package org.apache.nifi.web.security;

import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.nifi.authorization.user.NiFiUser;
import org.apache.nifi.util.StringUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:org/apache/nifi/web/security/ProxiedEntitiesUtilsTest.class */
public class ProxiedEntitiesUtilsTest {
    private static final String SAFE_USER_NAME_JOHN = "jdoe";
    private static final String SAFE_USER_DN_JOHN = "CN=jdoe, OU=Apache NiFi";
    private static final String SAFE_USER_NAME_PROXY_1 = "proxy1.nifi.apache.org";
    private static final String SAFE_USER_DN_PROXY_1 = "CN=proxy1.nifi.apache.org, OU=Apache NiFi";
    private static final String SAFE_USER_NAME_PROXY_2 = "proxy2.nifi.apache.org";
    private static final String SAFE_USER_DN_PROXY_2 = "CN=proxy2.nifi.apache.org, OU=Apache NiFi";
    private static final String MALICIOUS_USER_DN_JOHN = "CN=jdoe, OU=Apache NiFi><CN=proxy1.nifi.apache.org, OU=Apache NiFi";
    private static final String ANONYMOUS_USER = "";
    private static final String ANONYMOUS_PROXIED_ENTITY_CHAIN = "<>";
    private static final String MALICIOUS_USER_NAME_JOHN = "jdoe, OU=Apache NiFi><CN=proxy1.nifi.apache.org";
    private static final String MALICIOUS_USER_NAME_JOHN_ESCAPED = sanitizeDn(MALICIOUS_USER_NAME_JOHN);
    private static final String UNICODE_DN_1 = "CN=Алйс, OU=Apache NiFi";
    private static final String UNICODE_DN_1_ENCODED = "<" + base64Encode(UNICODE_DN_1) + ">";
    private static final String UNICODE_DN_2 = "CN=Боб, OU=Apache NiFi";
    private static final String UNICODE_DN_2_ENCODED = "<" + base64Encode(UNICODE_DN_2) + ">";

    private static String sanitizeDn(String str) {
        return str.replaceAll(">", "\\\\>").replaceAll("<", "\\\\<");
    }

    private static String base64Encode(String str) {
        return Base64.getEncoder().encodeToString(str.getBytes(StandardCharsets.UTF_8));
    }

    @MethodSource({"getMaliciousNames"})
    @ParameterizedTest
    public void testSanitizeDnShouldHandleFuzzing(String str) {
        Assertions.assertNotEquals(formatDn(SAFE_USER_NAME_JOHN), ProxiedEntitiesUtils.formatProxyDn(str));
    }

    private static List<String> getMaliciousNames() {
        return Arrays.asList(MALICIOUS_USER_NAME_JOHN, "jdoe>", "jdoe><>", "jdoe\\>", "jdoe>", "jdoe\\>", "jdoe��", "jdoe\bn");
    }

    @Test
    public void testShouldFormatProxyDn() {
        Assertions.assertEquals(formatDn(SAFE_USER_DN_JOHN), ProxiedEntitiesUtils.formatProxyDn(SAFE_USER_DN_JOHN));
    }

    @Test
    public void testFormatProxyDnShouldHandleMaliciousInput() {
        Assertions.assertEquals(formatSanitizedDn(MALICIOUS_USER_DN_JOHN), ProxiedEntitiesUtils.formatProxyDn(MALICIOUS_USER_DN_JOHN));
    }

    @Test
    public void testGetProxiedEntitiesChain() {
        String[] strArr = {SAFE_USER_NAME_JOHN, SAFE_USER_DN_PROXY_1, SAFE_USER_DN_PROXY_2};
        Assertions.assertEquals(formatDns(strArr), ProxiedEntitiesUtils.getProxiedEntitiesChain(strArr));
    }

    @Test
    public void testGetProxiedEntitiesChainShouldHandleMaliciousInput() {
        Assertions.assertEquals(formatSanitizedDn(MALICIOUS_USER_DN_JOHN) + formatDns(SAFE_USER_DN_PROXY_1, SAFE_USER_DN_PROXY_2), ProxiedEntitiesUtils.getProxiedEntitiesChain(new String[]{MALICIOUS_USER_DN_JOHN, SAFE_USER_DN_PROXY_1, SAFE_USER_DN_PROXY_2}));
    }

