package org.apache.james.jmap.http;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import io.netty.handler.codec.http.HttpHeaders;
import io.netty.handler.codec.http.HttpMethod;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.function.Function;
import org.apache.james.core.Username;
import org.apache.james.jmap.api.access.AccessToken;
import org.apache.james.jmap.api.access.AccessTokenRepository;
import org.apache.james.jmap.exceptions.UnauthorizedException;
import org.apache.james.jmap.memory.access.MemoryAccessTokenRepository;
import org.apache.james.mailbox.MailboxSession;
import org.apache.james.metrics.tests.RecordingMetricFactory;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
import reactor.core.publisher.Mono;
import reactor.netty.http.server.HttpServerRequest;

/* loaded from: input_file:org/apache/james/jmap/http/AuthenticatorTest.class */
public class AuthenticatorTest {
    private static final String TOKEN = "df991d2a-1c5a-4910-a90f-808b6eda133e";
    private static final String AUTHORIZATION_HEADERS = "Authorization";
    private static final Username USERNAME = Username.of("user@domain.tld");
    private static final AuthenticationStrategy DENY = asAuthStrategy(httpServerRequest -> {
        return Mono.error(new UnauthorizedException((String) null));
    });
    private static final AuthenticationStrategy ALLOW = asAuthStrategy(httpServerRequest -> {
        return Mono.just((MailboxSession) Mockito.mock(MailboxSession.class));
    });
    private HttpServerRequest mockedRequest;
    private HttpHeaders mockedHeaders;
    private AccessTokenRepository accessTokenRepository;
    private Authenticator testee;

    public static AuthenticationStrategy asAuthStrategy(final Function<HttpServerRequest, Mono<MailboxSession>> function) {
        return new AuthenticationStrategy() { // from class: org.apache.james.jmap.http.AuthenticatorTest.1
            public Mono<MailboxSession> createMailboxSession(HttpServerRequest httpServerRequest) {
                return (Mono) function.apply(httpServerRequest);
            }

            public AuthenticationChallenge correspondingChallenge() {
                return AuthenticationChallenge.of(AuthenticationScheme.of("Testing"), ImmutableMap.of());
            }
        };
    }

    @Before
    public void setup() throws Exception {
        this.mockedRequest = (HttpServerRequest) Mockito.mock(HttpServerRequest.class);
        this.mockedHeaders = (HttpHeaders) Mockito.mock(HttpHeaders.class);
        this.accessTokenRepository = new MemoryAccessTokenRepository(TimeUnit.MILLISECONDS.convert(1L, TimeUnit.HOURS));
        Mockito.when(this.mockedRequest.method()).thenReturn(HttpMethod.POST);
        Mockito.when(this.mockedRequest.requestHeaders()).thenReturn(this.mockedHeaders);
        this.testee = Authenticator.of(new RecordingMetricFactory(), new AuthenticationStrategy[]{DENY});
    }

    @Test
    public void filterShouldReturnUnauthorizedOnNullAuthorizationHeader() {
        Mockito.when(this.mockedHeaders.get(AUTHORIZATION_HEADERS)).thenReturn((Object) null);
        Assertions.assertThatThrownBy(() -> {
            this.testee.authenticate(this.mockedRequest).block();
        }).isInstanceOf(UnauthorizedException.class);
    }

    @Test
    public void filterShouldReturnUnauthorizedWhenNoAuthenticationStrategy() {
        Authenticator of = Authenticator.of(new RecordingMetricFactory(), new AuthenticationStrategy[0]);
        Assertions.assertThatThrownBy(() -> {
            of.authenticate(this.mockedRequest).block();
        }).isInstanceOf(UnauthorizedException.class);
    }

    @Test
    public void authenticationStrategiesShouldNotBeEagerlySubScribed() {
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        this.testee = Authenticator.of(new RecordingMetricFactory(), new AuthenticationStrategy[]{ALLOW, asAuthStrategy(httpServerRequest -> {
            return Mono.fromRunnable(() -> {
                atomicBoolean.set(true);
            });
        })});
        Assertions.assertThat(atomicBoolean.get()).isFalse();
        this.testee.authenticate(this.mockedRequest).block();
        Assertions.assertThat(atomicBoolean.get()).isFalse();
    }

    @Test
    public void filterShouldReturnUnauthorizedOnInvalidAuthorizationHeader() {
        Mockito.when(this.mockedHeaders.get(AUTHORIZATION_HEADERS)).thenReturn(TOKEN);
        Assertions.assertThatThrownBy(() -> {
            this.testee.authenticate(this.mockedRequest).block();
        }).isInstanceOf(UnauthorizedException.class);
    }

    @Test
    public void filterShouldReturnUnauthorizedOnBadAuthorizationHeader() {
        Mockito.when(this.mockedHeaders.get(AUTHORIZATION_HEADERS)).thenReturn("bad");
        Assertions.assertThatThrownBy(() -> {
            this.testee.authenticate(this.mockedRequest).block();
        }).isInstanceOf(UnauthorizedException.class);
    }

    @Test
    public void filterShouldReturnUnauthorizedWhenNoStrategy() {
        Mockito.when(this.mockedHeaders.get(AUTHORIZATION_HEADERS)).thenReturn(TOKEN);
        Authenticator authenticator = new Authenticator(ImmutableList.of(), new RecordingMetricFactory());
        Assertions.assertThatThrownBy(() -> {
            authenticator.authenticate(this.mockedRequest).block();
        }).isInstanceOf(UnauthorizedException.class);
    }

    @Test
    public void filterShouldNotThrowOnValidAuthorizationHeader() {
        AccessToken fromString = AccessToken.fromString(TOKEN);
        Mockito.when(this.mockedHeaders.get(AUTHORIZATION_HEADERS)).thenReturn(TOKEN);
        this.accessTokenRepository.addToken(USERNAME, fromString).block();
        Authenticator of = Authenticator.of(new RecordingMetricFactory(), new AuthenticationStrategy[]{ALLOW});
        Assertions.assertThatCode(() -> {
            of.authenticate(this.mockedRequest).block();
        }).doesNotThrowAnyException();
    }

    @Test
    public void filterShouldThrowWhenChainingAuthorizationStrategies() {
        AccessToken fromString = AccessToken.fromString(TOKEN);
        Mockito.when(this.mockedHeaders.get(AUTHORIZATION_HEADERS)).thenReturn(TOKEN);
        this.accessTokenRepository.addToken(USERNAME, fromString).block();
        Authenticator of = Authenticator.of(new RecordingMetricFactory(), new AuthenticationStrategy[]{DENY, ALLOW});
        Assertions.assertThatThrownBy(() -> {
            of.authenticate(this.mockedRequest).block();
        }).isInstanceOf(UnauthorizedException.class);
    }
}
