package com.evolveum.midpoint.model.impl.lens;

import com.evolveum.midpoint.model.common.stringpolicy.ObjectBasedValuePolicyOriginResolver;
import com.evolveum.midpoint.model.common.stringpolicy.StringPolicyUtils;
import com.evolveum.midpoint.model.common.stringpolicy.ValuePolicyProcessor;
import com.evolveum.midpoint.model.impl.AbstractInternalModelIntegrationTest;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.util.PrismTestUtil;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.test.util.TestUtil;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.StringLimitType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.StringPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType;
import java.io.File;
import java.io.IOException;
import java.util.Iterator;
import java.util.function.Consumer;
import org.apache.commons.lang3.StringUtils;
import org.assertj.core.api.Assertions;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ContextConfiguration;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

@ContextConfiguration(locations = {"classpath:ctx-model-test-main.xml"})
@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
/* loaded from: input_file:com/evolveum/midpoint/model/impl/lens/TestPasswordPolicy.class */
public class TestPasswordPolicy extends AbstractInternalModelIntegrationTest {
    public static final File TEST_DIR = new File("src/test/resources/lens/ppolicy/");
    private static final String USER_AB_USERNAME = "ab";
    private static final String USER_AB_FULL_NAME = "Ad Fel";
    private static final String USER_AB_GIVEN_NAME = "Ad";
    private static final String USER_AB_FAMILY_NAME = "Fel";
    private static final String USER_AB_ADDITIONAL_NAME = "x";
    private static final int USERNAME_ATTEMPTS = 200;
    private static final int USER_PROPS_ATTEMPTS = 5000;

    @Autowired
    private ValuePolicyProcessor valuePolicyProcessor;

    @Test
    public void stringPolicyUtilsMinimalTest() throws SchemaException, IOException {
        StringPolicyType stringPolicy = PrismTestUtil.parseObject(new File(TEST_DIR, "password-policy-minimal.xml")).asObjectable().getStringPolicy();
        StringPolicyUtils.normalize(stringPolicy);
        AssertJUnit.assertNotNull(stringPolicy.getCharacterClass());
        AssertJUnit.assertNotNull(stringPolicy.getLimitations().getLimit());
        AssertJUnit.assertTrue(Integer.MAX_VALUE == stringPolicy.getLimitations().getMaxLength().intValue());
        AssertJUnit.assertTrue(0 == stringPolicy.getLimitations().getMinLength().intValue());
        AssertJUnit.assertTrue(0 == " !\"#$%&'()*+,-.01234567890:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~".compareTo(stringPolicy.getCharacterClass().getValue()));
    }

    @Test
    public void stringPolicyUtilsComplexTest() {
        ValuePolicyType valuePolicyType = null;
        try {
            valuePolicyType = (ValuePolicyType) PrismTestUtil.parseObject(new File(TEST_DIR, "password-policy-complex.xml")).asObjectable();
        } catch (Exception e) {
            e.printStackTrace();
        }
        StringPolicyUtils.normalize(valuePolicyType.getStringPolicy());
    }

    @Test
    public void testPasswordGeneratorComplexNegative() throws Exception {
        Task testTask = getTestTask();
        OperationResult result = testTask.getResult();
        ValuePolicyType asObjectable = PrismTestUtil.parseObject(new File(TEST_DIR, "password-policy-complex.xml")).asObjectable();
        asObjectable.getStringPolicy().getLimitations().setMinLength(2);
        asObjectable.getStringPolicy().getLimitations().setMinUniqueChars(5);
        when();
        String generate = this.valuePolicyProcessor.generate(SchemaConstants.PATH_PASSWORD_VALUE, asObjectable, 10, false, (ObjectBasedValuePolicyOriginResolver) null, getTestNameShort(), testTask, result);
        then();
        displayValue("Generated password", generate);
        result.computeStatus();
        AssertJUnit.assertTrue(result.isAcceptable());
        AssertJUnit.assertNotNull(generate);
        Iterator it = asObjectable.getStringPolicy().getLimitations().getLimit().iterator();
        while (it.hasNext()) {
            ((StringLimitType) it.next()).setMustBeFirst(true);
        }
        this.logger.info("Negative testing: passwordGeneratorComplexTest");
        try {
            this.valuePolicyProcessor.generate(SchemaConstants.PATH_PASSWORD_VALUE, asObjectable, 10, false, (ObjectBasedValuePolicyOriginResolver) null, getTestNameShort(), testTask, result);
            assertNotReached();
        } catch (ExpressionEvaluationException e) {
            result.computeStatus();
            TestUtil.assertFailure(result);
        }
    }

