package org.apache.ambari.server.security.authorization;

import com.google.inject.AbstractModule;
import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.Module;
import javax.naming.NamingEnumeration;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.SearchControls;
import javax.naming.ldap.LdapName;
import org.apache.ambari.server.configuration.AmbariServerConfigurationKey;
import org.apache.ambari.server.ldap.domain.AmbariLdapConfiguration;
import org.apache.commons.lang.StringUtils;
import org.easymock.EasyMock;
import org.easymock.EasyMockSupport;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.springframework.ldap.AuthenticationException;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.support.LdapUtils;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticatorTest.class */
public class AmbariLdapBindAuthenticatorTest extends EasyMockSupport {
    private Injector injector;
    private AmbariLdapConfiguration ldapConfiguration;

    @Before
    public void init() throws Exception {
        this.injector = createInjector();
        this.ldapConfiguration = (AmbariLdapConfiguration) this.injector.getInstance(AmbariLdapConfiguration.class);
    }

    @Test
    public void testAuthenticateWithoutLogin() throws Exception {
        testAuthenticate("username", "username", false);
    }

    @Test
    public void testAuthenticateWithNullLDAPUsername() throws Exception {
        testAuthenticate("username", null, false);
    }

    @Test
    public void testAuthenticateWithLoginAliasDefault() throws Exception {
        testAuthenticate("username", "ldapUsername", false);
    }

    @Test
    public void testAuthenticateWithLoginAliasForceToLower() throws Exception {
        testAuthenticate("username", "ldapUsername", true);
    }

    @Test
    public void testAuthenticateBadPassword() throws Exception {
        String format = String.format("uid=%s,ou=people,ou=dev", "ldapUsername");
        LdapName ldapName = new LdapName(format);
        String format2 = String.format("%s,%s", format, "dc=apache,dc=org");
        LdapName newLdapName = LdapUtils.newLdapName("dc=apache,dc=org");
        LdapContextSource ldapContextSource = (LdapContextSource) createMock(LdapContextSource.class);
        EasyMock.expect(ldapContextSource.getBaseLdapName()).andReturn(newLdapName).atLeastOnce();
        EasyMock.expect(ldapContextSource.getContext(format2, "password")).andThrow(new AuthenticationException((javax.naming.AuthenticationException) null)).once();
        DirContextOperations dirContextOperations = (DirContextOperations) createMock(DirContextOperations.class);
        EasyMock.expect(dirContextOperations.getDn()).andReturn(ldapName).atLeastOnce();
        FilterBasedLdapUserSearch filterBasedLdapUserSearch = (FilterBasedLdapUserSearch) createMock(FilterBasedLdapUserSearch.class);
        EasyMock.expect(filterBasedLdapUserSearch.searchForUser(EasyMock.anyString())).andReturn(dirContextOperations).once();
        setupDatabaseConfigurationExpectations(false, false);
        replayAll();
        AmbariLdapBindAuthenticator ambariLdapBindAuthenticator = new AmbariLdapBindAuthenticator(ldapContextSource, this.ldapConfiguration);
        ambariLdapBindAuthenticator.setUserSearch(filterBasedLdapUserSearch);
        try {
            ambariLdapBindAuthenticator.authenticate(new UsernamePasswordAuthenticationToken("username", "password"));
            Assert.fail("Expected thrown exception: org.springframework.security.authentication.BadCredentialsException");
        } catch (BadCredentialsException e) {
        } catch (Throwable th) {
            Assert.fail("Expected thrown exception: org.springframework.security.authentication.BadCredentialsException\nEncountered thrown exception " + th.getClass().getName());
        }
        verifyAll();
    }

