package org.apereo.cas.authentication;

import com.unboundid.ldap.sdk.LDAPConnection;
import org.apereo.cas.adaptors.ldap.LdapIntegrationTestsOperations;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.ldap.AbstractLdapSearchProperties;
import org.apereo.cas.util.junit.EnabledIfListeningOnPort;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.ldaptive.LdapAttribute;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;

@Tag("Ldap")
@EnableConfigurationProperties({CasConfigurationProperties.class})
@SpringBootTest(classes = {RefreshAutoConfiguration.class}, properties = {"cas.authn.passwordSync.ldap[0].ldap-url=ldap://localhost:10389", "cas.authn.passwordSync.ldap[0].base-dn=dc=example,dc=org", "cas.authn.passwordSync.ldap[0].search-filter=cn={user}", "cas.authn.passwordSync.ldap[0].bind-dn=cn=Directory Manager", "cas.authn.passwordSync.ldap[0].bind-credential=password"})
@EnabledIfListeningOnPort(port = {10389})
/* loaded from: input_file:org/apereo/cas/authentication/LdapPasswordSynchronizationAuthenticationPostProcessorTests.class */
public class LdapPasswordSynchronizationAuthenticationPostProcessorTests {

    @Autowired
    private CasConfigurationProperties casProperties;

    @BeforeAll
    public static void setup() throws Exception {
        LDAPConnection lDAPConnection = new LDAPConnection("localhost", 10389, "cn=Directory Manager", "password");
        lDAPConnection.connect("localhost", 10389);
        lDAPConnection.bind("cn=Directory Manager", "password");
        LdapIntegrationTestsOperations.populateDefaultEntries(lDAPConnection, "ou=people,dc=example,dc=org");
    }

    @Test
    public void verifySyncFailsWithUnicodePswd() {
        Assertions.assertDoesNotThrow(() -> {
            new LdapPasswordSynchronizationAuthenticationPostProcessor((AbstractLdapSearchProperties) this.casProperties.getAuthn().getPasswordSync().getLdap().get(0)).process(CoreAuthenticationTestUtils.getAuthenticationBuilder(), new DefaultAuthenticationTransactionFactory().newTransaction(new Credential[]{CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("casTest", "password")}));
        });
    }

    @Test
    public void verifySyncFindsNoUser() {
        Assertions.assertDoesNotThrow(() -> {
            LdapPasswordSynchronizationAuthenticationPostProcessor ldapPasswordSynchronizationAuthenticationPostProcessor = new LdapPasswordSynchronizationAuthenticationPostProcessor((AbstractLdapSearchProperties) this.casProperties.getAuthn().getPasswordSync().getLdap().get(0));
            ldapPasswordSynchronizationAuthenticationPostProcessor.process(CoreAuthenticationTestUtils.getAuthenticationBuilder(), new DefaultAuthenticationTransactionFactory().newTransaction(new Credential[]{CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("unknown123456", "password")}));
            ldapPasswordSynchronizationAuthenticationPostProcessor.destroy();
        });
    }

    @Test
    public void verifyBadCredential() {
        Assertions.assertDoesNotThrow(() -> {
            LdapPasswordSynchronizationAuthenticationPostProcessor ldapPasswordSynchronizationAuthenticationPostProcessor = new LdapPasswordSynchronizationAuthenticationPostProcessor((AbstractLdapSearchProperties) this.casProperties.getAuthn().getPasswordSync().getLdap().get(0));
            Credential credential = (Credential) Mockito.mock(Credential.class);
            Assertions.assertFalse(ldapPasswordSynchronizationAuthenticationPostProcessor.supports(credential));
            ldapPasswordSynchronizationAuthenticationPostProcessor.process(CoreAuthenticationTestUtils.getAuthenticationBuilder(), new DefaultAuthenticationTransactionFactory().newTransaction(new Credential[]{credential}));
            ldapPasswordSynchronizationAuthenticationPostProcessor.destroy();
        });
    }

    @Test
    public void verifyOperation() {
        LdapPasswordSynchronizationAuthenticationPostProcessor processorWithMockPasswordAttribute = getProcessorWithMockPasswordAttribute();
        UsernamePasswordCredential credentialsWithDifferentUsernameAndPassword = CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("admin", "password");
        Assertions.assertTrue(processorWithMockPasswordAttribute.supports(credentialsWithDifferentUsernameAndPassword));
        Assertions.assertDoesNotThrow(() -> {
            processorWithMockPasswordAttribute.process(CoreAuthenticationTestUtils.getAuthenticationBuilder(), new DefaultAuthenticationTransactionFactory().newTransaction(new Credential[0]));
            processorWithMockPasswordAttribute.process(CoreAuthenticationTestUtils.getAuthenticationBuilder(), new DefaultAuthenticationTransactionFactory().newTransaction(new Credential[]{credentialsWithDifferentUsernameAndPassword}));
        });
    }

    private LdapPasswordSynchronizationAuthenticationPostProcessor getProcessorWithMockPasswordAttribute() {
        return new LdapPasswordSynchronizationAuthenticationPostProcessor((AbstractLdapSearchProperties) this.casProperties.getAuthn().getPasswordSync().getLdap().get(0)) { // from class: org.apereo.cas.authentication.LdapPasswordSynchronizationAuthenticationPostProcessorTests.1
            protected LdapAttribute getLdapPasswordAttribute(UsernamePasswordCredential usernamePasswordCredential) {
                return new LdapAttribute("st", new String[]{usernamePasswordCredential.toPassword()});
            }
        };
    }
}
