package net.trajano.auth.session.test;

import java.io.IOException;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import net.trajano.auth.session.TestServerAuthModule;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.Matchers;
import org.mockito.Mockito;

/* loaded from: input_file:net/trajano/auth/session/test/TestServerAuthModuleTest.class */
public class TestServerAuthModuleTest {
    private final Map<String, String> options = new HashMap();

    @Test
    public void testCleanSubject() throws Exception {
        Subject subject = new Subject();
        Principal principal = (Principal) Mockito.mock(Principal.class);
        Mockito.when(principal.getName()).thenReturn("authenticated");
        subject.getPrincipals().add(principal);
        Principal principal2 = (Principal) Mockito.mock(Principal.class);
        Mockito.when(principal2.getName()).thenReturn("https://foo@test-server-auth-module");
        subject.getPrincipals().add(principal2);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Mockito.when(httpSession.getAttribute("X-Subject")).thenReturn("https://foo@test-server-auth-module");
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("POST");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_security_check");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getParameter("state")).thenReturn("/");
        Mockito.when(httpServletRequest.getSession()).thenReturn(httpSession);
        Mockito.when(httpServletRequest.getSession(false)).thenReturn(httpSession);
        Mockito.when(httpServletRequest.getParameter("j_username")).thenReturn("foofoo");
        Mockito.when(httpServletRequest.getRequestDispatcher(Matchers.anyString())).thenReturn(Mockito.mock(RequestDispatcher.class));
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        new TestServerAuthModule().cleanSubject(messageInfo, subject);
    }

    @Test(expected = AuthException.class)
    public void testFailFromIOException() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        CallbackHandler callbackHandler = (CallbackHandler) Mockito.mock(CallbackHandler.class);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, callbackHandler, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_security_check");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getParameter("state")).thenReturn("/");
        Mockito.when(httpServletRequest.getParameter("nonce")).thenReturn("abc");
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn(httpServletResponse);
        RequestDispatcher requestDispatcher = (RequestDispatcher) Mockito.mock(RequestDispatcher.class);
        ((RequestDispatcher) Mockito.doThrow(IOException.class).when(requestDispatcher)).forward(httpServletRequest, httpServletResponse);
        Mockito.when(httpServletRequest.getRequestDispatcher(Matchers.anyString())).thenReturn(requestDispatcher);
        Assert.assertEquals(AuthStatus.SEND_SUCCESS, testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
        Mockito.verifyZeroInteractions(new Object[]{callbackHandler});
    }

    @Test(expected = AuthException.class)
    public void testFailLoginInvalidMethod() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) Mockito.mock(CallbackHandler.class), this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("PUT");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_security_check");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getParameter("state")).thenReturn("/rooted/page");
        Mockito.when(httpServletRequest.getParameter("nonce")).thenReturn("abc");
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null);
    }

    @Test(expected = AuthException.class)
    public void testFailLoginInvalidState() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) Mockito.mock(CallbackHandler.class), this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_security_check");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getParameter("state")).thenReturn("http://www.trajano.net/");
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null);
    }

    @Test(expected = AuthException.class)
    public void testFailLoginInvalidState2() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) Mockito.mock(CallbackHandler.class), this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_security_check");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getParameter("state")).thenReturn("some/non/rooted/page");
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null);
    }

    @Test(expected = AuthException.class)
    public void testFailLoginInvalidState3() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) Mockito.mock(CallbackHandler.class), this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_security_check");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getParameter("state")).thenReturn("/foo/../../abc");
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null);
    }

    @Test(expected = AuthException.class)
    public void testFailLoginInvalidState4() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) Mockito.mock(CallbackHandler.class), this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_security_check");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getParameter("state")).thenReturn("//url.com/foo/../../abc");
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null);
    }

    @Test(expected = AuthException.class)
    public void testFailLoginMissingNonce() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) Mockito.mock(CallbackHandler.class), this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_security_check");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getParameter("state")).thenReturn("/www.trajano.net/");
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null);
    }

