package com.cloudera.server.web.cmf;

import com.cloudera.cmf.service.config.MetricsSourceConfigEvaluatorTest;
import com.cloudera.cmf.service.scm.ScmParamTrackerStore;
import com.cloudera.cmf.user.UserRole;
import com.cloudera.server.cmf.BaseTest;
import com.cloudera.server.web.cmf.CMFUserDetailsService;
import com.cloudera.server.web.cmf.CmfExternalScriptAuthenticationProvider;
import com.google.common.base.Function;
import com.google.common.collect.HashMultimap;
import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.persistence.EntityManagerFactory;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.AuthorityUtils;

/* loaded from: input_file:com/cloudera/server/web/cmf/CmfExternalScriptAuthenticationProviderTest.class */
public class CmfExternalScriptAuthenticationProviderTest extends BaseTest {
    private static final String CLUSTER_NAME = "c1";
    private static final String USERNAME1 = "brad";
    private static final String PASSWORD1 = "chicken5";
    private static final String USERNAME2 = "admin";
    private static final String PASSWORD2 = "foobar";
    private static final String USERNAME3 = "invalid";
    private static final String SCRIPT = "echo";
    CMFUserDetailsService.CMFUser user = null;
    private final Answer<CMFUserDetailsService.CMFUser> answer = new Answer<CMFUserDetailsService.CMFUser>() { // from class: com.cloudera.server.web.cmf.CmfExternalScriptAuthenticationProviderTest.1
        /* renamed from: answer, reason: merged with bridge method [inline-methods] */
        public CMFUserDetailsService.CMFUser m636answer(InvocationOnMock invocationOnMock) throws Throwable {
            Map map = (Map) invocationOnMock.getArguments()[1];
            HashMultimap create = HashMultimap.create();
            for (Map.Entry entry : map.entrySet()) {
                Iterator it = ((Set) entry.getValue()).iterator();
                while (it.hasNext()) {
                    create.putAll(entry.getKey(), CMFUserDetailsService.createAuthoritySet(((UserRole) it.next()).auth));
                }
            }
            CmfExternalScriptAuthenticationProviderTest.this.user = CMFUserDetailsService.CMFUser.newBuilder().setUsername((String) invocationOnMock.getArguments()[0]).setAuthorities(create.asMap()).setRoles(map).build();
            return CmfExternalScriptAuthenticationProviderTest.this.user;
        }
    };

    @Test
    public void testExternalScriptAuthenticationProvider() throws IOException {
        CmfExternalScriptAuthenticationProvider prepareExternalScriptAuth = prepareExternalScriptAuth(new Function<CmfExternalScriptAuthenticationProvider.AuthScript, Void>() { // from class: com.cloudera.server.web.cmf.CmfExternalScriptAuthenticationProviderTest.2
            public Void apply(CmfExternalScriptAuthenticationProvider.AuthScript authScript) {
                Mockito.when(authScript.authenticate((EntityManagerFactory) Mockito.any(EntityManagerFactory.class), (String) Mockito.eq(CmfExternalScriptAuthenticationProviderTest.USERNAME1), (String) Mockito.eq(CmfExternalScriptAuthenticationProviderTest.PASSWORD1))).thenReturn(CmfExternalScriptAuthenticationProviderTest.this.singletonGlobalAuth(UserRole.ROLE_USER));
                Mockito.when(authScript.authenticate((EntityManagerFactory) Mockito.any(EntityManagerFactory.class), (String) Mockito.eq(CmfExternalScriptAuthenticationProviderTest.USERNAME2), (String) Mockito.eq(CmfExternalScriptAuthenticationProviderTest.PASSWORD2))).thenReturn(CmfExternalScriptAuthenticationProviderTest.this.singletonGlobalAuth(UserRole.ROLE_ADMIN));
                Mockito.when(authScript.authenticate((EntityManagerFactory) Mockito.any(EntityManagerFactory.class), (String) Mockito.eq(CmfExternalScriptAuthenticationProviderTest.USERNAME3), Mockito.anyString())).thenThrow(new Throwable[]{new AuthenticationServiceException("Invalid User")});
                return null;
            }
        });
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(USERNAME1, PASSWORD1);
        usernamePasswordAuthenticationToken.setDetails(PASSWORD2);
        CmfUsernamePasswordAuthenticationToken authenticate = prepareExternalScriptAuth.authenticate(usernamePasswordAuthenticationToken);
        Assert.assertTrue(authenticate.isAuthenticated());
        Assert.assertEquals(this.user, authenticate.getPrincipal());
        Assert.assertEquals(UserRole.ROLE_USER.auth, AuthorityUtils.authorityListToSet(authenticate.getAuthorities()));
        Assert.assertEquals(PASSWORD2, authenticate.getDetails());
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken2 = new UsernamePasswordAuthenticationToken(USERNAME2, PASSWORD2);
        usernamePasswordAuthenticationToken2.setDetails("deadbeef");
        CmfUsernamePasswordAuthenticationToken authenticate2 = prepareExternalScriptAuth.authenticate(usernamePasswordAuthenticationToken2);
        Assert.assertTrue(authenticate2.isAuthenticated());
        Assert.assertEquals(this.user, authenticate2.getPrincipal());
        Assert.assertEquals(UserRole.ROLE_ADMIN.auth, AuthorityUtils.authorityListToSet(authenticate2.getAuthorities()));
        Assert.assertEquals("deadbeef", authenticate2.getDetails());
        try {
            prepareExternalScriptAuth.authenticate(new UsernamePasswordAuthenticationToken(USERNAME3, MetricsSourceConfigEvaluatorTest.PLACE_HOLDER));
            Assert.fail("Invalid user did not throw exception");
        } catch (AuthenticationException e) {
        }
    }

