package io.confluent.rest.auth;

import com.google.common.collect.ImmutableMap;
import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import com.mapr.fs.proto.Security;
import com.mapr.security.MutableInt;
import com.mapr.security.Security;
import io.confluent.rest.impersonation.Errors;
import io.confluent.rest.mapr.test.TestUtils;
import java.io.IOException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Cookie;
import org.apache.commons.codec.binary.Base64;
import org.easymock.Capture;
import org.easymock.EasyMock;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Test;
import org.junit.internal.matchers.ThrowableCauseMatcher;
import org.junit.internal.matchers.ThrowableMessageMatcher;
import org.junit.runner.RunWith;
import org.powermock.api.easymock.PowerMock;
import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
import org.powermock.modules.junit4.PowerMockRunner;

@PrepareOnlyThisForTest({Security.class})
@RunWith(PowerMockRunner.class)
/* loaded from: input_file:io/confluent/rest/auth/MaprAuthenticationUtilsTest.class */
public class MaprAuthenticationUtilsTest {
    private static final int SOME_NATIVE_ERROR_CODE = 123;
    private static final String MAPR_USER_1_BASIC = "Basic " + Base64.encodeBase64String("mapruser1:pass".getBytes());
    private static final String MAPRUSER_1 = "mapruser1";
    private static final String MAPR_USER_1_COOKIE_VALUE = "whatever&u=mapruser1";
    private static final String HADOOP_AUTH_NAME = "hadoop.auth";
    private static final String MAPR_USER_1_COOKIE = "hadoop.auth=whatever&u=mapruser1";

    @Test
    public void decryptsBasicUserName() {
        Assert.assertEquals(MAPRUSER_1, (String) MaprAuthenticationUtils.findUserNameFromAuthentication(MAPR_USER_1_BASIC).orElse(null));
    }

    @Test
    public void emptyResultOnUnsupportedHeader() {
        Assert.assertFalse(MaprAuthenticationUtils.findUserNameFromAuthentication("Something unsupported").isPresent());
    }

    @Test
    public void emptyResultOnEmptyHeader() {
        Assert.assertFalse(MaprAuthenticationUtils.findUserNameFromAuthentication("").isPresent());
    }

    @Test
    public void findsCookieUserName() {
        Assert.assertEquals(MAPRUSER_1, (String) MaprAuthenticationUtils.findUserNameFromCookie(MAPR_USER_1_COOKIE).orElse(null));
    }

    @Test
    public void emptyResultOnMissingHadoopAuthCookie() {
        Assert.assertFalse(MaprAuthenticationUtils.findUserNameFromCookie("another.auth=whatever&u=mapruser1").isPresent());
    }

    @Test
    public void emptyResultOnMissingCookieUser() {
        Assert.assertFalse(MaprAuthenticationUtils.findUserNameFromCookie("hadoop.auth=whatever&l=mapruser1").isPresent());
    }

    @Test
    public void decryptsTicketUserName() {
        byte[] bytes = "encrypted-ticket".getBytes();
        Security.AuthenticationReqFull build = Security.AuthenticationReqFull.newBuilder().setEncryptedTicket(ByteString.copyFrom(bytes)).build();
        PowerMock.mockStatic(com.mapr.security.Security.class);
        EasyMock.expect(com.mapr.security.Security.DecryptTicket(EasyMock.aryEq(bytes), (MutableInt) EasyMock.anyObject())).andReturn(Security.Ticket.newBuilder().setUserCreds(Security.CredentialsMsg.newBuilder().setUserName(MAPRUSER_1).build()).build());
        PowerMock.replay(new Object[]{com.mapr.security.Security.class});
        Assert.assertEquals(MAPRUSER_1, (String) MaprAuthenticationUtils.findUserNameFromAuthentication("MAPR-Negotiate " + Base64.encodeBase64String(build.toByteArray())).orElse(null));
    }

    @Test
    public void failsOnDecryptTicketErrors() {
        byte[] bytes = "encrypted-ticket".getBytes();
        Security.AuthenticationReqFull build = Security.AuthenticationReqFull.newBuilder().setEncryptedTicket(ByteString.copyFrom(bytes)).build();
        PowerMock.mockStatic(com.mapr.security.Security.class);
        Capture newInstance = Capture.newInstance();
        EasyMock.expect(com.mapr.security.Security.DecryptTicket(EasyMock.aryEq(bytes), (MutableInt) EasyMock.capture(newInstance))).andAnswer(() -> {
            ((MutableInt) newInstance.getValue()).SetValue(SOME_NATIVE_ERROR_CODE);
            return null;
        });
        PowerMock.replay(new Object[]{com.mapr.security.Security.class});
        String str = "MAPR-Negotiate " + Base64.encodeBase64String(build.toByteArray());
        TestUtils.assertThatThrownRestException(() -> {
            MaprAuthenticationUtils.findUserNameFromAuthentication(str);
        }, CoreMatchers.allOf(TestUtils.hasSameRestAttributesAs(Errors.maprTicketDecryptException("ignored")), ThrowableMessageMatcher.hasMessage(CoreMatchers.containsString(String.valueOf(SOME_NATIVE_ERROR_CODE)))));
    }

