package tigase.ldap;

import com.unboundid.ldap.sdk.LDAPException;
import java.io.IOException;
import java.io.StringWriter;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.function.Predicate;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
import tigase.TestLogger;
import tigase.component.DSLBeanConfigurator;
import tigase.component.DSLBeanConfiguratorWithBackwardCompatibility;
import tigase.conf.ConfigHolder;
import tigase.conf.LoggingBean;
import tigase.db.TigaseDBException;
import tigase.eventbus.EventBusFactory;
import tigase.io.CertificateContainer;
import tigase.io.SSLContextContainer;
import tigase.kernel.AbstractKernelWithUserRepositoryTestCase;
import tigase.kernel.DefaultTypesConverter;
import tigase.kernel.beans.config.AbstractBeanConfigurator;
import tigase.kernel.core.Kernel;
import tigase.net.SocketType;
import tigase.vhosts.DummyVHostManager;
import tigase.xmpp.jid.BareJID;

/* loaded from: input_file:tigase/ldap/LdapConnectionManagerTest.class */
public class LdapConnectionManagerTest extends AbstractKernelWithUserRepositoryTestCase {
    static Logger log;
    public LdapConnectionManager ldapManager;

    private static void dumpConfiguration(DSLBeanConfigurator dSLBeanConfigurator) throws IOException {
        StringWriter stringWriter = new StringWriter();
        dSLBeanConfigurator.dumpConfiguration(stringWriter);
        log.fine("Configuration dump:" + stringWriter.toString());
    }

    protected void registerBeans(Kernel kernel) {
        super.registerBeans(kernel);
        kernel.registerBean(DefaultTypesConverter.class).exportable().exec();
        kernel.registerBean(DSLBeanConfiguratorWithBackwardCompatibility.class).exportable().exec();
        kernel.registerBean("eventBus").asInstance(EventBusFactory.getInstance()).exportable().exec();
        DSLBeanConfigurator dSLBeanConfigurator = (DSLBeanConfigurator) kernel.getInstance(DSLBeanConfigurator.class);
        dSLBeanConfigurator.setConfigHolder(new ConfigHolder());
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap.put("connections", hashMap2);
        new HashMap();
        AbstractBeanConfigurator.BeanDefinition beanDefinition = new AbstractBeanConfigurator.BeanDefinition();
        beanDefinition.setBeanName("10489");
        beanDefinition.setActive(true);
        beanDefinition.put("ifc", "*");
        beanDefinition.put("socket", SocketType.ssl);
        hashMap2.put("10489", beanDefinition);
        dSLBeanConfigurator.getConfigHolder().getProperties().put("ldap", hashMap);
        kernel.registerBean(CertificateContainer.class).exportable().exec();
        kernel.registerBean(SSLContextContainer.class).exportable().setActive(true).exec();
        kernel.registerBean("vhost-man").asClass(DummyVHostManager.class).exportable().setActive(true).exec();
        kernel.registerBean(LdapConnectionManager.class).setActive(true).exec();
        kernel.registerBean("logging").asClass(LoggingBean.class).setActive(true).setPinned(true).exec();
    }

    @Before
    public void setup() throws TigaseDBException {
        log = Logger.getLogger("tigase");
        TestLogger.configureLogger(log, Level.CONFIG);
        getAuthRepository().addUser(BareJID.bareJIDInstanceNS("tygrys", "tigase.org"), "12345");
        getAuthRepository().addUser(BareJID.bareJIDInstanceNS("admin", "tigase.org"), "12345admin");
        ((DummyVHostManager) getInstance(DummyVHostManager.class)).addVhost("tigase.org");
        ((DummyVHostManager) getInstance(DummyVHostManager.class)).getVHostItem("tigase.org").setAdmins(new String[]{"admin@tigase.org"});
        try {
            ((LoggingBean) getInstance(LoggingBean.class)).setPacketFullDebug(true);
            this.ldapManager = (LdapConnectionManager) getInstance(LdapConnectionManager.class);
            this.ldapManager.start();
            dumpConfiguration((DSLBeanConfigurator) getInstance(DSLBeanConfigurator.class));
        } catch (Exception e) {
            log.log(Level.WARNING, e, () -> {
                return "There was an error setting up test";
            });
        }
        TestLogger.configureLogger(log, Level.ALL);
    }