    @Test
    public void testPasswordGeneratorComplex() throws Exception {
        passwordGeneratorTest("password-policy-complex.xml");
    }

    @Test
    public void testPasswordGeneratorLong() throws Exception {
        passwordGeneratorTest("password-policy-long.xml");
    }

    @Test
    public void testPasswordGeneratorNumeric() throws Exception {
        passwordGeneratorTest("password-policy-numeric.xml");
    }

    @Test
    public void testPasswordGeneratorNumericAcceptingAlphas() throws Exception {
        passwordGeneratorTest("password-policy-gen-numeric-accepting-alphas.xml", str -> {
            try {
                Long.parseLong(str);
            } catch (NumberFormatException e) {
                throw new AssertionError("Generated password is not numeric: " + str);
            }
        });
        ValuePolicyType parsePasswordPolicy = parsePasswordPolicy("password-policy-gen-numeric-accepting-alphas.xml");
        Assertions.assertThat(pwdValidHelper("1234567890", parsePasswordPolicy)).isTrue();
        Assertions.assertThat(pwdValidHelper("abcdefghij", parsePasswordPolicy)).isTrue();
        Assertions.assertThat(pwdValidHelper("abcdefghij#", parsePasswordPolicy)).isFalse();
        Assertions.assertThat(pwdValidHelper("1234567890123", parsePasswordPolicy)).isFalse();
        Assertions.assertThat(pwdValidHelper("abcdefghijklm", parsePasswordPolicy)).isFalse();
        Assertions.assertThat(pwdValidHelper("1234567", parsePasswordPolicy)).isFalse();
        Assertions.assertThat(pwdValidHelper("abcdefg", parsePasswordPolicy)).isFalse();
    }

    @Test
    public void testPasswordGeneratorWithAllLimitationsIgnoredForGeneration() throws Exception {
        try {
            generateValidateOnce("password-policy-all-ignored-for-generation.xml", 10);
        } catch (ExpressionEvaluationException e) {
            assertExpectedException(e).hasMessageContaining("all character classes are marked as ignored");
        }
    }

    @Test
    public void testPasswordGeneratorRequiredCharIgnoredForGeneration() throws Exception {
        try {
            generateValidateOnce("password-policy-required-char-ignored-for-generation.xml", 10);
        } catch (ExpressionEvaluationException e) {
            assertExpectedException(e).hasMessageContaining("Character class is marked as ignored for generation, but has non-zero min occurrences");
        }
    }

    private void generateValidateOnce(String str, int i) throws Exception {
        Task testTask = getTestTask();
        OperationResult result = testTask.getResult();
        ValuePolicyType parsePasswordPolicy = parsePasswordPolicy(str);
        when();
        String generate = this.valuePolicyProcessor.generate(SchemaConstants.PATH_PASSWORD_VALUE, parsePasswordPolicy, i, true, (ObjectBasedValuePolicyOriginResolver) null, getTestNameShort(), testTask, result);
        then();
        displayValue("Generated password", generate);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        AssertJUnit.assertNotNull(generate);
        assertPassword(generate, parsePasswordPolicy);
    }

    @Test
    public void testValueGeneratorMustBeFirst() throws Exception {
        passwordGeneratorTest("value-policy-must-be-first.xml");
    }

    @Test
    public void testValueGenerateRandomPin() throws Exception {
        Task testTask = getTestTask();
        OperationResult result = testTask.getResult();
        ValuePolicyType parsePasswordPolicy = parsePasswordPolicy("value-policy-random-pin.xml");
        when();
        String generate = this.valuePolicyProcessor.generate(SchemaConstants.PATH_PASSWORD_VALUE, parsePasswordPolicy, 10, true, (ObjectBasedValuePolicyOriginResolver) null, getTestNameShort(), testTask, result);
        then();
        displayValue("Generated password", generate);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        AssertJUnit.assertNotNull(generate);
        assertPassword(generate, parsePasswordPolicy);
    }

    @Test
    public void testValueGenerateMailNonce() throws Exception {
        Task testTask = getTestTask();
        OperationResult result = testTask.getResult();
        ValuePolicyType parsePasswordPolicy = parsePasswordPolicy("value-policy-generate-without-limit-with-unique.xml");
        when();
        String generate = this.valuePolicyProcessor.generate(SchemaConstants.PATH_PASSWORD_VALUE, parsePasswordPolicy, 24, false, (ObjectBasedValuePolicyOriginResolver) null, getTestNameShort(), testTask, result);
        then();
        displayValue("Generated password", generate);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        AssertJUnit.assertNotNull(generate);
        assertPassword(generate, parsePasswordPolicy);
    }