    @Test
    public void failsOnMalformedMaprAuthRequest() {
        String str = "MAPR-Negotiate " + Base64.encodeBase64String(Security.AuthenticationReqFull.newBuilder().build().toByteArray());
        TestUtils.assertThatThrownRestException(() -> {
            MaprAuthenticationUtils.findUserNameFromAuthentication(str);
        }, CoreMatchers.allOf(TestUtils.hasSameRestAttributesAs(Errors.maprTicketDecryptException("ignored")), ThrowableMessageMatcher.hasMessage(CoreMatchers.containsString("request"))));
    }

    @Test
    public void failsOnInvalidProtocolBuffer() {
        String str = "MAPR-Negotiate " + Base64.encodeBase64String("Something incorrect".getBytes());
        TestUtils.assertThatThrownRestException(() -> {
            MaprAuthenticationUtils.findUserNameFromAuthentication(str);
        }, CoreMatchers.allOf(TestUtils.hasSameRestAttributesAs(Errors.maprTicketDecryptException("ignored")), ThrowableCauseMatcher.hasCause(CoreMatchers.instanceOf(InvalidProtocolBufferException.class))));
    }

    @Test
    public void failsWhenUnableToDetermineUserByCookieAndAuth() {
        TestUtils.assertThatThrownRestException(() -> {
            MaprAuthenticationUtils.getUserNameFromAuthenticationOrCookie((String) null, (String) null);
        }, CoreMatchers.allOf(TestUtils.hasSameRestAttributesAs(Errors.serverLoginException(new IOException())), ThrowableCauseMatcher.hasCause(CoreMatchers.instanceOf(IOException.class))));
    }

    @Test
    public void getsUserByCookieAndAuth() {
        Assert.assertEquals(MAPRUSER_1, MaprAuthenticationUtils.getUserNameFromAuthenticationOrCookie(MAPR_USER_1_BASIC, MAPR_USER_1_COOKIE));
    }

    @Test
    public void getsUserByCookieAndEmptyAuth() {
        Assert.assertEquals(MAPRUSER_1, MaprAuthenticationUtils.getUserNameFromAuthenticationOrCookie((String) null, MAPR_USER_1_COOKIE));
    }

    @Test
    public void getsUserByEmptyCookieAndAuth() {
        Assert.assertEquals(MAPRUSER_1, MaprAuthenticationUtils.getUserNameFromAuthenticationOrCookie(MAPR_USER_1_BASIC, (String) null));
    }

    @Test
    public void failsWhenUnableToDetermineUserByJaxrsCookieAndAuth() {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        EasyMock.expect(containerRequestContext.getHeaderString("Authorization")).andReturn((Object) null);
        EasyMock.expect(containerRequestContext.getCookies()).andReturn((Object) null);
        PowerMock.replay(new Object[]{containerRequestContext});
        TestUtils.assertThatThrownRestException(() -> {
            MaprAuthenticationUtils.getUserNameFromRequestContext(containerRequestContext);
        }, CoreMatchers.allOf(TestUtils.hasSameRestAttributesAs(Errors.serverLoginException(new IOException())), ThrowableCauseMatcher.hasCause(CoreMatchers.instanceOf(IOException.class))));
        EasyMock.verify(new Object[]{containerRequestContext});
    }

    @Test
    public void getsUserByJaxrsCookieAndAuth() {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        EasyMock.expect(containerRequestContext.getHeaderString("Authorization")).andReturn(MAPR_USER_1_BASIC);
        EasyMock.expect(containerRequestContext.getCookies()).andReturn(ImmutableMap.of(HADOOP_AUTH_NAME, new Cookie(HADOOP_AUTH_NAME, MAPR_USER_1_COOKIE_VALUE)));
        PowerMock.replay(new Object[]{containerRequestContext});
        Assert.assertEquals(MAPRUSER_1, MaprAuthenticationUtils.getUserNameFromRequestContext(containerRequestContext));
    }

    @Test
    public void getsUserByJaxrsCookieAndEmptyAuth() {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        EasyMock.expect(containerRequestContext.getHeaderString("Authorization")).andReturn((Object) null);
        EasyMock.expect(containerRequestContext.getCookies()).andReturn(ImmutableMap.of(HADOOP_AUTH_NAME, new Cookie(HADOOP_AUTH_NAME, MAPR_USER_1_COOKIE_VALUE)));
        PowerMock.replay(new Object[]{containerRequestContext});
        Assert.assertEquals(MAPRUSER_1, MaprAuthenticationUtils.getUserNameFromRequestContext(containerRequestContext));
        EasyMock.verify(new Object[]{containerRequestContext});
    }

    @Test
    public void getsUserByJaxrsEmptyCookieAndAuth() {
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) EasyMock.mock(ContainerRequestContext.class);
        EasyMock.expect(containerRequestContext.getHeaderString("Authorization")).andReturn(MAPR_USER_1_BASIC);
        PowerMock.replay(new Object[]{containerRequestContext});
        Assert.assertEquals(MAPRUSER_1, MaprAuthenticationUtils.getUserNameFromRequestContext(containerRequestContext));
        EasyMock.verify(new Object[]{containerRequestContext});
    }
}
