package alluxio.security.authentication;

import alluxio.Configuration;
import alluxio.ConfigurationTestUtils;
import alluxio.PropertyKey;
import alluxio.security.authentication.AuthenticationProvider;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.sasl.AuthenticationException;
import javax.security.sasl.AuthorizeCallback;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;

/* loaded from: input_file:alluxio/security/authentication/PlainSaslServerCallbackHandlerTest.class */
public class PlainSaslServerCallbackHandlerTest {
    private CallbackHandler mPlainServerCBHandler;

    @Rule
    public ExpectedException mThrown = ExpectedException.none();

    /* loaded from: input_file:alluxio/security/authentication/PlainSaslServerCallbackHandlerTest$NameMatchAuthenticationProvider.class */
    public static class NameMatchAuthenticationProvider implements AuthenticationProvider {
        public void authenticate(String str, String str2) throws AuthenticationException {
            if (!str.matches("^alluxio.*")) {
                throw new AuthenticationException("Only allow the user starting with alluxio");
            }
            if (!str2.matches("^password")) {
                throw new AuthenticationException("Wrong password");
            }
        }
    }

    @Before
    public void before() throws Exception {
        Configuration.set(PropertyKey.SECURITY_AUTHENTICATION_CUSTOM_PROVIDER_CLASS, NameMatchAuthenticationProvider.class.getName());
        this.mPlainServerCBHandler = new PlainSaslServerCallbackHandler(AuthenticationProvider.Factory.create(AuthType.CUSTOM));
    }

    @After
    public void after() {
        AuthenticatedClientUser.remove();
        ConfigurationTestUtils.resetConfiguration();
    }

    @Test
    public void authenticateNameMatch() throws Exception {
        Callback nameCallback = new NameCallback(" authentication id: ");
        nameCallback.setName("alluxio-1");
        PasswordCallback passwordCallback = new PasswordCallback(" password: ", false);
        passwordCallback.setPassword("password".toCharArray());
        this.mPlainServerCBHandler.handle(new Callback[]{nameCallback, passwordCallback, new AuthorizeCallback("alluxio-1", "alluxio-1")});
    }

    @Test
    public void authenticateNameNotMatch() throws Exception {
        this.mThrown.expect(AuthenticationException.class);
        this.mThrown.expectMessage("Only allow the user starting with alluxio");
        Callback nameCallback = new NameCallback(" authentication id: ");
        nameCallback.setName("not-alluxio-1");
        PasswordCallback passwordCallback = new PasswordCallback(" password: ", false);
        passwordCallback.setPassword("password".toCharArray());
        this.mPlainServerCBHandler.handle(new Callback[]{nameCallback, passwordCallback, new AuthorizeCallback("not-alluxio-1", "not-alluxio-1")});
    }

    @Test
    public void authenticateCorrectPassword() throws Exception {
        this.mThrown.expect(AuthenticationException.class);
        this.mThrown.expectMessage("Wrong password");
        Callback nameCallback = new NameCallback(" authentication id: ");
        nameCallback.setName("alluxio-1");
        PasswordCallback passwordCallback = new PasswordCallback(" password: ", false);
        passwordCallback.setPassword("not-password".toCharArray());
        this.mPlainServerCBHandler.handle(new Callback[]{nameCallback, passwordCallback, new AuthorizeCallback("alluxio-1", "alluxio-1")});
    }
}
