package org.apache.ambari.server.security.authorization;

import java.io.IOException;
import java.util.HashSet;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.security.authorization.internal.InternalTokenStorage;
import org.easymock.Capture;
import org.easymock.EasyMock;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:org/apache/ambari/server/security/authorization/AmbariUserAuthenticationFilterTest.class */
public class AmbariUserAuthenticationFilterTest {
    private static final String TEST_INTERNAL_TOKEN = "test token";
    private static final String TEST_USER_ID_HEADER = "1";
    private static final String TEST_USER_NAME = "userName";
    private static final int TEST_USER_ID = 1;

    @Before
    public void setUp() throws Exception {
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
    }

    @Test
    public void testDoFilterValid() throws IOException, ServletException {
        Users users = (Users) EasyMock.createMock(Users.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) EasyMock.createMock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) EasyMock.createMock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) EasyMock.createMock(FilterChain.class);
        InternalTokenStorage internalTokenStorage = (InternalTokenStorage) EasyMock.createMock(InternalTokenStorage.class);
        EasyMock.expect(httpServletRequest.getHeader("X-Internal-Token")).andReturn(TEST_INTERNAL_TOKEN);
        EasyMock.expect(Boolean.valueOf(internalTokenStorage.isValidInternalToken(TEST_INTERNAL_TOKEN))).andReturn(true);
        EasyMock.expect(httpServletRequest.getHeader("X-Authenticated-User-ID")).andReturn("1");
        UserEntity createUserEntity = createUserEntity();
        EasyMock.expect(users.getUserEntity(Integer.valueOf(TEST_USER_ID))).andReturn(createUserEntity);
        EasyMock.expect(users.getUserAuthorities(createUserEntity)).andReturn(new HashSet());
        EasyMock.expect(users.getUser(createUserEntity)).andReturn(new User(createUserEntity));
        Capture newCapture = EasyMock.newCapture();
        httpServletResponse.setHeader((String) EasyMock.eq("User"), (String) EasyMock.capture(newCapture));
        EasyMock.expectLastCall();
        filterChain.doFilter(httpServletRequest, httpServletResponse);
        EasyMock.expectLastCall();
        EasyMock.replay(new Object[]{users, httpServletRequest, httpServletResponse, filterChain, internalTokenStorage});
        new AmbariUserAuthorizationFilter(internalTokenStorage, users).doFilter(httpServletRequest, httpServletResponse, filterChain);
        EasyMock.verify(new Object[]{users, httpServletRequest, httpServletResponse, filterChain, internalTokenStorage});
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Assert.assertNotNull(authentication);
        Assert.assertEquals(true, Boolean.valueOf(authentication.isAuthenticated()));
        Assert.assertEquals(TEST_USER_NAME.toLowerCase(), newCapture.getValue());
    }

