package io.prestosql.plugin.password.ldap;

import com.google.common.collect.HashMultimap;
import com.google.common.collect.ImmutableSet;
import io.prestosql.plugin.password.Credential;
import io.prestosql.spi.security.AccessDeniedException;
import io.prestosql.spi.security.BasicPrincipal;
import java.util.HashSet;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import javax.naming.NamingException;
import org.assertj.core.api.Assertions;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:io/prestosql/plugin/password/ldap/TestLdapAuthenticator.class */
public class TestLdapAuthenticator {
    private static final String BASE_DN = "base-dn";
    private static final String PATTERN_PREFIX = "pattern::";

    /* loaded from: input_file:io/prestosql/plugin/password/ldap/TestLdapAuthenticator$TestLdapAuthenticatorClient.class */
    private static class TestLdapAuthenticatorClient implements LdapAuthenticatorClient {
        private final Set<Credential> credentials = new HashSet();
        private final Set<String> groupMembers = new HashSet();
        private final HashMultimap<String, String> userDNs = HashMultimap.create();

        private TestLdapAuthenticatorClient() {
        }

        public void addCredentials(String str, String str2) {
            this.credentials.add(new Credential(str, str2));
        }

        public void addGroupMember(String str) {
            this.groupMembers.add(str);
        }

        public void addDistinguishedNameForUser(String str, String str2) {
            this.userDNs.put(str, str2);
        }

        public void validatePassword(String str, String str2) throws NamingException {
            if (!this.credentials.contains(new Credential(str, str2))) {
                throw new NamingException();
            }
        }

        public boolean isGroupMember(String str, String str2, String str3, String str4) throws NamingException {
            validatePassword(str3, str4);
            Optional<String> searchUser = getSearchUser(str, str2);
            Set<String> set = this.groupMembers;
            Objects.requireNonNull(set);
            return ((Boolean) searchUser.map((v1) -> {
                return r1.contains(v1);
            }).orElse(false)).booleanValue();
        }

        public Set<String> lookupUserDistinguishedNames(String str, String str2, String str3, String str4) throws NamingException {
            validatePassword(str3, str4);
            Optional<String> searchUser = getSearchUser(str, str2);
            HashMultimap<String, String> hashMultimap = this.userDNs;
            Objects.requireNonNull(hashMultimap);
            return (Set) searchUser.map(obj -> {
                return hashMultimap.get(obj);
            }).orElse(ImmutableSet.of());
        }

        private static Optional<String> getSearchUser(String str, String str2) {
            if (str.equals(TestLdapAuthenticator.BASE_DN) && str2.startsWith(TestLdapAuthenticator.PATTERN_PREFIX)) {
                return Optional.of(str2.substring(TestLdapAuthenticator.PATTERN_PREFIX.length()));
            }
            return Optional.empty();
        }
    }

    @Test
    public void testSingleBindPattern() {
        TestLdapAuthenticatorClient testLdapAuthenticatorClient = new TestLdapAuthenticatorClient();
        testLdapAuthenticatorClient.addCredentials("alice@example.com", "alice-pass");
        LdapAuthenticator ldapAuthenticator = new LdapAuthenticator(testLdapAuthenticatorClient, new LdapConfig().setUserBindSearchPatterns("${USER}@example.com"));
        Assertions.assertThatThrownBy(() -> {
            ldapAuthenticator.createAuthenticatedPrincipal("alice", "invalid");
        }).isInstanceOf(RuntimeException.class);
        Assertions.assertThatThrownBy(() -> {
            ldapAuthenticator.createAuthenticatedPrincipal("unknown", "alice-pass");
        }).isInstanceOf(RuntimeException.class);
        Assert.assertEquals(ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass"), new BasicPrincipal("alice"));
    }

    @Test
    public void testMultipleBindPattern() {
        TestLdapAuthenticatorClient testLdapAuthenticatorClient = new TestLdapAuthenticatorClient();
        LdapAuthenticator ldapAuthenticator = new LdapAuthenticator(testLdapAuthenticatorClient, new LdapConfig().setUserBindSearchPatterns("${USER}@example.com:${USER}@alt.example.com"));
        testLdapAuthenticatorClient.addCredentials("alice@example.com", "alice-pass");
        Assert.assertEquals(ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass"), new BasicPrincipal("alice"));
        ldapAuthenticator.invalidateCache();
        testLdapAuthenticatorClient.addCredentials("bob@alt.example.com", "bob-pass");
        Assert.assertEquals(ldapAuthenticator.createAuthenticatedPrincipal("bob", "bob-pass"), new BasicPrincipal("bob"));
        ldapAuthenticator.invalidateCache();
        testLdapAuthenticatorClient.addCredentials("alice@alt.example.com", "alt-alice-pass");
        Assert.assertEquals(ldapAuthenticator.createAuthenticatedPrincipal("alice", "alt-alice-pass"), new BasicPrincipal("alice"));
        ldapAuthenticator.invalidateCache();
        Assert.assertEquals(ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass"), new BasicPrincipal("alice"));
        ldapAuthenticator.invalidateCache();
    }

