package io.confluent.ksql.security.filter;

import io.confluent.common.security.auth.JwtPrincipal;
import io.confluent.ksql.rest.server.resources.KsqlResource;
import io.confluent.ksql.rest.server.security.KsqlAuthorizer;
import java.io.IOException;
import java.lang.reflect.Method;
import java.net.URI;
import java.security.Principal;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.glassfish.jersey.internal.PropertiesDelegate;
import org.glassfish.jersey.server.ContainerRequest;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.runners.MockitoJUnitRunner;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:io/confluent/ksql/security/filter/KsqlAuthorizationFilterTest.class */
public class KsqlAuthorizationFilterTest {
    private static final boolean ALLOWED = true;
    private static final boolean DENIED = false;
    private static final int FORBIDDEN = Response.Status.FORBIDDEN.getStatusCode();
    private static final int UNAUTHORIZED = Response.Status.UNAUTHORIZED.getStatusCode();
    private static final int SERVER_ERROR = Response.Status.INTERNAL_SERVER_ERROR.getStatusCode();
    private static final Class KSQL_RESOURCE = KsqlResource.class;
    private static final String DUMMY_METHOD_NAME = "dummyMethod";
    protected static final Method DUMMY_METHOD;

    @Mock
    private ResourceInfo resourceInfo;

    @Mock
    private KsqlAuthorizer authorizer;

    @Mock
    private SecurityContext securityContext;

    @Mock
    private JwtPrincipal principalUser1;
    private KsqlAuthorizationFilter authorizationFilter;

    @Before
    public void setUp() {
        this.authorizationFilter = new KsqlAuthorizationFilter(this.authorizer);
        this.authorizationFilter.setResourceInfo(this.resourceInfo);
        Mockito.when(this.principalUser1.getName()).thenReturn("user_1");
        Mockito.when(this.principalUser1.getJwt()).thenReturn("user_1_token");
        Mockito.reset(new SecurityContext[]{this.securityContext});
    }

    @Test
    public void filterShouldAbortOperationIfNoUserPrincipalIsNotFound() throws IOException {
        ContainerRequest givenRequestContext = givenRequestContext(null);
        this.authorizationFilter.filter(givenRequestContext);
        Assert.assertThat(Integer.valueOf(givenRequestContext.getAbortResponse().getStatus()), CoreMatchers.is(Integer.valueOf(UNAUTHORIZED)));
    }

    @Test
    public void filterShouldAbortOperationIfUserIsNotAllowed() throws IOException {
        ContainerRequest givenRequestContext = givenRequestContext(this.principalUser1);
        givenUserPermission(false, this.principalUser1, KSQL_RESOURCE, DUMMY_METHOD_NAME);
        this.authorizationFilter.filter(givenRequestContext);
        Assert.assertThat(Integer.valueOf(givenRequestContext.getAbortResponse().getStatus()), CoreMatchers.is(Integer.valueOf(FORBIDDEN)));
    }

    @Test
    public void filterShouldContinueOperationIfUserIsAllowed() throws IOException {
        ContainerRequest givenRequestContext = givenRequestContext(this.principalUser1);
        givenUserPermission(true, this.principalUser1, KSQL_RESOURCE, DUMMY_METHOD_NAME);
        this.authorizationFilter.filter(givenRequestContext);
        Assert.assertThat(givenRequestContext.getAbortResponse(), CoreMatchers.is(CoreMatchers.nullValue()));
    }

    @Test
    public void filterShouldAbortOperationIfExceptionOccurs() throws IOException {
        ContainerRequest givenRequestContext = givenRequestContext(this.principalUser1);
        givenAuthorizerExceptionOccurs();
        this.authorizationFilter.filter(givenRequestContext);
        Assert.assertThat(Integer.valueOf(givenRequestContext.getAbortResponse().getStatus()), CoreMatchers.is(Integer.valueOf(SERVER_ERROR)));
    }

    private void givenAuthorizerExceptionOccurs() {
        Mockito.when(Boolean.valueOf(this.authorizer.hasAccess((Principal) Mockito.any(), (Class) Mockito.any(), (String) Mockito.any()))).thenThrow(new Class[]{Exception.class});
    }

    private void givenUserPermission(boolean z, JwtPrincipal jwtPrincipal, Class cls, String str) {
        Mockito.when(Boolean.valueOf(this.authorizer.hasAccess(jwtPrincipal, cls, str))).thenReturn(Boolean.valueOf(z));
    }

    private ContainerRequest givenRequestContext(JwtPrincipal jwtPrincipal) {
        Mockito.when(this.securityContext.getUserPrincipal()).thenReturn(jwtPrincipal);
        ContainerRequest containerRequest = new ContainerRequest(URI.create("/"), (URI) null, DUMMY_METHOD_NAME, this.securityContext, (PropertiesDelegate) Mockito.mock(PropertiesDelegate.class));
        Mockito.when(this.resourceInfo.getResourceClass()).thenReturn(KSQL_RESOURCE);
        Mockito.when(this.resourceInfo.getResourceMethod()).thenReturn(DUMMY_METHOD);
        return containerRequest;
    }

    public void dummyMethod() {
    }

    static {
        try {
            DUMMY_METHOD = KsqlAuthorizationFilterTest.class.getMethod(DUMMY_METHOD_NAME, new Class[DENIED]);
        } catch (NoSuchMethodException e) {
            throw new RuntimeException("Failed to locate method used during testing");
        }
    }
}
