package org.apereo.cas;

import com.google.common.collect.ArrayListMultimap;
import java.io.File;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import org.apereo.cas.config.CasCoreUtilConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticationProperties;
import org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties;
import org.apereo.cas.configuration.model.support.ldap.LdapPasswordPolicyProperties;
import org.apereo.cas.configuration.model.support.ldap.LdapSearchEntryHandlersProperties;
import org.apereo.cas.util.LdapConnectionFactory;
import org.apereo.cas.util.LdapUtils;
import org.apereo.cas.util.junit.EnabledIfListeningOnPort;
import org.apereo.cas.util.spring.ApplicationContextProvider;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.ldaptive.ConnectionFactory;
import org.ldaptive.DerefAliases;
import org.ldaptive.FilterTemplate;
import org.ldaptive.LdapAttribute;
import org.ldaptive.LdapEntry;
import org.ldaptive.SearchResponse;
import org.ldaptive.auth.Authenticator;
import org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler;
import org.ldaptive.handler.CaseChangeEntryHandler;
import org.ldaptive.sasl.Mechanism;
import org.ldaptive.sasl.QualityOfProtection;
import org.ldaptive.sasl.SecurityStrength;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.support.StaticApplicationContext;

@Tag("Ldap")
@EnableConfigurationProperties({CasConfigurationProperties.class})
@SpringBootTest(classes = {RefreshAutoConfiguration.class, WebMvcAutoConfiguration.class, CasCoreUtilConfiguration.class})
@EnabledIfListeningOnPort(port = {10389})
/* loaded from: input_file:org/apereo/cas/LdapUtilsTests.class */
class LdapUtilsTests {

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    /* loaded from: input_file:org/apereo/cas/LdapUtilsTests$Ldap.class */
    private static final class Ldap extends AbstractLdapAuthenticationProperties {
        private static final long serialVersionUID = 7979417317490698363L;

        private Ldap() {
        }
    }

    LdapUtilsTests() {
    }

    @Test
    void verifyGetBoolean() throws Throwable {
        LdapEntry ldapEntry = new LdapEntry();
        ldapEntry.addAttributes(new LdapAttribute[]{new LdapAttribute("attr1", new String[]{"true"})});
        ldapEntry.addAttributes(new LdapAttribute[]{new LdapAttribute("attr2", new String[]{""})});
        Assertions.assertTrue(LdapUtils.getBoolean(ldapEntry, "attr1", Boolean.TRUE).booleanValue());
        Assertions.assertTrue(LdapUtils.getBoolean(ldapEntry, "attr2", Boolean.TRUE).booleanValue());
    }

    @Test
    void verifyGetLong() throws Throwable {
        LdapEntry ldapEntry = new LdapEntry();
        ldapEntry.addAttributes(new LdapAttribute[]{new LdapAttribute("attr1", new String[]{"100"})});
        Assertions.assertEquals(100L, LdapUtils.getLong(ldapEntry, "attr1", 0L));
    }

    /* JADX WARN: Type inference failed for: r3v1, types: [byte[], byte[][]] */
    @Test
    void verifyGetBinary() throws Throwable {
        LdapEntry ldapEntry = new LdapEntry();
        LdapAttribute ldapAttribute = new LdapAttribute("attr1", (byte[][]) new byte[]{"100".getBytes(StandardCharsets.UTF_8)});
        ldapAttribute.setBinary(true);
        ldapEntry.addAttributes(new LdapAttribute[]{ldapAttribute});
        Assertions.assertEquals("100", LdapUtils.getString(ldapEntry, "attr1"));
    }

    @Test
    void verifyEntry() throws Throwable {
        Assertions.assertFalse(LdapUtils.isLdapConnectionUrl(new URI("https://github.com").toURL()));
        Assertions.assertFalse(LdapUtils.containsResultEntry((SearchResponse) null));
    }

    @Test
    void verifyFailsOp() throws Throwable {
        ConnectionFactory connectionFactory = (ConnectionFactory) Mockito.mock(ConnectionFactory.class);
        LdapConnectionFactory ldapConnectionFactory = new LdapConnectionFactory(connectionFactory);
        Mockito.when(connectionFactory.getConnectionConfig()).thenThrow(new Throwable[]{new IllegalArgumentException("fails")});
        Mockito.when(connectionFactory.getConnection()).thenThrow(new Throwable[]{new IllegalArgumentException("fails")});
        Assertions.assertFalse(ldapConnectionFactory.executePasswordModifyOperation((String) null, (char[]) null, (char[]) null, AbstractLdapProperties.LdapType.GENERIC));
        Assertions.assertFalse(ldapConnectionFactory.executeModifyOperation((String) null, Map.of()));
        Assertions.assertFalse(ldapConnectionFactory.executeAddOperation(new LdapEntry()));
        Assertions.assertFalse(ldapConnectionFactory.executeDeleteOperation(new LdapEntry()));
        ldapConnectionFactory.close();
    }

