package waffle.spring;

import com.sun.jna.WString;
import com.sun.jna.platform.win32.Advapi32Util;
import com.sun.jna.platform.win32.LMAccess;
import com.sun.jna.platform.win32.Netapi32;
import com.sun.jna.ptr.IntByReference;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.Base64;
import javax.servlet.ServletException;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import waffle.mock.http.RecordUserNameFilterChain;
import waffle.mock.http.SimpleHttpRequest;
import waffle.mock.http.SimpleHttpResponse;
import waffle.servlet.AutoDisposableWindowsPrincipal;
import waffle.servlet.WindowsPrincipal;
import waffle.servlet.spi.SecurityFilterProviderCollection;
import waffle.windows.auth.impl.WindowsAuthProviderImpl;

/* loaded from: input_file:waffle/spring/ImpersonateTest.class */
class ImpersonateTest {
    private NegotiateSecurityFilter filter;
    private LMAccess.USER_INFO_1 userInfo;
    private int resultOfNetAddUser;

    ImpersonateTest() {
    }

    @BeforeEach
    void setUp() {
        this.filter = new NegotiateSecurityFilter();
        this.filter.setProvider(new SecurityFilterProviderCollection(new WindowsAuthProviderImpl()));
        this.userInfo = new LMAccess.USER_INFO_1();
        this.userInfo.usri1_name = new WString("WaffleTestUser").toString();
        this.userInfo.usri1_password = new WString("!WAFFLEP$$Wrd0").toString();
        this.userInfo.usri1_priv = 1;
        this.resultOfNetAddUser = Netapi32.INSTANCE.NetUserAdd((String) null, 1, this.userInfo, (IntByReference) null);
        Assumptions.assumeTrue(this.resultOfNetAddUser == 0, "Unable to add user (need to be administrator to do this).");
    }

    @AfterEach
    void tearDown() {
        this.filter.destroy();
        if (0 == this.resultOfNetAddUser) {
            Assertions.assertEquals(0, Netapi32.INSTANCE.NetUserDel((String) null, this.userInfo.usri1_name.toString()));
        }
    }

    @Test
    void testImpersonateEnabled() throws IOException, ServletException {
        Assertions.assertNotEquals("Current user shouldn't be the test user prior to the test", "WaffleTestUser", Advapi32Util.getUserName());
        SimpleHttpRequest simpleHttpRequest = new SimpleHttpRequest();
        simpleHttpRequest.setMethod("GET");
        simpleHttpRequest.addHeader("Authorization", "Basic " + Base64.getEncoder().encodeToString("WaffleTestUser:!WAFFLEP$$Wrd0".getBytes(StandardCharsets.UTF_8)));
        SimpleHttpResponse simpleHttpResponse = new SimpleHttpResponse();
        RecordUserNameFilterChain recordUserNameFilterChain = new RecordUserNameFilterChain();
        this.filter.setImpersonate(true);
        this.filter.doFilter(simpleHttpRequest, simpleHttpResponse, recordUserNameFilterChain);
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Assertions.assertTrue(authentication.isAuthenticated(), "Test user should be authenticated");
        AutoDisposableWindowsPrincipal autoDisposableWindowsPrincipal = (Principal) authentication.getPrincipal();
        org.assertj.core.api.Assertions.assertThat(autoDisposableWindowsPrincipal).isInstanceOf(AutoDisposableWindowsPrincipal.class);
        AutoDisposableWindowsPrincipal autoDisposableWindowsPrincipal2 = autoDisposableWindowsPrincipal;
        try {
            Assertions.assertEquals("WaffleTestUser", recordUserNameFilterChain.getUserName(), "Test user should be impersonated");
            Assertions.assertNotEquals("WaffleTestUser", Advapi32Util.getUserName(), "Impersonation context should have been reverted");
            autoDisposableWindowsPrincipal2.getIdentity().dispose();
        } catch (Throwable th) {
            autoDisposableWindowsPrincipal2.getIdentity().dispose();
            throw th;
        }
    }

    @Test
    void testImpersonateDisabled() throws IOException, ServletException {
        Assertions.assertNotEquals("Current user shouldn't be the test user prior to the test", "WaffleTestUser", Advapi32Util.getUserName());
        SimpleHttpRequest simpleHttpRequest = new SimpleHttpRequest();
        simpleHttpRequest.setMethod("GET");
        simpleHttpRequest.addHeader("Authorization", "Basic " + Base64.getEncoder().encodeToString("WaffleTestUser:!WAFFLEP$$Wrd0".getBytes(StandardCharsets.UTF_8)));
        SimpleHttpResponse simpleHttpResponse = new SimpleHttpResponse();
        RecordUserNameFilterChain recordUserNameFilterChain = new RecordUserNameFilterChain();
        this.filter.setImpersonate(false);
        this.filter.doFilter(simpleHttpRequest, simpleHttpResponse, recordUserNameFilterChain);
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Assertions.assertTrue(authentication.isAuthenticated(), "Test user should be authenticated");
        WindowsPrincipal windowsPrincipal = (Principal) authentication.getPrincipal();
        org.assertj.core.api.Assertions.assertThat(windowsPrincipal).isInstanceOf(WindowsPrincipal.class);
        WindowsPrincipal windowsPrincipal2 = windowsPrincipal;
        try {
            Assertions.assertNotEquals("WaffleTestUser", recordUserNameFilterChain.getUserName(), "Test user should not be impersonated");
            Assertions.assertNotEquals("WaffleTestUser", Advapi32Util.getUserName(), "Impersonation context should have been reverted");
            windowsPrincipal2.getIdentity().dispose();
        } catch (Throwable th) {
            windowsPrincipal2.getIdentity().dispose();
            throw th;
        }
    }
}
