package io.confluent.common.security.jetty;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.easymock.EasyMock;
import org.easymock.EasyMockSupport;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.UserAuthentication;
import org.eclipse.jetty.security.authentication.DeferredAuthentication;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Response;
import org.eclipse.jetty.server.UserIdentity;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:io/confluent/common/security/jetty/OAuthOrBasicAuthenticatorTest.class */
public class OAuthOrBasicAuthenticatorTest extends EasyMockSupport {
    private LoginService mockLoginService;
    private UserIdentity mockIdentity;
    private Authenticator.AuthConfiguration mockConfig;
    private OAuthOrBasicAuthenticator authenticator;

    @Before
    public void setup() {
        DefaultIdentityService defaultIdentityService = new DefaultIdentityService();
        this.mockLoginService = (LoginService) createMock(LoginService.class);
        this.mockIdentity = (UserIdentity) createMock(UserIdentity.class);
        this.mockConfig = (Authenticator.AuthConfiguration) createMock(Authenticator.AuthConfiguration.class);
        EasyMock.expect(this.mockConfig.getLoginService()).andReturn(this.mockLoginService).anyTimes();
        EasyMock.expect(this.mockConfig.getIdentityService()).andReturn(defaultIdentityService).anyTimes();
        EasyMock.expect(Boolean.valueOf(this.mockConfig.isSessionRenewedOnAuthentication())).andReturn(true).anyTimes();
        EasyMock.expect(this.mockLoginService.getIdentityService()).andReturn(defaultIdentityService).anyTimes();
        EasyMock.expect(this.mockLoginService.getName()).andReturn("mockLogin").anyTimes();
        this.authenticator = new OAuthOrBasicAuthenticator();
    }

    private Request createMockRequest() {
        Request request = (Request) createMock(Request.class);
        EasyMock.expect(request.getResponse()).andReturn((Response) createMock(Response.class)).anyTimes();
        return request;
    }

    @Test
    public void testBasicTokenExtraction() throws Exception {
        Request createMockRequest = createMockRequest();
        EasyMock.expect(createMockRequest.getHeader(HttpHeader.AUTHORIZATION.asString())).andReturn("BaSiC ZnJhbno6a2Fma2E=").atLeastOnce();
        EasyMock.expect(createMockRequest.getSession(false)).andReturn((Object) null).atLeastOnce();
        EasyMock.expect(createMockRequest.getParameter("access_token")).andReturn((Object) null).atLeastOnce();
        EasyMock.expect(this.mockLoginService.login("franz", "kafka", createMockRequest)).andReturn(this.mockIdentity).once();
        replayAll();
        this.authenticator.setConfiguration(this.mockConfig);
        UserAuthentication validateRequest = this.authenticator.validateRequest(createMockRequest, (ServletResponse) null, true);
        Assert.assertEquals("BASIC", validateRequest.getAuthMethod());
        Assert.assertEquals(this.mockIdentity, validateRequest.getUserIdentity());
        Assert.assertTrue(this.authenticator.secureResponse((ServletRequest) null, (ServletResponse) null, false, (Authentication.User) null));
        verifyAll();
    }

    @Test
    public void testBearerTokenExtraction() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) createMock(HttpServletRequest.class);
        EasyMock.expect(httpServletRequest.getHeader(HttpHeader.AUTHORIZATION.asString())).andReturn("Bearer eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJDb25mb").atLeastOnce();
        EasyMock.expect(httpServletRequest.getParameter("access_token")).andReturn((Object) null).atLeastOnce();
        EasyMock.expect(this.mockLoginService.login((String) null, "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJDb25mb", httpServletRequest)).andReturn(this.mockIdentity).once();
        replayAll();
        this.authenticator.setConfiguration(this.mockConfig);
        UserAuthentication validateRequest = this.authenticator.validateRequest(httpServletRequest, (ServletResponse) null, true);
        Assert.assertEquals("BEARER", validateRequest.getAuthMethod());
        Assert.assertEquals(this.mockIdentity, validateRequest.getUserIdentity());
        Assert.assertTrue(this.authenticator.secureResponse((ServletRequest) null, (ServletResponse) null, false, (Authentication.User) null));
        verifyAll();
    }