    @Test(expected = AuthException.class)
    public void testFailLoginMissingState() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) Mockito.mock(CallbackHandler.class), this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_security_check");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null);
    }

    @Test(expected = AuthException.class)
    public void testFailLoginNotSecure() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) Mockito.mock(CallbackHandler.class), this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(false);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_security_check");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null);
    }

    @Test(expected = AuthException.class)
    public void testFailLoginPostMissingSession() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) Mockito.mock(CallbackHandler.class), this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("POST");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_security_check");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getParameter("state")).thenReturn("/");
        Mockito.when(httpServletRequest.getParameter("nonce")).thenReturn("abcdefg");
        Mockito.when(httpServletRequest.getParameter("j_username")).thenReturn("foofoo");
        Mockito.when(httpServletRequest.getRequestDispatcher(Matchers.anyString())).thenReturn(Mockito.mock(RequestDispatcher.class));
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn((HttpServletResponse) Mockito.mock(HttpServletResponse.class));
        Assert.assertEquals(AuthStatus.SEND_SUCCESS, testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
    }

    @Test(expected = AuthException.class)
    public void testFailLoginPostNonceMismatch() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) Mockito.mock(CallbackHandler.class), this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Mockito.when(httpSession.getAttribute("X-Nonce")).thenReturn("abc");
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("POST");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_security_check");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getParameter("state")).thenReturn("/");
        Mockito.when(httpServletRequest.getParameter("nonce")).thenReturn("abcdefg");
        Mockito.when(httpServletRequest.getParameter("j_username")).thenReturn("foofoo");
        Mockito.when(httpServletRequest.getSession()).thenReturn(httpSession);
        Mockito.when(httpServletRequest.getSession(false)).thenReturn(httpSession);
        Mockito.when(httpServletRequest.getRequestDispatcher(Matchers.anyString())).thenReturn(Mockito.mock(RequestDispatcher.class));
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn((HttpServletResponse) Mockito.mock(HttpServletResponse.class));
        Assert.assertEquals(AuthStatus.SEND_SUCCESS, testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
    }

    @Test(expected = AuthException.class)
    public void testFailLogoutInvalidRedirect() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) Mockito.mock(CallbackHandler.class), this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_logout");
        Mockito.when(httpServletRequest.getRequestURL()).thenReturn(new StringBuffer("https://www.trajano.net/util/j_logout"));
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getParameter("post_logout_redirect_uri")).thenReturn("https://site.trajano.net/util/");
        Mockito.when(httpServletRequest.getRequestDispatcher(Matchers.anyString())).thenReturn(Mockito.mock(RequestDispatcher.class));
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn((HttpServletResponse) Mockito.mock(HttpServletResponse.class));
        testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null);
    }

    @Test(expected = AuthException.class)
    public void testFailLogoutMissingRedirect() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) Mockito.mock(CallbackHandler.class), this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_logout");
        Mockito.when(httpServletRequest.getRequestURL()).thenReturn(new StringBuffer("https://www.trajano.net/util/j_logout"));
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getRequestDispatcher(Matchers.anyString())).thenReturn(Mockito.mock(RequestDispatcher.class));
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn((HttpServletResponse) Mockito.mock(HttpServletResponse.class));
        testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null);
    }

    @Test(expected = AuthException.class)
    public void testFailRedirectToLoginWithPOST() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) Mockito.mock(CallbackHandler.class), this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("POST");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/securePage");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getQueryString()).thenReturn("abc=123&doremi=abc123");
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn((HttpServletResponse) Mockito.mock(HttpServletResponse.class));
        testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null);
    }

    @Test
    public void testLogin() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        CallbackHandler callbackHandler = (CallbackHandler) Mockito.mock(CallbackHandler.class);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, callbackHandler, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_security_check");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getParameter("state")).thenReturn("/");
        Mockito.when(httpServletRequest.getParameter("nonce")).thenReturn("abcdefgh");
        Mockito.when(httpServletRequest.getRequestDispatcher(Matchers.anyString())).thenReturn(Mockito.mock(RequestDispatcher.class));
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        Assert.assertEquals(AuthStatus.SEND_SUCCESS, testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
        Mockito.verifyZeroInteractions(new Object[]{callbackHandler});
    }

