package org.springframework.security.ldap.ppolicy;

import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.ldap.authentication.BindAuthenticator;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl;

/* loaded from: input_file:org/springframework/security/ldap/ppolicy/OpenLDAPIntegrationTestSuite.class */
public class OpenLDAPIntegrationTestSuite {
    PasswordPolicyAwareContextSource cs;

    @Before
    public void createContextSource() throws Exception {
        this.cs = new PasswordPolicyAwareContextSource("ldap://localhost:22389/dc=springsource,dc=com");
        this.cs.setUserDn("cn=admin,dc=springsource,dc=com");
        this.cs.setPassword("password");
        this.cs.afterPropertiesSet();
    }

    @Test
    public void simpleBindSucceeds() throws Exception {
        BindAuthenticator bindAuthenticator = new BindAuthenticator(this.cs);
        bindAuthenticator.setUserDnPatterns(new String[]{"uid={0},ou=users"});
        new LdapAuthenticationProvider(bindAuthenticator).authenticate(new UsernamePasswordAuthenticationToken("luke", "password"));
    }

    @Test(expected = LockedException.class)
    public void repeatedBindWithWrongPasswordLocksAccount() throws Exception {
        BindAuthenticator bindAuthenticator = new BindAuthenticator(this.cs);
        bindAuthenticator.setUserDnPatterns(new String[]{"uid={0},ou=users"});
        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator);
        for (int i = 1; i < 4; i++) {
            try {
                LdapUserDetailsImpl ldapUserDetailsImpl = (LdapUserDetailsImpl) ldapAuthenticationProvider.authenticate(new UsernamePasswordAuthenticationToken("lockme", "wrong")).getPrincipal();
                Assert.assertTrue(ldapUserDetailsImpl.getTimeBeforeExpiration() < Integer.MAX_VALUE && ldapUserDetailsImpl.getTimeBeforeExpiration() > 0);
            } catch (BadCredentialsException e) {
            }
        }
    }

    @Test
    public void passwordExpiryTimeIsDetectedCorrectly() throws Exception {
        BindAuthenticator bindAuthenticator = new BindAuthenticator(this.cs);
        bindAuthenticator.setUserDnPatterns(new String[]{"uid={0},ou=users"});
        LdapUserDetailsImpl ldapUserDetailsImpl = (LdapUserDetailsImpl) new LdapAuthenticationProvider(bindAuthenticator).authenticate(new UsernamePasswordAuthenticationToken("expireme", "password")).getPrincipal();
        Assert.assertTrue(ldapUserDetailsImpl.getTimeBeforeExpiration() < Integer.MAX_VALUE && ldapUserDetailsImpl.getTimeBeforeExpiration() > 0);
    }
}
