package com.cloudera.server.web.cmf;

import com.cloudera.cmf.CommandRunner;
import com.cloudera.cmf.model.DbAuthRole;
import com.cloudera.cmf.model.DbExternalMapping;
import com.cloudera.cmf.model.DbHost;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbRoleConfigGroup;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.model.ExternalMappingType;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.cmf.user.UserRole;
import com.cloudera.server.cmf.AbstractBaseTest;
import com.cloudera.server.cmf.BaseTest;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.NameID;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.saml.SAMLCredential;

/* loaded from: input_file:com/cloudera/server/web/cmf/CMFSAMLUserDetailsServiceTest.class */
public class CMFSAMLUserDetailsServiceTest extends BaseTest {
    @After
    public void cleanUp() {
        cleanDatabase();
    }

    @Test
    public void testLoadUserWithDefaultUserAttributeAndNoRoleAttribute() {
        SAMLCredential sAMLCredential = (SAMLCredential) Mockito.mock(SAMLCredential.class);
        NameID nameID = (NameID) Mockito.mock(NameID.class);
        Mockito.when(nameID.getValue()).thenReturn("transientID");
        Mockito.when(sAMLCredential.getNameID()).thenReturn(nameID);
        Attribute attribute = (Attribute) Mockito.mock(Attribute.class);
        Mockito.when(attribute.getName()).thenReturn(ScmParams.SAML_OID_USER.getDefaultValueNoVersion());
        Mockito.when(sAMLCredential.getAttribute((String) Mockito.eq(ScmParams.SAML_OID_USER.getDefaultValueNoVersion()))).thenReturn(attribute);
        Mockito.when(sAMLCredential.getAttributeAsString((String) Mockito.eq(ScmParams.SAML_OID_USER.getDefaultValueNoVersion()))).thenReturn("testUser");
        Mockito.when(sAMLCredential.getAttributeAsStringArray((String) Mockito.eq(ScmParams.SAML_OID_USER.getDefaultValueNoVersion()))).thenReturn(new String[]{"testUser"});
        Mockito.when(sAMLCredential.getAttributes()).thenReturn(ImmutableList.of(attribute));
        UserDetails userDetails = (UserDetails) new CMFSAMLUserDetailsService(emf, om, scmParamTrackerStore).loadUserBySAML(sAMLCredential);
        Assert.assertEquals("testUser", userDetails.getUsername());
        Assert.assertEquals(Collections.emptySet(), userDetails.getAuthorities());
    }

    @Test
    public void testLoadUserWithDefaultUserAttributeAndAdminRole() {
        UserDetails testLoadUserWithDefaultUserAttributeAndRole = testLoadUserWithDefaultUserAttributeAndRole((String) ScmParams.SAML_ROLE_MAP.getDefaultValueNoVersion().get(0));
        Assert.assertTrue(testLoadUserWithDefaultUserAttributeAndRole.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_ADMIN")));
        Assert.assertTrue(testLoadUserWithDefaultUserAttributeAndRole.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_USER")));
    }

    @Test
    public void testLoadUserWithDefaultUserAttributeAndUserRole() {
        UserDetails testLoadUserWithDefaultUserAttributeAndRole = testLoadUserWithDefaultUserAttributeAndRole((String) ScmParams.SAML_ROLE_MAP.getDefaultValueNoVersion().get(1));
        Assert.assertFalse(testLoadUserWithDefaultUserAttributeAndRole.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_ADMIN")));
        Assert.assertTrue(testLoadUserWithDefaultUserAttributeAndRole.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_USER")));
    }

