package org.graylog2.security.ldap;

import java.util.Set;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.apache.directory.server.core.annotations.ContextEntry;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.annotations.CreateIndex;
import org.apache.directory.server.core.annotations.CreatePartition;
import org.apache.directory.server.core.annotations.LoadSchema;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.core.partition.impl.avl.AvlPartition;
import org.apache.directory.server.ldap.LdapServer;
import org.assertj.core.api.Assertions;
import org.graylog2.ApacheDirectoryTestServiceFactory;
import org.graylog2.shared.security.ldap.LdapEntry;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.runner.RunWith;

@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")})
@RunWith(FrameworkRunner.class)
@CreateDS(name = "LdapConnectorTest", factory = ApacheDirectoryTestServiceFactory.class, partitions = {@CreatePartition(name = "example.com", type = AvlPartition.class, suffix = "dc=example,dc=com", contextEntry = @ContextEntry(entryLdif = "dn: dc=example,dc=com\ndc: example\nobjectClass: top\nobjectClass: domain\n\n"), indexes = {@CreateIndex(attribute = "objectClass"), @CreateIndex(attribute = "dc"), @CreateIndex(attribute = "ou")})}, loadedSchemas = {@LoadSchema(name = "nis", enabled = true)})
@ApplyLdifFiles({"org/graylog2/security/ldap/base.ldif"})
/* loaded from: input_file:org/graylog2/security/ldap/LdapConnectorTest.class */
public class LdapConnectorTest extends AbstractLdapTestUnit {
    private static final String ADMIN_DN = "uid=admin,ou=system";
    private static final String ADMIN_PASSWORD = "secret";

    @Rule
    public final ExpectedException expectedException = ExpectedException.none();
    private LdapConnector connector;
    private LdapNetworkConnection connection;

    @Before
    public void setUp() throws Exception {
        LdapServer ldapServer = getLdapServer();
        LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
        ldapConnectionConfig.setLdapHost("localHost");
        ldapConnectionConfig.setLdapPort(ldapServer.getPort());
        ldapConnectionConfig.setName(ADMIN_DN);
        ldapConnectionConfig.setCredentials(ADMIN_PASSWORD);
        this.connector = new LdapConnector(10000);
        this.connection = this.connector.connect(ldapConnectionConfig);
    }

    @After
    public void tearDown() throws Exception {
        this.connection.close();
    }

    @Test
    public void testUserLookup() throws Exception {
        LdapEntry search = this.connector.search(this.connection, "ou=users,dc=example,dc=com", "(&(objectClass=posixAccount)(uid={0}))", "cn", "john", false, "ou=groups,dc=example,dc=com", "cn", "(|(objectClass=groupOfNames)(objectClass=posixGroup))");
        Assertions.assertThat(search).isNotNull();
        Assertions.assertThat(search.getDn()).isNotNull().isEqualTo("cn=John Doe,ou=users,dc=example,dc=com");
        Assertions.assertThat(search.getGroups()).hasSize(2).contains(new String[]{"QA", "Developers"});
    }

    @Test
    public void testGroupOfNamesLookup() throws Exception {
        LdapEntry search = this.connector.search(this.connection, "ou=users,dc=example,dc=com", "(&(objectClass=posixAccount)(uid={0}))", "cn", "john", false, "ou=groups,dc=example,dc=com", "cn", "(objectClass=groupOfNames)");
        Assertions.assertThat(search).isNotNull();
        Assertions.assertThat(search.getDn()).isNotNull().isEqualTo("cn=John Doe,ou=users,dc=example,dc=com");
        Assertions.assertThat(search.getGroups()).hasSize(1).contains(new String[]{"QA"});
    }

    @Test
    public void testGroupOfUniqueNamesLookup() throws Exception {
        LdapEntry search = this.connector.search(this.connection, "ou=users,dc=example,dc=com", "(&(objectClass=posixAccount)(uid={0}))", "cn", "john", false, "ou=groups,dc=example,dc=com", "cn", "(objectClass=groupOfUniqueNames)");
        Assertions.assertThat(search).isNotNull();
        Assertions.assertThat(search.getDn()).isNotNull().isEqualTo("cn=John Doe,ou=users,dc=example,dc=com");
        Assertions.assertThat(search.getGroups()).hasSize(2).contains(new String[]{"Engineers", "Whitespace Engineers"});
    }

