package org.apache.nifi.web.security;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import javax.servlet.http.Cookie;
import org.apache.nifi.web.security.cookie.ApplicationCookieName;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint;

/* loaded from: input_file:org/apache/nifi/web/security/StandardAuthenticationEntryPointTest.class */
class StandardAuthenticationEntryPointTest {
    static final String FAILED = "Authentication Failed";
    static final String BEARER_TOKEN = "Bearer Token";
    static final String ROOT_PATH = "/";
    static final String FORWARDED_PATH = "/forwarded";
    static final String FORWARDED_COOKIE_PATH = String.format("%s/", FORWARDED_PATH);
    private static final String ALLOWED_CONTEXT_PATHS_PARAMETER = "allowedContextPaths";
    MockHttpServletRequest request;
    MockHttpServletResponse response;
    StandardAuthenticationEntryPoint authenticationEntryPoint;

    StandardAuthenticationEntryPointTest() {
    }

    @BeforeEach
    void setAuthenticationEntryPoint() {
        this.authenticationEntryPoint = new StandardAuthenticationEntryPoint(new BearerTokenAuthenticationEntryPoint());
        this.request = new MockHttpServletRequest();
        this.response = new MockHttpServletResponse();
    }

    @Test
    void testCommenceAuthenticationServiceException() throws IOException {
        this.authenticationEntryPoint.commence(this.request, this.response, new AuthenticationServiceException(FAILED));
        Assertions.assertEquals(401, this.response.getStatus());
        Assertions.assertNull(this.response.getHeader("WWW-Authenticate"));
        Assertions.assertNull(this.response.getCookie(ApplicationCookieName.AUTHORIZATION_BEARER.getCookieName()));
        Assertions.assertEquals("Unauthorized", this.response.getContentAsString());
    }

    @Test
    void testCommenceOAuth2AuthenticationException() throws IOException {
        this.authenticationEntryPoint.commence(this.request, this.response, new OAuth2AuthenticationException(FAILED));
        Assertions.assertEquals(401, this.response.getStatus());
        String header = this.response.getHeader("WWW-Authenticate");
        Assertions.assertNotNull(header);
        Assertions.assertTrue(header.startsWith("Bearer"), "Bearer header not found");
        Assertions.assertTrue(header.contains(FAILED), "Header error message not found");
        Assertions.assertNull(this.response.getCookie(ApplicationCookieName.AUTHORIZATION_BEARER.getCookieName()));
        String contentAsString = this.response.getContentAsString();
        Assertions.assertTrue(contentAsString.startsWith("Unauthorized"), "Unauthorized message not found");
        Assertions.assertTrue(contentAsString.contains(FAILED), "Response error message not found");
    }

    @Test
    void testCommenceInvalidBearerTokenExceptionExpired() throws IOException {
        this.authenticationEntryPoint.commence(this.request, this.response, new InvalidBearerTokenException("Expired JWT"));
        Assertions.assertEquals(401, this.response.getStatus());
        String header = this.response.getHeader("WWW-Authenticate");
        Assertions.assertNotNull(header);
        Assertions.assertTrue(header.startsWith("Bearer"), "Bearer header not found");
        Assertions.assertTrue(header.contains("Expired JWT"), "Header error message not found");
        Assertions.assertNull(this.response.getCookie(ApplicationCookieName.AUTHORIZATION_BEARER.getCookieName()));
        Assertions.assertEquals("Session Expired", this.response.getContentAsString());
    }

    @Test
    void testCommenceRemoveCookie() throws IOException {
        AuthenticationServiceException authenticationServiceException = new AuthenticationServiceException(FAILED);
        this.request.setCookies(new Cookie[]{new Cookie(ApplicationCookieName.AUTHORIZATION_BEARER.getCookieName(), BEARER_TOKEN)});
        this.authenticationEntryPoint.commence(this.request, this.response, authenticationServiceException);
        assertResponseStatusUnauthorized();
        assertBearerCookieRemoved(ROOT_PATH);
    }

    @Test
    void testCommenceRemoveCookieForwardedPath() throws IOException {
        AuthenticationServiceException authenticationServiceException = new AuthenticationServiceException(FAILED);
        this.request.getServletContext().setInitParameter(ALLOWED_CONTEXT_PATHS_PARAMETER, FORWARDED_PATH);
        this.request.addHeader("X-Forwarded-Prefix", FORWARDED_PATH);
        this.request.setCookies(new Cookie[]{new Cookie(ApplicationCookieName.AUTHORIZATION_BEARER.getCookieName(), BEARER_TOKEN)});
        this.authenticationEntryPoint.commence(this.request, this.response, authenticationServiceException);
        assertResponseStatusUnauthorized();
        assertBearerCookieRemoved(FORWARDED_COOKIE_PATH);
    }

    void assertResponseStatusUnauthorized() throws UnsupportedEncodingException {
        Assertions.assertEquals(401, this.response.getStatus());
        Assertions.assertEquals("Unauthorized", this.response.getContentAsString());
    }

    void assertBearerCookieRemoved(String str) {
        Cookie cookie = this.response.getCookie(ApplicationCookieName.AUTHORIZATION_BEARER.getCookieName());
        Assertions.assertNotNull(cookie);
        Assertions.assertEquals(str, cookie.getPath());
    }
}
