package org.springframework.security.ldap.authentication;

import java.util.Collection;
import org.jmock.Expectations;
import org.jmock.Mockery;
import org.jmock.integration.junit4.JUnit4Mockery;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;

/* loaded from: input_file:org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.class */
public class LdapAuthenticationProviderTests {
    Mockery jmock = new JUnit4Mockery();

    /* loaded from: input_file:org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests$MockAuthenticator.class */
    class MockAuthenticator implements LdapAuthenticator {
        MockAuthenticator() {
        }

        public DirContextOperations authenticate(Authentication authentication) {
            DirContextAdapter dirContextAdapter = new DirContextAdapter();
            dirContextAdapter.setAttributeValue("ou", "FROM_ENTRY");
            String name = authentication.getName();
            String str = (String) authentication.getCredentials();
            if (name.equals("ben") && str.equals("benspassword")) {
                dirContextAdapter.setDn(new DistinguishedName("cn=ben,ou=people,dc=springframework,dc=org"));
                dirContextAdapter.setAttributeValue("userPassword", "{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=");
                return dirContextAdapter;
            }
            if (!name.equals("jen") || !str.equals("")) {
                throw new BadCredentialsException("Authentication failed.");
            }
            dirContextAdapter.setDn(new DistinguishedName("cn=jen,ou=people,dc=springframework,dc=org"));
            return dirContextAdapter;
        }
    }

    /* loaded from: input_file:org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests$MockAuthoritiesPopulator.class */
    class MockAuthoritiesPopulator implements LdapAuthoritiesPopulator {
        String username;

        MockAuthoritiesPopulator() {
        }

        public Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations dirContextOperations, String str) {
            this.username = str;
            return AuthorityUtils.createAuthorityList(new String[]{"ROLE_FROM_POPULATOR"});
        }

        String getRequestedUsername() {
            return this.username;
        }
    }

    @Test
    public void testSupportsUsernamePasswordAuthenticationToken() {
        Assert.assertTrue(new LdapAuthenticationProvider(new MockAuthenticator(), new MockAuthoritiesPopulator()).supports(UsernamePasswordAuthenticationToken.class));
    }

    @Test
    public void testDefaultMapperIsSet() {
        Assert.assertTrue(new LdapAuthenticationProvider(new MockAuthenticator(), new MockAuthoritiesPopulator()).getUserDetailsContextMapper() instanceof LdapUserDetailsMapper);
    }

    @Test
    public void testEmptyOrNullUserNameThrowsException() {
        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(new MockAuthenticator(), new MockAuthoritiesPopulator());
        try {
            ldapAuthenticationProvider.authenticate(new UsernamePasswordAuthenticationToken((Object) null, "password"));
            Assert.fail("Expected BadCredentialsException for empty username");
        } catch (BadCredentialsException e) {
        }
        try {
            ldapAuthenticationProvider.authenticate(new UsernamePasswordAuthenticationToken("", "bobspassword"));
            Assert.fail("Expected BadCredentialsException for null username");
        } catch (BadCredentialsException e2) {
        }
    }

    @Test(expected = BadCredentialsException.class)
    public void usernameNotFoundExceptionIsHiddenByDefault() {
        final LdapAuthenticator ldapAuthenticator = (LdapAuthenticator) this.jmock.mock(LdapAuthenticator.class);
        final UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("joe", "password");
        this.jmock.checking(new Expectations() { // from class: org.springframework.security.ldap.authentication.LdapAuthenticationProviderTests.1
            {
                ((LdapAuthenticator) oneOf(ldapAuthenticator)).authenticate(usernamePasswordAuthenticationToken);
                will(throwException(new UsernameNotFoundException("nobody")));
            }
        });
        new LdapAuthenticationProvider(ldapAuthenticator).authenticate(usernamePasswordAuthenticationToken);
    }

    @Test(expected = UsernameNotFoundException.class)
    public void usernameNotFoundExceptionIsNotHiddenIfConfigured() {
        final LdapAuthenticator ldapAuthenticator = (LdapAuthenticator) this.jmock.mock(LdapAuthenticator.class);
        final UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("joe", "password");
        this.jmock.checking(new Expectations() { // from class: org.springframework.security.ldap.authentication.LdapAuthenticationProviderTests.2
            {
                ((LdapAuthenticator) oneOf(ldapAuthenticator)).authenticate(usernamePasswordAuthenticationToken);
                will(throwException(new UsernameNotFoundException("nobody")));
            }
        });
        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(ldapAuthenticator);
        ldapAuthenticationProvider.setHideUserNotFoundExceptions(false);
        ldapAuthenticationProvider.authenticate(usernamePasswordAuthenticationToken);
    }

    @Test
    public void normalUsage() {
        MockAuthoritiesPopulator mockAuthoritiesPopulator = new MockAuthoritiesPopulator();
        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(new MockAuthenticator(), mockAuthoritiesPopulator);
        LdapUserDetailsMapper ldapUserDetailsMapper = new LdapUserDetailsMapper();
        ldapUserDetailsMapper.setRoleAttributes(new String[]{"ou"});
        ldapAuthenticationProvider.setUserDetailsContextMapper(ldapUserDetailsMapper);
        Assert.assertNotNull(ldapAuthenticationProvider.getAuthoritiesPopulator());
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("ben", "benspassword");
        Object obj = new Object();
        usernamePasswordAuthenticationToken.setDetails(obj);
        Authentication authenticate = ldapAuthenticationProvider.authenticate(usernamePasswordAuthenticationToken);
        Assert.assertEquals("benspassword", authenticate.getCredentials());
        Assert.assertSame(obj, authenticate.getDetails());
        UserDetails userDetails = (UserDetails) authenticate.getPrincipal();
        Assert.assertEquals(2L, userDetails.getAuthorities().size());
        Assert.assertEquals("{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=", userDetails.getPassword());
        Assert.assertEquals("ben", userDetails.getUsername());
        Assert.assertEquals("ben", mockAuthoritiesPopulator.getRequestedUsername());
        Assert.assertTrue(AuthorityUtils.authorityListToSet(userDetails.getAuthorities()).contains("ROLE_FROM_ENTRY"));
        Assert.assertTrue(AuthorityUtils.authorityListToSet(userDetails.getAuthorities()).contains("ROLE_FROM_POPULATOR"));
    }

    @Test
    public void passwordIsSetFromUserDataIfUseAuthenticationRequestCredentialsIsFalse() {
        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(new MockAuthenticator(), new MockAuthoritiesPopulator());
        ldapAuthenticationProvider.setUseAuthenticationRequestCredentials(false);
        Assert.assertEquals("{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=", ldapAuthenticationProvider.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword")).getCredentials());
    }

    @Test
    public void useWithNullAuthoritiesPopulatorReturnsCorrectRole() {
        LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(new MockAuthenticator());
        LdapUserDetailsMapper ldapUserDetailsMapper = new LdapUserDetailsMapper();
        ldapUserDetailsMapper.setRoleAttributes(new String[]{"ou"});
        ldapAuthenticationProvider.setUserDetailsContextMapper(ldapUserDetailsMapper);
        UserDetails userDetails = (UserDetails) ldapAuthenticationProvider.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword")).getPrincipal();
        Assert.assertEquals(1L, userDetails.getAuthorities().size());
        Assert.assertTrue(AuthorityUtils.authorityListToSet(userDetails.getAuthorities()).contains("ROLE_FROM_ENTRY"));
    }
}