    @Test
    public void testLoginPost() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        CallbackHandler callbackHandler = (CallbackHandler) Mockito.mock(CallbackHandler.class);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, callbackHandler, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Mockito.when(httpSession.getAttribute("X-Nonce")).thenReturn("abcdefg");
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("POST");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_security_check");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getSession()).thenReturn(httpSession);
        Mockito.when(httpServletRequest.getSession(false)).thenReturn(httpSession);
        Mockito.when(httpServletRequest.getParameter("state")).thenReturn("/");
        Mockito.when(httpServletRequest.getParameter("nonce")).thenReturn("abcdefg");
        Mockito.when(httpServletRequest.getParameter("j_username")).thenReturn("foofoo");
        Mockito.when(httpServletRequest.getRequestDispatcher(Matchers.anyString())).thenReturn(Mockito.mock(RequestDispatcher.class));
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn(httpServletResponse);
        Assert.assertEquals(AuthStatus.SEND_SUCCESS, testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
        ArgumentCaptor forClass = ArgumentCaptor.forClass(String.class);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendRedirect((String) forClass.capture());
        Assert.assertEquals("/util/", forClass.getValue());
        Mockito.verifyZeroInteractions(new Object[]{callbackHandler});
    }

    @Test
    public void testLoginPostWithParen() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        CallbackHandler callbackHandler = (CallbackHandler) Mockito.mock(CallbackHandler.class);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, callbackHandler, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Mockito.when(httpSession.getAttribute("X-Nonce")).thenReturn("abc");
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("POST");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_security_check");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getParameter("state")).thenReturn("/abc/../abc/../abc/abc/../abc/../aaaa");
        Mockito.when(httpServletRequest.getParameter("nonce")).thenReturn("abc");
        Mockito.when(httpServletRequest.getParameter("j_username")).thenReturn("foofoo");
        Mockito.when(httpServletRequest.getSession()).thenReturn(httpSession);
        Mockito.when(httpServletRequest.getSession(false)).thenReturn(httpSession);
        Mockito.when(httpServletRequest.getRequestDispatcher(Matchers.anyString())).thenReturn(Mockito.mock(RequestDispatcher.class));
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn(httpServletResponse);
        Assert.assertEquals(AuthStatus.SEND_SUCCESS, testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
        ArgumentCaptor forClass = ArgumentCaptor.forClass(String.class);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendRedirect((String) forClass.capture());
        Assert.assertEquals("/util/abc/aaaa", forClass.getValue());
        Mockito.verifyZeroInteractions(new Object[]{callbackHandler});
    }

    @Test
    public void testLoginPostWithQuery() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        CallbackHandler callbackHandler = (CallbackHandler) Mockito.mock(CallbackHandler.class);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, callbackHandler, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Mockito.when(httpSession.getAttribute("X-Nonce")).thenReturn("abc");
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("POST");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_security_check");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getParameter("state")).thenReturn("/securePage?abc=123&doremi=abc123");
        Mockito.when(httpServletRequest.getParameter("nonce")).thenReturn("abc");
        Mockito.when(httpServletRequest.getParameter("j_username")).thenReturn("foofoo");
        Mockito.when(httpServletRequest.getSession()).thenReturn(httpSession);
        Mockito.when(httpServletRequest.getSession(false)).thenReturn(httpSession);
        Mockito.when(httpServletRequest.getRequestDispatcher(Matchers.anyString())).thenReturn(Mockito.mock(RequestDispatcher.class));
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn(httpServletResponse);
        Assert.assertEquals(AuthStatus.SEND_SUCCESS, testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
        ArgumentCaptor forClass = ArgumentCaptor.forClass(String.class);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendRedirect((String) forClass.capture());
        Assert.assertEquals("/util/securePage?abc=123&doremi=abc123", forClass.getValue());
        Mockito.verifyZeroInteractions(new Object[]{callbackHandler});
    }

