package org.infinispan.server.hotrod;

import static org.infinispan.server.hotrod.test.HotRodTestingUtil.startHotRodServer;
import static org.testng.AssertJUnit.assertEquals;
import static org.testng.AssertJUnit.assertTrue;

import java.lang.reflect.Method;
import java.util.HashMap;

import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;

import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.server.core.security.simple.SimpleServerAuthenticationProvider;
import org.infinispan.server.hotrod.configuration.HotRodServerConfigurationBuilder;
import org.infinispan.server.hotrod.test.HotRodTestingUtil;
import org.infinispan.server.hotrod.test.TestAuthMechListResponse;
import org.infinispan.server.hotrod.test.TestAuthResponse;
import org.infinispan.server.hotrod.test.TestCallbackHandler;
import org.infinispan.test.TestingUtil;
import org.jboss.sasl.JBossSaslProvider;
import org.testng.annotations.Test;

import io.netty.channel.group.ChannelGroup;

/**
 * Hot Rod server authentication test.
 *
 * @author Tristan Tarrant
 * @since 7.0
 */
@Test(groups = "functional", testName = "server.hotrod.HotRodAuthenticationTest")
public class HotRodAuthenticationTest extends HotRodSingleNodeTest {
   JBossSaslProvider jbossSaslProvider = new JBossSaslProvider();

   @Override
   public HotRodServer createStartHotRodServer(EmbeddedCacheManager cacheManager) {
      SimpleServerAuthenticationProvider ssap = new SimpleServerAuthenticationProvider();
      ssap.addUser("user", "realm", "password".toCharArray());
      HotRodServerConfigurationBuilder builder = new HotRodServerConfigurationBuilder();
      builder.authentication().enable().addAllowedMech("CRAM-MD5").serverAuthenticationProvider(ssap)
             .serverName("localhost").addMechProperty(Sasl.POLICY_NOANONYMOUS, "true");
      return startHotRodServer(cacheManager, HotRodTestingUtil.serverPort(), 0, builder);
   }

   public void testAuthMechList(Method m) {
      TestAuthMechListResponse a = client().authMechList();
      assertEquals(1, a.mechs.size());
      assertTrue(a.mechs.contains("CRAM-MD5"));
      assertEquals(1, server().getDecoder().getTransport().getNumberOfLocalConnections().intValue());
   }

   public void testAuth(Method m) throws SaslException {
      HashMap<String, String> props = new HashMap<>();
      SaslClient sc = Sasl.createSaslClient(new String[]{"CRAM-MD5"}, null, "hotrod", "localhost", props,
                                            new TestCallbackHandler("user", "realm", "password".toCharArray()));
      TestAuthResponse res = client().auth(sc);
      assertTrue(res.complete);
      assertEquals(1, server().getDecoder().getTransport().getNumberOfLocalConnections().intValue());
   }

   public void testUnauthorizedOpCloseConnection(Method m) {
      // Ensure the transport is clean
      ChannelGroup acceptedChannels =
            TestingUtil.extractField(server().getDecoder().getTransport(), "acceptedChannels");
      acceptedChannels.close().awaitUninterruptibly();
      try {
         client().assertPutFail(m);
      } finally {
         assertEquals(0, server().getDecoder().getTransport().getNumberOfLocalConnections().intValue());
      }
   }
}