    @Test
    public void testValueGenerate() throws Exception {
        Task testTask = getTestTask();
        OperationResult result = testTask.getResult();
        ValuePolicyType parsePasswordPolicy = parsePasswordPolicy("value-policy-generate.xml");
        when();
        String generate = this.valuePolicyProcessor.generate(SchemaConstants.PATH_PASSWORD_VALUE, parsePasswordPolicy, 10, true, (ObjectBasedValuePolicyOriginResolver) null, getTestNameShort(), testTask, result);
        then();
        displayValue("Generated password", generate);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        AssertJUnit.assertNotNull(generate);
        assertPassword(generate, parsePasswordPolicy);
    }

    @Test
    public void testValueGenerateEmpty() throws Exception {
        Task testTask = getTestTask();
        OperationResult result = testTask.getResult();
        File file = new File(TEST_DIR, "value-policy-generate-empty.xml");
        this.logger.info("Positive testing {}: {}", "testValueGenerate", "value-policy-generate-empty.xml");
        ValuePolicyType asObjectable = PrismTestUtil.parseObject(file).asObjectable();
        when();
        String generate = this.valuePolicyProcessor.generate(SchemaConstants.PATH_PASSWORD_VALUE, asObjectable, 10, true, (ObjectBasedValuePolicyOriginResolver) null, getTestNameShort(), testTask, result);
        then();
        displayValue("Generated password", generate);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        AssertJUnit.assertNotNull(generate);
        assertPassword(generate, asObjectable);
    }

    private void passwordGeneratorTest(String str) throws CommonException, IOException {
        passwordGeneratorTest(str, str2 -> {
        });
    }

    public void passwordGeneratorTest(String str, Consumer<String> consumer) throws SchemaException, IOException, ExpressionEvaluationException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException {
        Task testTask = getTestTask();
        OperationResult result = testTask.getResult();
        File file = new File(TEST_DIR, str);
        this.logger.info("Positive testing {}: {}", getTestNameShort(), str);
        ValuePolicyType valuePolicyType = (ValuePolicyType) PrismTestUtil.parseObject(file).asObjectable();
        for (int i = 0; i < 100; i++) {
            String generate = this.valuePolicyProcessor.generate(SchemaConstants.PATH_PASSWORD_VALUE, valuePolicyType, 10, true, (ObjectBasedValuePolicyOriginResolver) null, getTestNameShort(), testTask, result);
            this.logger.info("Generated password:" + generate);
            result.computeStatus();
            if (!result.isSuccess()) {
                this.logger.info("Result:" + result.debugDump());
                AssertJUnit.fail("Password generator failed:\n" + result.debugDump());
            }
            AssertJUnit.assertNotNull(generate);
            assertPassword(generate, valuePolicyType);
            consumer.accept(generate);
        }
        this.logger.info("-------------------------");
        for (int i2 = 0; i2 < 100; i2++) {
            String generate2 = this.valuePolicyProcessor.generate(SchemaConstants.PATH_PASSWORD_VALUE, valuePolicyType, 10, false, (ObjectBasedValuePolicyOriginResolver) null, getTestNameShort(), testTask, result);
            this.logger.info("Generated password:" + generate2);
            result.computeStatus();
            if (!result.isSuccess()) {
                this.logger.info("Result:" + result.debugDump());
            }
            AssertJUnit.assertTrue(result.isSuccess());
            AssertJUnit.assertNotNull(generate2);
            consumer.accept(generate2);
        }
    }

    private void assertPassword(String str, ValuePolicyType valuePolicyType) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        assertPassword(str, valuePolicyType, null);
    }

    private void assertPassword(String str, ValuePolicyType valuePolicyType, PrismObject<UserType> prismObject) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        Task testTask = getTestTask();
        OperationResult result = testTask.getResult();
        this.valuePolicyProcessor.validateValue(str, valuePolicyType, createUserOriginResolver(prismObject), "assertPassword", testTask, result);
        boolean isAcceptable = result.isAcceptable();
        result.computeStatus();
        if (!result.isSuccess()) {
            AssertJUnit.fail(result.debugDump());
        }
        AssertJUnit.assertTrue("Password not valid (but result is success)", isAcceptable);
    }

    @Test
    public void passwordValidationTestComplex() throws Exception {
        ValuePolicyType parsePasswordPolicy = parsePasswordPolicy("password-policy-complex.xml");
        AssertJUnit.assertTrue(pwdValidHelper("582a**A", parsePasswordPolicy));
        AssertJUnit.assertFalse(pwdValidHelper("58", parsePasswordPolicy));
        AssertJUnit.assertFalse(pwdValidHelper("333a**aGaa", parsePasswordPolicy));
        AssertJUnit.assertFalse(pwdValidHelper("AAA4444", parsePasswordPolicy));
    }

