package org.apache.brooklyn.rest.security.jaas;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.apache.brooklyn.core.internal.BrooklynProperties;
import org.apache.brooklyn.core.test.BrooklynMgmtUnitTestSupport;
import org.apache.brooklyn.core.test.entity.LocalManagementContextForTests;
import org.apache.brooklyn.rest.BrooklynWebConfig;
import org.apache.brooklyn.rest.security.jaas.BrooklynLoginModule;
import org.apache.brooklyn.util.collections.MutableMap;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/brooklyn/rest/security/jaas/BrooklynLoginModuleTest.class */
public class BrooklynLoginModuleTest extends BrooklynMgmtUnitTestSupport {
    private static final String ACCEPTED_USER = "user";
    private static final String ACCEPTED_PASSWORD = "password";
    private static final String DEFAULT_ROLE = "webconsole";
    private CallbackHandler GOOD_CB_HANDLER = new TestCallbackHandler(ACCEPTED_USER, ACCEPTED_PASSWORD);
    private CallbackHandler BAD_CB_HANDLER = new TestCallbackHandler("user.invalid", "password.invalid");
    private Subject subject;
    private Map<String, ?> sharedState;
    private Map<String, ?> options;
    private BrooklynLoginModule module;

    @BeforeMethod(alwaysRun = true)
    public void setUp() throws Exception {
        BrooklynProperties newEmpty = BrooklynProperties.Factory.newEmpty();
        newEmpty.addFrom(ImmutableMap.of(BrooklynWebConfig.USERS, ACCEPTED_USER, BrooklynWebConfig.PASSWORD_FOR_USER(ACCEPTED_USER), ACCEPTED_PASSWORD));
        this.mgmt = LocalManagementContextForTests.builder(true).useProperties(newEmpty).build();
        ManagementContextHolder.setManagementContextStatic(this.mgmt);
        super.setUp();
        this.subject = new Subject();
        this.sharedState = MutableMap.of();
        this.options = ImmutableMap.of();
        this.module = new BrooklynLoginModule();
    }

    @Test
    public void testMissingCallback() throws LoginException {
        this.module.initialize(this.subject, (CallbackHandler) null, this.sharedState, this.options);
        try {
            this.module.login();
            Assert.fail("Login is supposed to fail due to missing callback");
        } catch (FailedLoginException e) {
        }
        Assert.assertFalse(this.module.commit(), "commit");
        assertEmptyPrincipals();
        Assert.assertFalse(this.module.abort(), "abort");
    }

    @Test
    public void testFailedLoginCommitAbort() throws LoginException {
        badLogin();
        Assert.assertFalse(this.module.commit(), "commit");
        assertEmptyPrincipals();
        Assert.assertFalse(this.module.abort(), "abort");
    }

    @Test
    public void testFailedLoginCommitAbortReadOnly() throws LoginException {
        this.subject.setReadOnly();
        badLogin();
        Assert.assertFalse(this.module.commit(), "commit");
        assertEmptyPrincipals();
        Assert.assertFalse(this.module.abort(), "abort");
    }

    @Test
    public void testFailedLoginAbort() throws LoginException {
        badLogin();
        Assert.assertFalse(this.module.abort(), "abort");
        assertEmptyPrincipals();
    }

    @Test
    public void testSuccessfulLoginCommitLogout() throws LoginException {
        goodLogin();
        Assert.assertTrue(this.module.commit(), "commit");
        assertBrooklynPrincipal();
        Assert.assertTrue(this.module.logout(), "logout");
        assertEmptyPrincipals();
    }

    @Test
    public void testSuccessfulLoginCommitAbort() throws LoginException {
        goodLogin();
        Assert.assertTrue(this.module.commit(), "commit");
        assertBrooklynPrincipal();
        Assert.assertTrue(this.module.abort(), "logout");
        assertEmptyPrincipals();
    }

    @Test
    public void testSuccessfulLoginCommitAbortReadOnly() throws LoginException {
        this.subject.setReadOnly();
        goodLogin();
        try {
            this.module.commit();
            Assert.fail("Commit expected to throw");
        } catch (LoginException e) {
        }
        Assert.assertTrue(this.module.abort());
    }

    @Test
    public void testSuccessfulLoginAbort() throws LoginException {
        goodLogin();
        Assert.assertTrue(this.module.abort(), "abort");
        assertEmptyPrincipals();
    }

    @Test
    public void testCustomRole() throws LoginException {
        this.options = ImmutableMap.of(BrooklynLoginModule.PROPERTY_ROLE, "users");
        goodLogin();
        Assert.assertTrue(this.module.commit(), "commit");
        assertBrooklynPrincipal("users");
    }

    private void goodLogin() throws LoginException {
        this.module.initialize(this.subject, this.GOOD_CB_HANDLER, this.sharedState, this.options);
        Assert.assertTrue(this.module.login(), "login");
        assertEmptyPrincipals();
    }

    private void badLogin() throws LoginException {
        this.module.initialize(this.subject, this.BAD_CB_HANDLER, this.sharedState, this.options);
        try {
            this.module.login();
            Assert.fail("Login is supposed to fail due to invalid username+password pair");
        } catch (FailedLoginException e) {
        }
    }

    private void assertBrooklynPrincipal() {
        assertBrooklynPrincipal(DEFAULT_ROLE);
    }

    private void assertBrooklynPrincipal(String str) {
        Assert.assertEquals(this.subject.getPrincipals(), ImmutableSet.of(new BrooklynLoginModule.UserPrincipal(ACCEPTED_USER), new BrooklynLoginModule.RolePrincipal(str)));
    }

    private void assertEmptyPrincipals() {
        Assert.assertEquals(this.subject.getPrincipals().size(), 0);
    }
}
