package io.undertow.servlet.test.security.basic;

import io.undertow.server.handlers.PathHandler;
import io.undertow.servlet.api.AuthMethodConfig;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.DeploymentManager;
import io.undertow.servlet.api.LoginConfig;
import io.undertow.servlet.api.SecurityConstraint;
import io.undertow.servlet.api.SecurityInfo;
import io.undertow.servlet.api.ServletContainer;
import io.undertow.servlet.api.ServletInfo;
import io.undertow.servlet.api.WebResourceCollection;
import io.undertow.servlet.test.SimpleServletTestCase;
import io.undertow.servlet.test.security.SendAuthTypeServlet;
import io.undertow.servlet.test.security.SendUsernameServlet;
import io.undertow.servlet.test.security.constraint.ServletIdentityManager;
import io.undertow.servlet.test.util.TestClassIntrospector;
import io.undertow.testutils.DefaultServer;
import io.undertow.testutils.HttpClientUtils;
import io.undertow.testutils.TestHttpClient;
import io.undertow.util.FlexBase64;
import io.undertow.util.Headers;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import javax.servlet.ServletException;
import org.apache.http.Header;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(DefaultServer.class)
/* loaded from: input_file:io/undertow/servlet/test/security/basic/ServletBasicAuthTestCase.class */
public class ServletBasicAuthTestCase {
    private static final String REALM_NAME = "Servlet_Realm";

    @BeforeClass
    public static void setup() throws ServletException {
        PathHandler pathHandler = new PathHandler();
        ServletContainer newInstance = ServletContainer.Factory.newInstance();
        ServletInfo addMapping = new ServletInfo("Username Servlet", SendUsernameServlet.class).addMapping("/secured/username");
        ServletInfo addMapping2 = new ServletInfo("Auth Type Servlet", SendAuthTypeServlet.class).addMapping("/secured/authType");
        ServletIdentityManager servletIdentityManager = new ServletIdentityManager();
        servletIdentityManager.addUser("user1", "password1", "role1");
        servletIdentityManager.addUser("charsetUser", "password-ü", "role1");
        LoginConfig loginConfig = new LoginConfig(REALM_NAME);
        HashMap hashMap = new HashMap();
        hashMap.put("charset", "ISO_8859_1");
        hashMap.put("user-agent-charsets", "Chrome,UTF-8,OPR,UTF-8");
        loginConfig.addFirstAuthMethod(new AuthMethodConfig("BASIC", hashMap));
        DeploymentInfo addServlets = new DeploymentInfo().setClassLoader(SimpleServletTestCase.class.getClassLoader()).setContextPath("/servletContext").setClassIntrospecter(TestClassIntrospector.INSTANCE).setDeploymentName("servletContext.war").setIdentityManager(servletIdentityManager).setLoginConfig(loginConfig).addServlets(new ServletInfo[]{addMapping, addMapping2});
        addServlets.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/secured/*")).addRoleAllowed("role1").setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.DENY));
        DeploymentManager addDeployment = newInstance.addDeployment(addServlets);
        addDeployment.deploy();
        pathHandler.addPrefixPath(addServlets.getContextPath(), addDeployment.start());
        DefaultServer.setRootHandler(pathHandler);
    }

    @Test
    public void testChallengeSent() throws Exception {
        CloseableHttpResponse execute = new TestHttpClient().execute(new HttpGet(DefaultServer.getDefaultServerURL() + "/servletContext/secured/username"));
        HttpClientUtils.readResponse(execute);
        Assert.assertEquals(401L, execute.getStatusLine().getStatusCode());
        Header[] headers = execute.getHeaders(Headers.WWW_AUTHENTICATE.toString());
        Assert.assertEquals(1L, headers.length);
        Assert.assertTrue(headers[0].getValue().startsWith("Basic"));
    }

    @Test
    public void testUserName() throws Exception {
        testCall("username", "user1", StandardCharsets.UTF_8, "Chrome", "user1", "password1", 200);
    }

    @Test
    public void testAuthType() throws Exception {
        testCall("authType", "BASIC", StandardCharsets.UTF_8, "Chrome", "user1", "password1", 200);
    }

    @Test
    public void testBasicAuthNonAscii() throws Exception {
        testCall("authType", "BASIC", StandardCharsets.UTF_8, "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36", "charsetUser", "password-ü", 200);
        testCall("authType", "BASIC", StandardCharsets.ISO_8859_1, "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36", "charsetUser", "password-ü", 401);
        testCall("authType", "BASIC", StandardCharsets.ISO_8859_1, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1", "charsetUser", "password-ü", 200);
        testCall("authType", "BASIC", StandardCharsets.UTF_8, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1", "charsetUser", "password-ü", 401);
    }

    public void testCall(String str, String str2, Charset charset, String str3, String str4, String str5, int i) throws Exception {
        TestHttpClient testHttpClient = new TestHttpClient();
        try {
            String str6 = DefaultServer.getDefaultServerURL() + "/servletContext/secured/" + str;
            new HttpGet(str6);
            HttpGet httpGet = new HttpGet(str6);
            httpGet.addHeader("User-Agent", str3);
            httpGet.addHeader(Headers.AUTHORIZATION.toString(), Headers.BASIC + " " + FlexBase64.encodeString((str4 + ":" + str5).getBytes(charset), false));
            CloseableHttpResponse execute = testHttpClient.execute(httpGet);
            Assert.assertEquals(i, execute.getStatusLine().getStatusCode());
            String readResponse = HttpClientUtils.readResponse(execute);
            if (i == 200) {
                Assert.assertEquals(str2, readResponse);
            }
        } finally {
            testHttpClient.getConnectionManager().shutdown();
        }
    }
}
