package org.graylog2.shared.security;

import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.SecurityContext;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.assertj.core.api.Assertions;
import org.glassfish.grizzly.http.server.Request;
import org.graylog2.shared.bindings.GuiceInjectorHolder;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnit;
import org.mockito.junit.MockitoRule;

/* loaded from: input_file:org/graylog2/shared/security/ShiroSecurityContextFilterTest.class */
public class ShiroSecurityContextFilterTest {

    @Rule
    public final MockitoRule mockitoRule = MockitoJUnit.rule();

    @Mock
    private ContainerRequestContext requestContext;

    @Mock
    private SecurityContext securityContext;
    private ShiroSecurityContextFilter filter;

    @BeforeClass
    public static void setUpInjector() {
        GuiceInjectorHolder.createInjector(Collections.emptyList());
    }

    @Before
    public void setUp() throws Exception {
        Mockito.when(Boolean.valueOf(this.securityContext.isSecure())).thenReturn(false);
        Mockito.when(this.requestContext.getSecurityContext()).thenReturn(this.securityContext);
        this.filter = new ShiroSecurityContextFilter(new DefaultSecurityManager(), () -> {
            return (Request) Mockito.mock(Request.class);
        }, Collections.emptySet());
    }

    @Test
    public void filterWithoutAuthorizationHeaderShouldDoNothing() throws Exception {
        Mockito.when(this.requestContext.getHeaders()).thenReturn(new MultivaluedHashMap());
        this.filter.filter(this.requestContext);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(SecurityContext.class);
        ((ContainerRequestContext) Mockito.verify(this.requestContext)).setSecurityContext((SecurityContext) forClass.capture());
        Assertions.assertThat((SecurityContext) forClass.getValue()).isExactlyInstanceOf(ShiroSecurityContext.class);
        Assertions.assertThat(((SecurityContext) forClass.getValue()).getAuthenticationScheme()).isNull();
    }

    @Test
    public void filterWithNonBasicAuthorizationHeaderShouldDoNothing() throws Exception {
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Foobar");
        Mockito.when(this.requestContext.getHeaders()).thenReturn(multivaluedHashMap);
        this.filter.filter(this.requestContext);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(SecurityContext.class);
        ((ContainerRequestContext) Mockito.verify(this.requestContext)).setSecurityContext((SecurityContext) forClass.capture());
        Assertions.assertThat((SecurityContext) forClass.getValue()).isExactlyInstanceOf(ShiroSecurityContext.class);
        Assertions.assertThat(((SecurityContext) forClass.getValue()).getAuthenticationScheme()).isNull();
    }

    @Test(expected = BadRequestException.class)
    public void filterWithMalformedBasicAuthShouldThrowBadRequestException() throws Exception {
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Basic ****");
        Mockito.when(this.requestContext.getHeaders()).thenReturn(multivaluedHashMap);
        this.filter.filter(this.requestContext);
    }

    @Test(expected = BadRequestException.class)
    public void filterWithBasicAuthAndMalformedCredentialsShouldThrowBadRequestException() throws Exception {
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Basic " + Base64.getEncoder().encodeToString("user_pass".getBytes(StandardCharsets.US_ASCII)));
        Mockito.when(this.requestContext.getHeaders()).thenReturn(multivaluedHashMap);
        this.filter.filter(this.requestContext);
    }

    @Test
    public void filterWithBasicAuthAndCredentialsShouldCreateShiroSecurityContextWithUsernamePasswordToken() throws Exception {
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Basic " + Base64.getEncoder().encodeToString("user:pass".getBytes(StandardCharsets.US_ASCII)));
        Mockito.when(this.requestContext.getHeaders()).thenReturn(multivaluedHashMap);
        this.filter.filter(this.requestContext);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(ShiroSecurityContext.class);
        ((ContainerRequestContext) Mockito.verify(this.requestContext)).setSecurityContext((SecurityContext) forClass.capture());
        ShiroSecurityContext shiroSecurityContext = (ShiroSecurityContext) forClass.getValue();
        Assertions.assertThat(shiroSecurityContext).isExactlyInstanceOf(ShiroSecurityContext.class);
        Assertions.assertThat(shiroSecurityContext.getAuthenticationScheme()).isEqualTo("BASIC");
        Assertions.assertThat(shiroSecurityContext.getUsername()).isEqualTo("user");
        Assertions.assertThat(shiroSecurityContext.getToken()).isExactlyInstanceOf(UsernamePasswordToken.class);
    }