    @Test
    public void passwordValidationTestTri() throws Exception {
        ValuePolicyType parsePasswordPolicy = parsePasswordPolicy("password-policy-tri.xml");
        AssertJUnit.assertTrue(pwdValidHelper("Password1", parsePasswordPolicy));
        AssertJUnit.assertFalse(pwdValidHelper("password1", parsePasswordPolicy));
        AssertJUnit.assertFalse(pwdValidHelper("1PASSWORD", parsePasswordPolicy));
        AssertJUnit.assertFalse(pwdValidHelper("Password", parsePasswordPolicy));
        AssertJUnit.assertFalse(pwdValidHelper("Pa1", parsePasswordPolicy));
        AssertJUnit.assertFalse(pwdValidHelper("PPPPPPPPPPPPPPPPPPPPPPPaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa11111111111111111111111111111111111111111111111111111111111111111111", parsePasswordPolicy));
    }

    @Test
    public void testUsername() throws Exception {
        PrismObject<UserType> createUserAb = createUserAb();
        ValuePolicyType parsePasswordPolicy = parsePasswordPolicy("password-policy-username.xml");
        when();
        for (int i = 0; i < USERNAME_ATTEMPTS; i++) {
            Task testTask = getTestTask();
            OperationResult result = testTask.getResult();
            String generate = this.valuePolicyProcessor.generate(SchemaConstants.PATH_PASSWORD_VALUE, parsePasswordPolicy, 10, true, createUserOriginResolver(createUserAb), getTestNameShort(), testTask, result);
            displayValue("Generated password (" + i + ")", generate);
            result.computeStatus();
            TestUtil.assertSuccess(result);
            AssertJUnit.assertNotNull(generate);
            assertPassword(generate, parsePasswordPolicy, createUserAb);
            AssertJUnit.assertFalse("Generated password that matches the username: " + generate, generate.equals(USER_AB_USERNAME));
        }
        then();
    }

    @Test
    public void testUserProps() throws Exception {
        PrismObject<UserType> createUserAb = createUserAb();
        display("User", createUserAb);
        ValuePolicyType parsePasswordPolicy = parsePasswordPolicy("password-policy-props.xml");
        when();
        for (int i = 0; i < USER_PROPS_ATTEMPTS; i++) {
            Task testTask = getTestTask();
            OperationResult result = testTask.getResult();
            String generate = this.valuePolicyProcessor.generate(SchemaConstants.PATH_PASSWORD_VALUE, parsePasswordPolicy, 10, true, createUserOriginResolver(createUserAb), getTestNameShort(), testTask, result);
            displayValue("Generated password (" + i + ")", generate);
            result.computeStatus();
            TestUtil.assertSuccess(result);
            AssertJUnit.assertNotNull(generate);
            assertPassword(generate, parsePasswordPolicy, createUserAb);
            assertNotContains(generate, USER_AB_USERNAME);
            assertNotContains(generate, USER_AB_GIVEN_NAME);
            assertNotContains(generate, USER_AB_ADDITIONAL_NAME);
        }
        then();
    }

    private PrismObject<UserType> createUserAb() throws SchemaException {
        PrismObject<UserType> createUser = createUser(USER_AB_USERNAME, USER_AB_GIVEN_NAME, USER_AB_FAMILY_NAME, true);
        createUser.asObjectable().setAdditionalName(createPolyStringType(USER_AB_ADDITIONAL_NAME));
        return createUser;
    }

    private void assertNotContains(String str, String str2) {
        AssertJUnit.assertFalse("Generated password " + str + " contains value " + str2, StringUtils.containsIgnoreCase(str, str2));
    }

    private ValuePolicyType parsePasswordPolicy(String str) throws SchemaException, IOException {
        return PrismTestUtil.parseObject(new File(TEST_DIR, str)).asObjectable();
    }

    private boolean pwdValidHelper(String str, ValuePolicyType valuePolicyType) throws SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        Task testTask = getTestTask();
        OperationResult result = testTask.getResult();
        this.valuePolicyProcessor.validateValue(str, valuePolicyType, (ObjectBasedValuePolicyOriginResolver) null, "pwdValidHelper", testTask, result);
        result.computeStatus();
        String str2 = "-> Policy " + valuePolicyType.getName() + ", password '" + str + "': " + result.getStatus();
        System.out.println(str2);
        this.logger.info(str2);
        this.logger.trace(result.debugDump());
        return result.isSuccess();
    }
}
