package org.springframework.security.ui.basicauth;

import java.io.IOException;
import java.util.Arrays;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.jmock.Mock;
import org.jmock.MockObjectTestCase;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.security.MockApplicationEventPublisher;
import org.springframework.security.MockAuthenticationEntryPoint;
import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.MockFilterChain;
import org.springframework.security.MockFilterConfig;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.ProviderManager;
import org.springframework.security.providers.dao.DaoAuthenticationProvider;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.memory.InMemoryDaoImpl;
import org.springframework.security.userdetails.memory.UserMap;
import org.springframework.security.userdetails.memory.UserMapEditor;

/* loaded from: input_file:org/springframework/security/ui/basicauth/BasicProcessingFilterTests.class */
public class BasicProcessingFilterTests extends MockObjectTestCase {
    private BasicProcessingFilter filter;

    public BasicProcessingFilterTests() {
    }

    public BasicProcessingFilterTests(String str) {
        super(str);
    }

    private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter, ServletRequest servletRequest, boolean z) throws ServletException, IOException {
        filter.init(new MockFilterConfig());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Mock mock = mock(FilterChain.class);
        FilterChain filterChain = (FilterChain) mock.proxy();
        mock.expects(z ? once() : never()).method("doFilter");
        filter.doFilter(servletRequest, mockHttpServletResponse, filterChain);
        filter.destroy();
        return mockHttpServletResponse;
    }

    protected void setUp() throws Exception {
        super.setUp();
        SecurityContextHolder.clearContext();
        InMemoryDaoImpl inMemoryDaoImpl = new InMemoryDaoImpl();
        UserMapEditor userMapEditor = new UserMapEditor();
        userMapEditor.setAsText("rod=koala,ROLE_ONE,ROLE_TWO,enabled\r\n");
        inMemoryDaoImpl.setUserMap((UserMap) userMapEditor.getValue());
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setUserDetailsService(inMemoryDaoImpl);
        ProviderManager providerManager = new ProviderManager();
        providerManager.setProviders(Arrays.asList(daoAuthenticationProvider));
        providerManager.setApplicationEventPublisher(new MockApplicationEventPublisher());
        providerManager.afterPropertiesSet();
        this.filter = new BasicProcessingFilter();
        this.filter.setAuthenticationManager(providerManager);
        this.filter.setAuthenticationEntryPoint(new BasicProcessingFilterEntryPoint());
    }

    protected void tearDown() throws Exception {
        super.tearDown();
        SecurityContextHolder.clearContext();
    }

    public void testDoFilterWithNonHttpServletRequestDetected() throws Exception {
        try {
            new BasicProcessingFilter().doFilter((ServletRequest) null, new MockHttpServletResponse(), new MockFilterChain());
            fail("Should have thrown ServletException");
        } catch (ServletException e) {
            assertEquals("Can only process HttpServletRequest", e.getMessage());
        }
    }

    public void testDoFilterWithNonHttpServletResponseDetected() throws Exception {
        try {
            new BasicProcessingFilter().doFilter(new MockHttpServletRequest((String) null, (String) null), (ServletResponse) null, new MockFilterChain());
            fail("Should have thrown ServletException");
        } catch (ServletException e) {
            assertEquals("Can only process HttpServletResponse", e.getMessage());
        }
    }

    public void testFilterIgnoresRequestsContainingNoAuthorizationHeader() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setServletPath("/some_file.html");
        executeFilterInContainerSimulator(this.filter, mockHttpServletRequest, true);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    public void testGettersSetters() {
        BasicProcessingFilter basicProcessingFilter = new BasicProcessingFilter();
        basicProcessingFilter.setAuthenticationManager(new MockAuthenticationManager());
        assertTrue(basicProcessingFilter.getAuthenticationManager() != null);
        basicProcessingFilter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("sx"));
        assertTrue(basicProcessingFilter.getAuthenticationEntryPoint() != null);
    }