    @Test
    void verifyScriptedFilter() throws Throwable {
        StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
        staticApplicationContext.refresh();
        ApplicationContextProvider.holdApplicationContext(staticApplicationContext);
        Assertions.assertThrows(RuntimeException.class, () -> {
            LdapUtils.newLdaptiveSearchFilter("classpath:LdapFilterQuery.groovy", List.of("p1", "p2"), List.of("v1", "v2"));
        });
        ApplicationContextProvider.holdApplicationContext(this.applicationContext);
        FilterTemplate newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter("classpath:LdapFilterQuery.groovy", List.of("p1", "p2"), List.of("v1", "v2"));
        Assertions.assertNotNull(newLdaptiveSearchFilter);
        Assertions.assertNotNull(newLdaptiveSearchFilter.getFilter());
    }

    @Test
    void verifyFilterByIndex() throws Throwable {
        FilterTemplate newLdaptiveSearchFilter = LdapUtils.newLdaptiveSearchFilter("cn={0}", List.of("casuser"));
        Assertions.assertTrue(newLdaptiveSearchFilter.getParameters().containsKey("0"));
        Assertions.assertTrue(newLdaptiveSearchFilter.getParameters().containsValue("casuser"));
    }

    @Test
    void verifyLdapAuthnAnon() throws Throwable {
        Ldap ldap = new Ldap();
        ldap.setLdapUrl("ldap://localhost:10389");
        ldap.setBindDn("cn=Directory Manager");
        ldap.setBindCredential("password");
        ldap.setPrincipalAttributePassword("password");
        ldap.setDerefAliases(DerefAliases.FINDING.name());
        ldap.setFailFast(false);
        ldap.setType(AbstractLdapAuthenticationProperties.AuthenticationTypes.ANONYMOUS);
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            LdapUtils.newLdaptiveAuthenticator(ldap);
        });
        ldap.setBaseDn("ou=people,dc=example,dc=org");
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            LdapUtils.newLdaptiveAuthenticator(ldap);
        });
        ldap.setSearchFilter("cn=invalid-user");
        Assertions.assertNotNull(LdapUtils.newLdaptiveAuthenticator(ldap));
        Assertions.assertNotNull(LdapUtils.newLdaptiveConnectionConfig(ldap));
    }

    @Test
    void verifyLdapAuthnDirect() throws Throwable {
        Ldap ldap = new Ldap();
        ldap.setLdapUrl("ldap://localhost:10389");
        ldap.setBindDn("cn=Directory Manager");
        ldap.setBindCredential("password");
        ldap.setBaseDn("ou=people,dc=example,dc=org|ou=users,dc=example,dc=org");
        ldap.setSearchFilter("cn=invalid-user");
        ldap.setDerefAliases(DerefAliases.FINDING.name());
        ldap.setFailFast(false);
        ldap.setType(AbstractLdapAuthenticationProperties.AuthenticationTypes.DIRECT);
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            LdapUtils.newLdaptiveAuthenticator(ldap);
        });
        ldap.setDnFormat("cn=%s,dc=example,dc=org");
        Assertions.assertNotNull(LdapUtils.newLdaptiveAuthenticator(ldap));
    }

    @Test
    void verifyActiveDirectoryPasswordPolicy() throws Throwable {
        Ldap ldap = new Ldap();
        ldap.setLdapUrl("ldap://localhost:10389");
        ldap.setBindDn("cn=Directory Manager");
        ldap.setBindCredential("password");
        ldap.setBaseDn("ou=people,dc=example,dc=org");
        ldap.setSearchFilter("cn=user");
        ldap.setType(AbstractLdapAuthenticationProperties.AuthenticationTypes.AD);
        ldap.setDnFormat("cn=%s,dc=example,dc=org");
        Authenticator newLdaptiveAuthenticator = LdapUtils.newLdaptiveAuthenticator(ldap);
        Assertions.assertNotNull(newLdaptiveAuthenticator);
        Assertions.assertNotNull(LdapUtils.createLdapPasswordPolicyConfiguration(new LdapPasswordPolicyProperties().setType(AbstractLdapProperties.LdapType.AD), newLdaptiveAuthenticator, ArrayListMultimap.create()));
        Optional findFirst = Arrays.stream(newLdaptiveAuthenticator.getResponseHandlers()).findFirst();
        Class<ActiveDirectoryAuthenticationResponseHandler> cls = ActiveDirectoryAuthenticationResponseHandler.class;
        Objects.requireNonNull(ActiveDirectoryAuthenticationResponseHandler.class);
        ActiveDirectoryAuthenticationResponseHandler activeDirectoryAuthenticationResponseHandler = (ActiveDirectoryAuthenticationResponseHandler) findFirst.map((v1) -> {
            return r1.cast(v1);
        }).orElseThrow();
        Assertions.assertNotNull(activeDirectoryAuthenticationResponseHandler.getExpirationPeriod());
        Assertions.assertNotNull(activeDirectoryAuthenticationResponseHandler.getWarningPeriod());
    }

