package org.identityconnectors.contract.test;

import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.contract.exceptions.ObjectNotFoundException;
import org.identityconnectors.framework.api.operations.APIOperation;
import org.identityconnectors.framework.api.operations.AuthenticationApiOp;
import org.identityconnectors.framework.api.operations.CreateApiOp;
import org.identityconnectors.framework.api.operations.DeleteApiOp;
import org.identityconnectors.framework.api.operations.GetApiOp;
import org.identityconnectors.framework.api.operations.UpdateApiOp;
import org.identityconnectors.framework.common.exceptions.InvalidCredentialException;
import org.identityconnectors.framework.common.exceptions.PasswordExpiredException;
import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.AttributeBuilder;
import org.identityconnectors.framework.common.objects.AttributeInfo;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.OperationOptions;
import org.identityconnectors.framework.common.objects.OperationOptionsBuilder;
import org.identityconnectors.framework.common.objects.OperationalAttributes;
import org.identityconnectors.framework.common.objects.PredefinedAttributes;
import org.identityconnectors.framework.common.objects.Uid;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;

/* loaded from: input_file:org/identityconnectors/contract/test/AuthenticationApiOpTests.class */
public class AuthenticationApiOpTests extends ObjectClassRunner {
    private static final Log LOG = Log.getLog(AuthenticationApiOpTests.class);
    protected static final String TEST_NAME = "Authentication";
    protected static final String USERNAME_PROP = "username";
    private static final String WRONG_PASSWORD_PROP = "wrong.password";
    private static final String MAX_ITERATIONS = "maxIterations";
    private static final String SLEEP_MILLISECONDS = "sleepMilliseconds";

    @Override // org.identityconnectors.contract.test.ContractTestBase
    public Set<Class<? extends APIOperation>> getAPIOperations() {
        HashSet hashSet = new HashSet();
        hashSet.add(CreateApiOp.class);
        hashSet.add(AuthenticationApiOp.class);
        hashSet.add(GetApiOp.class);
        return hashSet;
    }

