package io.confluent.security.authentication.http;

import io.confluent.security.authentication.oauthbearer.JwksTestFixture;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import javax.ws.rs.core.Configuration;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.SecurityContext;
import org.glassfish.jersey.internal.MapPropertiesDelegate;
import org.glassfish.jersey.server.ContainerRequest;
import org.jose4j.lang.JoseException;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/confluent/security/authentication/http/HttpServerAuthFilterTest.class */
public class HttpServerAuthFilterTest {
    static HttpServerAuthFilter filter;

    @BeforeAll
    static void setup() {
        filter = new HttpServerAuthFilter(new HttpAuthenticatorJwt(JwksTestFixture.authenticator()));
    }

    @Test
    public void httpFiltersBogusAuthHeader() throws URISyntaxException, IOException {
        ContainerRequest request = getRequest();
        request.header("Authorization", "bogus");
        filter.filter(request);
        Assertions.assertEquals(401, request.getAbortResponse().getStatus());
    }

    @Test
    public void httpFiltersGoodAuthHeader() throws URISyntaxException, IOException, JoseException {
        ContainerRequest request = getRequest();
        request.header("Authorization", "Bearer " + HttpAuthenticatorTest.newJwk("valid").bearerToken());
        filter.filter(request);
        Assertions.assertNull(request.getAbortResponse());
        Assertions.assertEquals("valid", request.getSecurityContext().getUserPrincipal().getName());
    }

    @Test
    public void httpFiltersGoodCookie() throws URISyntaxException, IOException, JoseException {
        ContainerRequest request = getRequest();
        request.header("Cookie", new NewCookie("auth_token", "Bearer " + HttpAuthenticatorTest.newJwk("valid").bearerToken()).toString());
        filter.filter(request);
        Assertions.assertNull(request.getAbortResponse());
        Assertions.assertEquals("valid", request.getSecurityContext().getUserPrincipal().getName());
    }

    @Test
    public void httpFiltersCookieToken() throws URISyntaxException, IOException, JoseException {
        ContainerRequest request = getRequest();
        request.header("Cookie", new NewCookie("auth_token", HttpAuthenticatorTest.newJwk("valid").bearerToken()).toString());
        filter.filter(request);
        Assertions.assertNull(request.getAbortResponse());
        Assertions.assertEquals("valid", request.getSecurityContext().getUserPrincipal().getName());
    }

    @Test
    public void httpFilterAuthOverrulesCookie() throws URISyntaxException, IOException, JoseException {
        ContainerRequest request = getRequest();
        request.header("Cookie", new NewCookie("auth_token", "Bearer " + HttpAuthenticatorTest.newJwk("valid-cookie").bearerToken()).toString());
        request.header("Authorization", "Bearer " + HttpAuthenticatorTest.newJwk("valid-auth-header").bearerToken());
        filter.filter(request);
        Assertions.assertNull(request.getAbortResponse());
        Assertions.assertEquals("valid-auth-header", request.getSecurityContext().getUserPrincipal().getName());
    }

    private ContainerRequest getRequest() throws URISyntaxException {
        return new ContainerRequest(new URI("base.uri"), new URI("requestUri"), "GET", (SecurityContext) null, new MapPropertiesDelegate(), (Configuration) null);
    }
}