    @After
    public void tearDown() {
        if (this.ldapManager != null) {
            this.ldapManager.stop();
            this.ldapManager = null;
        }
    }

    @Test
    public void testSimpleAuthSuccess_SSL() throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldaps://localhost:10489");
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", "cn=tygrys,ou=Users,dc=tigase,dc=org");
        hashtable.put("java.naming.security.credentials", "12345");
        hashtable.put("java.naming.ldap.factory.socket", "tigase.ldap.MySSLSocketFactory");
        log.finest("Authenticating...");
        InitialLdapContext initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
        log.finest("Authenticated successfully!");
        initialLdapContext.close();
    }

    @Test
    @Ignore
    public void testSTARTLS_NoAuth() throws InterruptedException, NamingException, LDAPException, IOException, NoSuchAlgorithmException, KeyManagementException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://localhost:10389");
        log.finest("Authenticating...");
        InitialLdapContext initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
        StartTlsResponse extendedOperation = initialLdapContext.extendedOperation(new StartTlsRequest());
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, new TrustManager[]{new DummyTrustManager()}, new SecureRandom());
        sSLContext.getDefaultSSLParameters().setServerNames(List.of(new SNIHostName("localhost")));
        SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        extendedOperation.setHostnameVerifier(new HostnameVerifier(this) { // from class: tigase.ldap.LdapConnectionManagerTest.1
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        });
        extendedOperation.negotiate(socketFactory);
        log.finest("Authenticated successfully!");
        initialLdapContext.close();
    }

    @Test
    public void testSimpleAuthFailureWrongPassword() throws NamingException {
        boolean z;
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://localhost:10389");
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", "cn=tygrys,ou=Users,dc=tigase,dc=org");
        hashtable.put("java.naming.security.credentials", "123456");
        try {
            log.finest("Authenticating...");
            InitialDirContext initialDirContext = new InitialDirContext(hashtable);
            log.finest("Authenticated successfully!");
            z = true;
            initialDirContext.close();
        } catch (AuthenticationException e) {
            z = false;
        }
        Assert.assertFalse("authentication succeeded with wrong password", z);
    }

    @Test
    public void testSimpleAuthFailureNotExistingUser() throws NamingException {
        boolean z;
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://localhost:10389");
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", "cn=tygrys-missing,ou=Users,dc=tigase,dc=org");
        hashtable.put("java.naming.security.credentials", "12345");
        try {
            log.finest("Authenticating...");
            InitialDirContext initialDirContext = new InitialDirContext(hashtable);
            log.finest("Authenticated successfully!");
            z = true;
            initialDirContext.close();
        } catch (AuthenticationException e) {
            z = false;
        }
        Assert.assertFalse("authentication succeeded for not existing user", z);
    }