    @Override // org.identityconnectors.contract.test.ObjectClassRunner
    public void testRun(ObjectClass objectClass) {
        try {
            Set<Attribute> createableAttributes = ConnectorHelper.getCreateableAttributes(getDataProvider(), getObjectClassInfo(objectClass), getTestName(), 0, true, false);
            Iterator<Attribute> it = createableAttributes.iterator();
            while (it.hasNext()) {
                Attribute next = it.next();
                if ((next.is(OperationalAttributes.PASSWORD_EXPIRED_NAME) || next.is(OperationalAttributes.PASSWORD_EXPIRATION_DATE_NAME) || next.is(OperationalAttributes.ENABLE_DATE_NAME) || next.is(OperationalAttributes.ENABLE_NAME)) && !ConnectorHelper.isRequired(getObjectClassInfo(objectClass), next)) {
                    it.remove();
                }
            }
            Uid create = getConnectorFacade().create(objectClass, createableAttributes, getOperationOptionsByOp(objectClass, CreateApiOp.class));
            Assertions.assertNotNull(getConnectorFacade().getObject(objectClass, create, getOperationOptionsByOp(objectClass, GetApiOp.class)), "Unable to retrieve newly created object");
            String str = (String) getDataProvider().getTestSuiteAttribute(objectClass.getObjectClassValue() + "." + USERNAME_PROP, TEST_NAME);
            Assertions.assertTrue(authenticateExpectingInvalidCredentials(objectClass, str, (GuardedString) getDataProvider().getTestSuiteAttribute(objectClass.getObjectClassValue() + "." + WRONG_PASSWORD_PROP, TEST_NAME)), "Negative test case for Authentication failed, should throw InvalidCredentialException");
            GuardedString guardedString = (GuardedString) ConnectorHelper.get(getDataProvider(), getTestName(), GuardedString.class, OperationalAttributes.PASSWORD_NAME, objectClass.getObjectClassValue(), 0, false);
            Uid authenticateExpectingSuccess = authenticateExpectingSuccess(objectClass, str, guardedString);
            Assertions.assertEquals(create, authenticateExpectingSuccess, String.format("Authenticate returned wrong Uid, expected: %s, returned: %s.", create, authenticateExpectingSuccess));
            if (isOperationalAttributeUpdateable(objectClass, OperationalAttributes.PASSWORD_NAME)) {
                GuardedString guardedString2 = (GuardedString) ConnectorHelper.get(getDataProvider(), getTestName(), GuardedString.class, OperationalAttributes.PASSWORD_NAME, SyncApiOpTests.MODIFIED, objectClass.getObjectClassValue(), 0, false);
                HashSet hashSet = new HashSet();
                hashSet.add(AttributeBuilder.buildPassword(guardedString2));
                if (ConnectorHelper.isAttrSupported(getObjectClassInfo(objectClass), OperationalAttributes.CURRENT_PASSWORD_NAME)) {
                    hashSet.add(AttributeBuilder.buildCurrentPassword(guardedString));
                }
                create = getConnectorFacade().update(objectClass, create, hashSet, getOperationOptionsByOp(objectClass, UpdateApiOp.class));
                Uid authenticateExpectingSuccess2 = authenticateExpectingSuccess(objectClass, str, guardedString2);
                Assertions.assertEquals(create, authenticateExpectingSuccess2, String.format("Authenticate returned wrong Uid, expected: %s, returned: %s.", create, authenticateExpectingSuccess2));
                if (ConnectorHelper.isAttrSupported(getObjectClassInfo(objectClass), PredefinedAttributes.LAST_PASSWORD_CHANGE_DATE_NAME)) {
                    LOG.info("LAST_PASSWORD_CHANGE_DATE test.", new Object[0]);
                    OperationOptionsBuilder operationOptionsBuilder = new OperationOptionsBuilder();
                    operationOptionsBuilder.setAttributesToGet(new String[]{PredefinedAttributes.LAST_PASSWORD_CHANGE_DATE_NAME});
                    Assertions.assertNotNull(getConnectorFacade().getObject(objectClass, create, operationOptionsBuilder.build()).getAttributeByName(PredefinedAttributes.LAST_PASSWORD_CHANGE_DATE_NAME), "LAST_PASSWORD_CHANGE_DATE attribute is null.");
                } else {
                    LOG.info("Skipping LAST_PASSWORD_CHANGE_DATE test.", new Object[0]);
                }
            }
            if (ConnectorHelper.isAttrSupported(getObjectClassInfo(objectClass), PredefinedAttributes.LAST_LOGIN_DATE_NAME)) {
                LOG.info("LAST_LOGIN_DATE test.", new Object[0]);
                OperationOptionsBuilder operationOptionsBuilder2 = new OperationOptionsBuilder();
                operationOptionsBuilder2.setAttributesToGet(new String[]{PredefinedAttributes.LAST_LOGIN_DATE_NAME});
                Assertions.assertNotNull(getConnectorFacade().getObject(objectClass, create, operationOptionsBuilder2.build()).getAttributeByName(PredefinedAttributes.LAST_LOGIN_DATE_NAME), "LAST_LOGIN_DATE attribute is null.");
            } else {
                LOG.info("Skipping LAST_LOGIN_DATE test.", new Object[0]);
            }
            if (create != null) {
                ConnectorHelper.deleteObject(getConnectorFacade(), objectClass, create, false, getOperationOptionsByOp(objectClass, DeleteApiOp.class));
            }
        } catch (Throwable th) {
            if (0 != 0) {
                ConnectorHelper.deleteObject(getConnectorFacade(), objectClass, null, false, getOperationOptionsByOp(objectClass, DeleteApiOp.class));
            }
            throw th;
        }
    }