    @Test
    public void testExternalScriptAuthenticationProvider_cluster_scoped_auth() throws IOException {
        CmfExternalScriptAuthenticationProvider prepareExternalScriptAuth = prepareExternalScriptAuth(new Function<CmfExternalScriptAuthenticationProvider.AuthScript, Void>() { // from class: com.cloudera.server.web.cmf.CmfExternalScriptAuthenticationProviderTest.3
            public Void apply(CmfExternalScriptAuthenticationProvider.AuthScript authScript) {
                Mockito.when(authScript.authenticate((EntityManagerFactory) Mockito.any(EntityManagerFactory.class), (String) Mockito.eq(CmfExternalScriptAuthenticationProviderTest.USERNAME1), (String) Mockito.eq(CmfExternalScriptAuthenticationProviderTest.PASSWORD1))).thenReturn(CmfExternalScriptAuthenticationProviderTest.this.singletonAuth(AuthScope.cluster(CmfExternalScriptAuthenticationProviderTest.CLUSTER_NAME), UserRole.ROLE_USER));
                Mockito.when(authScript.authenticate((EntityManagerFactory) Mockito.any(EntityManagerFactory.class), (String) Mockito.eq(CmfExternalScriptAuthenticationProviderTest.USERNAME2), (String) Mockito.eq(CmfExternalScriptAuthenticationProviderTest.PASSWORD2))).thenReturn(CmfExternalScriptAuthenticationProviderTest.this.singletonAuth(AuthScope.cluster(CmfExternalScriptAuthenticationProviderTest.CLUSTER_NAME), UserRole.ROLE_ADMIN));
                Mockito.when(authScript.authenticate((EntityManagerFactory) Mockito.any(EntityManagerFactory.class), (String) Mockito.eq(CmfExternalScriptAuthenticationProviderTest.USERNAME3), Mockito.anyString())).thenThrow(new Throwable[]{new AuthenticationServiceException("Invalid User")});
                return null;
            }
        });
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(USERNAME1, PASSWORD1);
        usernamePasswordAuthenticationToken.setDetails(PASSWORD2);
        CmfUsernamePasswordAuthenticationToken authenticate = prepareExternalScriptAuth.authenticate(usernamePasswordAuthenticationToken);
        Assert.assertTrue(authenticate.isAuthenticated());
        Assert.assertEquals(this.user, authenticate.getPrincipal());
        Assert.assertEquals(UserRole.ROLE_USER.auth, AuthorityUtils.authorityListToSet((Collection) authenticate.getScopedAuths().get(AuthScope.cluster(CLUSTER_NAME))));
        Assert.assertEquals(PASSWORD2, authenticate.getDetails());
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken2 = new UsernamePasswordAuthenticationToken(USERNAME2, PASSWORD2);
        usernamePasswordAuthenticationToken2.setDetails("deadbeef");
        CmfUsernamePasswordAuthenticationToken authenticate2 = prepareExternalScriptAuth.authenticate(usernamePasswordAuthenticationToken2);
        Assert.assertTrue(authenticate2.isAuthenticated());
        Assert.assertEquals(this.user, authenticate2.getPrincipal());
        Assert.assertEquals(UserRole.ROLE_ADMIN.auth, AuthorityUtils.authorityListToSet((Collection) authenticate2.getScopedAuths().get(AuthScope.cluster(CLUSTER_NAME))));
        Assert.assertEquals("deadbeef", authenticate2.getDetails());
        try {
            prepareExternalScriptAuth.authenticate(new UsernamePasswordAuthenticationToken(USERNAME3, MetricsSourceConfigEvaluatorTest.PLACE_HOLDER));
            Assert.fail("Invalid user did not throw exception");
        } catch (AuthenticationException e) {
        }
    }

    private CmfExternalScriptAuthenticationProvider prepareExternalScriptAuth(Function<CmfExternalScriptAuthenticationProvider.AuthScript, Void> function) {
        CmfExternalScriptAuthenticationProvider cmfExternalScriptAuthenticationProvider = new CmfExternalScriptAuthenticationProvider(SCRIPT);
        UserMapper userMapper = (UserMapper) Mockito.mock(UserMapper.class);
        Mockito.when(userMapper.mapUser(Mockito.anyString(), Mockito.anyMap())).thenAnswer(this.answer);
        cmfExternalScriptAuthenticationProvider.initialize(emf, userMapper, (ScmParamTrackerStore) null);
        CmfExternalScriptAuthenticationProvider.AuthScript authScript = (CmfExternalScriptAuthenticationProvider.AuthScript) Mockito.mock(CmfExternalScriptAuthenticationProvider.AuthScript.class);
        function.apply(authScript);
        CmfExternalScriptAuthenticationProvider.ExternalScriptProvider externalScriptProvider = (CmfExternalScriptAuthenticationProvider.ExternalScriptProvider) Mockito.mock(CmfExternalScriptAuthenticationProvider.ExternalScriptProvider.class);
        Mockito.when(externalScriptProvider.authScript((String) Mockito.eq(SCRIPT))).thenReturn(authScript);
        cmfExternalScriptAuthenticationProvider.setAuthScriptProvider(externalScriptProvider);
        return cmfExternalScriptAuthenticationProvider;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<AuthScope, Set<UserRole>> singletonGlobalAuth(UserRole userRole) {
        return singletonAuth(AuthScope.global(), userRole);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<AuthScope, Set<UserRole>> singletonAuth(AuthScope authScope, UserRole userRole) {
        return Collections.singletonMap(authScope, Collections.singleton(userRole));
    }
}
