package io.undertow.servlet.test.security.constraint;

import io.undertow.server.handlers.PathHandler;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.DeploymentManager;
import io.undertow.servlet.api.LoginConfig;
import io.undertow.servlet.api.SecurityConstraint;
import io.undertow.servlet.api.SecurityInfo;
import io.undertow.servlet.api.ServletContainer;
import io.undertow.servlet.api.ServletInfo;
import io.undertow.servlet.api.WebResourceCollection;
import io.undertow.servlet.test.SimpleServletTestCase;
import io.undertow.servlet.test.util.TestClassIntrospector;
import io.undertow.testutils.DefaultServer;
import io.undertow.testutils.HttpClientUtils;
import io.undertow.testutils.TestHttpClient;
import io.undertow.util.FlexBase64;
import io.undertow.util.Headers;
import java.io.IOException;
import javax.servlet.ServletException;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(DefaultServer.class)
/* loaded from: input_file:io/undertow/servlet/test/security/constraint/SecurityConstraintUrlMappingTestCase.class */
public class SecurityConstraintUrlMappingTestCase {
    public static final String HELLO_WORLD = "Hello World";

    @BeforeClass
    public static void setup() throws ServletException {
        PathHandler pathHandler = new PathHandler();
        ServletContainer newInstance = ServletContainer.Factory.newInstance();
        ServletInfo addMapping = new ServletInfo("servlet", AuthenticationMessageServlet.class).addInitParam("message", "Hello World").addMapping("/role1").addMapping("/role2").addMapping("/secured/role2/*").addMapping("/secured/1/2/*").addMapping("/public/*").addMapping("/extension/*");
        ServletIdentityManager servletIdentityManager = new ServletIdentityManager();
        servletIdentityManager.addUser("user1", "password1", "role1");
        servletIdentityManager.addUser("user2", "password2", "role2");
        servletIdentityManager.addUser("user3", "password3", "role1", "role2");
        servletIdentityManager.addUser("user4", "password4", "badRole");
        DeploymentInfo addServlet = new DeploymentInfo().setClassLoader(SimpleServletTestCase.class.getClassLoader()).setContextPath("/servletContext").setClassIntrospecter(TestClassIntrospector.INSTANCE).setDeploymentName("servletContext.war").setIdentityManager(servletIdentityManager).setLoginConfig(new LoginConfig("BASIC", "Test Realm")).addServlet(addMapping);
        addServlet.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/role1")).addRoleAllowed("role1"));
        addServlet.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/secured/*")).addRoleAllowed("role2"));
        addServlet.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/secured/*")).addRoleAllowed("role2"));
        addServlet.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/secured/1/*")).addRoleAllowed("role1"));
        addServlet.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/secured/1/2/*")).addRoleAllowed("role2"));
        addServlet.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("*.html")).addRoleAllowed("role2"));
        addServlet.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/public/*")).setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT));
        addServlet.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/public/postSecured/*").addHttpMethod("POST")).addRoleAllowed("role1"));
        DeploymentManager addDeployment = newInstance.addDeployment(addServlet);
        addDeployment.deploy();
        pathHandler.addPrefixPath(addServlet.getContextPath(), addDeployment.start());
        DefaultServer.setRootHandler(pathHandler);
    }

    @Test
    public void testExactMatch() throws IOException {
        runSimpleUrlTest(DefaultServer.getDefaultServerURL() + "/servletContext/role1", "user2:password2", "user1:password1");
    }

    @Test
    public void testPatternMatch() throws IOException {
        runSimpleUrlTest(DefaultServer.getDefaultServerURL() + "/servletContext/secured/role2/aa", "user1:password1", "user2:password2");
    }

    @Test
    public void testExtensionMatch() throws IOException {
        runSimpleUrlTest(DefaultServer.getDefaultServerURL() + "/servletContext/extension/a.html", "user1:password1", "user2:password2");
        TestHttpClient testHttpClient = new TestHttpClient();
        try {
            HttpGet httpGet = new HttpGet(DefaultServer.getDefaultServerURL() + "/servletContext/public/a.html");
            httpGet.addHeader("ExpectedMechanism", "None");
            httpGet.addHeader("ExpectedUser", "None");
            HttpResponse execute = testHttpClient.execute(httpGet);
            Assert.assertEquals(200L, execute.getStatusLine().getStatusCode());
            HttpClientUtils.readResponse(execute);
            testHttpClient.getConnectionManager().shutdown();
        } catch (Throwable th) {
            testHttpClient.getConnectionManager().shutdown();
            throw th;
        }
    }