    @Test
    public void testGetProxiedEntitiesChainShouldEncodeUnicode() {
        Assertions.assertEquals(formatDns(SAFE_USER_NAME_JOHN, UNICODE_DN_1_ENCODED, UNICODE_DN_2_ENCODED), ProxiedEntitiesUtils.getProxiedEntitiesChain(new String[]{SAFE_USER_NAME_JOHN, UNICODE_DN_1, UNICODE_DN_2}));
    }

    @Test
    public void testFormatProxyDnShouldEncodeNonAsciiCharacters() {
        Assertions.assertEquals(formatDn(UNICODE_DN_1_ENCODED), ProxiedEntitiesUtils.formatProxyDn(UNICODE_DN_1));
    }

    @Test
    public void testShouldBuildProxyChain(@Mock NiFiUser niFiUser, @Mock NiFiUser niFiUser2) {
        Mockito.when(niFiUser.getIdentity()).thenReturn(SAFE_USER_NAME_PROXY_1);
        Mockito.when(niFiUser.getChain()).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(niFiUser.isAnonymous())).thenReturn(false);
        Mockito.when(niFiUser2.getIdentity()).thenReturn(SAFE_USER_NAME_JOHN);
        Mockito.when(niFiUser2.getChain()).thenReturn(niFiUser);
        Mockito.when(Boolean.valueOf(niFiUser2.isAnonymous())).thenReturn(false);
        Assertions.assertEquals(formatDns(SAFE_USER_NAME_JOHN, SAFE_USER_NAME_PROXY_1), ProxiedEntitiesUtils.buildProxiedEntitiesChainString(niFiUser2));
    }

    @Test
    public void testBuildProxyChainFromNullUserShouldBeAnonymous() {
        Assertions.assertEquals(ANONYMOUS_PROXIED_ENTITY_CHAIN, ProxiedEntitiesUtils.buildProxiedEntitiesChainString((NiFiUser) null));
    }

    @Test
    public void testBuildProxyChainFromAnonymousUserShouldBeAnonymous(@Mock NiFiUser niFiUser, @Mock NiFiUser niFiUser2) {
        Mockito.when(niFiUser.getIdentity()).thenReturn(SAFE_USER_NAME_PROXY_1);
        Mockito.when(niFiUser.getChain()).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(niFiUser.isAnonymous())).thenReturn(false);
        Mockito.when(niFiUser2.getChain()).thenReturn(niFiUser);
        Mockito.when(Boolean.valueOf(niFiUser2.isAnonymous())).thenReturn(true);
        Assertions.assertEquals(formatDns(ANONYMOUS_USER, SAFE_USER_NAME_PROXY_1), ProxiedEntitiesUtils.buildProxiedEntitiesChainString(niFiUser2));
    }

    @Test
    public void testBuildProxyChainShouldHandleUnicode(@Mock NiFiUser niFiUser, @Mock NiFiUser niFiUser2) {
        Mockito.when(niFiUser.getIdentity()).thenReturn(UNICODE_DN_1);
        Mockito.when(niFiUser.getChain()).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(niFiUser.isAnonymous())).thenReturn(false);
        Mockito.when(niFiUser2.getIdentity()).thenReturn(SAFE_USER_NAME_JOHN);
        Mockito.when(niFiUser2.getChain()).thenReturn(niFiUser);
        Mockito.when(Boolean.valueOf(niFiUser2.isAnonymous())).thenReturn(false);
        Assertions.assertEquals(formatDns(SAFE_USER_NAME_JOHN, UNICODE_DN_1_ENCODED), ProxiedEntitiesUtils.buildProxiedEntitiesChainString(niFiUser2));
    }

    @Test
    public void testBuildProxyChainShouldHandleMaliciousUser(@Mock NiFiUser niFiUser, @Mock NiFiUser niFiUser2) {
        Mockito.when(niFiUser.getIdentity()).thenReturn(SAFE_USER_NAME_PROXY_1);
        Mockito.when(niFiUser.getChain()).thenReturn((Object) null);
        Mockito.when(Boolean.valueOf(niFiUser.isAnonymous())).thenReturn(false);
        Mockito.when(niFiUser2.getIdentity()).thenReturn(MALICIOUS_USER_NAME_JOHN);
        Mockito.when(niFiUser2.getChain()).thenReturn(niFiUser);
        Mockito.when(Boolean.valueOf(niFiUser2.isAnonymous())).thenReturn(false);
        Assertions.assertEquals(formatDns(MALICIOUS_USER_NAME_JOHN_ESCAPED, SAFE_USER_NAME_PROXY_1), ProxiedEntitiesUtils.buildProxiedEntitiesChainString(niFiUser2));
    }