    @Test
    public void testPosixGroupLookup() throws Exception {
        LdapEntry search = this.connector.search(this.connection, "ou=users,dc=example,dc=com", "(&(objectClass=posixAccount)(uid={0}))", "cn", "john", false, "ou=groups,dc=example,dc=com", "cn", "(objectClass=posixGroup)");
        Assertions.assertThat(search).isNotNull();
        Assertions.assertThat(search.getDn()).isNotNull().isEqualTo("cn=John Doe,ou=users,dc=example,dc=com");
        Assertions.assertThat(search.getGroups()).hasSize(1).contains(new String[]{"Developers"});
    }

    @Test
    public void testAllGroupClassesLookup() throws Exception {
        LdapEntry search = this.connector.search(this.connection, "ou=users,dc=example,dc=com", "(&(objectClass=posixAccount)(uid={0}))", "cn", "john", false, "ou=groups,dc=example,dc=com", "cn", "(|(objectClass=posixGroup)(objectClass=groupOfNames)(objectclass=groupOfUniqueNames))");
        Assertions.assertThat(search).isNotNull();
        Assertions.assertThat(search.getDn()).isNotNull().isEqualTo("cn=John Doe,ou=users,dc=example,dc=com");
        Assertions.assertThat(search.getGroups()).hasSize(4).contains(new String[]{"Developers", "QA", "Engineers", "Whitespace Engineers"});
    }

    @Test
    public void testListGroups() throws Exception {
        Assertions.assertThat(this.connector.listGroups(this.connection, "ou=groups,dc=example,dc=com", "(objectClass=top)", "cn")).hasSize(4).contains(new String[]{"Developers", "QA", "Engineers", "Whitespace Engineers"});
    }

    @Test
    public void testFindGroupsWithWhitespace() throws Exception {
        LdapEntry ldapEntry = new LdapEntry();
        ldapEntry.setDn("cn=John Doe,ou=users,dc=example,dc=com");
        ldapEntry.put("uid", "john");
        LdapEntry ldapEntry2 = new LdapEntry();
        ldapEntry2.setDn("cn=John Doe,  ou=users, dc=example, dc=com");
        ldapEntry2.put("uid", "john");
        Set findGroups = this.connector.findGroups(this.connection, "ou=groups,dc=example,dc=com", "(objectClass=groupOfUniqueNames)", "cn", ldapEntry);
        Set findGroups2 = this.connector.findGroups(this.connection, "ou=groups,dc=example,dc=com", "(objectClass=groupOfUniqueNames)", "cn", ldapEntry2);
        Assertions.assertThat(findGroups).hasSize(2).containsOnly(new String[]{"Whitespace Engineers", "Engineers"});
        Assertions.assertThat(findGroups2).hasSize(2).containsOnly(new String[]{"Whitespace Engineers", "Engineers"});
    }

    @Test
    public void authenticateThrowsIllegalArgumentExceptionIfPrincipalIsNull() throws LdapException {
        this.expectedException.expect(IllegalArgumentException.class);
        this.expectedException.expectMessage("Binding with empty principal is forbidden.");
        this.connector.authenticate(this.connection, (String) null, ADMIN_PASSWORD);
    }

    @Test
    public void authenticateThrowsIllegalArgumentExceptionIfPrincipalIsEmpty() throws LdapException {
        this.expectedException.expect(IllegalArgumentException.class);
        this.expectedException.expectMessage("Binding with empty principal is forbidden.");
        this.connector.authenticate(this.connection, "", ADMIN_PASSWORD);
    }

    @Test
    public void authenticateThrowsIllegalArgumentExceptionIfCredentialsAreNull() throws LdapException {
        this.expectedException.expect(IllegalArgumentException.class);
        this.expectedException.expectMessage("Binding with empty credentials is forbidden.");
        this.connector.authenticate(this.connection, "principal", (String) null);
    }

    @Test
    public void authenticateThrowsIllegalArgumentExceptionIfCredentialsAreEmpty() throws LdapException {
        this.expectedException.expect(IllegalArgumentException.class);
        this.expectedException.expectMessage("Binding with empty credentials is forbidden.");
        this.connector.authenticate(this.connection, "principal", "");
    }
}
