package org.springframework.security.providers.ldap.authenticator;

import org.junit.Assert;
import org.junit.Test;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.security.Authentication;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.ldap.AbstractLdapIntegrationTests;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.providers.encoding.PasswordEncoder;
import org.springframework.security.providers.encoding.PlaintextPasswordEncoder;
import org.springframework.security.userdetails.UsernameNotFoundException;

/* loaded from: input_file:org/springframework/security/providers/ldap/authenticator/PasswordComparisonAuthenticatorTests.class */
public class PasswordComparisonAuthenticatorTests extends AbstractLdapIntegrationTests {
    private PasswordComparisonAuthenticator authenticator;
    private Authentication bob;
    private Authentication ben;

    @Override // org.springframework.security.ldap.AbstractLdapIntegrationTests
    public void onSetUp() throws Exception {
        super.onSetUp();
        this.authenticator = new PasswordComparisonAuthenticator(getContextSource());
        this.authenticator.setPasswordEncoder(new PlaintextPasswordEncoder());
        this.authenticator.setUserDnPatterns(new String[]{"uid={0},ou=people"});
        this.bob = new UsernamePasswordAuthenticationToken("bob", "bobspassword");
        this.ben = new UsernamePasswordAuthenticationToken("ben", "benspassword");
    }

    @Test
    public void testAllAttributesAreRetrievedByDefault() {
        Assert.assertEquals("User should have 5 attributes", 5L, this.authenticator.authenticate(this.bob).getAttributes().size());
    }

    @Test
    public void testFailedSearchGivesUserNotFoundException() throws Exception {
        this.authenticator = new PasswordComparisonAuthenticator(getContextSource());
        Assert.assertTrue("User DN matches shouldn't be available", this.authenticator.getUserDns("Bob").isEmpty());
        this.authenticator.setUserSearch(new MockUserSearch(null));
        this.authenticator.afterPropertiesSet();
        try {
            this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("Joe", "pass"));
            Assert.fail("Expected exception on failed user search");
        } catch (UsernameNotFoundException e) {
        }
    }

    @Test(expected = BadCredentialsException.class)
    public void testLdapPasswordCompareFailsWithWrongPassword() {
        this.authenticator.setUserAttributes(new String[]{"uid", "cn", "sn"});
        this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob", "wrongpass"));
    }

    @Test
    public void testMultipleDnPatternsWorkOk() {
        this.authenticator.setUserDnPatterns(new String[]{"uid={0},ou=nonexistent", "uid={0},ou=people"});
        this.authenticator.authenticate(this.bob);
    }

    @Test
    public void testOnlySpecifiedAttributesAreRetrieved() throws Exception {
        this.authenticator.setUserAttributes(new String[]{"uid", "userPassword"});
        Assert.assertEquals("Should have retrieved 2 attribute (uid, userPassword)", 2L, this.authenticator.authenticate(this.bob).getAttributes().size());
    }

    @Test
    public void testLdapCompareSucceedsWithCorrectPassword() {
        this.authenticator.setUserAttributes(new String[]{"uid"});
        this.authenticator.authenticate(this.bob);
    }

    @Test
    public void testLdapCompareSucceedsWithShaEncodedPassword() {
        this.authenticator.setUserAttributes(new String[]{"uid"});
        this.authenticator.setPasswordEncoder(new LdapShaPasswordEncoder());
        this.authenticator.authenticate(this.ben);
    }

    @Test(expected = IllegalArgumentException.class)
    public void testPasswordEncoderCantBeNull() {
        this.authenticator.setPasswordEncoder((PasswordEncoder) null);
    }

    @Test
    public void testUseOfDifferentPasswordAttributeSucceeds() {
        this.authenticator.setPasswordAttributeName("uid");
        this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob", "bob"));
    }

    @Test
    public void testLdapCompareWithDifferentPasswordAttributeSucceeds() {
        this.authenticator.setUserAttributes(new String[]{"uid"});
        this.authenticator.setPasswordAttributeName("cn");
        this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("ben", "Ben Alex"));
    }

    @Test
    public void testWithUserSearch() {
        this.authenticator = new PasswordComparisonAuthenticator(getContextSource());
        this.authenticator.setPasswordEncoder(new PlaintextPasswordEncoder());
        Assert.assertTrue("User DN matches shouldn't be available", this.authenticator.getUserDns("Bob").isEmpty());
        DirContextAdapter dirContextAdapter = new DirContextAdapter(new DistinguishedName("uid=Bob,ou=people"));
        dirContextAdapter.setAttributeValue("userPassword", "bobspassword");
        this.authenticator.setUserSearch(new MockUserSearch(dirContextAdapter));
        this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("shouldntbeused", "bobspassword"));
    }
}