    @MethodSource({"objectClasses"})
    @ParameterizedTest
    public void testOpEnable(ObjectClass objectClass) {
        if (!ConnectorHelper.operationsSupported(getConnectorFacade(), objectClass, getAPIOperations()) || !isOperationalAttributeUpdateable(objectClass, OperationalAttributes.ENABLE_NAME)) {
            LOG.info("Skipping testOpEnable test.", new Object[0]);
            return;
        }
        Uid uid = null;
        try {
            Set<Attribute> createableAttributes = ConnectorHelper.getCreateableAttributes(getDataProvider(), getObjectClassInfo(objectClass), getTestName(), 0, true, false);
            Iterator<Attribute> it = createableAttributes.iterator();
            while (it.hasNext()) {
                Attribute next = it.next();
                if ((next.is(OperationalAttributes.PASSWORD_EXPIRED_NAME) || next.is(OperationalAttributes.PASSWORD_EXPIRATION_DATE_NAME) || next.is(OperationalAttributes.ENABLE_DATE_NAME)) && !ConnectorHelper.isRequired(getObjectClassInfo(objectClass), next)) {
                    it.remove();
                }
            }
            uid = getConnectorFacade().create(objectClass, createableAttributes, getOperationOptionsByOp(objectClass, CreateApiOp.class));
            String str = (String) getDataProvider().getTestSuiteAttribute(objectClass.getObjectClassValue() + "." + USERNAME_PROP, TEST_NAME);
            HashSet hashSet = new HashSet();
            hashSet.add(AttributeBuilder.buildEnabled(false));
            Uid update = getConnectorFacade().update(objectClass, uid, hashSet, (OperationOptions) null);
            if (!uid.equals(update) && update != null) {
                uid = update;
            }
            Assertions.assertTrue(authenticateExpectingRuntimeException(objectClass, str, (GuardedString) ConnectorHelper.get(getDataProvider(), getTestName(), GuardedString.class, OperationalAttributes.PASSWORD_NAME, getObjectClassInfo(objectClass).getType(), 0, false)), "Authenticate must throw for disabled account");
            ConnectorHelper.deleteObject(getConnectorFacade(), objectClass, uid, false, getOperationOptionsByOp(objectClass, DeleteApiOp.class));
        } catch (Throwable th) {
            ConnectorHelper.deleteObject(getConnectorFacade(), objectClass, uid, false, getOperationOptionsByOp(objectClass, DeleteApiOp.class));
            throw th;
        }
    }

    @MethodSource({"objectClasses"})
    @ParameterizedTest
    public void testOpPasswordExpirationDate(ObjectClass objectClass) {
        if (!ConnectorHelper.operationsSupported(getConnectorFacade(), objectClass, getAPIOperations()) || !isOperationalAttributeUpdateable(objectClass, OperationalAttributes.PASSWORD_EXPIRATION_DATE_NAME)) {
            LOG.info("Skipping testOpPasswordExpirationDate test.", new Object[0]);
            return;
        }
        Uid uid = null;
        try {
            Set<Attribute> createableAttributes = ConnectorHelper.getCreateableAttributes(getDataProvider(), getObjectClassInfo(objectClass), getTestName(), 0, true, false);
            Iterator<Attribute> it = createableAttributes.iterator();
            while (it.hasNext()) {
                Attribute next = it.next();
                if ((next.is(OperationalAttributes.ENABLE_NAME) || next.is(OperationalAttributes.ENABLE_DATE_NAME) || next.is(OperationalAttributes.PASSWORD_EXPIRED_NAME)) && !ConnectorHelper.isRequired(getObjectClassInfo(objectClass), next)) {
                    it.remove();
                }
            }
            uid = getConnectorFacade().create(objectClass, createableAttributes, getOperationOptionsByOp(objectClass, CreateApiOp.class));
            String str = (String) getDataProvider().getTestSuiteAttribute(objectClass.getObjectClassValue() + "." + USERNAME_PROP, TEST_NAME);
            HashSet hashSet = new HashSet();
            hashSet.add(AttributeBuilder.buildPasswordExpirationDate(new Date()));
            Uid update = getConnectorFacade().update(objectClass, uid, hashSet, (OperationOptions) null);
            if (!uid.equals(update) && update != null) {
                uid = update;
            }
            PasswordExpiredException authenticateExpectingPasswordExpired = authenticateExpectingPasswordExpired(objectClass, str, (GuardedString) ConnectorHelper.get(getDataProvider(), getTestName(), GuardedString.class, OperationalAttributes.PASSWORD_NAME, getObjectClassInfo(objectClass).getType(), 0, false));
            Assertions.assertNotNull(authenticateExpectingPasswordExpired, "Authenticate should throw PasswordExpiredException.");
            Assertions.assertEquals(uid, authenticateExpectingPasswordExpired.getUid(), String.format("PasswordExpiredException contains wrong Uid, expected: %s, returned: %s", uid, authenticateExpectingPasswordExpired.getUid()));
            ConnectorHelper.deleteObject(getConnectorFacade(), objectClass, uid, false, getOperationOptionsByOp(objectClass, DeleteApiOp.class));
        } catch (Throwable th) {
            ConnectorHelper.deleteObject(getConnectorFacade(), objectClass, uid, false, getOperationOptionsByOp(objectClass, DeleteApiOp.class));
            throw th;
        }
    }

