package com.ibm.ws.security.wim.adapter.ldap.fat;

import com.ibm.websphere.simplicity.config.ServerConfiguration;
import com.ibm.websphere.simplicity.config.wim.AttributesCache;
import com.ibm.websphere.simplicity.config.wim.LdapCache;
import com.ibm.websphere.simplicity.config.wim.LdapRegistry;
import com.ibm.websphere.simplicity.config.wim.SearchResultsCache;
import com.ibm.websphere.simplicity.log.Log;
import com.ibm.ws.apacheds.EmbeddedApacheDS;
import com.ibm.ws.security.registry.RegistryException;
import com.ibm.ws.security.registry.test.UserRegistryServletConnection;
import componenttest.custom.junit.runner.FATRunner;
import componenttest.custom.junit.runner.Mode;
import componenttest.topology.impl.LibertyServer;
import componenttest.topology.impl.LibertyServerFactory;
import componenttest.topology.utils.LDAPFatUtils;
import componenttest.topology.utils.LDAPUtils;
import java.util.List;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(FATRunner.class)
@Mode(Mode.TestMode.LITE)
/* loaded from: input_file:com/ibm/ws/security/wim/adapter/ldap/fat/LDAPReferralTest.class */
public class LDAPReferralTest {
    private static UserRegistryServletConnection servlet;
    private static final String DELEGATE_DN = "o=ibm,c=us";
    private static final String SUBORDINATE_DN = "ou=subtree,o=ibm,c=us";
    private static final String SUBORDINATE_USER_PRINCIPAL = "user2";
    private static final String SUBORDINATE_USER_DN = "uid=user2,ou=subtree,o=ibm,c=us";
    private static final String SUBORDINATE_GROUP_DN = "cn=group2,ou=subtree,o=ibm,c=us";
    private static LibertyServer libertyServer = LibertyServerFactory.getLibertyServer("com.ibm.ws.security.wim.adapter.ldap.fat.referral");
    private static final Class<?> c = LDAPReferralTest.class;
    private static ServerConfiguration emptyConfiguration = null;
    private static EmbeddedApacheDS delegateServer = null;
    private static EmbeddedApacheDS subordinateServer = null;

    @BeforeClass
    public static void setupClass() throws Exception {
        setupLibertyServer();
        setupSubordinateServer();
        setupDelegateServer();
    }

    @AfterClass
    public static void teardownClass() throws Exception {
        if (libertyServer != null) {
            try {
                libertyServer.stopServer(new String[0]);
            } catch (Exception e) {
                Log.error(c, "teardown", e, "Liberty server threw error while stopping. " + e.getMessage());
            }
        }
        if (delegateServer != null) {
            try {
                delegateServer.stopService();
            } catch (Exception e2) {
                Log.error(c, "teardown", e2, "Delegate LDAP server threw error while stopping. " + e2.getMessage());
            }
        }
        if (subordinateServer != null) {
            try {
                subordinateServer.stopService();
            } catch (Exception e3) {
                Log.error(c, "teardown", e3, "Subordinate LDAP server threw error while stopping. " + e3.getMessage());
            }
        }
        libertyServer.deleteFileFromLibertyInstallRoot("lib/features/internalfeatures/securitylibertyinternals-1.0.mf");
    }

    private static void setupLibertyServer() throws Exception {
        LDAPUtils.addLDAPVariables(libertyServer);
        Log.info(c, "setUp", "Starting the server... (will wait for userRegistry servlet to start)");
        libertyServer.copyFileToLibertyInstallRoot("lib/features", "internalfeatures/securitylibertyinternals-1.0.mf");
        libertyServer.addInstalledAppForValidation("userRegistry");
        libertyServer.startServer(c.getName() + ".log");
        Assert.assertNotNull("Application userRegistry does not appear to have started.", libertyServer.waitForStringInLog("CWWKZ0001I:.*userRegistry"));
        Assert.assertNotNull("Security service did not report it was ready", libertyServer.waitForStringInLog("CWWKS0008I"));
        Assert.assertNotNull("Server did not came up", libertyServer.waitForStringInLog("CWWKF0011I"));
        Log.info(c, "setUp", "Creating servlet connection the server");
        servlet = new UserRegistryServletConnection(libertyServer.getHostname(), libertyServer.getHttpDefaultPort());
        servlet.getRealm();
        Thread.sleep(5000L);
        servlet.getRealm();
        emptyConfiguration = libertyServer.getServerConfiguration();
    }