    @Test
    void verifyActiveDirectoryPasswordPolicyWithoutExpiration() throws Throwable {
        Ldap ldap = new Ldap();
        ldap.setLdapUrl("ldap://localhost:10389");
        ldap.setBindDn("cn=Directory Manager");
        ldap.setBindCredential("password");
        ldap.setBaseDn("ou=people,dc=example,dc=org");
        ldap.setSearchFilter("cn=user");
        ldap.setType(AbstractLdapAuthenticationProperties.AuthenticationTypes.AD);
        ldap.setDnFormat("cn=%s,dc=example,dc=org");
        Authenticator newLdaptiveAuthenticator = LdapUtils.newLdaptiveAuthenticator(ldap);
        Assertions.assertNotNull(newLdaptiveAuthenticator);
        Assertions.assertNotNull(LdapUtils.createLdapPasswordPolicyConfiguration(new LdapPasswordPolicyProperties().setType(AbstractLdapProperties.LdapType.AD).setPasswordExpirationNumberOfDays(-1), newLdaptiveAuthenticator, ArrayListMultimap.create()));
        Optional findFirst = Arrays.stream(newLdaptiveAuthenticator.getResponseHandlers()).findFirst();
        Class<ActiveDirectoryAuthenticationResponseHandler> cls = ActiveDirectoryAuthenticationResponseHandler.class;
        Objects.requireNonNull(ActiveDirectoryAuthenticationResponseHandler.class);
        ActiveDirectoryAuthenticationResponseHandler activeDirectoryAuthenticationResponseHandler = (ActiveDirectoryAuthenticationResponseHandler) findFirst.map((v1) -> {
            return r1.cast(v1);
        }).orElseThrow();
        Assertions.assertNull(activeDirectoryAuthenticationResponseHandler.getExpirationPeriod());
        Assertions.assertNotNull(activeDirectoryAuthenticationResponseHandler.getWarningPeriod());
    }

    @Test
    void verifyLdapAuthnActiveDirectory() throws Throwable {
        Ldap ldap = new Ldap();
        ldap.setLdapUrl("ldap://localhost:10389");
        ldap.setBindDn("cn=Directory Manager");
        ldap.setBindCredential("password");
        ldap.setBaseDn("ou=people,dc=example,dc=org");
        ldap.setSearchFilter("cn=invalid-user");
        ldap.setDerefAliases(DerefAliases.FINDING.name());
        ldap.setPrincipalAttributePassword("password");
        ldap.setFailFast(false);
        ldap.setType(AbstractLdapAuthenticationProperties.AuthenticationTypes.AD);
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            LdapUtils.newLdaptiveAuthenticator(ldap);
        });
        ldap.setDnFormat("cn=%s,dc=example,dc=org");
        Assertions.assertNotNull(LdapUtils.newLdaptiveAuthenticator(ldap));
    }

    @Test
    void verifyPagedSearch() throws Throwable {
        Ldap ldap = new Ldap();
        ldap.setBaseDn("ou=people,dc=example,dc=org");
        ldap.setLdapUrl("ldap://localhost:10389");
        ldap.setBindDn("cn=Directory Manager");
        ldap.setBindCredential("password");
        ldap.setSearchFilter("cn=invalid-user");
        LdapConnectionFactory ldapConnectionFactory = new LdapConnectionFactory(LdapUtils.newLdaptiveConnectionFactory(ldap));
        SearchResponse executeSearchOperation = ldapConnectionFactory.executeSearchOperation(ldap.getBaseDn(), LdapUtils.newLdaptiveSearchFilter(ldap.getSearchFilter()), 10, new String[]{"cn"});
        Assertions.assertNotNull(executeSearchOperation);
        Assertions.assertFalse(LdapUtils.containsResultEntry(executeSearchOperation));
        ldapConnectionFactory.close();
        ldap.setDisablePooling(true);
        LdapConnectionFactory ldapConnectionFactory2 = new LdapConnectionFactory(LdapUtils.newLdaptiveConnectionFactory(ldap));
        SearchResponse executeSearchOperation2 = ldapConnectionFactory2.executeSearchOperation(ldap.getBaseDn(), LdapUtils.newLdaptiveSearchFilter(ldap.getSearchFilter()), 10, new String[]{"cn"});
        Assertions.assertNotNull(executeSearchOperation2);
        Assertions.assertFalse(LdapUtils.containsResultEntry(executeSearchOperation2));
        ldapConnectionFactory2.close();
    }