    @Test
    public void filterWithBasicAuthAndSessionIdShouldCreateShiroSecurityContextWithSessionIdToken() throws Exception {
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Basic " + Base64.getEncoder().encodeToString("test:session".getBytes(StandardCharsets.US_ASCII)));
        Mockito.when(this.requestContext.getHeaders()).thenReturn(multivaluedHashMap);
        this.filter.filter(this.requestContext);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(ShiroSecurityContext.class);
        ((ContainerRequestContext) Mockito.verify(this.requestContext)).setSecurityContext((SecurityContext) forClass.capture());
        ShiroSecurityContext shiroSecurityContext = (ShiroSecurityContext) forClass.getValue();
        Assertions.assertThat(shiroSecurityContext).isExactlyInstanceOf(ShiroSecurityContext.class);
        Assertions.assertThat(shiroSecurityContext.getAuthenticationScheme()).isEqualTo("BASIC");
        Assertions.assertThat(shiroSecurityContext.getToken()).isExactlyInstanceOf(SessionIdToken.class);
    }

    @Test
    public void filterWithBasicAuthAndTokenShouldCreateShiroSecurityContextWithAccessTokenAuthToken() throws Exception {
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Basic " + Base64.getEncoder().encodeToString("test:token".getBytes(StandardCharsets.US_ASCII)));
        Mockito.when(this.requestContext.getHeaders()).thenReturn(multivaluedHashMap);
        this.filter.filter(this.requestContext);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(ShiroSecurityContext.class);
        ((ContainerRequestContext) Mockito.verify(this.requestContext)).setSecurityContext((SecurityContext) forClass.capture());
        ShiroSecurityContext shiroSecurityContext = (ShiroSecurityContext) forClass.getValue();
        Assertions.assertThat(shiroSecurityContext).isExactlyInstanceOf(ShiroSecurityContext.class);
        Assertions.assertThat(shiroSecurityContext.getAuthenticationScheme()).isEqualTo("BASIC");
        Assertions.assertThat(shiroSecurityContext.getToken()).isExactlyInstanceOf(AccessTokenAuthToken.class);
    }

    @Test
    public void filterWithBasicAuthAndPasswordWithColonShouldCreateShiroSecurityContextWithUsernamePasswordToken() throws Exception {
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.putSingle("Authorization", "Basic " + Base64.getEncoder().encodeToString("user:pass:word".getBytes(StandardCharsets.US_ASCII)));
        Mockito.when(this.requestContext.getHeaders()).thenReturn(multivaluedHashMap);
        this.filter.filter(this.requestContext);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(ShiroSecurityContext.class);
        ((ContainerRequestContext) Mockito.verify(this.requestContext)).setSecurityContext((SecurityContext) forClass.capture());
        ShiroSecurityContext shiroSecurityContext = (ShiroSecurityContext) forClass.getValue();
        Assertions.assertThat(shiroSecurityContext).isExactlyInstanceOf(ShiroSecurityContext.class);
        Assertions.assertThat(shiroSecurityContext.getAuthenticationScheme()).isEqualTo("BASIC");
        Assertions.assertThat(shiroSecurityContext.getUsername()).isEqualTo("user");
        Assertions.assertThat(shiroSecurityContext.getPassword()).isEqualTo("pass:word");
        Assertions.assertThat(shiroSecurityContext.getToken()).isExactlyInstanceOf(UsernamePasswordToken.class);
    }
}