    @Test
    public void testLogout() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        CallbackHandler callbackHandler = (CallbackHandler) Mockito.mock(CallbackHandler.class);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, callbackHandler, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Mockito.when(httpSession.getAttribute("X-Subject")).thenReturn("https://foo@test-server-auth-module");
        Principal principal = (Principal) Mockito.mock(Principal.class);
        Mockito.when(principal.getName()).thenReturn("https://foo@test-server-auth-module");
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_logout");
        Mockito.when(httpServletRequest.getRequestURL()).thenReturn(new StringBuffer("https://www.trajano.net/util/j_logout"));
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getUserPrincipal()).thenReturn(principal);
        Mockito.when(httpServletRequest.getParameter("post_logout_redirect_uri")).thenReturn("https://www.trajano.net/util/");
        Mockito.when(httpServletRequest.getRequestDispatcher(Matchers.anyString())).thenReturn(Mockito.mock(RequestDispatcher.class));
        Mockito.when(httpServletRequest.getSession()).thenReturn(httpSession);
        Mockito.when(httpServletRequest.getSession(false)).thenReturn(httpSession);
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn((HttpServletResponse) Mockito.mock(HttpServletResponse.class));
        Assert.assertEquals(AuthStatus.SEND_SUCCESS, testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
        Mockito.verifyZeroInteractions(new Object[]{callbackHandler});
    }

    @Test
    public void testLogoutNoSession() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        CallbackHandler callbackHandler = (CallbackHandler) Mockito.mock(CallbackHandler.class);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, callbackHandler, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        Principal principal = (Principal) Mockito.mock(Principal.class);
        Mockito.when(principal.getName()).thenReturn("https://foo@test-server-auth-module");
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/j_logout");
        Mockito.when(httpServletRequest.getRequestURL()).thenReturn(new StringBuffer("https://www.trajano.net/util/j_logout"));
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getUserPrincipal()).thenReturn(principal);
        Mockito.when(httpServletRequest.getParameter("post_logout_redirect_uri")).thenReturn("https://www.trajano.net/util/");
        Mockito.when(httpServletRequest.getRequestDispatcher(Matchers.anyString())).thenReturn(Mockito.mock(RequestDispatcher.class));
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn((HttpServletResponse) Mockito.mock(HttpServletResponse.class));
        Assert.assertEquals(AuthStatus.SEND_SUCCESS, testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
        Mockito.verifyZeroInteractions(new Object[]{callbackHandler});
    }

    @Test
    public void testNoAuthNeededWithoutSSL() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        CallbackHandler callbackHandler = (CallbackHandler) Mockito.mock(CallbackHandler.class);
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(false);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, callbackHandler, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(false);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/ejb2");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        Assert.assertEquals(AuthStatus.SUCCESS, testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
        Mockito.verifyZeroInteractions(new Object[]{callbackHandler});
    }

    @Test
    public void testNoAuthNeededWithSSL() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(false);
        CallbackHandler callbackHandler = (CallbackHandler) Mockito.mock(CallbackHandler.class);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, callbackHandler, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/ejb2");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        Assert.assertEquals(AuthStatus.SUCCESS, testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
        Mockito.verifyZeroInteractions(new Object[]{callbackHandler});
    }

    @Test
    public void testRedirectToLogin() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        CallbackHandler callbackHandler = (CallbackHandler) Mockito.mock(CallbackHandler.class);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, callbackHandler, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/securePage");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getSession()).thenReturn(httpSession);
        Mockito.when(httpServletRequest.getSession(false)).thenReturn(httpSession);
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn(httpServletResponse);
        Subject subject = new Subject();
        ArgumentCaptor forClass = ArgumentCaptor.forClass(String.class);
        Assert.assertEquals(AuthStatus.SEND_SUCCESS, testServerAuthModule.validateRequest(messageInfo, subject, (Subject) null));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendRedirect((String) forClass.capture());
        Assert.assertTrue(((String) forClass.getValue()).startsWith("/util/j_security_check?state=%2FsecurePage&nonce="));
        Mockito.verifyZeroInteractions(new Object[]{callbackHandler});
    }

