package org.apache.shiro.realm.activedirectory;

import java.util.HashSet;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.ldap.LdapContext;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAccount;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.realm.UserIdPrincipal;
import org.apache.shiro.realm.UsernamePrincipal;
import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
import org.easymock.Capture;
import org.easymock.CaptureType;
import org.easymock.EasyMock;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/apache/shiro/realm/activedirectory/ActiveDirectoryRealmTest.class */
public class ActiveDirectoryRealmTest {
    private static final String USERNAME = "testuser";
    private static final String PASSWORD = "password";
    private static final int USER_ID = 12345;
    private static final String ROLE = "admin";
    DefaultSecurityManager securityManager;
    AuthorizingRealm realm;

    /* loaded from: input_file:org/apache/shiro/realm/activedirectory/ActiveDirectoryRealmTest$TestActiveDirectoryRealm.class */
    public static class TestActiveDirectoryRealm extends ActiveDirectoryRealm {
        CredentialsMatcher credentialsMatcher = new CredentialsMatcher() { // from class: org.apache.shiro.realm.activedirectory.ActiveDirectoryRealmTest.TestActiveDirectoryRealm.1
            public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {
                return true;
            }
        };

        public TestActiveDirectoryRealm() {
            setCredentialsMatcher(this.credentialsMatcher);
        }

        public void setPrincipalSuffix(String str) {
            this.principalSuffix = str;
        }

        protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
            SimpleAccount doGetAuthenticationInfo = super.doGetAuthenticationInfo(authenticationToken);
            if (doGetAuthenticationInfo != null) {
                SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
                simplePrincipalCollection.add(new UserIdPrincipal(ActiveDirectoryRealmTest.USER_ID), getName());
                simplePrincipalCollection.add(new UsernamePrincipal(ActiveDirectoryRealmTest.USERNAME), getName());
                doGetAuthenticationInfo.setPrincipals(simplePrincipalCollection);
            }
            return doGetAuthenticationInfo;
        }

        protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
            HashSet hashSet = new HashSet();
            hashSet.add(ActiveDirectoryRealmTest.ROLE);
            return new SimpleAuthorizationInfo(hashSet);
        }

        protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken authenticationToken, LdapContextFactory ldapContextFactory) throws NamingException {
            return new SimpleAccount(authenticationToken.getPrincipal(), authenticationToken.getCredentials(), getName());
        }
    }

    @BeforeEach
    public void setup() {
        ThreadContext.remove();
        this.realm = new TestActiveDirectoryRealm();
        this.securityManager = new DefaultSecurityManager(this.realm);
        SecurityUtils.setSecurityManager(this.securityManager);
    }

    @AfterEach
    public void tearDown() {
        SecurityUtils.setSecurityManager((SecurityManager) null);
        this.securityManager.destroy();
        ThreadContext.remove();
    }

    @Test
    void testDefaultConfig() {
        Subject subject = SecurityUtils.getSubject();
        subject.login(new UsernamePasswordToken(USERNAME, PASSWORD, "localhost"));
        Assertions.assertTrue(subject.isAuthenticated());
        Assertions.assertTrue(subject.hasRole(ROLE));
        Assertions.assertTrue(((UsernamePrincipal) subject.getPrincipals().oneByType(UsernamePrincipal.class)).getUsername().equals(USERNAME));
        Assertions.assertTrue(((UserIdPrincipal) subject.getPrincipals().oneByType(UserIdPrincipal.class)).getUserId() == USER_ID);
        Assertions.assertTrue(this.realm.hasRole(subject.getPrincipals(), ROLE));
        subject.logout();
    }

    @Test
    void testExistingUserSuffix() throws Exception {
        assertExistingUserSuffix(USERNAME, "testuser@ExAmple.COM");
        assertExistingUserSuffix("testuser@example.com", "testuser@example.com");
        assertExistingUserSuffix("testuser@EXAMPLE.com", "testuser@EXAMPLE.com");
    }

    public void assertExistingUserSuffix(String str, String str2) throws Exception {
        LdapContext ldapContext = (LdapContext) EasyMock.createMock(LdapContext.class);
        NamingEnumeration namingEnumeration = (NamingEnumeration) EasyMock.createMock(NamingEnumeration.class);
        Capture newInstance = Capture.newInstance(CaptureType.ALL);
        EasyMock.expect(ldapContext.search(EasyMock.anyString(), EasyMock.anyString(), (Object[]) EasyMock.capture(newInstance), (SearchControls) EasyMock.anyObject(SearchControls.class))).andReturn(namingEnumeration);
        EasyMock.replay(new Object[]{ldapContext});
        ActiveDirectoryRealm activeDirectoryRealm = new ActiveDirectoryRealm() { // from class: org.apache.shiro.realm.activedirectory.ActiveDirectoryRealmTest.1
            {
                this.principalSuffix = "@ExAmple.COM";
            }
        };
        new Subject.Builder(new DefaultSecurityManager(activeDirectoryRealm)).buildSubject().execute(() -> {
            try {
                activeDirectoryRealm.getRoleNamesForUser(str, ldapContext);
            } catch (NamingException e) {
                Assertions.fail("Unexpected NamingException thrown during test");
            }
        });
        Object[] objArr = (Object[]) newInstance.getValue();
        MatcherAssert.assertThat(objArr, Matchers.arrayWithSize(1));
        MatcherAssert.assertThat(objArr[0], Matchers.is(str2));
    }
}
