package pl.edu.icm.unity.engine;

import com.google.common.collect.Lists;
import eu.emi.security.authn.x509.impl.KeystoreCertChainValidator;
import eu.emi.security.authn.x509.impl.KeystoreCredential;
import java.io.IOException;
import java.security.KeyStoreException;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import org.junit.After;
import org.junit.Before;
import org.springframework.beans.factory.annotation.Autowired;
import pl.edu.icm.unity.engine.api.authn.AuthenticationFlow;
import pl.edu.icm.unity.engine.api.authn.EntityWithCredential;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;
import pl.edu.icm.unity.engine.api.authn.LoginSession;
import pl.edu.icm.unity.engine.api.identity.IdentityResolver;
import pl.edu.icm.unity.engine.api.session.SessionManagement;
import pl.edu.icm.unity.engine.authz.InternalAuthorizationManager;
import pl.edu.icm.unity.engine.mock.MockPasswordVerificatorFactory;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.stdext.attr.EnumAttribute;
import pl.edu.icm.unity.stdext.credential.pass.PasswordToken;
import pl.edu.icm.unity.types.authn.AuthenticationOptionKey;
import pl.edu.icm.unity.types.authn.AuthenticationRealm;
import pl.edu.icm.unity.types.authn.CredentialDefinition;
import pl.edu.icm.unity.types.authn.CredentialRequirements;
import pl.edu.icm.unity.types.authn.RememberMePolicy;
import pl.edu.icm.unity.types.basic.EntityParam;
import pl.edu.icm.unity.types.basic.EntityState;
import pl.edu.icm.unity.types.basic.Identity;
import pl.edu.icm.unity.types.basic.IdentityParam;
import pl.edu.icm.unity.types.basic.IdentityTaV;

/* loaded from: input_file:pl/edu/icm/unity/engine/DBIntegrationTestBase.class */
public abstract class DBIntegrationTestBase extends SecuredDBIntegrationTestBase {
    public static final String DEMO_KS_PASS = "the!unity";
    public static final String DEMO_KS_ALIAS = "unity-test-server";
    public static final String DEMO_SERVER_DN = "CN=Unity Test Server,O=Unity,L=Warsaw,C=EU";
    public static final String CRED_REQ_PASS = "cr-pass";
    public static final String DEF_USER = "mockuser1";
    public static final String DEF_PASSWORD = "mock~!)(@*#&$^%:?,'.\\|";

    @Autowired
    protected InternalAuthorizationManager authzMan;

    @Autowired
    protected SessionManagement sessionMan;

    @Before
    public void setupAdmin() throws Exception {
        setupUserContext("admin", null);
        this.authzMan.clearCache();
    }

    @After
    public void clearAuthnCtx() throws EngineException {
        InvocationContext.setCurrent((InvocationContext) null);
        this.authzMan.clearCache();
    }

    public static KeystoreCredential getDemoCredential() throws KeyStoreException, IOException {
        return new KeystoreCredential("src/test/resources/pki/demoKeystore.p12", DEMO_KS_PASS.toCharArray(), DEMO_KS_PASS.toCharArray(), DEMO_KS_ALIAS, "PKCS12");
    }

    public static KeystoreCertChainValidator getDemoValidator() throws KeyStoreException, IOException {
        return new KeystoreCertChainValidator("src/test/resources/pki/demoTruststore.jks", DEMO_KS_PASS.toCharArray(), "JKS", -1L);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public long setupUserContext(String str, String str2) throws Exception {
        long j = setupUserContext(this.sessionMan, this.identityResolver, str, str2, Collections.emptyList());
        this.authzMan.clearCache();
        return j;
    }