    @Test
    public void testGroupMembership() {
        TestLdapAuthenticatorClient testLdapAuthenticatorClient = new TestLdapAuthenticatorClient();
        testLdapAuthenticatorClient.addCredentials("alice@example.com", "alice-pass");
        LdapAuthenticator ldapAuthenticator = new LdapAuthenticator(testLdapAuthenticatorClient, new LdapConfig().setUserBindSearchPatterns("${USER}@example.com").setUserBaseDistinguishedName(BASE_DN).setGroupAuthorizationSearchPattern("pattern::${USER}"));
        Assertions.assertThatThrownBy(() -> {
            ldapAuthenticator.createAuthenticatedPrincipal("alice", "invalid");
        }).isInstanceOf(RuntimeException.class);
        Assertions.assertThatThrownBy(() -> {
            ldapAuthenticator.createAuthenticatedPrincipal("unknown", "alice-pass");
        }).isInstanceOf(RuntimeException.class);
        Assertions.assertThatThrownBy(() -> {
            ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass");
        }).isInstanceOf(AccessDeniedException.class);
        testLdapAuthenticatorClient.addGroupMember("alice");
        Assert.assertEquals(ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass"), new BasicPrincipal("alice"));
    }

    @Test
    public void testDistinguishedNameLookup() {
        TestLdapAuthenticatorClient testLdapAuthenticatorClient = new TestLdapAuthenticatorClient();
        testLdapAuthenticatorClient.addCredentials("alice@example.com", "alice-pass");
        LdapAuthenticator ldapAuthenticator = new LdapAuthenticator(testLdapAuthenticatorClient, new LdapConfig().setUserBaseDistinguishedName(BASE_DN).setGroupAuthorizationSearchPattern("pattern::${USER}").setBindDistingushedName("server").setBindPassword("server-pass"));
        testLdapAuthenticatorClient.addCredentials("alice", "alice-pass");
        testLdapAuthenticatorClient.addCredentials("alice@example.com", "alice-pass");
        Assertions.assertThatThrownBy(() -> {
            ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass");
        }).isInstanceOf(RuntimeException.class);
        testLdapAuthenticatorClient.addCredentials("server", "server-pass");
        Assertions.assertThatThrownBy(() -> {
            ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass");
        }).isInstanceOf(RuntimeException.class);
        testLdapAuthenticatorClient.addDistinguishedNameForUser("alice", "bob@example.com");
        Assertions.assertThatThrownBy(() -> {
            ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass");
        }).isInstanceOf(RuntimeException.class);
        testLdapAuthenticatorClient.addCredentials("bob@example.com", "alice-pass");
        Assert.assertEquals(ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass"), new BasicPrincipal("alice"));
        ldapAuthenticator.invalidateCache();
        testLdapAuthenticatorClient.addDistinguishedNameForUser("alice", "another-mapping");
        Assertions.assertThatThrownBy(() -> {
            ldapAuthenticator.createAuthenticatedPrincipal("alice", "alice-pass");
        }).isInstanceOf(AccessDeniedException.class);
    }

    @Test
    public void testContainsSpecialCharacters() {
        Assertions.assertThat(LdapAuthenticator.containsSpecialCharacters("The quick brown fox jumped over the lazy dogs")).as("English pangram", new Object[0]).isEqualTo(false);
        Assertions.assertThat(LdapAuthenticator.containsSpecialCharacters("Pchnąć w tę łódź jeża lub ośm skrzyń fig")).as("Perfect polish pangram", new Object[0]).isEqualTo(false);
        Assertions.assertThat(LdapAuthenticator.containsSpecialCharacters("いろはにほへと ちりぬるを わかよたれそ つねならむ うゐのおくやま けふこえて あさきゆめみし ゑひもせす（ん）")).as("Japanese hiragana pangram - Iroha", new Object[0]).isEqualTo(false);
        Assertions.assertThat(LdapAuthenticator.containsSpecialCharacters("*")).as("LDAP wildcard", new Object[0]).isEqualTo(true);
        Assertions.assertThat(LdapAuthenticator.containsSpecialCharacters("   John Doe")).as("Beginning with whitespace", new Object[0]).isEqualTo(true);
        Assertions.assertThat(LdapAuthenticator.containsSpecialCharacters("John Doe  \r")).as("Ending with whitespace", new Object[0]).isEqualTo(true);
        Assertions.assertThat(LdapAuthenticator.containsSpecialCharacters("Hi (This) = is * a \\ test # ç à ô")).as("Multiple special characters", new Object[0]).isEqualTo(true);
        Assertions.assertThat(LdapAuthenticator.containsSpecialCharacters("John��Doe")).as("NULL character", new Object[0]).isEqualTo(true);
        Assertions.assertThat(LdapAuthenticator.containsSpecialCharacters("John Doe <john.doe@company.com>")).as("Angle brackets", new Object[0]).isEqualTo(true);
    }
}