    public void testInvalidBasicAuthorizationTokenIsIgnored() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64("NOT_A_VALID_TOKEN_AS_MISSING_COLON".getBytes())));
        mockHttpServletRequest.setServletPath("/some_file.html");
        mockHttpServletRequest.setSession(new MockHttpSession());
        executeFilterInContainerSimulator(this.filter, mockHttpServletRequest, false);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    public void testNormalOperation() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64("rod:koala".getBytes())));
        mockHttpServletRequest.setServletPath("/some_file.html");
        mockHttpServletRequest.setSession(new MockHttpSession());
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        executeFilterInContainerSimulator(this.filter, mockHttpServletRequest, true);
        assertNotNull(SecurityContextHolder.getContext().getAuthentication());
        assertEquals("rod", ((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername());
    }

    public void testOtherAuthorizationSchemeIsIgnored() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addHeader("Authorization", "SOME_OTHER_AUTHENTICATION_SCHEME");
        mockHttpServletRequest.setServletPath("/some_file.html");
        executeFilterInContainerSimulator(this.filter, mockHttpServletRequest, true);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    public void testStartupDetectsMissingAuthenticationEntryPoint() throws Exception {
        try {
            BasicProcessingFilter basicProcessingFilter = new BasicProcessingFilter();
            basicProcessingFilter.setAuthenticationManager(new MockAuthenticationManager());
            basicProcessingFilter.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("An AuthenticationEntryPoint is required", e.getMessage());
        }
    }

    public void testStartupDetectsMissingAuthenticationManager() throws Exception {
        try {
            BasicProcessingFilter basicProcessingFilter = new BasicProcessingFilter();
            basicProcessingFilter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("x"));
            basicProcessingFilter.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("An AuthenticationManager is required", e.getMessage());
        }
    }

    public void testSuccessLoginThenFailureLoginResultsInSessionLosingToken() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64("rod:koala".getBytes())));
        mockHttpServletRequest.setServletPath("/some_file.html");
        mockHttpServletRequest.setSession(new MockHttpSession());
        executeFilterInContainerSimulator(this.filter, mockHttpServletRequest, true);
        assertNotNull(SecurityContextHolder.getContext().getAuthentication());
        assertEquals("rod", ((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername());
        MockHttpServletRequest mockHttpServletRequest2 = new MockHttpServletRequest();
        mockHttpServletRequest2.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64("otherUser:WRONG_PASSWORD".getBytes())));
        mockHttpServletRequest2.setServletPath("/some_file.html");
        mockHttpServletRequest2.setSession(new MockHttpSession());
        MockHttpServletResponse executeFilterInContainerSimulator = executeFilterInContainerSimulator(this.filter, mockHttpServletRequest2, false);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        assertEquals(401, executeFilterInContainerSimulator.getStatus());
    }

    public void testWrongPasswordContinuesFilterChainIfIgnoreFailureIsTrue() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64("rod:WRONG_PASSWORD".getBytes())));
        mockHttpServletRequest.setServletPath("/some_file.html");
        mockHttpServletRequest.setSession(new MockHttpSession());
        this.filter.setIgnoreFailure(true);
        assertTrue(this.filter.isIgnoreFailure());
        executeFilterInContainerSimulator(this.filter, mockHttpServletRequest, true);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    public void testWrongPasswordReturnsForbiddenIfIgnoreFailureIsFalse() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64("rod:WRONG_PASSWORD".getBytes())));
        mockHttpServletRequest.setServletPath("/some_file.html");
        mockHttpServletRequest.setSession(new MockHttpSession());
        assertFalse(this.filter.isIgnoreFailure());
        MockHttpServletResponse executeFilterInContainerSimulator = executeFilterInContainerSimulator(this.filter, mockHttpServletRequest, false);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        assertEquals(401, executeFilterInContainerSimulator.getStatus());
    }
}