    @Test
    public void testQueryParamTokenExtraction() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) createMock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) createMock(HttpServletResponse.class);
        EasyMock.expect(httpServletRequest.getHeader(HttpHeader.AUTHORIZATION.asString())).andReturn((Object) null).atLeastOnce();
        EasyMock.expect(httpServletRequest.getParameter("access_token")).andReturn("eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJDb25mb").atLeastOnce();
        httpServletResponse.setHeader(EasyMock.anyString(), EasyMock.anyString());
        EasyMock.expectLastCall().atLeastOnce();
        EasyMock.expect(this.mockLoginService.login((String) null, "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJDb25mb", httpServletRequest)).andReturn(this.mockIdentity).once();
        replayAll();
        this.authenticator.setConfiguration(this.mockConfig);
        UserAuthentication validateRequest = this.authenticator.validateRequest(httpServletRequest, httpServletResponse, true);
        Assert.assertEquals("BEARER", validateRequest.getAuthMethod());
        Assert.assertEquals(this.mockIdentity, validateRequest.getUserIdentity());
        Assert.assertTrue(this.authenticator.secureResponse((ServletRequest) null, (ServletResponse) null, false, (Authentication.User) null));
        verifyAll();
    }

    @Test
    public void testDeferBearerAuthentication() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) createMock(HttpServletRequest.class);
        EasyMock.expect(httpServletRequest.getHeader(HttpHeader.AUTHORIZATION.asString())).andReturn("Bearer eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJDb25mb").anyTimes();
        EasyMock.expect(httpServletRequest.getParameter("access_token")).andReturn((Object) null).atLeastOnce();
        EasyMock.expect(this.mockLoginService.login((String) null, "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJDb25mb", httpServletRequest)).andReturn(this.mockIdentity).once();
        replayAll();
        this.authenticator.setConfiguration(this.mockConfig);
        DeferredAuthentication validateRequest = this.authenticator.validateRequest(httpServletRequest, (ServletResponse) null, false);
        Assert.assertTrue(validateRequest instanceof DeferredAuthentication);
        UserAuthentication authenticate = validateRequest.authenticate(httpServletRequest);
        Assert.assertTrue(authenticate instanceof UserAuthentication);
        UserAuthentication userAuthentication = authenticate;
        Assert.assertEquals("BEARER", userAuthentication.getAuthMethod());
        Assert.assertEquals(this.mockIdentity, userAuthentication.getUserIdentity());
        verifyAll();
    }

    @Test
    public void testDeferBasicAuthentication() throws Exception {
        Request createMockRequest = createMockRequest();
        EasyMock.expect(createMockRequest.getHeader(HttpHeader.AUTHORIZATION.asString())).andReturn("Basic ZnJhbno6a2Fma2E=").anyTimes();
        EasyMock.expect(createMockRequest.getSession(false)).andReturn((Object) null).atLeastOnce();
        EasyMock.expect(createMockRequest.getParameter("access_token")).andReturn((Object) null).atLeastOnce();
        EasyMock.expect(this.mockLoginService.login("franz", "kafka", createMockRequest)).andReturn(this.mockIdentity).once();
        replayAll();
        this.authenticator.setConfiguration(this.mockConfig);
        DeferredAuthentication validateRequest = this.authenticator.validateRequest(createMockRequest, (ServletResponse) null, false);
        Assert.assertTrue(validateRequest instanceof DeferredAuthentication);
        UserAuthentication authenticate = validateRequest.authenticate(createMockRequest);
        Assert.assertTrue(authenticate instanceof UserAuthentication);
        UserAuthentication userAuthentication = authenticate;
        Assert.assertEquals("BASIC", userAuthentication.getAuthMethod());
        Assert.assertEquals(this.mockIdentity, userAuthentication.getUserIdentity());
        verifyAll();
    }

    @Test
    public void testInvalidHeader() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) createMock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) createMock(HttpServletResponse.class);
        EasyMock.expect(httpServletRequest.getHeader(HttpHeader.AUTHORIZATION.asString())).andReturn("CustomAuth magicToken").times(2);
        EasyMock.expect(httpServletRequest.getParameter("access_token")).andReturn((Object) null).atLeastOnce();
        httpServletResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"mockLogin\"");
        EasyMock.expectLastCall().once();
        httpServletResponse.sendError(401);
        EasyMock.expectLastCall().once();
        replayAll();
        this.authenticator.setConfiguration(this.mockConfig);
        Assert.assertEquals(Authentication.SEND_CONTINUE, this.authenticator.validateRequest(httpServletRequest, httpServletResponse, true));
        Assert.assertTrue(this.authenticator.secureResponse((ServletRequest) null, (ServletResponse) null, false, (Authentication.User) null));
        verifyAll();
    }
}
