package io.undertow.servlet.test.defaultservlet;

import io.undertow.server.handlers.PathHandler;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.DeploymentManager;
import io.undertow.servlet.api.LoginConfig;
import io.undertow.servlet.api.SecurityConstraint;
import io.undertow.servlet.api.ServletContainer;
import io.undertow.servlet.api.WebResourceCollection;
import io.undertow.servlet.test.path.ServletPathMappingTestCase;
import io.undertow.servlet.test.security.constraint.ServletIdentityManager;
import io.undertow.servlet.test.util.TestClassIntrospector;
import io.undertow.servlet.test.util.TestResourceLoader;
import io.undertow.testutils.DefaultServer;
import io.undertow.testutils.HttpClientUtils;
import io.undertow.util.FlexBase64;
import io.undertow.util.Headers;
import java.io.IOException;
import javax.servlet.ServletException;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(DefaultServer.class)
/* loaded from: input_file:io/undertow/servlet/test/defaultservlet/SecurityRedirectTestCase.class */
public class SecurityRedirectTestCase {
    @BeforeClass
    public static void setup() throws ServletException {
        PathHandler pathHandler = new PathHandler();
        ServletContainer newInstance = ServletContainer.Factory.newInstance();
        ServletIdentityManager servletIdentityManager = new ServletIdentityManager();
        servletIdentityManager.addUser("user1", "password1", "role1");
        DeploymentInfo addSecurityConstraint = new DeploymentInfo().setClassIntrospecter(TestClassIntrospector.INSTANCE).setClassLoader(ServletPathMappingTestCase.class.getClassLoader()).setContextPath("/servletContext").setDeploymentName("servletContext.war").setResourceManager(new TestResourceLoader(SecurityRedirectTestCase.class)).addWelcomePages(new String[]{"index.html"}).setIdentityManager(servletIdentityManager).setLoginConfig(new LoginConfig("BASIC", "Test Realm")).addSecurityConstraint(new SecurityConstraint().addRoleAllowed("role1").addWebResourceCollection(new WebResourceCollection().addUrlPatterns(new String[]{"/index.html", "/filterpath/*"})));
        DeploymentManager addDeployment = newInstance.addDeployment(addSecurityConstraint);
        addDeployment.deploy();
        pathHandler.addPrefixPath(addSecurityConstraint.getContextPath(), addDeployment.start());
        DefaultServer.setRootHandler(pathHandler);
    }

    @Test
    public void testSecurityWithWelcomeFileRedirect() throws IOException {
        CloseableHttpClient build = HttpClientBuilder.create().disableRedirectHandling().build();
        try {
            HttpResponse execute = build.execute(new HttpGet(DefaultServer.getDefaultServerURL() + "/servletContext"));
            Assert.assertEquals(302L, execute.getStatusLine().getStatusCode());
            Header[] headers = execute.getHeaders(Headers.LOCATION.toString());
            Assert.assertEquals(1L, headers.length);
            Assert.assertEquals(DefaultServer.getDefaultServerURL() + "/servletContext/", headers[0].getValue());
            HttpClientUtils.readResponse(execute);
            HttpResponse execute2 = build.execute(new HttpGet(DefaultServer.getDefaultServerURL() + "/servletContext/"));
            Assert.assertEquals(401L, execute2.getStatusLine().getStatusCode());
            Header[] headers2 = execute2.getHeaders(Headers.WWW_AUTHENTICATE.toString());
            Assert.assertEquals(1L, headers2.length);
            Assert.assertEquals(Headers.BASIC + " realm=\"Test Realm\"", headers2[0].getValue());
            HttpClientUtils.readResponse(execute2);
            HttpGet httpGet = new HttpGet(DefaultServer.getDefaultServerURL() + "/servletContext/");
            httpGet.addHeader(Headers.AUTHORIZATION.toString(), Headers.BASIC + " " + FlexBase64.encodeString("user1:password1".getBytes(), false));
            String readResponse = HttpClientUtils.readResponse(build.execute(httpGet));
            Assert.assertEquals(200L, r0.getStatusLine().getStatusCode());
            Assert.assertTrue(readResponse.contains("Redirected home page"));
            build.getConnectionManager().shutdown();
        } catch (Throwable th) {
            build.getConnectionManager().shutdown();
            throw th;
        }
    }

    @Test
    public void testSecurityWithoutWelcomeFileRedirect() throws IOException {
        CloseableHttpClient build = HttpClientBuilder.create().disableRedirectHandling().build();
        try {
            HttpResponse execute = build.execute(new HttpGet(DefaultServer.getDefaultServerURL() + "/servletContext/filterpath"));
            Assert.assertEquals(401L, execute.getStatusLine().getStatusCode());
            HttpClientUtils.readResponse(execute);
            HttpResponse execute2 = build.execute(new HttpGet(DefaultServer.getDefaultServerURL() + "/servletContext/filterpath/"));
            Assert.assertEquals(401L, execute2.getStatusLine().getStatusCode());
            Header[] headers = execute2.getHeaders(Headers.WWW_AUTHENTICATE.toString());
            Assert.assertEquals(1L, headers.length);
            Assert.assertEquals(Headers.BASIC + " realm=\"Test Realm\"", headers[0].getValue());
            HttpClientUtils.readResponse(execute2);
            HttpGet httpGet = new HttpGet(DefaultServer.getDefaultServerURL() + "/servletContext/filterpath");
            httpGet.addHeader(Headers.AUTHORIZATION.toString(), Headers.BASIC + " " + FlexBase64.encodeString("user1:password1".getBytes(), false));
            HttpResponse execute3 = build.execute(httpGet);
            Assert.assertEquals(302L, execute3.getStatusLine().getStatusCode());
            Header[] headers2 = execute3.getHeaders(Headers.LOCATION.toString());
            Assert.assertEquals(1L, headers2.length);
            Assert.assertEquals(DefaultServer.getDefaultServerURL() + "/servletContext/filterpath/", headers2[0].getValue());
            HttpClientUtils.readResponse(execute3);
            HttpGet httpGet2 = new HttpGet(DefaultServer.getDefaultServerURL() + "/servletContext/filterpath/filtered.txt");
            httpGet2.addHeader(Headers.AUTHORIZATION.toString(), Headers.BASIC + " " + FlexBase64.encodeString("user1:password1".getBytes(), false));
            String readResponse = HttpClientUtils.readResponse(build.execute(httpGet2));
            Assert.assertEquals(200L, r0.getStatusLine().getStatusCode());
            Assert.assertTrue(readResponse.equals("Stuart"));
            build.getConnectionManager().shutdown();
        } catch (Throwable th) {
            build.getConnectionManager().shutdown();
            throw th;
        }
    }
}