    @Test
    public void testSimpleSimpleAuthWithQuery() throws InterruptedException, NamingException {
        boolean z;
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://localhost:10389");
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", "cn=tygrys,ou=Users,dc=tigase,dc=org");
        hashtable.put("java.naming.security.credentials", "12345");
        log.finest("Authenticating...");
        InitialDirContext initialDirContext = new InitialDirContext(hashtable);
        log.finest("Authenticated successfully!");
        log.finest("executing query...");
        NamingEnumeration search = initialDirContext.search("ou=Users,dc=tigase,dc=org", "(&(objectClass=posixAccount)(cn=tygrys))", (SearchControls) null);
        boolean z2 = false;
        while (true) {
            z = z2;
            if (!search.hasMore()) {
                break;
            }
            SearchResult searchResult = (SearchResult) search.next();
            Attributes attributes = searchResult.getAttributes();
            log.finest("search result = " + searchResult.toString());
            Assert.assertEquals("cn=tygrys,ou=Users,dc=tigase,dc=org", searchResult.getNameInNamespace());
            Assert.assertEquals("tygrys", attributes.get("cn").get().toString());
            Assert.assertEquals("tygrys@tigase.org", attributes.get("mail").get().toString());
            Assert.assertEquals("tygrys@tigase.org", attributes.get("xmpp").get().toString());
            z2 = true;
        }
        Assert.assertTrue(z);
        boolean z3 = false;
        NamingEnumeration search2 = initialDirContext.search("ou=Users,dc=tigase,dc=org", "(&(objectClass=posixAccount)(mail=tygrys@tigase.org))", (SearchControls) null);
        while (search2.hasMore()) {
            SearchResult searchResult2 = (SearchResult) search2.next();
            Attributes attributes2 = searchResult2.getAttributes();
            log.finest("search result = " + searchResult2.toString());
            Assert.assertEquals("cn=tygrys,ou=Users,dc=tigase,dc=org", searchResult2.getNameInNamespace());
            Assert.assertEquals("tygrys", attributes2.get("cn").get().toString());
            Assert.assertEquals("tygrys@tigase.org", attributes2.get("mail").get().toString());
            Assert.assertEquals("tygrys@tigase.org", attributes2.get("xmpp").get().toString());
            z3 = true;
        }
        Assert.assertTrue(z3);
        initialDirContext.close();
    }

    @Test
    public void testSimpleSimpleAuthWithGroups() throws InterruptedException, NamingException {
        boolean z;
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://localhost:10389");
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", "cn=tygrys,ou=Users,dc=tigase,dc=org");
        hashtable.put("java.naming.security.credentials", "12345");
        log.finest("Authenticating...");
        InitialDirContext initialDirContext = new InitialDirContext(hashtable);
        log.finest("Authenticated successfully!");
        log.finest("executing query...");
        NamingEnumeration search = initialDirContext.search("ou=Users,dc=tigase,dc=org", "(&(objectClass=posixAccount)(cn=tygrys))", (SearchControls) null);
        boolean z2 = false;
        while (true) {
            z = z2;
            if (!search.hasMore()) {
                break;
            }
            SearchResult searchResult = (SearchResult) search.next();
            Attributes attributes = searchResult.getAttributes();
            log.finest("search result = " + searchResult.toString());
            Assert.assertEquals("cn=tygrys,ou=Users,dc=tigase,dc=org", searchResult.getNameInNamespace());
            Assert.assertEquals("tygrys", attributes.get("cn").get().toString());
            Assert.assertEquals("tygrys@tigase.org", attributes.get("mail").get().toString());
            Assert.assertEquals("tygrys@tigase.org", attributes.get("xmpp").get().toString());
            assertCollectionsEqual(List.of("Users"), getGroupsFromUserAttribute(attributes, "memberOfGid"));
            assertCollectionsEqual(List.of("cn=Users,ou=Groups,dc=tigase,dc=org"), getGroupsFromUserAttribute(attributes, "memberOf"));
            z2 = true;
        }
        Assert.assertTrue(z);
        boolean z3 = false;
        NamingEnumeration search2 = initialDirContext.search("ou=Users,dc=tigase,dc=org", "(&(objectClass=posixAccount)(mail=tygrys@tigase.org))", (SearchControls) null);
        while (search2.hasMore()) {
            SearchResult searchResult2 = (SearchResult) search2.next();
            Attributes attributes2 = searchResult2.getAttributes();
            log.finest("search result = " + searchResult2.toString());
            Assert.assertEquals("cn=tygrys,ou=Users,dc=tigase,dc=org", searchResult2.getNameInNamespace());
            Assert.assertEquals("tygrys", attributes2.get("cn").get().toString());
            Assert.assertEquals("tygrys@tigase.org", attributes2.get("mail").get().toString());
            Assert.assertEquals("tygrys@tigase.org", attributes2.get("xmpp").get().toString());
            z3 = true;
        }
        Assert.assertTrue(z3);
        assertCollectionsEqual((Set) Stream.of("Users").map(str -> {
            return "cn=" + str + ",ou=Groups,dc=tigase,dc=org";
        }).collect(Collectors.toSet()), getGroupsByFilter(initialDirContext, null, "memberuid", "tygrys"));
        assertCollectionsEqual((Set) Stream.of("Users").map(str2 -> {
            return "cn=" + str2 + ",ou=Groups,dc=tigase,dc=org";
        }).collect(Collectors.toSet()), getGroupsByFilter(initialDirContext, null, "member", "uid=tygrys,ou=Users,dc=tigase,dc=org"));
        assertCollectionsEqual(Collections.emptySet(), getGroupsByFilter(initialDirContext, "(|(cn=Users)(cn=Administrators))", "memberuid", "admin"));
        initialDirContext.close();
        hashtable.put("java.naming.security.principal", "cn=admin,ou=Users,dc=tigase,dc=org");
        hashtable.put("java.naming.security.credentials", "12345admin");
        InitialDirContext initialDirContext2 = new InitialDirContext(hashtable);
        assertCollectionsEqual((Set) Stream.of((Object[]) new String[]{"Administrators", "Users"}).map(str3 -> {
            return "cn=" + str3 + ",ou=Groups,dc=tigase,dc=org";
        }).collect(Collectors.toSet()), getGroupsByFilter(initialDirContext2, "(|(cn=Users)(cn=Administrators))", "memberuid", "admin"));
        initialDirContext2.close();
    }