    @MethodSource({"objectClasses"})
    @ParameterizedTest
    public void testOpPasswordExpired(ObjectClass objectClass) {
        if (!ConnectorHelper.operationsSupported(getConnectorFacade(), objectClass, getAPIOperations()) || !isOperationalAttributeUpdateable(objectClass, OperationalAttributes.PASSWORD_EXPIRED_NAME)) {
            LOG.info("Skipping testOpPasswordExpired test.", new Object[0]);
            return;
        }
        Uid uid = null;
        try {
            Set<Attribute> createableAttributes = ConnectorHelper.getCreateableAttributes(getDataProvider(), getObjectClassInfo(objectClass), getTestName(), 0, true, false);
            Iterator<Attribute> it = createableAttributes.iterator();
            while (it.hasNext()) {
                Attribute next = it.next();
                if ((next.is(OperationalAttributes.ENABLE_NAME) || next.is(OperationalAttributes.ENABLE_DATE_NAME) || next.is(OperationalAttributes.PASSWORD_EXPIRATION_DATE_NAME)) && !ConnectorHelper.isRequired(getObjectClassInfo(objectClass), next)) {
                    it.remove();
                }
            }
            uid = getConnectorFacade().create(objectClass, createableAttributes, getOperationOptionsByOp(objectClass, CreateApiOp.class));
            String str = (String) getDataProvider().getTestSuiteAttribute(objectClass.getObjectClassValue() + "." + USERNAME_PROP, TEST_NAME);
            HashSet hashSet = new HashSet();
            hashSet.add(AttributeBuilder.buildPasswordExpired(true));
            Uid update = getConnectorFacade().update(objectClass, uid, hashSet, (OperationOptions) null);
            if (!uid.equals(update) && update != null) {
                uid = update;
            }
            PasswordExpiredException authenticateExpectingPasswordExpired = authenticateExpectingPasswordExpired(objectClass, str, (GuardedString) ConnectorHelper.get(getDataProvider(), getTestName(), GuardedString.class, OperationalAttributes.PASSWORD_NAME, getObjectClassInfo(objectClass).getType(), 0, false));
            Assertions.assertNotNull(authenticateExpectingPasswordExpired, "Authenticate should throw PasswordExpiredException.");
            Assertions.assertEquals(uid, authenticateExpectingPasswordExpired.getUid(), String.format("PasswordExpiredException contains wrong Uid, expected: %s, returned: %s", uid, authenticateExpectingPasswordExpired.getUid()));
            ConnectorHelper.deleteObject(getConnectorFacade(), objectClass, uid, false, getOperationOptionsByOp(objectClass, DeleteApiOp.class));
        } catch (Throwable th) {
            ConnectorHelper.deleteObject(getConnectorFacade(), objectClass, uid, false, getOperationOptionsByOp(objectClass, DeleteApiOp.class));
            throw th;
        }
    }