    @Test
    public void testRedirectToLoginWithQueryString() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        CallbackHandler callbackHandler = (CallbackHandler) Mockito.mock(CallbackHandler.class);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, callbackHandler, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/securePage");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getQueryString()).thenReturn("abc=123&doremi=abc123");
        Mockito.when(httpServletRequest.getSession()).thenReturn(httpSession);
        Mockito.when(httpServletRequest.getSession(false)).thenReturn(httpSession);
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn(httpServletResponse);
        Subject subject = new Subject();
        ArgumentCaptor forClass = ArgumentCaptor.forClass(String.class);
        Assert.assertEquals(AuthStatus.SEND_SUCCESS, testServerAuthModule.validateRequest(messageInfo, subject, (Subject) null));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendRedirect((String) forClass.capture());
        Assert.assertTrue(((String) forClass.getValue()).startsWith("/util/j_security_check?state=%2FsecurePage%3Fabc%3D123%26doremi%3Dabc123&nonce="));
        Mockito.verifyZeroInteractions(new Object[]{callbackHandler});
    }

    @Test
    public void testSecureMessage() throws Exception {
        Subject subject = new Subject();
        Principal principal = (Principal) Mockito.mock(Principal.class);
        Mockito.when(principal.getName()).thenReturn("authenticated");
        subject.getPrincipals().add(principal);
        Principal principal2 = (Principal) Mockito.mock(Principal.class);
        Mockito.when(principal2.getName()).thenReturn("https://foo@test-server-auth-module");
        subject.getPrincipals().add(principal2);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Mockito.when(httpSession.getAttribute("X-Subject")).thenReturn("https://foo@test-server-auth-module");
        Mockito.when(httpSession.getAttribute("X-Nonce")).thenReturn("abc");
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("POST");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(true);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/secure_page");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(httpServletRequest.getSession()).thenReturn(httpSession);
        Mockito.when(httpServletRequest.getSession(false)).thenReturn(httpSession);
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        CallbackHandler callbackHandler = (CallbackHandler) Mockito.mock(CallbackHandler.class);
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, callbackHandler, this.options);
        Assert.assertEquals(AuthStatus.SUCCESS, testServerAuthModule.validateRequest(messageInfo, (Subject) null, subject));
    }

    @Test
    public void testSSLRequired() throws Exception {
        TestServerAuthModule testServerAuthModule = new TestServerAuthModule();
        MessagePolicy messagePolicy = (MessagePolicy) Mockito.mock(MessagePolicy.class);
        Mockito.when(Boolean.valueOf(messagePolicy.isMandatory())).thenReturn(true);
        testServerAuthModule.initialize(messagePolicy, (MessagePolicy) null, (CallbackHandler) null, this.options);
        MessageInfo messageInfo = (MessageInfo) Mockito.mock(MessageInfo.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        Mockito.when(Boolean.valueOf(httpServletRequest.isSecure())).thenReturn(false);
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn("/util/ejb2");
        Mockito.when(httpServletRequest.getContextPath()).thenReturn("/util");
        Mockito.when(messageInfo.getRequestMessage()).thenReturn(httpServletRequest);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(messageInfo.getResponseMessage()).thenReturn(httpServletResponse);
        Assert.assertEquals(AuthStatus.SEND_FAILURE, testServerAuthModule.validateRequest(messageInfo, new Subject(), (Subject) null));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendError(403, "SSL Required");
    }

    @Test
    public void testSupportedMessageTypes() {
        Assert.assertEquals(2L, new TestServerAuthModule().getSupportedMessageTypes().length);
    }
}
