package org.alfresco.repo.security.authentication.identityservice;

import java.net.ConnectException;
import java.util.Optional;
import org.alfresco.error.ExceptionStackUtil;
import org.alfresco.repo.security.authentication.AuthenticationContext;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.identityservice.IdentityServiceFacade;
import org.alfresco.repo.security.sync.UserRegistrySynchronizer;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.BaseSpringTest;
import org.alfresco.util.test.junitrules.AlfrescoTenant;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:org/alfresco/repo/security/authentication/identityservice/IdentityServiceAuthenticationComponentTest.class */
public class IdentityServiceAuthenticationComponentTest extends BaseSpringTest {
    private final IdentityServiceAuthenticationComponent authComponent = new IdentityServiceAuthenticationComponent();

    @Autowired
    private AuthenticationContext authenticationContext;

    @Autowired
    private TransactionService transactionService;

    @Autowired
    private UserRegistrySynchronizer userRegistrySynchronizer;

    @Autowired
    private NodeService nodeService;

    @Autowired
    private PersonService personService;
    private IdentityServiceJITProvisioningHandler jitProvisioning;
    private IdentityServiceFacade mockIdentityServiceFacade;

    @Before
    public void setUp() {
        this.authComponent.setAuthenticationContext(this.authenticationContext);
        this.authComponent.setTransactionService(this.transactionService);
        this.authComponent.setUserRegistrySynchronizer(this.userRegistrySynchronizer);
        this.authComponent.setNodeService(this.nodeService);
        this.authComponent.setPersonService(this.personService);
        this.jitProvisioning = (IdentityServiceJITProvisioningHandler) Mockito.mock(IdentityServiceJITProvisioningHandler.class);
        this.mockIdentityServiceFacade = (IdentityServiceFacade) Mockito.mock(IdentityServiceFacade.class);
        this.authComponent.setJitProvisioningHandler(this.jitProvisioning);
        this.authComponent.setIdentityServiceFacade(this.mockIdentityServiceFacade);
    }

    @After
    public void tearDown() {
        this.authenticationContext.clearCurrentSecurityContext();
    }

    @Test(expected = AuthenticationException.class)
    public void testAuthenticationFail() {
        ((IdentityServiceFacade) Mockito.doThrow(new Throwable[]{new IdentityServiceFacade.AuthorizationException("Failed")}).when(this.mockIdentityServiceFacade)).authorize(IdentityServiceFacade.AuthorizationGrant.password("username", AlfrescoTenant.ADMIN_PASSWORD));
        this.authComponent.authenticateImpl("username", AlfrescoTenant.ADMIN_PASSWORD.toCharArray());
    }

    @Test(expected = AuthenticationException.class)
    public void testAuthenticationFail_connectionException() {
        ((IdentityServiceFacade) Mockito.doThrow(new Throwable[]{new IdentityServiceFacade.AuthorizationException("Couldn't connect to server", new ConnectException("ConnectionRefused"))}).when(this.mockIdentityServiceFacade)).authorize(IdentityServiceFacade.AuthorizationGrant.password("username", AlfrescoTenant.ADMIN_PASSWORD));
        try {
            this.authComponent.authenticateImpl("username", AlfrescoTenant.ADMIN_PASSWORD.toCharArray());
        } catch (RuntimeException e) {
            assertNotNull(ExceptionStackUtil.getCause(e, new Class[]{ConnectException.class}));
            throw e;
        }
    }

    @Test(expected = AuthenticationException.class)
    public void testAuthenticationFail_otherException() {
        ((IdentityServiceFacade) Mockito.doThrow(new Throwable[]{new RuntimeException("Some other errors!")}).when(this.mockIdentityServiceFacade)).authorize(IdentityServiceFacade.AuthorizationGrant.password("username", AlfrescoTenant.ADMIN_PASSWORD));
        this.authComponent.authenticateImpl("username", AlfrescoTenant.ADMIN_PASSWORD.toCharArray());
    }

    @Test
    public void testAuthenticationPass() {
        IdentityServiceFacade.AuthorizationGrant password = IdentityServiceFacade.AuthorizationGrant.password("username", AlfrescoTenant.ADMIN_PASSWORD);
        IdentityServiceFacade.AccessTokenAuthorization accessTokenAuthorization = (IdentityServiceFacade.AccessTokenAuthorization) Mockito.mock(IdentityServiceFacade.AccessTokenAuthorization.class);
        IdentityServiceFacade.AccessToken accessToken = (IdentityServiceFacade.AccessToken) Mockito.mock(IdentityServiceFacade.AccessToken.class);
        Mockito.when(accessTokenAuthorization.getAccessToken()).thenReturn(accessToken);
        Mockito.when(accessToken.getTokenValue()).thenReturn("JWT_TOKEN");
        Mockito.when(this.mockIdentityServiceFacade.authorize(password)).thenReturn(accessTokenAuthorization);
        Mockito.when(this.jitProvisioning.extractUserInfoAndCreateUserIfNeeded("JWT_TOKEN")).thenReturn(Optional.of(new OIDCUserInfo("username", "", "", "")));
        this.authComponent.authenticateImpl("username", AlfrescoTenant.ADMIN_PASSWORD.toCharArray());
        assertEquals("User has not been set as expected.", "username", this.authenticationContext.getCurrentUserName());
    }

    @Test(expected = AuthenticationException.class)
    public void testFallthroughWhenIdentityServiceFacadeIsNull() {
        this.authComponent.setIdentityServiceFacade((IdentityServiceFacade) null);
        this.authComponent.authenticateImpl("username", AlfrescoTenant.ADMIN_PASSWORD.toCharArray());
    }

    @Test
    public void testSettingAllowGuestUser() {
        this.authComponent.setAllowGuestLogin(true);
        assertTrue(this.authComponent.guestUserAuthenticationAllowed());
        this.authComponent.setAllowGuestLogin(false);
        assertFalse(this.authComponent.guestUserAuthenticationAllowed());
    }
}