    @MethodSource({"objectClasses"})
    @ParameterizedTest
    public void testPasswordBeforePasswordExpired(ObjectClass objectClass) {
        if (!ConnectorHelper.operationsSupported(getConnectorFacade(), objectClass, getAPIOperations()) || !isOperationalAttributeUpdateable(objectClass, OperationalAttributes.PASSWORD_NAME) || !isOperationalAttributeUpdateable(objectClass, OperationalAttributes.PASSWORD_EXPIRED_NAME)) {
            LOG.info("Skipping test ''testPasswordBeforePasswordExpired'' for object class {0}", new Object[]{objectClass});
            return;
        }
        Uid uid = null;
        try {
            Set<Attribute> createableAttributes = ConnectorHelper.getCreateableAttributes(getDataProvider(), getObjectClassInfo(objectClass), getTestName(), 0, true, false);
            Iterator<Attribute> it = createableAttributes.iterator();
            while (it.hasNext()) {
                Attribute next = it.next();
                if ((next.is(OperationalAttributes.ENABLE_NAME) || next.is(OperationalAttributes.ENABLE_DATE_NAME) || next.is(OperationalAttributes.PASSWORD_EXPIRATION_DATE_NAME)) && !ConnectorHelper.isRequired(getObjectClassInfo(objectClass), next)) {
                    it.remove();
                }
            }
            Uid create = getConnectorFacade().create(objectClass, createableAttributes, getOperationOptionsByOp(objectClass, CreateApiOp.class));
            String str = (String) getDataProvider().getTestSuiteAttribute(objectClass.getObjectClassValue() + "." + USERNAME_PROP, TEST_NAME);
            GuardedString guardedString = (GuardedString) ConnectorHelper.get(getDataProvider(), getTestName(), GuardedString.class, OperationalAttributes.PASSWORD_NAME, SyncApiOpTests.MODIFIED, getObjectClassInfo(objectClass).getType(), 0, false);
            HashSet hashSet = new HashSet();
            hashSet.add(AttributeBuilder.buildPassword(guardedString));
            hashSet.add(AttributeBuilder.buildPasswordExpired(true));
            if (ConnectorHelper.isAttrSupported(getObjectClassInfo(objectClass), OperationalAttributes.CURRENT_PASSWORD_NAME)) {
                hashSet.add(AttributeBuilder.buildCurrentPassword((GuardedString) ConnectorHelper.get(getDataProvider(), getTestName(), GuardedString.class, OperationalAttributes.PASSWORD_NAME, getObjectClassInfo(objectClass).getType(), 0, false)));
            }
            uid = getConnectorFacade().update(objectClass, create, hashSet, getOperationOptionsByOp(objectClass, UpdateApiOp.class));
            Assertions.assertNotNull(authenticateExpectingPasswordExpired(objectClass, str, guardedString), "Authenticate should throw PasswordExpiredException.");
            ConnectorHelper.deleteObject(getConnectorFacade(), objectClass, uid, false, getOperationOptionsByOp(objectClass, DeleteApiOp.class));
        } catch (Throwable th) {
            ConnectorHelper.deleteObject(getConnectorFacade(), objectClass, uid, false, getOperationOptionsByOp(objectClass, DeleteApiOp.class));
            throw th;
        }
    }

    private boolean isOperationalAttributeUpdateable(ObjectClass objectClass, String str) {
        for (AttributeInfo attributeInfo : getObjectClassInfo(objectClass).getAttributeInfo()) {
            if (attributeInfo.is(str)) {
                return attributeInfo.isUpdateable();
            }
        }
        return false;
    }