    private void testAuthenticate(String str, String str2, boolean z) throws Exception {
        String format = String.format("uid=%s,ou=people,ou=dev", str2);
        LdapName ldapName = new LdapName(format);
        String format2 = String.format("%s,%s", format, "dc=apache,dc=org");
        LdapName newLdapName = LdapUtils.newLdapName("dc=apache,dc=org");
        NamingEnumeration namingEnumeration = (NamingEnumeration) createMock(NamingEnumeration.class);
        EasyMock.expect(Boolean.valueOf(namingEnumeration.hasMore())).andReturn(false).atLeastOnce();
        namingEnumeration.close();
        EasyMock.expectLastCall().atLeastOnce();
        DirContextOperations dirContextOperations = (DirContextOperations) createMock(DirContextOperations.class);
        System.out.println(format2);
        EasyMock.expect(dirContextOperations.search((String) EasyMock.eq("ou=groups"), (String) EasyMock.eq("(&(member=" + format2 + ")(objectclass=group)(|(cn=Ambari Administrators)))"), (SearchControls) EasyMock.anyObject(SearchControls.class))).andReturn(namingEnumeration).atLeastOnce();
        dirContextOperations.close();
        EasyMock.expectLastCall().atLeastOnce();
        LdapContextSource ldapContextSource = (LdapContextSource) createMock(LdapContextSource.class);
        EasyMock.expect(ldapContextSource.getBaseLdapName()).andReturn(newLdapName).atLeastOnce();
        EasyMock.expect(ldapContextSource.getContext(format2, "password")).andReturn(dirContextOperations).once();
        EasyMock.expect(ldapContextSource.getReadOnlyContext()).andReturn(dirContextOperations).once();
        BasicAttributes basicAttributes = new BasicAttributes("uid", str2);
        DirContextOperations dirContextOperations2 = (DirContextOperations) createMock(DirContextOperations.class);
        EasyMock.expect(dirContextOperations2.getDn()).andReturn(ldapName).atLeastOnce();
        EasyMock.expect(dirContextOperations2.getAttributes()).andReturn(basicAttributes).atLeastOnce();
        FilterBasedLdapUserSearch filterBasedLdapUserSearch = (FilterBasedLdapUserSearch) createMock(FilterBasedLdapUserSearch.class);
        EasyMock.expect(filterBasedLdapUserSearch.searchForUser(str)).andReturn(dirContextOperations2).once();
        ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) createMock(ServletRequestAttributes.class);
        if (!StringUtils.isEmpty(str2) && !str.equals(str2)) {
            servletRequestAttributes.setAttribute((String) EasyMock.eq(str), EasyMock.eq(z ? str2.toLowerCase() : str2), EasyMock.eq(1));
            EasyMock.expectLastCall().once();
            servletRequestAttributes.setAttribute((String) EasyMock.eq(z ? str2.toLowerCase() : str2), EasyMock.eq(str), EasyMock.eq(1));
            EasyMock.expectLastCall().once();
        }
        setupDatabaseConfigurationExpectations(true, z);
        replayAll();
        RequestContextHolder.setRequestAttributes(servletRequestAttributes);
        AmbariLdapBindAuthenticator ambariLdapBindAuthenticator = new AmbariLdapBindAuthenticator(ldapContextSource, this.ldapConfiguration);
        ambariLdapBindAuthenticator.setUserSearch(filterBasedLdapUserSearch);
        DirContextOperations authenticate = ambariLdapBindAuthenticator.authenticate(new UsernamePasswordAuthenticationToken(str, "password"));
        verifyAll();
        Assert.assertEquals(str2, authenticate.getStringAttribute(this.ldapConfiguration.getLdapServerProperties().getUsernameAttribute()));
    }

    private Injector createInjector() throws Exception {
        return Guice.createInjector(new Module[]{new AbstractModule() { // from class: org.apache.ambari.server.security.authorization.AmbariLdapBindAuthenticatorTest.1
            protected void configure() {
                bind(AmbariLdapConfiguration.class).toInstance(AmbariLdapBindAuthenticatorTest.this.createNiceMock(AmbariLdapConfiguration.class));
            }
        }});
    }

    private void setupDatabaseConfigurationExpectations(boolean z, boolean z2) {
        LdapServerProperties defaultLdapServerProperties = getDefaultLdapServerProperties(z2);
        defaultLdapServerProperties.setGroupObjectClass("group");
        if (z) {
            EasyMock.expect(this.ldapConfiguration.getLdapServerProperties()).andReturn(defaultLdapServerProperties).anyTimes();
        }
    }

