package org.springframework.security.config.ldap;

import org.junit.After;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.context.ApplicationContextException;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.ldap.authentication.BindAuthenticator;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator;
import org.springframework.security.ldap.userdetails.InetOrgPersonContextMapper;
import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl;
import org.springframework.security.util.FieldUtils;

/* loaded from: input_file:org/springframework/security/config/ldap/LdapProviderBeanDefinitionParserTests.class */
public class LdapProviderBeanDefinitionParserTests {
    InMemoryXmlApplicationContext appCtx;

    @After
    public void closeAppContext() {
        if (this.appCtx != null) {
            this.appCtx.close();
            this.appCtx = null;
        }
    }

    @Test
    public void beanClassNamesAreCorrect() throws Exception {
        Assert.assertEquals("org.springframework.security.ldap.authentication.LdapAuthenticationProvider", LdapAuthenticationProvider.class.getName());
        Assert.assertEquals("org.springframework.security.ldap.authentication.BindAuthenticator", BindAuthenticator.class.getName());
        Assert.assertEquals("org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator", PasswordComparisonAuthenticator.class.getName());
    }

    @Test
    public void multipleProvidersAreSupported() throws Exception {
        setContext("<ldap-server url='ldap://blah:389/dc=blah'/><authentication-manager>   <ldap-authentication-provider group-search-filter='member={0}' />   <ldap-authentication-provider group-search-filter='uniqueMember={0}' /></authentication-manager>");
        ProviderManager providerManager = (ProviderManager) this.appCtx.getBean("org.springframework.security.authenticationManager");
        Assert.assertEquals(2L, providerManager.getProviders().size());
        Assert.assertEquals("member={0}", FieldUtils.getFieldValue(providerManager.getProviders().get(0), "authoritiesPopulator.groupSearchFilter"));
        Assert.assertEquals("uniqueMember={0}", FieldUtils.getFieldValue(providerManager.getProviders().get(1), "authoritiesPopulator.groupSearchFilter"));
    }

    @Test
    public void simpleProviderAuthenticatesCorrectly() {
        setContext("<ldap-server /><authentication-manager>   <ldap-authentication-provider group-search-filter='member={0}' /></authentication-manager>");
        Assert.assertEquals(3L, ((LdapUserDetailsImpl) getProvider().authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword")).getPrincipal()).getAuthorities().size());
    }

    @Test(expected = ApplicationContextException.class)
    public void missingServerEltCausesConfigException() {
        setContext("<authentication-manager>   <ldap-authentication-provider /></authentication-manager>");
    }

    @Test
    public void supportsPasswordComparisonAuthentication() {
        setContext("<ldap-server /> <authentication-manager><ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>    <password-compare /></ldap-authentication-provider></authentication-manager>");
        getProvider().authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword"));
    }

    @Test
    public void supportsPasswordComparisonAuthenticationWithHashAttribute() {
        setContext("<ldap-server /> <authentication-manager><ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>    <password-compare password-attribute='uid' hash='plaintext'/></ldap-authentication-provider></authentication-manager>");
        getProvider().authenticate(new UsernamePasswordAuthenticationToken("ben", "ben"));
    }

    @Test
    public void supportsPasswordComparisonAuthenticationWithPasswordEncoder() {
        setContext("<ldap-server /> <authentication-manager><ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>    <password-compare password-attribute='uid'>        <password-encoder hash='plaintext'/>    </password-compare></ldap-authentication-provider></authentication-manager>");
        getProvider().authenticate(new UsernamePasswordAuthenticationToken("ben", "ben"));
    }

    @Test
    public void detectsNonStandardServerId() {
        setContext("<ldap-server id='myServer'/> <authentication-manager>  <ldap-authentication-provider /></authentication-manager>");
    }

    @Test
    public void inetOrgContextMapperIsSupported() throws Exception {
        setContext("<ldap-server id='someServer' url='ldap://127.0.0.1:343/dc=springframework,dc=org'/><authentication-manager>    <ldap-authentication-provider user-details-class='inetOrgPerson'/></authentication-manager>");
        Assert.assertTrue(FieldUtils.getFieldValue(getProvider(), "userDetailsContextMapper") instanceof InetOrgPersonContextMapper);
    }

    private void setContext(String str) {
        this.appCtx = new InMemoryXmlApplicationContext(str);
    }

    private LdapAuthenticationProvider getProvider() {
        ProviderManager providerManager = (ProviderManager) this.appCtx.getBean("org.springframework.security.authenticationManager");
        Assert.assertEquals(1L, providerManager.getProviders().size());
        return (LdapAuthenticationProvider) providerManager.getProviders().get(0);
    }
}