    @Test
    public void testAggregatedRoles() throws IOException {
        runSimpleUrlTest(DefaultServer.getDefaultServerURL() + "/servletContext/secured/1/2/aa", "user4:password4", "user3:password3");
        runSimpleUrlTest(DefaultServer.getDefaultServerURL() + "/servletContext/secured/1/2/aa", "user1:password1", "user2:password2");
    }

    @Test
    public void testHttpMethod() throws IOException {
        TestHttpClient testHttpClient = new TestHttpClient();
        String str = DefaultServer.getDefaultServerURL() + "/servletContext/public/postSecured/a";
        try {
            HttpGet httpGet = new HttpGet(str);
            httpGet.addHeader("ExpectedMechanism", "None");
            httpGet.addHeader("ExpectedUser", "None");
            HttpResponse execute = testHttpClient.execute(httpGet);
            Assert.assertEquals(200L, execute.getStatusLine().getStatusCode());
            HttpClientUtils.readResponse(execute);
            HttpResponse execute2 = testHttpClient.execute(new HttpPost(str));
            Assert.assertEquals(401L, execute2.getStatusLine().getStatusCode());
            Header[] headers = execute2.getHeaders(Headers.WWW_AUTHENTICATE.toString());
            Assert.assertEquals(1L, headers.length);
            Assert.assertEquals(Headers.BASIC + " realm=\"Test Realm\"", headers[0].getValue());
            HttpClientUtils.readResponse(execute2);
            HttpPost httpPost = new HttpPost(str);
            httpPost.addHeader(Headers.AUTHORIZATION.toString(), Headers.BASIC + " " + FlexBase64.encodeString("user2:password2".getBytes(), false));
            HttpResponse execute3 = testHttpClient.execute(httpPost);
            Assert.assertEquals(403L, execute3.getStatusLine().getStatusCode());
            HttpClientUtils.readResponse(execute3);
            HttpPost httpPost2 = new HttpPost(str);
            httpPost2.addHeader(Headers.AUTHORIZATION.toString(), Headers.BASIC + " " + FlexBase64.encodeString("user1:password1".getBytes(), false));
            httpPost2.addHeader("ExpectedMechanism", "BASIC");
            httpPost2.addHeader("ExpectedUser", "user1");
            HttpResponse execute4 = testHttpClient.execute(httpPost2);
            Assert.assertEquals(200L, execute4.getStatusLine().getStatusCode());
            Assert.assertEquals("Hello World", HttpClientUtils.readResponse(execute4));
            testHttpClient.getConnectionManager().shutdown();
        } catch (Throwable th) {
            testHttpClient.getConnectionManager().shutdown();
            throw th;
        }
    }

    public void runSimpleUrlTest(String str, String str2, String str3) throws IOException {
        TestHttpClient testHttpClient = new TestHttpClient();
        try {
            HttpResponse execute = testHttpClient.execute(new HttpGet(str));
            Assert.assertEquals(401L, execute.getStatusLine().getStatusCode());
            Header[] headers = execute.getHeaders(Headers.WWW_AUTHENTICATE.toString());
            Assert.assertEquals(1L, headers.length);
            Assert.assertEquals(Headers.BASIC + " realm=\"Test Realm\"", headers[0].getValue());
            HttpClientUtils.readResponse(execute);
            HttpGet httpGet = new HttpGet(str);
            httpGet.addHeader(Headers.AUTHORIZATION.toString(), Headers.BASIC + " " + FlexBase64.encodeString(str2.getBytes(), false));
            HttpResponse execute2 = testHttpClient.execute(httpGet);
            Assert.assertEquals(403L, execute2.getStatusLine().getStatusCode());
            HttpClientUtils.readResponse(execute2);
            HttpGet httpGet2 = new HttpGet(str);
            httpGet2.addHeader(Headers.AUTHORIZATION.toString(), Headers.BASIC + " " + FlexBase64.encodeString(str3.getBytes(), false));
            httpGet2.addHeader("ExpectedMechanism", "BASIC");
            httpGet2.addHeader("ExpectedUser", str3.substring(0, str3.indexOf(58)));
            HttpResponse execute3 = testHttpClient.execute(httpGet2);
            Assert.assertEquals(200L, execute3.getStatusLine().getStatusCode());
            Assert.assertEquals("0", execute3.getHeaders("Expires")[0].getValue());
            Assert.assertEquals("no-cache", execute3.getHeaders("Pragma")[0].getValue());
            Assert.assertEquals("no-cache, no-store, must-revalidate", execute3.getHeaders("Cache-Control")[0].getValue());
            Assert.assertEquals("Hello World", HttpClientUtils.readResponse(execute3));
            testHttpClient.getConnectionManager().shutdown();
        } catch (Throwable th) {
            testHttpClient.getConnectionManager().shutdown();
            throw th;
        }
    }
}