    @Test
    public void testLoadUserWithDefaultUserAttributeAndNoRole() {
        Assert.assertEquals(Collections.emptySet(), testLoadUserWithDefaultUserAttributeAndRole("foo").getAuthorities());
    }

    private UserDetails testLoadUserWithDefaultUserAttributeAndRole(String str) {
        runInTransaction(true, new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.server.web.cmf.CMFSAMLUserDetailsServiceTest.1
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                CMFSAMLUserDetailsServiceTest.om.beginConfigWork(cmfEntityManager, "Setup SAML Auth");
                CMFSAMLUserDetailsServiceTest.om.setConfig(cmfEntityManager, ScmParams.EXTERNAL_AUTH_TYPE, ScmParams.ExternalAuthType.SAML, (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), (DbHost) null);
                CMFSAMLUserDetailsServiceTest.om.setConfig(cmfEntityManager, ScmParams.SAML_USER_SOURCE, ScmParams.SAMLUserSource.ATTRIBUTE, (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), (DbHost) null);
                CMFSAMLUserDetailsServiceTest.om.setConfig(cmfEntityManager, ScmParams.SAML_ROLE_MAPPER, ScmParams.SAMLRoleMapper.ATTRIBUTE, (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), (DbHost) null);
                CMFSAMLUserDetailsServiceTest.om.setConfig(cmfEntityManager, ScmParams.SAML_OID_ROLE, "urn:oid:1234567", (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), (DbHost) null);
            }
        });
        SAMLCredential sAMLCredential = (SAMLCredential) Mockito.mock(SAMLCredential.class);
        NameID nameID = (NameID) Mockito.mock(NameID.class);
        Mockito.when(nameID.getValue()).thenReturn("transientID");
        Mockito.when(sAMLCredential.getNameID()).thenReturn(nameID);
        Attribute attribute = (Attribute) Mockito.mock(Attribute.class);
        Mockito.when(attribute.getName()).thenReturn(ScmParams.SAML_OID_USER.getDefaultValueNoVersion());
        Mockito.when(sAMLCredential.getAttribute((String) Mockito.eq(ScmParams.SAML_OID_USER.getDefaultValueNoVersion()))).thenReturn(attribute);
        Mockito.when(sAMLCredential.getAttributeAsString((String) Mockito.eq(ScmParams.SAML_OID_USER.getDefaultValueNoVersion()))).thenReturn("testUser");
        Mockito.when(sAMLCredential.getAttributeAsStringArray((String) Mockito.eq(ScmParams.SAML_OID_USER.getDefaultValueNoVersion()))).thenReturn(new String[]{"testUser"});
        Attribute attribute2 = (Attribute) Mockito.mock(Attribute.class);
        Mockito.when(attribute2.getName()).thenReturn("urn:oid:1234567");
        Mockito.when(sAMLCredential.getAttribute((String) Mockito.eq("urn:oid:1234567"))).thenReturn(attribute2);
        Mockito.when(sAMLCredential.getAttributeAsString((String) Mockito.eq("urn:oid:1234567"))).thenReturn(str);
        Mockito.when(sAMLCredential.getAttributeAsStringArray((String) Mockito.eq("urn:oid:1234567"))).thenReturn(new String[]{str});
        Mockito.when(sAMLCredential.getAttributes()).thenReturn(ImmutableList.of(attribute, attribute2));
        UserDetails userDetails = (UserDetails) createCmfSamlUserDetailsService().loadUserBySAML(sAMLCredential);
        Assert.assertEquals("testUser", userDetails.getUsername());
        return userDetails;
    }

    @Test
    public void testLoadUserWithScriptAndAdminRole() {
        UserDetails testLoadUserWithScript = testLoadUserWithScript(0);
        Assert.assertTrue(testLoadUserWithScript.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_ADMIN")));
        Assert.assertTrue(testLoadUserWithScript.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_USER")));
    }

    @Test
    public void testLoadUserWithScriptAndUserRole() {
        UserDetails testLoadUserWithScript = testLoadUserWithScript(1);
        Assert.assertFalse(testLoadUserWithScript.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_ADMIN")));
        Assert.assertTrue(testLoadUserWithScript.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_USER")));
    }

