package org.apache.jena.fuseki.main.access;

import org.apache.jena.atlas.web.HttpException;
import org.apache.jena.atlas.web.TypedInputStream;
import org.apache.jena.atlas.web.WebLib;
import org.apache.jena.fuseki.auth.Auth;
import org.apache.jena.fuseki.jetty.JettyLib;
import org.apache.jena.fuseki.main.FusekiServer;
import org.apache.jena.fuseki.server.DataService;
import org.apache.jena.http.HttpOp;
import org.apache.jena.query.DatasetFactory;
import org.apache.jena.rdfconnection.LibSec;
import org.apache.jena.sparql.core.DatasetGraphFactory;
import org.apache.jena.web.AuthSetup;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.UserStore;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/jena/fuseki/main/access/TestSecurityBuilderSetup.class */
public class TestSecurityBuilderSetup {
    private static FusekiServer fusekiServer = null;
    private static String serverURL;
    private static AuthSetup authSetup1;
    private static AuthSetup authSetup2;
    private static AuthSetup authSetupX;

    @BeforeClass
    public static void beforeClass() {
        int choosePort = WebLib.choosePort();
        authSetup1 = new AuthSetup("localhost", Integer.valueOf(choosePort), "user1", "pw1", "TripleStore");
        authSetup2 = new AuthSetup("localhost", Integer.valueOf(choosePort), "user2", "pw2", "TripleStore");
        authSetupX = new AuthSetup("localhost", Integer.valueOf(choosePort), "userX", "pwX", "TripleStore");
        UserStore userStore = new UserStore();
        JettyLib.addUser(userStore, authSetup1.user, authSetup1.password);
        JettyLib.addUser(userStore, authSetup2.user, authSetup2.password);
        try {
            userStore.start();
            ConstraintSecurityHandler makeSecurityHandler = JettyLib.makeSecurityHandler(authSetup1.realm, userStore);
            JettyLib.addPathConstraint(makeSecurityHandler, "/ds");
            JettyLib.addPathConstraint(makeSecurityHandler, "/nowhere");
            JettyLib.addPathConstraint(makeSecurityHandler, "/ctl");
            fusekiServer = FusekiServer.create().port(choosePort).add("/ds", DatasetFactory.createTxnMem()).add("/open", DatasetFactory.createTxnMem()).add("/ctl", DataService.newBuilder(DatasetGraphFactory.createTxnMem()).withStdServices(false).setAuthPolicy(Auth.policyAllowSpecific(new String[]{"user1"})).build()).securityHandler(makeSecurityHandler).build();
            fusekiServer.start();
            serverURL = fusekiServer.serverURL();
        } catch (Exception e) {
            throw new RuntimeException("UserStore", e);
        }
    }

    @Before
    public void before() {
    }

    @AfterClass
    public static void afterClass() {
        fusekiServer.stop();
    }

    @Test
    public void access_server() {
        try {
            TypedInputStream httpGet = HttpOp.httpGet(serverURL);
            try {
                Assert.assertNotNull(httpGet);
                Assert.fail("Didn't expect to succeed");
                if (httpGet != null) {
                    httpGet.close();
                }
            } finally {
            }
        } catch (HttpException e) {
            if (e.getStatusCode() != 404) {
                throw e;
            }
        }
    }

    @Test
    public void access_open() {
        TypedInputStream httpGet = HttpOp.httpGet(serverURL + "open");
        try {
            Assert.assertNotNull(httpGet);
            if (httpGet != null) {
                httpGet.close();
            }
        } catch (Throwable th) {
            if (httpGet != null) {
                try {
                    httpGet.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void access_open_user1() {
        LibSec.withAuth(serverURL + "open", authSetup1, rDFConnection -> {
            rDFConnection.queryAsk("ASK{}");
        });
    }

    @Test
    public void access_open_userX() {
        LibSec.withAuth(serverURL + "open", authSetupX, rDFConnection -> {
            rDFConnection.queryAsk("ASK{}");
        });
    }

    @Test
    public void access_deny_ds() {
        try {
            TypedInputStream httpGet = HttpOp.httpGet(serverURL + "ds");
            try {
                Assert.fail("Didn't expect to succeed");
                if (httpGet != null) {
                    httpGet.close();
                }
            } finally {
            }
        } catch (HttpException e) {
            if (e.getStatusCode() != 401) {
                throw e;
            }
        }
    }

    @Test
    public void access_deny_nowhere() {
        try {
            TypedInputStream httpGet = HttpOp.httpGet(serverURL + "nowhere");
            try {
                Assert.fail("Didn't expect to succeed");
                if (httpGet != null) {
                    httpGet.close();
                }
            } finally {
            }
        } catch (HttpException e) {
            if (e.getStatusCode() != 401) {
                throw e;
            }
        }
    }

    @Test
    public void access_allow_nowhere() {
        try {
            TypedInputStream httpGet = HttpOp.httpGet(LibSec.httpClient(authSetup1), serverURL + "nowhere");
            try {
                Assert.assertNull(httpGet);
                if (httpGet != null) {
                    httpGet.close();
                }
            } finally {
            }
        } catch (HttpException e) {
            if (e.getStatusCode() != 404) {
                throw e;
            }
        }
    }

    @Test
    public void access_allow_ds() {
        TypedInputStream httpGet = HttpOp.httpGet(LibSec.httpClient(authSetup1), serverURL + "ds");
        try {
            Assert.assertNotNull(httpGet);
            if (httpGet != null) {
                httpGet.close();
            }
        } catch (Throwable th) {
            if (httpGet != null) {
                try {
                    httpGet.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void access_service_ctl_user1() {
        TypedInputStream httpGet = HttpOp.httpGet(LibSec.httpClient(authSetup1), serverURL + "ctl");
        try {
            Assert.assertNotNull(httpGet);
            if (httpGet != null) {
                httpGet.close();
            }
        } catch (Throwable th) {
            if (httpGet != null) {
                try {
                    httpGet.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void access_service_ctl_user2() {
        try {
            TypedInputStream httpGet = HttpOp.httpGet(LibSec.httpClient(authSetup2), serverURL + "ctl");
            try {
                Assert.fail("Didn't expect to succeed");
                if (httpGet != null) {
                    httpGet.close();
                }
            } finally {
            }
        } catch (HttpException e) {
            if (e.getStatusCode() != 403) {
                throw e;
            }
        }
    }

    @Test
    public void access_service_ctl_userX() {
        try {
            TypedInputStream httpGet = HttpOp.httpGet(LibSec.httpClient(authSetupX), serverURL + "ctl");
            try {
                Assert.fail("Didn't expect to succeed");
                if (httpGet != null) {
                    httpGet.close();
                }
            } finally {
            }
        } catch (HttpException e) {
            if (e.getStatusCode() != 401) {
                throw e;
            }
        }
    }
}
