordContext.username)(description=M\\C3\\A4rz \\C3\\84pfel))");
        templateSearchDnResolver.setBaseDn("ou=people,dc=shibboleth,dc=net");
        Authenticator authenticator = new Authenticator(templateSearchDnResolver, this.authHandler);
        getMockHttpServletRequest(this.action).addParameter("username", "RAPHAËL_WEIß");
        getMockHttpServletRequest(this.action).addParameter("password", "changeit");
        AuthenticationContext authenticationContext = (AuthenticationContext) this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && authenticationContext == null) {
            throw new AssertionError();
        }
        authenticationContext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        assertAuthSuccess(authenticationContext, "RAPHAËL_WEIß");
    }

    @Test
    public void testMatchAndAuthorized() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL");
        getMockHttpServletRequest(this.action).addParameter("password", "changeit");
        AuthenticationContext authenticationContext = (AuthenticationContext) this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && authenticationContext == null) {
            throw new AssertionError();
        }
        authenticationContext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(this.authenticator);
        this.validator.setMatchExpression(Pattern.compile(".+_THE_.+"));
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        assertAuthSuccess(authenticationContext, "PETER_THE_PRINCIPAL");
    }

    @Test
    public void testAuthorizedAndKeepContext() throws ComponentInitializationException {
        getMockHttpServletRequest(this.action).addParameter("username", "PETER_THE_PRINCIPAL");
        getMockHttpServletRequest(this.action).addParameter("password", "changeit");
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAttemptedFlow(this.authenticationFlows.get(0));
        this.validator.setAuthenticator(this.authenticator);
        this.validator.initialize();
        this.action.initialize();
        doExtract();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
    }

    private void assertAuthSuccess(AuthenticationContext authenticationContext, String str) {
        Assert.assertNull(authenticationContext.getSubcontext(AuthenticationErrorContext.class));
        AuthenticationResult authenticationResult = authenticationContext.getAuthenticationResult();
        if (!$assertionsDisabled && authenticationResult == null) {
            throw new AssertionError();
        }
        LDAPResponseContext subcontext = authenticationContext.getSubcontext(LDAPResponseContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        AuthenticationResponse authenticationResponse = subcontext.getAuthenticationResponse();
        if (!$assertionsDisabled && authenticationResponse == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(authenticationResponse.getAuthenticationResultCode(), AuthenticationResultCode.AUTHENTICATION_HANDLER_SUCCESS);
        UsernamePrincipal usernamePrincipal = (UsernamePrincipal) authenticationResult.getSubject().getPrincipals(UsernamePrincipal.class).iterator().next();
        Assert.assertNotNull(usernamePrincipal);
        Assert.assertEquals(usernamePrincipal.getName(), str);
        LdapPrincipal ldapPrincipal = (LdapPrincipal) authenticationResult.getSubject().getPrincipals(LdapPrincipal.class).iterator().next();
        Assert.assertNotNull(ldapPrincipal);
        Assert.assertEquals(ldapPrincipal.getName(), str);
        Assert.assertNotNull(ldapPrincipal.getLdapEntry());
    }

    private void doExtract() throws ComponentInitializationException {
        ExtractUsernamePasswordFromFormRequest extractUsernamePasswordFromFormRequest = new ExtractUsernamePasswordFromFormRequest();
        extractUsernamePasswordFromFormRequest.setHttpServletRequestSupplier(this.action.getHttpServletRequestSupplier());
        extractUsernamePasswordFromFormRequest.initialize();
        extractUsernamePasswordFromFormRequest.execute(this.src);
    }

    static {
        $assertionsDisabled = !LDAPCredentialValidatorTest.class.desiredAssertionStatus();
    }
}