    private static void setupSubordinateServer() throws Exception {
        subordinateServer = new EmbeddedApacheDS("subordinate");
        subordinateServer.addPartition("testing", SUBORDINATE_DN);
        subordinateServer.startServer();
        Entry newEntry = subordinateServer.newEntry(SUBORDINATE_DN);
        newEntry.add("objectclass", new String[]{"organizationalunit"});
        newEntry.add("ou", new String[]{"subtree"});
        subordinateServer.add(newEntry);
        Entry newEntry2 = subordinateServer.newEntry(SUBORDINATE_USER_DN);
        newEntry2.add("objectclass", new String[]{"inetorgperson"});
        newEntry2.add("uid", new String[]{SUBORDINATE_USER_PRINCIPAL});
        newEntry2.add("sn", new String[]{SUBORDINATE_USER_PRINCIPAL});
        newEntry2.add("cn", new String[]{SUBORDINATE_USER_PRINCIPAL});
        newEntry2.add("userPassword", new String[]{"password"});
        subordinateServer.add(newEntry2);
        Entry newEntry3 = subordinateServer.newEntry(SUBORDINATE_GROUP_DN);
        newEntry3.add("objectclass", new String[]{"groupofnames"});
        newEntry3.add("cn", new String[]{"group2"});
        newEntry3.add("member", new String[]{SUBORDINATE_USER_DN});
        subordinateServer.add(newEntry3);
    }

    private static void setupDelegateServer() throws Exception {
        delegateServer = new EmbeddedApacheDS("delegate");
        delegateServer.addPartition("testing", DELEGATE_DN);
        delegateServer.startServer();
        Entry newEntry = delegateServer.newEntry(DELEGATE_DN);
        newEntry.add("objectclass", new String[]{"organization"});
        newEntry.add("o", new String[]{"ibm"});
        delegateServer.add(newEntry);
        Entry newEntry2 = subordinateServer.newEntry(SUBORDINATE_DN);
        newEntry2.add("objectclass", new String[]{"referral", "extensibleobject"});
        newEntry2.add("ou", new String[]{"subtree"});
        newEntry2.add("ref", new String[]{"ldap://localhost:" + subordinateServer.getLdapServer().getPort() + "/" + SUBORDINATE_DN});
        delegateServer.add(newEntry2);
    }

    private static void updateLibertyServer(String str, String str2) throws Exception {
        ServerConfiguration clone = emptyConfiguration.clone();
        LdapRegistry ldapRegistry = new LdapRegistry();
        ldapRegistry.setRealm("LDAPRealm");
        ldapRegistry.setHost("localhost");
        ldapRegistry.setPort(String.valueOf(delegateServer.getLdapServer().getPort()));
        ldapRegistry.setBaseDN(SUBORDINATE_DN);
        ldapRegistry.setBindDN(EmbeddedApacheDS.getBindDN());
        ldapRegistry.setBindPassword(EmbeddedApacheDS.getBindPassword());
        ldapRegistry.setLdapType("Custom");
        ldapRegistry.setLdapCache(new LdapCache(new AttributesCache(false, 0, 0, "0s", (String) null), new SearchResultsCache(false, 0, 0, "0s")));
        ldapRegistry.setReferral(str);
        ldapRegistry.setReferal(str2);
        clone.getLdapRegistries().add(ldapRegistry);
        LDAPFatUtils.updateConfigDynamically(libertyServer, clone);
    }