    @Test
    public void testLoadUserWithScriptAndNoRole() {
        Assert.assertEquals(Collections.emptySet(), testLoadUserWithScript(-1).getAuthorities());
    }

    private UserDetails testLoadUserWithScript(int i) {
        runInTransaction(true, new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.server.web.cmf.CMFSAMLUserDetailsServiceTest.2
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                CMFSAMLUserDetailsServiceTest.om.beginConfigWork(cmfEntityManager, "Setup SAML Auth");
                CMFSAMLUserDetailsServiceTest.om.setConfig(cmfEntityManager, ScmParams.EXTERNAL_AUTH_TYPE, ScmParams.ExternalAuthType.SAML, (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), (DbHost) null);
                CMFSAMLUserDetailsServiceTest.om.setConfig(cmfEntityManager, ScmParams.SAML_USER_SOURCE, ScmParams.SAMLUserSource.ATTRIBUTE, (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), (DbHost) null);
                CMFSAMLUserDetailsServiceTest.om.setConfig(cmfEntityManager, ScmParams.SAML_ROLE_MAPPER, ScmParams.SAMLRoleMapper.SCRIPT, (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), (DbHost) null);
                CMFSAMLUserDetailsServiceTest.om.setConfig(cmfEntityManager, ScmParams.SAML_ROLE_SCRIPT, "some/path", (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), (DbHost) null);
            }
        });
        SAMLCredential sAMLCredential = (SAMLCredential) Mockito.mock(SAMLCredential.class);
        NameID nameID = (NameID) Mockito.mock(NameID.class);
        Mockito.when(nameID.getValue()).thenReturn("transientID");
        Mockito.when(sAMLCredential.getNameID()).thenReturn(nameID);
        Attribute attribute = (Attribute) Mockito.mock(Attribute.class);
        Mockito.when(attribute.getName()).thenReturn(ScmParams.SAML_OID_USER.getDefaultValueNoVersion());
        Mockito.when(sAMLCredential.getAttribute((String) Mockito.eq(ScmParams.SAML_OID_USER.getDefaultValueNoVersion()))).thenReturn(attribute);
        Mockito.when(sAMLCredential.getAttributeAsString((String) Mockito.eq(ScmParams.SAML_OID_USER.getDefaultValueNoVersion()))).thenReturn("testUser");
        Mockito.when(sAMLCredential.getAttributeAsStringArray((String) Mockito.eq(ScmParams.SAML_OID_USER.getDefaultValueNoVersion()))).thenReturn(new String[]{"testUser"});
        Mockito.when(sAMLCredential.getAttributes()).thenReturn(ImmutableList.of(attribute));
        CMFSAMLUserDetailsService cMFSAMLUserDetailsService = (CMFSAMLUserDetailsService) Mockito.spy(createCmfSamlUserDetailsService());
        CommandRunner.CommandResult commandResult = (CommandRunner.CommandResult) Mockito.mock(CommandRunner.CommandResult.class);
        commandResult.retcode = i;
        ((CMFSAMLUserDetailsService) Mockito.doReturn(commandResult).when(cMFSAMLUserDetailsService)).runCommand((List) Mockito.eq(ImmutableList.of("some/path", "testUser")));
        UserDetails userDetails = (UserDetails) cMFSAMLUserDetailsService.loadUserBySAML(sAMLCredential);
        Assert.assertEquals("testUser", userDetails.getUsername());
        return userDetails;
    }

    @Test
    public void testLoadUserWithoutAttributes() {
        SAMLCredential sAMLCredential = (SAMLCredential) Mockito.mock(SAMLCredential.class);
        NameID nameID = (NameID) Mockito.mock(NameID.class);
        Mockito.when(nameID.getValue()).thenReturn("testUser");
        Mockito.when(sAMLCredential.getNameID()).thenReturn(nameID);
        UserDetails userDetails = (UserDetails) new CMFSAMLUserDetailsService(emf, om, scmParamTrackerStore).loadUserBySAML(sAMLCredential);
        Assert.assertEquals("testUser", userDetails.getUsername());
        Assert.assertEquals(Collections.emptySet(), userDetails.getAuthorities());
    }