    @Override // org.identityconnectors.contract.test.ObjectClassRunner
    public String getTestName() {
        return TEST_NAME;
    }

    private long getLongTestParam(String str, long j) {
        long j2 = j;
        try {
            Object testSuiteAttribute = getDataProvider().getTestSuiteAttribute(str, TEST_NAME);
            if (testSuiteAttribute != null) {
                j2 = Long.parseLong(testSuiteAttribute.toString());
            }
        } catch (ObjectNotFoundException e) {
        }
        return j2;
    }

    private void sleepIngoringInterruption(long j) {
        try {
            Thread.sleep(j);
        } catch (InterruptedException e) {
        }
    }

    private boolean authenticateExpectingRuntimeException(ObjectClass objectClass, String str, GuardedString guardedString) {
        boolean z = false;
        for (int i = 0; i < getLongTestParam(MAX_ITERATIONS, 1L); i++) {
            try {
                getConnectorFacade().authenticate(ObjectClass.ACCOUNT, str, guardedString, getOperationOptionsByOp(objectClass, AuthenticationApiOp.class));
                LOG.info(String.format("Retrying authentication - iteration %d", Integer.valueOf(i)), new Object[0]);
                sleepIngoringInterruption(getLongTestParam(SLEEP_MILLISECONDS, 0L));
            } catch (RuntimeException e) {
                z = true;
            }
        }
        return z;
    }

    private boolean authenticateExpectingInvalidCredentials(ObjectClass objectClass, String str, GuardedString guardedString) {
        boolean z = false;
        for (int i = 0; i < getLongTestParam(MAX_ITERATIONS, 1L); i++) {
            try {
                getConnectorFacade().authenticate(ObjectClass.ACCOUNT, str, guardedString, getOperationOptionsByOp(objectClass, AuthenticationApiOp.class));
                LOG.info(String.format("Retrying authentication - iteration %d", Integer.valueOf(i)), new Object[0]);
                sleepIngoringInterruption(getLongTestParam(SLEEP_MILLISECONDS, 0L));
            } catch (InvalidCredentialException e) {
                z = true;
            }
        }
        return z;
    }

    private Uid authenticateExpectingSuccess(ObjectClass objectClass, String str, GuardedString guardedString) {
        Uid uid = null;
        RuntimeException runtimeException = null;
        for (int i = 0; i < getLongTestParam(MAX_ITERATIONS, 1L); i++) {
            try {
                uid = getConnectorFacade().authenticate(ObjectClass.ACCOUNT, str, guardedString, getOperationOptionsByOp(objectClass, AuthenticationApiOp.class));
                runtimeException = null;
                break;
            } catch (RuntimeException e) {
                runtimeException = e;
                LOG.info(String.format("Retrying authentication - iteration %d", Integer.valueOf(i)), new Object[0]);
                sleepIngoringInterruption(getLongTestParam(SLEEP_MILLISECONDS, 0L));
            }
        }
        if (runtimeException != null) {
            throw runtimeException;
        }
        return uid;
    }

    private PasswordExpiredException authenticateExpectingPasswordExpired(ObjectClass objectClass, String str, GuardedString guardedString) {
        PasswordExpiredException passwordExpiredException = null;
        RuntimeException runtimeException = null;
        for (int i = 0; i < getLongTestParam(MAX_ITERATIONS, 1L); i++) {
            try {
                getConnectorFacade().authenticate(ObjectClass.ACCOUNT, str, guardedString, getOperationOptionsByOp(objectClass, AuthenticationApiOp.class));
            } catch (PasswordExpiredException e) {
                passwordExpiredException = e;
                runtimeException = null;
            } catch (RuntimeException e2) {
                runtimeException = e2;
            }
            LOG.info(String.format("Retrying authentication - iteration %d", Integer.valueOf(i)), new Object[0]);
            sleepIngoringInterruption(getLongTestParam(SLEEP_MILLISECONDS, 0L));
        }
        if (runtimeException != null) {
            throw runtimeException;
        }
        return passwordExpiredException;
    }
}
