package org.apache.hadoop.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.hadoop.conf.Configuration;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.mockito.stubbing.Stubber;

/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.100-eep-910-tests.jar:org/apache/hadoop/security/TestLdapGroupsMappingWithOneQuery.class */
public class TestLdapGroupsMappingWithOneQuery extends TestLdapGroupsMappingBase {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.100-eep-910-tests.jar:org/apache/hadoop/security/TestLdapGroupsMappingWithOneQuery$TestLdapGroupsMapping.class */
    public static final class TestLdapGroupsMapping extends LdapGroupsMapping {
        private boolean secondaryQueryCalled;

        private TestLdapGroupsMapping() {
            this.secondaryQueryCalled = false;
        }

        public boolean isSecondaryQueryCalled() {
            return this.secondaryQueryCalled;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // org.apache.hadoop.security.LdapGroupsMapping
        public List<String> lookupGroup(SearchResult searchResult, DirContext dirContext, int i) throws NamingException {
            this.secondaryQueryCalled = true;
            return super.lookupGroup(searchResult, dirContext, i);
        }
    }

    public void setupMocks(List<String> list) throws NamingException {
        Attribute attribute = (Attribute) Mockito.mock(Attribute.class);
        NamingEnumeration<SearchResult> groupNames = getGroupNames();
        ((Attribute) Mockito.doReturn(groupNames).when(attribute)).getAll();
        ((NamingEnumeration) buildListOfGroupDNs(list).when(groupNames)).next();
        Mockito.when(Boolean.valueOf(groupNames.hasMore())).thenReturn(true).thenReturn(true).thenReturn(true).thenReturn(false);
        Mockito.when(getAttributes().get((String) ArgumentMatchers.eq("memberOf"))).thenReturn(attribute);
    }

    private Stubber buildListOfGroupDNs(List<String> list) {
        Stubber stubber = null;
        for (String str : list) {
            if (stubber != null) {
                stubber.doReturn(str);
            } else {
                stubber = Mockito.doReturn(str);
            }
        }
        return stubber;
    }

    @Test
    public void testGetGroups() throws NamingException {
        doTestGetGroups(Arrays.asList("abc", "xyz", "sss"));
        doTestGetGroupsWithFallback();
    }

    private void doTestGetGroups(List<String> list) throws NamingException {
        ArrayList arrayList = new ArrayList();
        arrayList.add("CN=abc,DC=foo,DC=bar,DC=com");
        arrayList.add("CN=xyz,DC=foo,DC=bar,DC=com");
        arrayList.add("CN=sss,DC=foo,DC=bar,DC=com");
        setupMocks(arrayList);
        Configuration baseConf = getBaseConf("ldap://test");
        baseConf.set(LdapGroupsMapping.MEMBEROF_ATTR_KEY, "memberOf");
        TestLdapGroupsMapping testLdapGroupsMapping = new TestLdapGroupsMapping();
        testLdapGroupsMapping.setConf(baseConf);
        Assert.assertEquals(list, testLdapGroupsMapping.getGroups("some_user"));
        Assert.assertFalse("Second LDAP query should NOT have been called.", testLdapGroupsMapping.isSecondaryQueryCalled());
        ((DirContext) Mockito.verify(getContext(), Mockito.times(1))).search(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (Object[]) ArgumentMatchers.any(Object[].class), (SearchControls) ArgumentMatchers.any(SearchControls.class));
    }

    private void doTestGetGroupsWithFallback() throws NamingException {
        ArrayList arrayList = new ArrayList();
        arrayList.add("CN=abc,DC=foo,DC=bar,DC=com");
        arrayList.add("CN=xyz,DC=foo,DC=bar,DC=com");
        arrayList.add("ipaUniqueID=e4a9a634-bb24-11ec-aec1-06ede52b5fe1,CN=sudo,DC=foo,DC=bar,DC=com");
        setupMocks(arrayList);
        Configuration baseConf = getBaseConf("ldap://test");
        baseConf.set(LdapGroupsMapping.MEMBEROF_ATTR_KEY, "memberOf");
        baseConf.set(LdapGroupsMapping.LDAP_NUM_ATTEMPTS_KEY, "1");
        TestLdapGroupsMapping testLdapGroupsMapping = new TestLdapGroupsMapping();
        testLdapGroupsMapping.setConf(baseConf);
        Assert.assertEquals(0L, testLdapGroupsMapping.getGroups("some_user").size());
        Assert.assertTrue("Second LDAP query should have been called.", testLdapGroupsMapping.isSecondaryQueryCalled());
        ((DirContext) Mockito.verify(getContext(), Mockito.times(3))).search(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (Object[]) ArgumentMatchers.any(Object[].class), (SearchControls) ArgumentMatchers.any(SearchControls.class));
    }
}