    @Test
    public void testLoadUserFromNameID() {
        runInTransaction(true, new AbstractBaseTest.RunnableWithCmfEM() { // from class: com.cloudera.server.web.cmf.CMFSAMLUserDetailsServiceTest.3
            @Override // com.cloudera.server.cmf.AbstractBaseTest.RunnableWithCmfEM
            public void run(CmfEntityManager cmfEntityManager) {
                CMFSAMLUserDetailsServiceTest.om.beginConfigWork(cmfEntityManager, "Setup SAML Auth");
                CMFSAMLUserDetailsServiceTest.om.setConfig(cmfEntityManager, ScmParams.EXTERNAL_AUTH_TYPE, ScmParams.ExternalAuthType.SAML, (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), (DbHost) null);
                CMFSAMLUserDetailsServiceTest.om.setConfig(cmfEntityManager, ScmParams.SAML_USER_SOURCE, ScmParams.SAMLUserSource.NAMEID, (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), (DbHost) null);
                CMFSAMLUserDetailsServiceTest.om.setConfig(cmfEntityManager, ScmParams.SAML_ROLE_MAPPER, ScmParams.SAMLRoleMapper.ATTRIBUTE, (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), (DbHost) null);
                CMFSAMLUserDetailsServiceTest.om.setConfig(cmfEntityManager, ScmParams.SAML_OID_ROLE, "urn:oid:1234567", (DbService) null, (DbRole) null, (DbRoleConfigGroup) null, cmfEntityManager.getScmConfigProvider().getConfigContainer(), (DbHost) null);
            }
        });
        SAMLCredential sAMLCredential = (SAMLCredential) Mockito.mock(SAMLCredential.class);
        NameID nameID = (NameID) Mockito.mock(NameID.class);
        Mockito.when(nameID.getValue()).thenReturn("nameIDUser");
        Mockito.when(sAMLCredential.getNameID()).thenReturn(nameID);
        Attribute attribute = (Attribute) Mockito.mock(Attribute.class);
        Mockito.when(attribute.getName()).thenReturn("urn:oid:1234567");
        Mockito.when(sAMLCredential.getAttribute((String) Mockito.eq("urn:oid:1234567"))).thenReturn(attribute);
        Mockito.when(sAMLCredential.getAttributeAsString((String) Mockito.eq("urn:oid:1234567"))).thenReturn("admin");
        Mockito.when(sAMLCredential.getAttributeAsStringArray((String) Mockito.eq("urn:oid:1234567"))).thenReturn(new String[]{"admin"});
        Mockito.when(sAMLCredential.getAttributes()).thenReturn(ImmutableList.of(attribute));
        UserDetails userDetails = (UserDetails) createCmfSamlUserDetailsService().loadUserBySAML(sAMLCredential);
        Assert.assertEquals("nameIDUser", userDetails.getUsername());
        Assert.assertTrue(userDetails.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_ADMIN")));
        Assert.assertTrue(userDetails.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_USER")));
    }

    private CMFSAMLUserDetailsService createCmfSamlUserDetailsService() {
        final CmfEntityManager cmfEntityManager = (CmfEntityManager) Mockito.mock(CmfEntityManager.class);
        Mockito.when(cmfEntityManager.findAllExternalMappings()).thenReturn(getAllExternalMappings());
        return new CMFSAMLUserDetailsService(emf, om, scmParamTrackerStore) { // from class: com.cloudera.server.web.cmf.CMFSAMLUserDetailsServiceTest.4
            CmfEntityManager getCmfEntityManager() {
                return cmfEntityManager;
            }
        };
    }

    private List<DbExternalMapping> getAllExternalMappings() {
        ArrayList newArrayList = Lists.newArrayList();
        for (int i = 0; i < UserRole.values().size(); i++) {
            UserRole byCode = UserRole.getByCode(i);
            if (byCode != null) {
                DbExternalMapping dbExternalMapping = (DbExternalMapping) Mockito.spy(new DbExternalMapping(Integer.toString(i), ExternalMappingType.SAML_SCRIPT));
                ((DbExternalMapping) Mockito.doReturn(ImmutableSet.of(new DbAuthRole(byCode))).when(dbExternalMapping)).getImmutableAuthRole();
                newArrayList.add(dbExternalMapping);
                DbExternalMapping dbExternalMapping2 = (DbExternalMapping) Mockito.spy(new DbExternalMapping(byCode.group(), ExternalMappingType.SAML_ATTRIBUTE));
                ((DbExternalMapping) Mockito.doReturn(ImmutableSet.of(new DbAuthRole(byCode))).when(dbExternalMapping2)).getImmutableAuthRole();
                newArrayList.add(dbExternalMapping2);
            }
        }
        return newArrayList;
    }
}
