package org.apache.ambari.server.security.authentication.pam;

import com.google.inject.AbstractModule;
import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.Module;
import java.util.Collections;
import java.util.Properties;
import javax.persistence.EntityManager;
import junit.framework.Assert;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.hooks.HookContextFactory;
import org.apache.ambari.server.hooks.HookService;
import org.apache.ambari.server.ldap.service.AmbariLdapConfigurationProvider;
import org.apache.ambari.server.orm.DBAccessor;
import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.UserAuthenticationEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.security.ClientSecurityType;
import org.apache.ambari.server.security.authentication.AccountDisabledException;
import org.apache.ambari.server.security.authentication.AmbariUserAuthentication;
import org.apache.ambari.server.security.authentication.TooManyLoginFailuresException;
import org.apache.ambari.server.security.authorization.User;
import org.apache.ambari.server.security.authorization.UserAuthenticationType;
import org.apache.ambari.server.security.authorization.UserName;
import org.apache.ambari.server.security.authorization.Users;
import org.apache.ambari.server.state.stack.OsFamily;
import org.easymock.EasyMock;
import org.easymock.EasyMockSupport;
import org.junit.Before;
import org.junit.Test;
import org.jvnet.libpam.PAM;
import org.jvnet.libpam.PAMException;
import org.jvnet.libpam.UnixUser;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.password.StandardPasswordEncoder;

/* loaded from: input_file:org/apache/ambari/server/security/authentication/pam/AmbariPamAuthenticationProviderTest.class */
public class AmbariPamAuthenticationProviderTest extends EasyMockSupport {
    private static final String TEST_USER_NAME = "userName";
    private static final String TEST_USER_PASS = "userPass";
    private static final String TEST_USER_INCORRECT_PASS = "userIncorrectPass";
    private Injector injector;

    @Before
    public void setup() {
        final Users users = (Users) createMockBuilder(Users.class).addMockedMethod("getUserEntity", new Class[]{String.class}).addMockedMethod("getUserAuthorities", new Class[]{UserEntity.class}).addMockedMethod("createUser", new Class[]{String.class, String.class, String.class, Boolean.class}).addMockedMethod("addPamAuthentication", new Class[]{UserEntity.class, String.class}).addMockedMethod("getUser", new Class[]{UserEntity.class}).createMock();
        Properties properties = new Properties();
        properties.setProperty(Configuration.CLIENT_SECURITY.getKey(), ClientSecurityType.PAM.name());
        properties.setProperty(Configuration.PAM_CONFIGURATION_FILE.getKey(), "ambari-pam");
        properties.setProperty(Configuration.SHOW_LOCKED_OUT_USER_MESSAGE.getKey(), "true");
        properties.setProperty(Configuration.MAX_LOCAL_AUTHENTICATION_FAILURES.getKey(), "10");
        final Configuration configuration = new Configuration(properties);
        this.injector = Guice.createInjector(new Module[]{new AbstractModule() { // from class: org.apache.ambari.server.security.authentication.pam.AmbariPamAuthenticationProviderTest.1
            protected void configure() {
                bind(EntityManager.class).toInstance(AmbariPamAuthenticationProviderTest.this.createNiceMock(EntityManager.class));
                bind(DBAccessor.class).toInstance(AmbariPamAuthenticationProviderTest.this.createNiceMock(DBAccessor.class));
                bind(HookContextFactory.class).toInstance(AmbariPamAuthenticationProviderTest.this.createNiceMock(HookContextFactory.class));
                bind(HookService.class).toInstance(AmbariPamAuthenticationProviderTest.this.createNiceMock(HookService.class));
                bind(OsFamily.class).toInstance(AmbariPamAuthenticationProviderTest.this.createNiceMock(OsFamily.class));
                bind(PamAuthenticationFactory.class).toInstance(AmbariPamAuthenticationProviderTest.this.createMock(PamAuthenticationFactory.class));
                bind(PasswordEncoder.class).toInstance(new StandardPasswordEncoder());
                bind(Users.class).toInstance(users);
                bind(Configuration.class).toInstance(configuration);
                bind(AmbariLdapConfigurationProvider.class).toInstance(AmbariPamAuthenticationProviderTest.this.createMock(AmbariLdapConfigurationProvider.class));
            }
        }});
    }