    public static long setupUserContext(SessionManagement sessionManagement, IdentityResolver identityResolver, String str, String str2, List<AuthenticationFlow> list) throws Exception {
        EntityWithCredential resolveIdentity = identityResolver.resolveIdentity(str, new String[]{"userName"}, MockPasswordVerificatorFactory.ID);
        InvocationContext invocationContext = new InvocationContext((IdentityTaV) null, getDefaultRealm(), list);
        LoginSession createSession = sessionManagement.getCreateSession(resolveIdentity.getEntityId(), getDefaultRealm(), str, str2, (LoginSession.RememberMeInfo) null, AuthenticationOptionKey.authenticatorOnlyKey("authn1"), (AuthenticationOptionKey) null);
        invocationContext.setLoginSession(createSession);
        invocationContext.setLocale(Locale.ENGLISH);
        createSession.setOutdatedCredentialId(str2);
        InvocationContext.setCurrent(invocationContext);
        return resolveIdentity.getEntityId();
    }

    private static AuthenticationRealm getDefaultRealm() {
        return new AuthenticationRealm("DEFAULT_AUTHN_REALM", "For tests", 5, 10, RememberMePolicy.disallow, 1, 1800);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Identity createUsernameUser(String str) throws Exception {
        return createUsernameUser(str, null, DEF_PASSWORD, SecuredDBIntegrationTestBase.CR_MOCK);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Identity createUsernameUserWithRole(String str) throws Exception {
        return createUsernameUser(DEF_USER, str, DEF_PASSWORD, CRED_REQ_PASS);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Identity createUsernameUser(String str, String str2, String str3, String str4) throws Exception {
        Identity addEntity = this.idsMan.addEntity(new IdentityParam("userName", str), str4, EntityState.valid);
        this.eCredMan.setEntityCredential(new EntityParam(addEntity), SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken(str3).toJson());
        if (str2 != null) {
            this.attrsMan.createAttribute(new EntityParam(addEntity), EnumAttribute.of("sys:AuthorizationRole", "/", Lists.newArrayList(new String[]{str2})));
        }
        return addEntity;
    }

    protected void createCertUser() throws EngineException {
        this.eCredMan.setEntityCredential(new EntityParam(createCertUserNoPassword(null)), SecuredDBIntegrationTestBase.CRED_MOCK, new PasswordToken("mockPassword2").toJson());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Identity createCertUserNoPassword(String str) throws EngineException {
        Identity addEntity = this.idsMan.addEntity(new IdentityParam("userName", "user2"), "cr-certpass", EntityState.valid);
        this.idsMan.addIdentity(new IdentityParam("x500Name", DEMO_SERVER_DN), new EntityParam(addEntity));
        if (str != null) {
            this.attrsMan.createAttribute(new EntityParam(addEntity), EnumAttribute.of("sys:AuthorizationRole", "/", Lists.newArrayList(new String[]{str})));
        }
        return addEntity;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setupPasswordAuthn() throws EngineException {
        setupPasswordAuthn(4, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setupPasswordAuthn(int i, boolean z) throws EngineException {
        CredentialDefinition credentialDefinition = new CredentialDefinition("password", SecuredDBIntegrationTestBase.CRED_MOCK);
        credentialDefinition.setConfiguration("{\"minLength\": " + i + ", \"historySize\": 5,\"minClassesNum\": 1,\"denySequences\": " + z + ",\"maxAge\": 30758400}");
        this.credMan.addCredentialDefinition(credentialDefinition);
        this.credReqMan.addCredentialRequirement(new CredentialRequirements(CRED_REQ_PASS, "", Collections.singleton(credentialDefinition.getName())));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setupPasswordAndCertAuthn() throws EngineException {
        CredentialDefinition credentialDefinition = new CredentialDefinition("certificate", "credential2");
        credentialDefinition.setConfiguration("");
        this.credMan.addCredentialDefinition(credentialDefinition);
        this.credReqMan.addCredentialRequirement(new CredentialRequirements("cr-cert", "", Collections.singleton(credentialDefinition.getName())));
        HashSet hashSet = new HashSet();
        Collections.addAll(hashSet, SecuredDBIntegrationTestBase.CRED_MOCK, credentialDefinition.getName());
        this.credReqMan.addCredentialRequirement(new CredentialRequirements("cr-certpass", "", hashSet));
    }
}
