package org.apache.shindig.auth;

import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.shindig.common.testing.FakeHttpServletRequest;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/shindig/auth/UrlParameterAuthenticationHandlerTest.class */
public class UrlParameterAuthenticationHandlerTest {
    SecurityToken expectedToken;
    UrlParameterAuthenticationHandler authHandler;
    SecurityTokenCodec codec;
    HttpServletRequest req;

    @Before
    public void setup() throws Exception {
        this.expectedToken = new BasicSecurityToken("owner", "viewer", "app", "domain", "appUrl", "0", "container", "activeUrl", 1000L);
        this.codec = new SecurityTokenCodec() { // from class: org.apache.shindig.auth.UrlParameterAuthenticationHandlerTest.1
            public SecurityToken createToken(Map<String, String> map) throws SecurityTokenException {
                if (map != null && "1234".equals(map.get("token"))) {
                    return UrlParameterAuthenticationHandlerTest.this.expectedToken;
                }
                return null;
            }

            public String encodeToken(SecurityToken securityToken) throws SecurityTokenException {
                return null;
            }

            public int getTokenTimeToLive() {
                return 0;
            }

            public int getTokenTimeToLive(String str) {
                return 0;
            }
        };
        this.authHandler = new UrlParameterAuthenticationHandler(this.codec, true);
    }

    @Test
    public void testGetSecurityTokenFromRequest() throws Exception {
        Assert.assertEquals(this.authHandler.getName(), AuthenticationMode.SECURITY_TOKEN_URL_PARAMETER.name());
    }

    @Test
    public void testInvalidRequests() throws Exception {
        this.req = new FakeHttpServletRequest();
        Assert.assertNull(this.authHandler.getSecurityTokenFromRequest(this.req));
        this.req = new FakeHttpServletRequest().setHeader("Authorization", "Token token=\"1234\"");
        Assert.assertNull(this.authHandler.getSecurityTokenFromRequest(this.req));
        this.req = new FakeHttpServletRequest().setHeader("Authorization", "OAuth 1234");
        Assert.assertNull(this.authHandler.getSecurityTokenFromRequest(this.req));
    }

    @Test
    public void testSecurityToken() throws Exception {
        this.req = new FakeHttpServletRequest("http://example.org/rpc?st=1234");
        Assert.assertEquals(this.expectedToken, this.authHandler.getSecurityTokenFromRequest(this.req));
    }

    @Test
    public void testOAuth1() throws Exception {
        this.req = new FakeHttpServletRequest().setHeader("Authorization", "OAuth oauth_signature_method=\"RSA-SHA1\"");
        Assert.assertNull(this.authHandler.getSecurityTokenFromRequest(this.req));
    }

    @Test
    public void testOAuth2Header() throws Exception {
        this.req = new FakeHttpServletRequest("https://www.example.org/").setHeader("Authorization", "OAuth2  1234");
        Assert.assertEquals(this.expectedToken, this.authHandler.getSecurityTokenFromRequest(this.req));
        this.req = new FakeHttpServletRequest("https://www.example.org/").setHeader("Authorization", "   OAuth2    1234 ");
        Assert.assertEquals(this.expectedToken, this.authHandler.getSecurityTokenFromRequest(this.req));
        this.req = new FakeHttpServletRequest("https://www.example.org/").setHeader("Authorization", "OAuth2 1234 x=1,y=\"2 2 2\"");
        Assert.assertEquals(this.expectedToken, this.authHandler.getSecurityTokenFromRequest(this.req));
        this.req = new FakeHttpServletRequest("http://www.example.org/").setHeader("Authorization", "OAuth2 1234");
        Assert.assertNull(this.authHandler.getSecurityTokenFromRequest(this.req));
    }

    @Test
    public void testOAuth2Param() throws Exception {
        this.req = new FakeHttpServletRequest("https://www.example.com?oauth_token=1234");
        Assert.assertEquals(this.expectedToken, this.authHandler.getSecurityTokenFromRequest(this.req));
        this.req = new FakeHttpServletRequest("https://www.example.com?oauth_token=1234&oauth_signature_method=RSA-SHA1");
        Assert.assertNull(this.authHandler.getSecurityTokenFromRequest(this.req));
    }
}