    @Test(expected = AuthenticationException.class)
    public void testBadCredential() throws Exception {
        PAM pam = (PAM) createMock(PAM.class);
        EasyMock.expect(pam.authenticate((String) EasyMock.eq(TEST_USER_NAME), (String) EasyMock.eq(TEST_USER_INCORRECT_PASS))).andThrow(new PAMException()).once();
        pam.dispose();
        EasyMock.expectLastCall().once();
        EasyMock.expect(((PamAuthenticationFactory) this.injector.getInstance(PamAuthenticationFactory.class)).createInstance((Configuration) this.injector.getInstance(Configuration.class))).andReturn(pam).once();
        EasyMock.expect(((Users) this.injector.getInstance(Users.class)).getUserEntity(TEST_USER_NAME)).andReturn((Object) null).once();
        replayAll();
        ((AmbariPamAuthenticationProvider) this.injector.getInstance(AmbariPamAuthenticationProvider.class)).authenticate(new UsernamePasswordAuthenticationToken(TEST_USER_NAME, TEST_USER_INCORRECT_PASS));
        verifyAll();
    }

    @Test
    public void testAuthenticateExistingUser() throws Exception {
        UnixUser unixUser = (UnixUser) createNiceMock(UnixUser.class);
        PAM pam = (PAM) createMock(PAM.class);
        EasyMock.expect(pam.authenticate((String) EasyMock.eq(TEST_USER_NAME), (String) EasyMock.eq(TEST_USER_PASS))).andReturn(unixUser).once();
        pam.dispose();
        EasyMock.expectLastCall().once();
        EasyMock.expect(((PamAuthenticationFactory) this.injector.getInstance(PamAuthenticationFactory.class)).createInstance((Configuration) this.injector.getInstance(Configuration.class))).andReturn(pam).once();
        UserEntity combineUserEntity = combineUserEntity(true, true, 0);
        Users users = (Users) this.injector.getInstance(Users.class);
        EasyMock.expect(users.getUserEntity(TEST_USER_NAME)).andReturn(combineUserEntity).once();
        EasyMock.expect(users.getUser(combineUserEntity)).andReturn(new User(combineUserEntity)).once();
        EasyMock.expect(users.getUserAuthorities(combineUserEntity)).andReturn((Object) null).once();
        replayAll();
        Authentication authenticate = ((AmbariPamAuthenticationProvider) this.injector.getInstance(AmbariPamAuthenticationProvider.class)).authenticate(new UsernamePasswordAuthenticationToken(TEST_USER_NAME, TEST_USER_PASS));
        Assert.assertNotNull(authenticate);
        Assert.assertEquals(true, authenticate.isAuthenticated());
        Assert.assertTrue(authenticate instanceof AmbariUserAuthentication);
        verifyAll();
    }

    @Test(expected = AccountDisabledException.class)
    public void testAuthenticateDisabledUser() throws Exception {
        UnixUser unixUser = (UnixUser) createNiceMock(UnixUser.class);
        PAM pam = (PAM) createMock(PAM.class);
        EasyMock.expect(pam.authenticate((String) EasyMock.eq(TEST_USER_NAME), (String) EasyMock.eq(TEST_USER_PASS))).andReturn(unixUser).once();
        pam.dispose();
        EasyMock.expectLastCall().once();
        EasyMock.expect(((PamAuthenticationFactory) this.injector.getInstance(PamAuthenticationFactory.class)).createInstance((Configuration) this.injector.getInstance(Configuration.class))).andReturn(pam).once();
        EasyMock.expect(((Users) this.injector.getInstance(Users.class)).getUserEntity(TEST_USER_NAME)).andReturn(combineUserEntity(true, false, 0)).once();
        replayAll();
        ((AmbariPamAuthenticationProvider) this.injector.getInstance(AmbariPamAuthenticationProvider.class)).authenticate(new UsernamePasswordAuthenticationToken(TEST_USER_NAME, TEST_USER_PASS));
        verifyAll();
    }

