package com.evolveum.midpoint.model.impl.lens;

import com.evolveum.midpoint.model.impl.AbstractInternalModelIntegrationTest;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.test.util.TestUtil;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.io.File;
import java.util.List;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ContextConfiguration;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

@ContextConfiguration(locations = {"classpath:ctx-model-test-main.xml"})
@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
/* loaded from: input_file:com/evolveum/midpoint/model/impl/lens/TestPasswordPolicyProcessor.class */
public class TestPasswordPolicyProcessor extends AbstractLensTest {
    private static final String PASSWORD_HISTORY_POLICY_OID = "policy00-0000-0000-0000-000000000003";
    private static final String PASSWORD_NO_HISTORY_POLICY_OID = "policy00-0000-0000-0000-000000000004";
    private static final String PASSWORD1 = "ch4nGedPa33word1";
    private static final String PASSWORD2 = "ch4nGedPa33word2";
    private static final String PASSWORD3 = "ch4nGedPa33word3";
    private static final String BASE_PATH = "src/test/resources/lens";
    private static final String PASSWORD_HISTORY_POLICY_NAME = "password-policy-history.xml";
    private static final File PASSWORD_HISTORY_POLICY_FILE = new File(BASE_PATH, PASSWORD_HISTORY_POLICY_NAME);
    private static final String PASSWORD_NO_HISTORY_POLICY_NAME = "password-policy-no-history.xml";
    private static final File PASSWORD_NO_HISTORY_POLICY_FILE = new File(BASE_PATH, PASSWORD_NO_HISTORY_POLICY_NAME);

    @Override // com.evolveum.midpoint.model.impl.lens.AbstractLensTest, com.evolveum.midpoint.model.impl.AbstractInternalModelIntegrationTest, com.evolveum.midpoint.model.impl.AbstractModelImplementationIntegrationTest
    public void initSystem(Task task, OperationResult operationResult) throws Exception {
        super.initSystem(task, operationResult);
        repoAddObjectFromFile(PASSWORD_HISTORY_POLICY_FILE, operationResult);
        repoAddObjectFromFile(PASSWORD_NO_HISTORY_POLICY_FILE, operationResult);
        deleteObject(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111111");
    }

    @Test
    public void test000initPasswordPolicyForHistory() throws Exception {
        initPasswordPolicy("test000initPasswordPolicyForHistory", 3, PASSWORD_HISTORY_POLICY_OID);
    }

    @Test
    public void test100CreateUserWithPassword() throws Exception {
        TestUtil.displayTestTitle("test100CreateUserWithPassword");
        addObject(USER_JACK_FILE);
        PrismObject object = getObject(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111111");
        AssertJUnit.assertNotNull("User Jack was not found.", object);
        assertPasswordHistoryEntries(object, new String[0]);
    }

    @Test
    public void test101ModifyUserPassword() throws Exception {
        TestUtil.displayTestTitle("test101ModifyUserPassword");
        Task createTask = createTask("test101ModifyUserPassword");
        modifyUserChangePassword("c0c010c0-d34d-b33f-f00d-111111111111", PASSWORD1, createTask, createTask.getResult());
        PrismObject object = getObject(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111111");
        AssertJUnit.assertNotNull("User Jack was not found.", object);
        CredentialsType credentials = object.asObjectable().getCredentials();
        AssertJUnit.assertNotNull("No credentials set for user Jack", credentials);
        PasswordType password = credentials.getPassword();
        AssertJUnit.assertNotNull("No password set for user Jack", password);
        ProtectedStringType value = password.getValue();
        AssertJUnit.assertNotNull("Password musn't be null", value);
        assertPasswords(PASSWORD1, value);
        assertPasswordHistoryEntries(password, new String[]{"deadmentellnotales"});
    }

    @Test
    public void test102ModifyUserPassword() throws Exception {
        TestUtil.displayTestTitle("test102ModifyUserPassword");
        Task createTaskInstance = this.taskManager.createTaskInstance("test102ModifyUserPassword");
        modifyUserChangePassword("c0c010c0-d34d-b33f-f00d-111111111111", PASSWORD2, createTaskInstance, createTaskInstance.getResult());
        PrismObject object = getObject(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111111");
        AssertJUnit.assertNotNull("User Jack was not found.", object);
        CredentialsType credentials = object.asObjectable().getCredentials();
        AssertJUnit.assertNotNull("No credentials set for user Jack", credentials);
        PasswordType password = credentials.getPassword();
        AssertJUnit.assertNotNull("No password set for user Jack", password);
        ProtectedStringType value = password.getValue();
        AssertJUnit.assertNotNull("Password musn't be null", value);
        assertPasswords(PASSWORD2, value);
        assertPasswordHistoryEntries(password, new String[]{"deadmentellnotales", PASSWORD1});
    }

    @Test
    public void test103ModifyUserPasswordAgain() throws Exception {
        TestUtil.displayTestTitle("test103ModifyUserPasswordAgain");
        Task createTask = createTask("test103ModifyUserPasswordAgain");
        modifyUserChangePassword("c0c010c0-d34d-b33f-f00d-111111111111", PASSWORD3, createTask, createTask.getResult());
        PrismObject object = getObject(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111111");
        AssertJUnit.assertNotNull("User Jack was not found.", object);
        CredentialsType credentials = object.asObjectable().getCredentials();
        AssertJUnit.assertNotNull("No credentials set for user Jack", credentials);
        PasswordType password = credentials.getPassword();
        AssertJUnit.assertNotNull("No password set for user Jack", password);
        ProtectedStringType value = password.getValue();
        AssertJUnit.assertNotNull("Password musn't be null", value);
        assertPasswords(PASSWORD3, value);
        assertPasswordHistoryEntries(password, new String[]{PASSWORD1, PASSWORD2});
    }

