package org.apereo.cas.web.security.authentication;

import java.util.List;
import java.util.Objects;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.core.monitor.MonitorProperties;
import org.apereo.cas.util.LdapUtils;
import org.apereo.cas.util.junit.EnabledIfPortOpen;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.function.Executable;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.test.context.TestPropertySource;

@Tag("Ldap")
@EnableConfigurationProperties({CasConfigurationProperties.class})
@TestPropertySource(properties = {"cas.monitor.endpoints.ldap.ldapAuthz.role-attribute=roomNumber", "cas.monitor.endpoints.ldap.ldap-authz.search-filter=cn={user}", "cas.monitor.endpoints.ldap.ldap-authz.base-dn=ou=people,dc=example,dc=org", "cas.monitor.endpoints.ldap.ldap-authz.role-prefix=ROLE_"})
@EnabledIfPortOpen(port = {10389})
/* loaded from: input_file:org/apereo/cas/web/security/authentication/MonitorEndpointLdapAuthenticationProviderRolesBasedTests.class */
public class MonitorEndpointLdapAuthenticationProviderRolesBasedTests extends BaseMonitorEndpointLdapAuthenticationProviderTests {
    @Test
    public void verifyAuthorizedByRole() {
        SecurityProperties securityProperties = new SecurityProperties();
        securityProperties.getUser().setRoles(List.of("ROLE_888"));
        MonitorProperties.Endpoints.LdapSecurity ldap = this.casProperties.getMonitor().getEndpoints().getLdap();
        MonitorEndpointLdapAuthenticationProvider monitorEndpointLdapAuthenticationProvider = new MonitorEndpointLdapAuthenticationProvider(ldap, securityProperties, LdapUtils.newLdaptiveConnectionFactory(ldap), LdapUtils.newLdaptiveAuthenticator(ldap));
        Assertions.assertTrue(monitorEndpointLdapAuthenticationProvider.supports(UsernamePasswordAuthenticationToken.class));
        Assertions.assertNotNull(monitorEndpointLdapAuthenticationProvider.authenticate(new UsernamePasswordAuthenticationToken("authzcas", "123456")));
        Objects.requireNonNull(monitorEndpointLdapAuthenticationProvider);
        Assertions.assertAll(new Executable[]{monitorEndpointLdapAuthenticationProvider::destroy});
    }

    @Test
    public void verifyUnauthorizedByRole() {
        SecurityProperties securityProperties = new SecurityProperties();
        securityProperties.getUser().setRoles(List.of("SOME_BAD_ROLE"));
        MonitorProperties.Endpoints.LdapSecurity ldap = this.casProperties.getMonitor().getEndpoints().getLdap();
        MonitorEndpointLdapAuthenticationProvider monitorEndpointLdapAuthenticationProvider = new MonitorEndpointLdapAuthenticationProvider(ldap, securityProperties, LdapUtils.newLdaptiveConnectionFactory(ldap), LdapUtils.newLdaptiveAuthenticator(ldap));
        Assertions.assertThrows(BadCredentialsException.class, () -> {
            monitorEndpointLdapAuthenticationProvider.authenticate(new UsernamePasswordAuthenticationToken("authzcas", "123456"));
        });
        Objects.requireNonNull(monitorEndpointLdapAuthenticationProvider);
        Assertions.assertAll(new Executable[]{monitorEndpointLdapAuthenticationProvider::destroy});
    }

    @Test
    public void verifyUserNotFound() {
        SecurityProperties securityProperties = new SecurityProperties();
        securityProperties.getUser().setRoles(List.of("SOME_BAD_ROLE"));
        MonitorProperties.Endpoints.LdapSecurity ldap = this.casProperties.getMonitor().getEndpoints().getLdap();
        MonitorEndpointLdapAuthenticationProvider monitorEndpointLdapAuthenticationProvider = new MonitorEndpointLdapAuthenticationProvider(ldap, securityProperties, LdapUtils.newLdaptiveConnectionFactory(ldap), LdapUtils.newLdaptiveAuthenticator(ldap));
        Assertions.assertThrows(InsufficientAuthenticationException.class, () -> {
            monitorEndpointLdapAuthenticationProvider.authenticate(new UsernamePasswordAuthenticationToken("UNKNOWN_USER", "123456"));
        });
        Objects.requireNonNull(monitorEndpointLdapAuthenticationProvider);
        Assertions.assertAll(new Executable[]{monitorEndpointLdapAuthenticationProvider::destroy});
    }

    @Test
    public void verifyUserBadPassword() {
        SecurityProperties securityProperties = new SecurityProperties();
        securityProperties.getUser().setRoles(List.of("SOME_BAD_ROLE"));
        MonitorProperties.Endpoints.LdapSecurity ldap = this.casProperties.getMonitor().getEndpoints().getLdap();
        MonitorEndpointLdapAuthenticationProvider monitorEndpointLdapAuthenticationProvider = new MonitorEndpointLdapAuthenticationProvider(ldap, securityProperties, LdapUtils.newLdaptiveConnectionFactory(ldap), LdapUtils.newLdaptiveAuthenticator(ldap));
        Assertions.assertThrows(BadCredentialsException.class, () -> {
            monitorEndpointLdapAuthenticationProvider.authenticate(new UsernamePasswordAuthenticationToken("authzcas", "BAD_PASSWORD"));
        });
        Objects.requireNonNull(monitorEndpointLdapAuthenticationProvider);
        Assertions.assertAll(new Executable[]{monitorEndpointLdapAuthenticationProvider::destroy});
    }
}