    @Test(expected = TooManyLoginFailuresException.class)
    public void testAuthenticateLockedUser() throws Exception {
        UnixUser unixUser = (UnixUser) createNiceMock(UnixUser.class);
        PAM pam = (PAM) createMock(PAM.class);
        EasyMock.expect(pam.authenticate((String) EasyMock.eq(TEST_USER_NAME), (String) EasyMock.eq(TEST_USER_PASS))).andReturn(unixUser).once();
        pam.dispose();
        EasyMock.expectLastCall().once();
        EasyMock.expect(((PamAuthenticationFactory) this.injector.getInstance(PamAuthenticationFactory.class)).createInstance((Configuration) this.injector.getInstance(Configuration.class))).andReturn(pam).once();
        EasyMock.expect(((Users) this.injector.getInstance(Users.class)).getUserEntity(TEST_USER_NAME)).andReturn(combineUserEntity(true, true, 11)).once();
        replayAll();
        ((AmbariPamAuthenticationProvider) this.injector.getInstance(AmbariPamAuthenticationProvider.class)).authenticate(new UsernamePasswordAuthenticationToken(TEST_USER_NAME, TEST_USER_PASS));
        verifyAll();
    }

    @Test
    public void testAuthenticateNewUser() throws Exception {
        UnixUser unixUser = (UnixUser) createNiceMock(UnixUser.class);
        EasyMock.expect(unixUser.getUserName()).andReturn(TEST_USER_NAME.toLowerCase()).atLeastOnce();
        PAM pam = (PAM) createMock(PAM.class);
        EasyMock.expect(pam.authenticate((String) EasyMock.eq(TEST_USER_NAME), (String) EasyMock.eq(TEST_USER_PASS))).andReturn(unixUser).once();
        pam.dispose();
        EasyMock.expectLastCall().once();
        EasyMock.expect(((PamAuthenticationFactory) this.injector.getInstance(PamAuthenticationFactory.class)).createInstance((Configuration) this.injector.getInstance(Configuration.class))).andReturn(pam).once();
        UserEntity combineUserEntity = combineUserEntity(false, true, 0);
        Users users = (Users) this.injector.getInstance(Users.class);
        EasyMock.expect(users.getUserEntity(TEST_USER_NAME)).andReturn((Object) null).once();
        EasyMock.expect(users.createUser(TEST_USER_NAME, TEST_USER_NAME.toLowerCase(), TEST_USER_NAME, true)).andReturn(combineUserEntity).once();
        users.addPamAuthentication(combineUserEntity, TEST_USER_NAME.toLowerCase());
        EasyMock.expectLastCall().once();
        EasyMock.expect(users.getUser(combineUserEntity)).andReturn(new User(combineUserEntity)).once();
        EasyMock.expect(users.getUserAuthorities(combineUserEntity)).andReturn((Object) null).once();
        replayAll();
        Authentication authenticate = ((AmbariPamAuthenticationProvider) this.injector.getInstance(AmbariPamAuthenticationProvider.class)).authenticate(new UsernamePasswordAuthenticationToken(TEST_USER_NAME, TEST_USER_PASS));
        Assert.assertNotNull(authenticate);
        Assert.assertEquals(true, authenticate.isAuthenticated());
        Assert.assertTrue(authenticate instanceof AmbariUserAuthentication);
        verifyAll();
    }

    @Test
    public void testDisabled() throws Exception {
        ((Configuration) this.injector.getInstance(Configuration.class)).setClientSecurityType(ClientSecurityType.LOCAL);
        Assert.assertTrue(((AmbariPamAuthenticationProvider) this.injector.getInstance(AmbariPamAuthenticationProvider.class)).authenticate(new UsernamePasswordAuthenticationToken(TEST_USER_NAME, TEST_USER_PASS)) == null);
    }

    private UserEntity combineUserEntity(boolean z, Boolean bool, Integer num) {
        PrincipalEntity principalEntity = new PrincipalEntity();
        UserEntity userEntity = new UserEntity();
        userEntity.setUserId(1);
        userEntity.setUserName(UserName.fromString(TEST_USER_NAME).toString());
        userEntity.setLocalUsername(TEST_USER_NAME);
        userEntity.setPrincipal(principalEntity);
        userEntity.setActive(bool);
        userEntity.setConsecutiveFailures(num);
        if (z) {
            UserAuthenticationEntity userAuthenticationEntity = new UserAuthenticationEntity();
            userAuthenticationEntity.setAuthenticationType(UserAuthenticationType.PAM);
            userAuthenticationEntity.setAuthenticationKey(TEST_USER_NAME);
            userEntity.setAuthenticationEntities(Collections.singletonList(userAuthenticationEntity));
        }
        return userEntity;
    }
}