    @Test
    void verifyComparePooling() throws Throwable {
        Ldap ldap = new Ldap();
        ldap.setBaseDn("ou=people,dc=example,dc=org|ou=users,dc=example,dc=org");
        ldap.setLdapUrl("ldap://localhost:10389");
        ldap.setBindDn("cn=Directory Manager");
        ldap.setBindCredential("password");
        ldap.setSearchFilter("cn=invalid-user");
        ldap.getValidator().setType("compare");
        LdapConnectionFactory ldapConnectionFactory = new LdapConnectionFactory(LdapUtils.newLdaptivePooledConnectionFactory(ldap));
        SearchResponse executeSearchOperation = ldapConnectionFactory.executeSearchOperation(ldap.getBaseDn(), LdapUtils.newLdaptiveSearchFilter(ldap.getSearchFilter()), 10, new String[]{"cn"});
        Assertions.assertNotNull(executeSearchOperation);
        Assertions.assertFalse(LdapUtils.containsResultEntry(executeSearchOperation));
        Assertions.assertNotNull(LdapUtils.newLdaptiveConnectionConfig(ldap));
        Arrays.stream(LdapSearchEntryHandlersProperties.SearchEntryHandlerTypes.values()).forEach(searchEntryHandlerTypes -> {
            LdapSearchEntryHandlersProperties ldapSearchEntryHandlersProperties = new LdapSearchEntryHandlersProperties();
            ldapSearchEntryHandlersProperties.setType(searchEntryHandlerTypes);
            ldapSearchEntryHandlersProperties.getCaseChange().setAttributeNameCaseChange(CaseChangeEntryHandler.CaseChange.UPPER.name());
            ldapSearchEntryHandlersProperties.getCaseChange().setDnCaseChange(CaseChangeEntryHandler.CaseChange.UPPER.name());
            ldapSearchEntryHandlersProperties.getCaseChange().setAttributeValueCaseChange(CaseChangeEntryHandler.CaseChange.UPPER.name());
            ldap.getSearchEntryHandlers().add(ldapSearchEntryHandlersProperties);
            Assertions.assertNotNull(LdapUtils.newLdaptiveSearchEntryResolver(ldap, ldapConnectionFactory.getConnectionFactory()));
        });
        ldapConnectionFactory.close();
    }

    @Test
    void verifyConnectionConfig() throws Throwable {
        Ldap ldap = new Ldap();
        ldap.setBaseDn("ou=people,dc=example,dc=org|ou=users,dc=example,dc=org");
        ldap.setLdapUrl("ldap://localhost:10389");
        ldap.setBindDn("cn=Directory Manager");
        ldap.setBindCredential("password");
        ldap.setSearchFilter("cn=invalid-user");
        Arrays.stream(AbstractLdapProperties.LdapConnectionStrategy.values()).forEach(ldapConnectionStrategy -> {
            ldap.setConnectionStrategy(ldapConnectionStrategy.toString());
            Assertions.assertNotNull(LdapUtils.newLdaptiveConnectionConfig(ldap));
        });
        ldap.setDerefAliases(DerefAliases.SEARCHING.name());
        ldap.setKeystoreType(KeyStore.getDefaultType());
        ldap.setKeystorePassword("changeit");
        ldap.setKeystore(new File(System.getenv("JAVA_HOME"), "jre/lib/security/cacerts").getCanonicalPath());
        Assertions.assertNotNull(LdapUtils.newLdaptiveConnectionConfig(ldap));
        Arrays.stream(Mechanism.values()).forEach(mechanism -> {
            ldap.setSaslMechanism(mechanism.name());
            ldap.setSaslRealm("cas");
            ldap.setSaslMutualAuth(Boolean.FALSE);
            ldap.setSaslAuthorizationId("123456");
            ldap.setSaslQualityOfProtection(QualityOfProtection.AUTH.name());
            ldap.setSaslSecurityStrength(SecurityStrength.MEDIUM.name());
            Assertions.assertNotNull(LdapUtils.newLdaptiveConnectionConfig(ldap));
        });
    }
}