    private static LdapServerProperties getDefaultLdapServerProperties(boolean z) {
        LdapServerProperties ldapServerProperties = new LdapServerProperties();
        ldapServerProperties.setPrimaryUrl(AmbariServerConfigurationKey.SERVER_HOST.getDefaultValue() + ":" + AmbariServerConfigurationKey.SERVER_PORT.getDefaultValue());
        ldapServerProperties.setSecondaryUrl(AmbariServerConfigurationKey.SECONDARY_SERVER_HOST.getDefaultValue() + ":" + AmbariServerConfigurationKey.SECONDARY_SERVER_PORT.getDefaultValue());
        ldapServerProperties.setUseSsl(Boolean.parseBoolean(AmbariServerConfigurationKey.USE_SSL.getDefaultValue()));
        ldapServerProperties.setAnonymousBind(Boolean.parseBoolean(AmbariServerConfigurationKey.ANONYMOUS_BIND.getDefaultValue()));
        ldapServerProperties.setManagerDn(AmbariServerConfigurationKey.BIND_DN.getDefaultValue());
        ldapServerProperties.setManagerPassword(AmbariServerConfigurationKey.BIND_PASSWORD.getDefaultValue());
        ldapServerProperties.setBaseDN(AmbariServerConfigurationKey.USER_SEARCH_BASE.getDefaultValue());
        ldapServerProperties.setUsernameAttribute(AmbariServerConfigurationKey.USER_NAME_ATTRIBUTE.getDefaultValue());
        ldapServerProperties.setForceUsernameToLowercase(z);
        ldapServerProperties.setUserBase(AmbariServerConfigurationKey.USER_BASE.getDefaultValue());
        ldapServerProperties.setUserObjectClass(AmbariServerConfigurationKey.USER_OBJECT_CLASS.getDefaultValue());
        ldapServerProperties.setDnAttribute(AmbariServerConfigurationKey.DN_ATTRIBUTE.getDefaultValue());
        ldapServerProperties.setGroupBase(AmbariServerConfigurationKey.GROUP_BASE.getDefaultValue());
        ldapServerProperties.setGroupObjectClass(AmbariServerConfigurationKey.GROUP_OBJECT_CLASS.getDefaultValue());
        ldapServerProperties.setGroupMembershipAttr(AmbariServerConfigurationKey.GROUP_MEMBER_ATTRIBUTE.getDefaultValue());
        ldapServerProperties.setGroupNamingAttr(AmbariServerConfigurationKey.GROUP_NAME_ATTRIBUTE.getDefaultValue());
        ldapServerProperties.setAdminGroupMappingRules(AmbariServerConfigurationKey.GROUP_MAPPING_RULES.getDefaultValue());
        ldapServerProperties.setAdminGroupMappingMemberAttr("");
        ldapServerProperties.setUserSearchFilter(AmbariServerConfigurationKey.USER_SEARCH_FILTER.getDefaultValue());
        ldapServerProperties.setAlternateUserSearchFilter(AmbariServerConfigurationKey.ALTERNATE_USER_SEARCH_FILTER.getDefaultValue());
        ldapServerProperties.setGroupSearchFilter(AmbariServerConfigurationKey.GROUP_SEARCH_FILTER.getDefaultValue());
        ldapServerProperties.setReferralMethod(AmbariServerConfigurationKey.REFERRAL_HANDLING.getDefaultValue());
        ldapServerProperties.setSyncUserMemberReplacePattern(AmbariServerConfigurationKey.USER_MEMBER_REPLACE_PATTERN.getDefaultValue());
        ldapServerProperties.setSyncGroupMemberReplacePattern(AmbariServerConfigurationKey.GROUP_MEMBER_REPLACE_PATTERN.getDefaultValue());
        ldapServerProperties.setSyncUserMemberFilter(AmbariServerConfigurationKey.USER_MEMBER_FILTER.getDefaultValue());
        ldapServerProperties.setSyncGroupMemberFilter(AmbariServerConfigurationKey.GROUP_MEMBER_FILTER.getDefaultValue());
        ldapServerProperties.setPaginationEnabled(Boolean.parseBoolean(AmbariServerConfigurationKey.PAGINATION_ENABLED.getDefaultValue()));
        return ldapServerProperties;
    }
}