    private static void assertFollowResults() throws Exception {
        Assert.assertNull("Should not be able to bind with user from referral.", servlet.checkPassword(SUBORDINATE_USER_DN, "password"));
        Assert.assertEquals("group2", servlet.getGroupDisplayName(SUBORDINATE_GROUP_DN));
        List list = servlet.getGroups("*group*", 0).getList();
        Assert.assertTrue("Missing group 'cn=group2,ou=subtree,o=ibm,c=us'. Results: " + list, list.contains(SUBORDINATE_GROUP_DN));
        Assert.assertEquals(SUBORDINATE_GROUP_DN, servlet.getGroupSecurityName("group2"));
        Assert.assertEquals(SUBORDINATE_GROUP_DN, servlet.getUniqueGroupId(SUBORDINATE_GROUP_DN));
        List uniqueGroupIdsForUser = servlet.getUniqueGroupIdsForUser(SUBORDINATE_USER_PRINCIPAL);
        Assert.assertTrue("Missing group 'group2'. Results: " + uniqueGroupIdsForUser, uniqueGroupIdsForUser.contains(SUBORDINATE_GROUP_DN));
        Assert.assertEquals(SUBORDINATE_USER_DN, servlet.getUniqueUserId(SUBORDINATE_USER_DN));
        Assert.assertEquals(SUBORDINATE_USER_PRINCIPAL, servlet.getUserDisplayName(SUBORDINATE_USER_DN));
        List list2 = servlet.getUsers("*user*", 0).getList();
        Assert.assertTrue("Missing user 'uid=user2,ou=subtree,o=ibm,c=us'. Results: " + list2, list2.contains(SUBORDINATE_USER_DN));
        Assert.assertEquals(SUBORDINATE_USER_DN, servlet.getUserSecurityName(SUBORDINATE_USER_PRINCIPAL));
        List list3 = servlet.getUsersForGroup(SUBORDINATE_GROUP_DN, 0).getList();
        Assert.assertTrue("Missing user 'uid=user2,ou=subtree,o=ibm,c=us'. Results: " + list3, list3.contains(SUBORDINATE_USER_DN));
        Assert.assertTrue("Expected 'group2' to be valid group.", servlet.isValidGroup("group2"));
        Assert.assertTrue("Expected 'uid=user2,ou=subtree,o=ibm,c=us' to be valid user.", servlet.isValidUser(SUBORDINATE_USER_DN));
    }

    private static void assertIgnoreResults() throws Exception {
        try {
            servlet.getGroupDisplayName(SUBORDINATE_DN);
            Assert.fail("Excected RegistryException.");
        } catch (RegistryException e) {
            Log.info(c, "assertIgnoreResults", "Exception is " + e.getMessage());
            Assert.assertNotNull("Exception should have an error message", e.getMessage());
        }
    }

    @Test
    public void testReferralDefault() throws Exception {
        updateLibertyServer(null, null);
        assertIgnoreResults();
    }

    @Test
    public void testReferralFollow() throws Exception {
        updateLibertyServer("follow", null);
        assertFollowResults();
    }

    @Test
    public void testReferralIgnore() throws Exception {
        updateLibertyServer("ignore", null);
        assertIgnoreResults();
    }

    @Test
    public void testReferalFollow() throws Exception {
        updateLibertyServer(null, "follow");
        assertFollowResults();
    }

    @Test
    public void testReferalIgnore() throws Exception {
        updateLibertyServer(null, "ignore");
        assertIgnoreResults();
    }

    @Test
    public void testReferralReferal() throws Exception {
        updateLibertyServer("follow", "ignore");
        assertIgnoreResults();
    }

    @Test
    public void testReferralInvalid() throws Exception {
        updateLibertyServer("invalid", null);
        List findStringsInLogsAndTraceUsingMark = libertyServer.findStringsInLogsAndTraceUsingMark("CWWKG0032W: Unexpected value specified for property \\[referral]");
        Assert.assertTrue("Did not find 'CWWKG0032W: Unexpected value specified for property \\[referral]' in trace: " + findStringsInLogsAndTraceUsingMark, !findStringsInLogsAndTraceUsingMark.isEmpty());
        assertIgnoreResults();
    }

    @Test
    public void testReferalInvalid() throws Exception {
        updateLibertyServer(null, "invalid");
        List findStringsInLogsAndTraceUsingMark = libertyServer.findStringsInLogsAndTraceUsingMark("CWWKG0032W: Unexpected value specified for property \\[referal]");
        Assert.assertTrue("Did not find 'CWWKG0032W: Unexpected value specified for property \\[referal]' in trace: " + findStringsInLogsAndTraceUsingMark, !findStringsInLogsAndTraceUsingMark.isEmpty());
        assertIgnoreResults();
    }
}