    private List<String> getGroupsFromUserAttribute(Attributes attributes, String str) throws NamingException {
        Attribute attribute = attributes.get(str);
        Assert.assertNotNull(attribute);
        ArrayList arrayList = new ArrayList();
        NamingEnumeration all = attribute.getAll();
        while (all.hasMore()) {
            arrayList.add(all.next().toString());
        }
        return arrayList;
    }

    private List<String> getGroupsByFilter(DirContext dirContext, String str, String str2, String str3) throws NamingException {
        String str4 = "(" + str2 + "=" + str3 + ")";
        if (str != null) {
            str4 = "(&" + str + str4 + ")";
        }
        ArrayList arrayList = new ArrayList();
        NamingEnumeration search = dirContext.search("ou=Groups,dc=tigase,dc=org", str4, (SearchControls) null);
        while (search.hasMore()) {
            arrayList.add(((SearchResult) search.next()).getNameInNamespace());
        }
        return arrayList;
    }

    @Test
    public void testSaslAuth_NoSupport() throws InterruptedException, NamingException {
        InitialDirContext initialDirContext = new InitialDirContext();
        Assert.assertEquals(0L, initialDirContext.getAttributes("ldap://localhost:10389", new String[]{"supportedSASLMechanisms"}).size());
        initialDirContext.close();
    }

    @Test
    @Ignore
    public void testLongRun() throws InterruptedException {
        Thread.sleep(Duration.ofHours(1L));
    }

    private <T> void assertCollectionsEqual(Collection<T> collection, Collection<T> collection2) {
        assertCollectionsEqual(null, collection, collection2);
    }

    private <T> void assertCollectionsEqual(String str, Collection<T> collection, Collection<T> collection2) {
        Stream<T> stream = collection2.stream();
        Objects.requireNonNull(collection);
        List<T> list = stream.filter(Predicate.not(collection::contains)).toList();
        Stream<T> stream2 = collection.stream();
        Objects.requireNonNull(collection2);
        List<T> list2 = stream2.filter(Predicate.not(collection2::contains)).toList();
        if (list2.isEmpty() && list.isEmpty()) {
            return;
        }
        Assert.fail((str == null ? "Values should be equal." : str) + " missing items: " + String.valueOf(list2) + ", unexpected items: " + String.valueOf(list));
    }
}
