package org.apache.activemq.artemis.spi.core.security.jaas;

import com.sun.net.httpserver.Authenticator;
import com.sun.net.httpserver.Headers;
import com.sun.net.httpserver.HttpsExchange;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import javax.security.auth.Subject;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/activemq/artemis/spi/core/security/jaas/HttpServerAuthenticatorTest.class */
public class HttpServerAuthenticatorTest {
    private final HttpsExchange httpsExchange = (HttpsExchange) Mockito.mock(HttpsExchange.class);
    static final String loginConfigSystemPropName = "java.security.auth.login.config";

    @BeforeClass
    public static void setSystemProps() {
        String file;
        URL resource = HttpServerAuthenticatorTest.class.getClassLoader().getResource("login.config");
        if (resource == null || (file = resource.getFile()) == null) {
            return;
        }
        System.setProperty(loginConfigSystemPropName, file);
    }

    @AfterClass
    public static void unsetSystemProps() {
        System.clearProperty(loginConfigSystemPropName);
        System.clearProperty("httpServerAuthenticator.realm");
        System.clearProperty("httpServerAuthenticator.requestSubjectAttribute");
    }

    @Test
    public void testGuestLogin() {
        System.setProperty("httpServerAuthenticator.realm", "GuestLogin");
        System.clearProperty("httpServerAuthenticator.requestSubjectAttribute");
        Object[] objArr = new Object[1];
        ((HttpsExchange) Mockito.doAnswer(invocationOnMock -> {
            objArr[0] = invocationOnMock.getArgument(1);
            return null;
        }).when(this.httpsExchange)).setAttribute((String) ArgumentMatchers.any(String.class), ArgumentMatchers.any(Object.class));
        Mockito.when(this.httpsExchange.getAttribute(HttpServerAuthenticator.DEFAULT_SUBJECT_ATTRIBUTE)).then(invocationOnMock2 -> {
            return objArr[0];
        });
        Authenticator.Success authenticate = new HttpServerAuthenticator().authenticate(this.httpsExchange);
        Assert.assertTrue(authenticate instanceof Authenticator.Success);
        MatcherAssert.assertThat(authenticate.getPrincipal().getUsername(), CoreMatchers.is("foo"));
        Subject subject = (Subject) this.httpsExchange.getAttribute(HttpServerAuthenticator.DEFAULT_SUBJECT_ATTRIBUTE);
        MatcherAssert.assertThat(subject.getPrincipals(UserPrincipal.class), Matchers.hasSize(1));
        subject.getPrincipals(UserPrincipal.class).forEach(userPrincipal -> {
            MatcherAssert.assertThat(userPrincipal.getName(), CoreMatchers.is("foo"));
        });
        MatcherAssert.assertThat(subject.getPrincipals(RolePrincipal.class), Matchers.hasSize(1));
    }

    @Test
    public void testBasicLogin() {
        System.setProperty("httpServerAuthenticator.realm", "PropertiesLogin");
        System.clearProperty("httpServerAuthenticator.requestSubjectAttribute");
        Headers headers = new Headers();
        headers.add("Authorization", "Basic " + Base64.getEncoder().encodeToString("first:secret".getBytes(StandardCharsets.UTF_8)));
        Mockito.when(this.httpsExchange.getRequestHeaders()).thenReturn(headers);
        Object[] objArr = new Object[1];
        ((HttpsExchange) Mockito.doAnswer(invocationOnMock -> {
            objArr[0] = invocationOnMock.getArgument(1);
            return null;
        }).when(this.httpsExchange)).setAttribute((String) ArgumentMatchers.any(String.class), ArgumentMatchers.any(Object.class));
        Mockito.when(this.httpsExchange.getAttribute(HttpServerAuthenticator.DEFAULT_SUBJECT_ATTRIBUTE)).then(invocationOnMock2 -> {
            return objArr[0];
        });
        Authenticator.Success authenticate = new HttpServerAuthenticator().authenticate(this.httpsExchange);
        Assert.assertTrue(authenticate instanceof Authenticator.Success);
        MatcherAssert.assertThat(authenticate.getPrincipal().getUsername(), CoreMatchers.is("first"));
        Subject subject = (Subject) this.httpsExchange.getAttribute(HttpServerAuthenticator.DEFAULT_SUBJECT_ATTRIBUTE);
        MatcherAssert.assertThat(subject.getPrincipals(UserPrincipal.class), Matchers.hasSize(1));
        subject.getPrincipals(UserPrincipal.class).forEach(userPrincipal -> {
            MatcherAssert.assertThat(userPrincipal.getName(), CoreMatchers.is("first"));
        });
        MatcherAssert.assertThat(subject.getPrincipals(RolePrincipal.class), Matchers.hasSize(2));
    }

    @Test
    public void testNonBasic() {
        System.setProperty("httpServerAuthenticator.realm", "HttpServerAuthenticator");
        System.clearProperty("httpServerAuthenticator.requestSubjectAttribute");
        Headers headers = new Headers();
        headers.add("Authorization", "Bearer " + Base64.getEncoder().encodeToString("some-random-string".getBytes(StandardCharsets.UTF_8)));
        Mockito.when(this.httpsExchange.getRequestHeaders()).thenReturn(headers);
        Assert.assertTrue(new HttpServerAuthenticator().authenticate(this.httpsExchange) instanceof Authenticator.Failure);
        Assert.assertNull("no subject", this.httpsExchange.getAttribute(HttpServerAuthenticator.DEFAULT_SUBJECT_ATTRIBUTE));
        ((HttpsExchange) Mockito.verify(this.httpsExchange, Mockito.times(1))).getRequestHeaders();
        ((HttpsExchange) Mockito.verify(this.httpsExchange, Mockito.times(1))).getSSLSession();
    }
}
