package io.confluent.common.security.jetty;

import com.google.common.io.ByteSource;
import com.google.common.io.ByteStreams;
import io.confluent.common.utils.IntegrationTest;
import io.confluent.rest.Application;
import io.confluent.rest.RestConfig;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import java.util.Properties;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Configurable;
import javax.ws.rs.core.Response;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({IntegrationTest.class})
/* loaded from: input_file:io/confluent/common/security/jetty/OAuthBearerIntegrationTest.class */
public class OAuthBearerIntegrationTest {
    private static final String TOKEN = "aabbccdd1234==";
    private TestApplication application;

    /* loaded from: input_file:io/confluent/common/security/jetty/OAuthBearerIntegrationTest$TestApplication.class */
    static class TestApplication extends Application<RestConfig> {
        public TestApplication(RestConfig restConfig) {
            super(restConfig);
        }

        public void setupResources(Configurable configurable, RestConfig restConfig) {
            configurable.register(TestResource.class);
        }

        protected void configureSecurityHandler(ServletContextHandler servletContextHandler) {
            ConstraintSecurityHandler constraintSecurityHandler = new ConstraintSecurityHandler();
            constraintSecurityHandler.addConstraintMapping(createGlobalAuthConstraint());
            constraintSecurityHandler.setAuthenticator(new OAuthBearerAuthenticator());
            TestTokenLoginService testTokenLoginService = new TestTokenLoginService(OAuthBearerIntegrationTest.TOKEN);
            constraintSecurityHandler.setLoginService(testTokenLoginService);
            constraintSecurityHandler.setIdentityService(new DefaultIdentityService());
            constraintSecurityHandler.setRealmName(testTokenLoginService.getName());
            servletContextHandler.setSecurityHandler(constraintSecurityHandler);
        }

        public URI getUri() {
            return this.server.getURI();
        }
    }

    @Produces({"application/json"})
    @Path("/test")
    @Consumes({"application/json"})
    /* loaded from: input_file:io/confluent/common/security/jetty/OAuthBearerIntegrationTest$TestResource.class */
    public static class TestResource {
        @GET
        @Path("/resource")
        public Response get() {
            return Response.ok("hello").build();
        }
    }

    @Before
    public void setUp() throws Exception {
        Properties properties = new Properties();
        properties.put("listeners", "http://localhost:0");
        properties.put("authentication.roles", "**");
        this.application = new TestApplication(new RestConfig(RestConfig.baseConfigDef(), properties));
        this.application.start();
    }

    @Test
    public void testQueryParamAuthentication() throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(this.application.getUri().toString() + "test/resource?access_token=" + TOKEN).openConnection();
        InputStream inputStream = httpURLConnection.getInputStream();
        Throwable th = null;
        try {
            try {
                Assert.assertArrayEquals("hello".getBytes("utf8"), ByteSource.wrap(ByteStreams.toByteArray(inputStream)).read());
                if (inputStream != null) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        inputStream.close();
                    }
                }
                Assert.assertEquals(200L, httpURLConnection.getResponseCode());
                Assert.assertEquals("private", httpURLConnection.getHeaderField("Cache-Control"));
            } finally {
            }
        } catch (Throwable th3) {
            if (inputStream != null) {
                if (th != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    inputStream.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testHeaderAuthentication() throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(this.application.getUri().toString() + "test/resource").openConnection();
        httpURLConnection.setRequestProperty("Authorization", "Bearer aabbccdd1234==");
        Assert.assertEquals(200L, httpURLConnection.getResponseCode());
        Assert.assertNull(httpURLConnection.getHeaderField("Cache-Control"));
        InputStream inputStream = httpURLConnection.getInputStream();
        Throwable th = null;
        try {
            try {
                Assert.assertArrayEquals("hello".getBytes("utf8"), ByteSource.wrap(ByteStreams.toByteArray(inputStream)).read());
                if (inputStream != null) {
                    if (0 == 0) {
                        inputStream.close();
                        return;
                    }
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (inputStream != null) {
                if (th != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    inputStream.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testInvalidQueryParam() throws Exception {
        Assert.assertEquals(401L, ((HttpURLConnection) new URL(this.application.getUri().toString() + "test/resource?access_token=bad=token").openConnection()).getResponseCode());
    }

    @Test
    public void testInvalidHeader() throws Exception {
        ((HttpURLConnection) new URL(this.application.getUri().toString() + "test/resource").openConnection()).setRequestProperty("Authorization", "Bearer bad=token");
        Assert.assertEquals(401L, r0.getResponseCode());
    }

    @Test
    public void testFailMultipleAuthMethods() throws Exception {
        ((HttpURLConnection) new URL(this.application.getUri().toString() + "test/resource?access_token=" + TOKEN).openConnection()).setRequestProperty("Authorization", "XXX");
        Assert.assertEquals(401L, r0.getResponseCode());
    }
}