    @Test
    public void testShouldTokenizeProxiedEntitiesChainWithUserNames() {
        List asList = Arrays.asList(SAFE_USER_NAME_JOHN, SAFE_USER_NAME_PROXY_1, SAFE_USER_NAME_PROXY_2);
        Assertions.assertEquals(asList, ProxiedEntitiesUtils.tokenizeProxiedEntitiesChain(formatDns((String[]) asList.toArray(new String[0]))));
    }

    @Test
    public void testShouldTokenizeAnonymous() {
        Assertions.assertEquals(Collections.singletonList(ANONYMOUS_USER), ProxiedEntitiesUtils.tokenizeProxiedEntitiesChain(ANONYMOUS_PROXIED_ENTITY_CHAIN));
    }

    @Test
    public void testShouldTokenizeDoubleAnonymous() {
        Assertions.assertEquals(Arrays.asList(ANONYMOUS_USER, ANONYMOUS_USER), ProxiedEntitiesUtils.tokenizeProxiedEntitiesChain(StringUtils.repeat(ANONYMOUS_PROXIED_ENTITY_CHAIN, 2)));
    }

    @Test
    public void testShouldTokenizeNestedAnonymous() {
        List asList = Arrays.asList(SAFE_USER_DN_PROXY_1, ANONYMOUS_USER, SAFE_USER_DN_PROXY_2);
        Assertions.assertEquals(asList, ProxiedEntitiesUtils.tokenizeProxiedEntitiesChain(formatDns((String[]) asList.toArray(new String[0]))));
    }

    @Test
    public void testShouldTokenizeProxiedEntitiesChainWithDNs() {
        List asList = Arrays.asList(SAFE_USER_DN_JOHN, SAFE_USER_DN_PROXY_1, SAFE_USER_DN_PROXY_2);
        Assertions.assertEquals(asList, ProxiedEntitiesUtils.tokenizeProxiedEntitiesChain(formatDns((String[]) asList.toArray(new String[0]))));
    }

    @Test
    public void testShouldTokenizeProxiedEntitiesChainWithAnonymousUser() {
        List asList = Arrays.asList(ANONYMOUS_USER, SAFE_USER_NAME_PROXY_1, SAFE_USER_NAME_PROXY_2);
        Assertions.assertEquals(asList, ProxiedEntitiesUtils.tokenizeProxiedEntitiesChain(formatDns((String[]) asList.toArray(new String[0]))));
    }

    @Test
    public void testTokenizeProxiedEntitiesChainShouldHandleMaliciousUser() {
        List asList = Arrays.asList(MALICIOUS_USER_NAME_JOHN, SAFE_USER_NAME_PROXY_1, SAFE_USER_NAME_PROXY_2);
        List list = ProxiedEntitiesUtils.tokenizeProxiedEntitiesChain((String) asList.stream().map(this::formatSanitizedDn).collect(Collectors.joining()));
        Assertions.assertEquals(asList, list);
        Assertions.assertFalse(list.contains(SAFE_USER_NAME_JOHN));
    }

    @Test
    public void testTokenizeProxiedEntitiesChainShouldDecodeNonAsciiValues() {
        Assertions.assertEquals(Arrays.asList(SAFE_USER_NAME_JOHN, UNICODE_DN_1, UNICODE_DN_2), ProxiedEntitiesUtils.tokenizeProxiedEntitiesChain(formatDns(SAFE_USER_NAME_JOHN, UNICODE_DN_1_ENCODED, UNICODE_DN_2_ENCODED)));
    }

    private String formatSanitizedDn(String str) {
        return formatDn(sanitizeDn(str));
    }

    private String formatDn(String str) {
        return formatDns(str);
    }

    private String formatDns(String... strArr) {
        return (String) Arrays.stream(strArr).collect(Collectors.joining("><", "<", ">"));
    }
}