    @Test
    public void test111ModifyUserPasswordOldPassword1() throws Exception {
        doTestModifyUserPasswordExpectFailure("test111ModifyUserPasswordOldPassword1", PASSWORD1);
    }

    @Test
    public void test112ModifyUserPasswordOldPassword2() throws Exception {
        doTestModifyUserPasswordExpectFailure("test112ModifyUserPasswordOldPassword2", PASSWORD2);
    }

    @Test
    public void test113ModifyUserPasswordSamePassword3() throws Exception {
        doTestModifyUserPasswordExpectFailure("test113ModifyUserPasswordSamePassword3", PASSWORD3);
    }

    public void doTestModifyUserPasswordExpectFailure(String str, String str2) throws Exception {
        Task createTaskInstance = this.taskManager.createTaskInstance(str);
        TestUtil.displayTestTitle(str);
        OperationResult result = createTaskInstance.getResult();
        try {
            modifyUserChangePassword("c0c010c0-d34d-b33f-f00d-111111111111", str2, createTaskInstance, result);
            fail("Expected PolicyViolationException but didn't get one.");
        } catch (PolicyViolationException e) {
            display("expected exception", e);
            result.computeStatus();
            TestUtil.assertFailure(result);
        }
    }

    @Test
    public void test200initNoHistoryPasswordPolicy() throws Exception {
        initPasswordPolicy("test200initNoHistoryPasswordPolicy", 0, PASSWORD_NO_HISTORY_POLICY_OID);
    }

    @Test
    public void test201deleteUserJack() throws Exception {
        TestUtil.displayTestTitle("test201deleteUserJack");
        deleteObject(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111111");
        try {
            getObject(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111111");
            fail("Unexpected user Jack, should be deleted.");
        } catch (ObjectNotFoundException e) {
        }
    }

    @Test
    public void test202createUserJackNoPasswordHistory() throws Exception {
        TestUtil.displayTestTitle("test202createUserJackNoPasswordHistory");
        addObject(USER_JACK_FILE);
        PrismObject object = getObject(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111111");
        AssertJUnit.assertNotNull("Expected to find user Jack, but no one exists here", object);
        CredentialsType credentials = object.asObjectable().getCredentials();
        AssertJUnit.assertNotNull("User Jack has no credentials", credentials);
        PasswordType password = credentials.getPassword();
        AssertJUnit.assertNotNull("User Jack has no password", password);
        List historyEntry = password.getHistoryEntry();
        AssertJUnit.assertEquals("Expected no history entries, but found: " + historyEntry.size(), 0, historyEntry.size());
    }

    @Test
    public void test203modifyUserJackPasswordNoPasswordHistory() throws Exception {
        modifyUserJackPasswordNoHistory("test203modifyUserJackPasswordNoPasswordHistory");
    }

    @Test
    public void test204modifyUserJackSamePasswordNoPasswordHistory() throws Exception {
        modifyUserJackPasswordNoHistory("test204modifyUserJackSamePasswordNoPasswordHistory");
    }

    private void modifyUserJackPasswordNoHistory(String str) throws Exception {
        TestUtil.displayTestTitle(str);
        Task createTaskInstance = this.taskManager.createTaskInstance(str);
        OperationResult result = createTaskInstance.getResult();
        ProtectedStringType protectedStringType = new ProtectedStringType();
        protectedStringType.setClearValue("n0Hist0ryEntr7");
        modifyObjectReplaceProperty(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111111", SchemaConstants.PATH_CREDENTIALS_PASSWORD_VALUE, createTaskInstance, result, new Object[]{protectedStringType});
        PrismObject object = getObject(UserType.class, "c0c010c0-d34d-b33f-f00d-111111111111");
        AssertJUnit.assertNotNull("Expected to find user Jack, but no one exists here", object);
        CredentialsType credentials = object.asObjectable().getCredentials();
        AssertJUnit.assertNotNull("User Jack has no credentials", credentials);
        PasswordType password = credentials.getPassword();
        AssertJUnit.assertNotNull("User Jack has no password", password);
        List historyEntry = password.getHistoryEntry();
        AssertJUnit.assertEquals("Expected no history entries, but found: " + historyEntry.size(), 0, historyEntry.size());
    }

    private void assertPasswords(String str, ProtectedStringType protectedStringType) throws SchemaException, EncryptionException {
        ProtectedStringType protectedStringType2 = new ProtectedStringType();
        protectedStringType2.setClearValue(str);
        AssertJUnit.assertTrue("Password doesn't match", this.protector.compareCleartext(protectedStringType2, protectedStringType));
    }

    private void initPasswordPolicy(String str, int i, String str2) throws Exception {
        display(str);
        Task createTask = createTask(str);
        modifyObjectReplaceProperty(SecurityPolicyType.class, AbstractInternalModelIntegrationTest.SECURITY_POLICY_OID, SchemaConstants.PATH_CREDENTIALS_PASSWORD_HISTORY_LENGTH, createTask, createTask.getResult(), new Object[]{Integer.valueOf(i)});
    }
}