    @Test
    public void testDoFilterWithoutInternalToken() throws IOException, ServletException {
        Users users = (Users) EasyMock.createMock(Users.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) EasyMock.createMock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) EasyMock.createMock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) EasyMock.createMock(FilterChain.class);
        InternalTokenStorage internalTokenStorage = (InternalTokenStorage) EasyMock.createMock(InternalTokenStorage.class);
        EasyMock.expect(httpServletRequest.getHeader("X-Internal-Token")).andReturn((Object) null);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
        EasyMock.expectLastCall();
        EasyMock.replay(new Object[]{users, httpServletRequest, httpServletResponse, filterChain, internalTokenStorage});
        new AmbariUserAuthorizationFilter(internalTokenStorage, users).doFilter(httpServletRequest, httpServletResponse, filterChain);
        EasyMock.verify(new Object[]{users, httpServletRequest, httpServletResponse, filterChain, internalTokenStorage});
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    @Test
    public void testDoFilterWithoutUserToken() throws IOException, ServletException {
        Users users = (Users) EasyMock.createMock(Users.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) EasyMock.createMock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) EasyMock.createMock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) EasyMock.createMock(FilterChain.class);
        InternalTokenStorage internalTokenStorage = (InternalTokenStorage) EasyMock.createMock(InternalTokenStorage.class);
        EasyMock.expect(httpServletRequest.getHeader("X-Internal-Token")).andReturn(TEST_INTERNAL_TOKEN);
        EasyMock.expect(Boolean.valueOf(internalTokenStorage.isValidInternalToken(TEST_INTERNAL_TOKEN))).andReturn(true);
        EasyMock.expect(httpServletRequest.getHeader("X-Authenticated-User-ID")).andReturn((Object) null);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
        EasyMock.expectLastCall();
        EasyMock.replay(new Object[]{users, httpServletRequest, httpServletResponse, filterChain, internalTokenStorage});
        new AmbariUserAuthorizationFilter(internalTokenStorage, users).doFilter(httpServletRequest, httpServletResponse, filterChain);
        EasyMock.verify(new Object[]{users, httpServletRequest, httpServletResponse, filterChain, internalTokenStorage});
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    @Test
    public void testDoFilterWithIncorrectUser() throws IOException, ServletException {
        Users users = (Users) EasyMock.createMock(Users.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) EasyMock.createMock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) EasyMock.createMock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) EasyMock.createMock(FilterChain.class);
        InternalTokenStorage internalTokenStorage = (InternalTokenStorage) EasyMock.createMock(InternalTokenStorage.class);
        EasyMock.expect(httpServletRequest.getHeader("X-Internal-Token")).andReturn(TEST_INTERNAL_TOKEN);
        EasyMock.expect(Boolean.valueOf(internalTokenStorage.isValidInternalToken(TEST_INTERNAL_TOKEN))).andReturn(true);
        EasyMock.expect(httpServletRequest.getHeader("X-Authenticated-User-ID")).andReturn("1");
        EasyMock.expect(users.getUserEntity(Integer.valueOf(TEST_USER_ID))).andReturn((Object) null);
        httpServletResponse.sendError(403, "Authentication required");
        EasyMock.expectLastCall();
        httpServletResponse.flushBuffer();
        EasyMock.expectLastCall();
        EasyMock.replay(new Object[]{users, httpServletRequest, httpServletResponse, filterChain, internalTokenStorage});
        new AmbariUserAuthorizationFilter(internalTokenStorage, users).doFilter(httpServletRequest, httpServletResponse, filterChain);
        EasyMock.verify(new Object[]{users, httpServletRequest, httpServletResponse, filterChain, internalTokenStorage});
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    @Test
    public void testDoFilterWithInvalidUserID() throws IOException, ServletException {
        Users users = (Users) EasyMock.createMock(Users.class);
        HttpServletRequest httpServletRequest = (HttpServletRequest) EasyMock.createMock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) EasyMock.createMock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) EasyMock.createMock(FilterChain.class);
        InternalTokenStorage internalTokenStorage = (InternalTokenStorage) EasyMock.createMock(InternalTokenStorage.class);
        EasyMock.expect(httpServletRequest.getHeader("X-Internal-Token")).andReturn(TEST_INTERNAL_TOKEN);
        EasyMock.expect(Boolean.valueOf(internalTokenStorage.isValidInternalToken(TEST_INTERNAL_TOKEN))).andReturn(true);
        EasyMock.expect(httpServletRequest.getHeader("X-Authenticated-User-ID")).andReturn("admin");
        httpServletResponse.sendError(403, "Invalid user ID");
        EasyMock.expectLastCall();
        httpServletResponse.flushBuffer();
        EasyMock.expectLastCall();
        EasyMock.replay(new Object[]{users, httpServletRequest, httpServletResponse, filterChain, internalTokenStorage});
        new AmbariUserAuthorizationFilter(internalTokenStorage, users).doFilter(httpServletRequest, httpServletResponse, filterChain);
        EasyMock.verify(new Object[]{users, httpServletRequest, httpServletResponse, filterChain, internalTokenStorage});
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    private UserEntity createUserEntity() {
        PrincipalEntity principalEntity = new PrincipalEntity();
        UserEntity userEntity = new UserEntity();
        userEntity.setUserId(Integer.valueOf(TEST_USER_ID));
        userEntity.setUserName(UserName.fromString(TEST_USER_NAME).toString());
        userEntity.setPrincipal(principalEntity);
        return userEntity;
    }
}
