package org.alfresco.repo.security.authentication.external;

import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;
import javax.servlet.http.HttpServletRequest;
import org.alfresco.repo.management.subsystems.AbstractChainedSubsystemTest;
import org.alfresco.repo.management.subsystems.ChildApplicationContextFactory;
import org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager;
import org.alfresco.repo.tenant.MultiTDemoTest;
import org.alfresco.util.ApplicationContextHelper;
import org.mockito.Mockito;
import org.springframework.context.ApplicationContext;

/* loaded from: input_file:org/alfresco/repo/security/authentication/external/DefaultRemoteUserMapperTest.class */
public class DefaultRemoteUserMapperTest extends AbstractChainedSubsystemTest {
    ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
    DefaultChildApplicationContextManager childApplicationContextManager;
    ChildApplicationContextFactory childApplicationContextFactory;

    protected void setUp() throws Exception {
        this.childApplicationContextManager = (DefaultChildApplicationContextManager) this.ctx.getBean("Authentication");
        this.childApplicationContextManager.stop();
        this.childApplicationContextManager.setProperty("chain", "external1:external");
        this.childApplicationContextFactory = getChildApplicationContextFactory(this.childApplicationContextManager, "external1");
    }

    protected void tearDown() throws Exception {
        this.childApplicationContextManager.destroy();
        this.childApplicationContextManager = null;
        this.childApplicationContextFactory = null;
    }

    public void testUnproxiedHeader() throws Exception {
        this.childApplicationContextFactory.stop();
        this.childApplicationContextFactory.setProperty("external.authentication.proxyUserName", "");
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getHeader("X-Alfresco-Remote-User")).thenReturn("AdMiN");
        assertEquals("admin", ((RemoteUserMapper) this.childApplicationContextFactory.getApplicationContext().getBean("remoteUserMapper")).getRemoteUser(httpServletRequest));
        Mockito.when(httpServletRequest.getHeader("X-Alfresco-Remote-User")).thenReturn((Object) null);
        assertNull(((RemoteUserMapper) this.childApplicationContextFactory.getApplicationContext().getBean("remoteUserMapper")).getRemoteUser(httpServletRequest));
        Mockito.when(httpServletRequest.getRemoteUser()).thenReturn("ADMIN");
        assertEquals("admin", ((RemoteUserMapper) this.childApplicationContextFactory.getApplicationContext().getBean("remoteUserMapper")).getRemoteUser(httpServletRequest));
    }

    public void testProxiedHeader() throws Exception {
        this.childApplicationContextFactory.stop();
        this.childApplicationContextFactory.setProperty("external.authentication.proxyUserName", MultiTDemoTest.TEST_USER2);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getScheme()).thenReturn("http");
        Mockito.when(httpServletRequest.getRemoteUser()).thenReturn(MultiTDemoTest.TEST_USER2);
        Mockito.when(httpServletRequest.getHeader("X-Alfresco-Remote-User")).thenReturn("AdMiN");
        assertEquals("admin", ((RemoteUserMapper) this.childApplicationContextFactory.getApplicationContext().getBean("remoteUserMapper")).getRemoteUser(httpServletRequest));
        this.childApplicationContextFactory.stop();
        this.childApplicationContextFactory.setProperty("external.authentication.userIdPattern", "abc-(.*)-999");
        Mockito.when(httpServletRequest.getHeader("X-Alfresco-Remote-User")).thenReturn("abc-AdMiN-999");
        assertEquals("admin", ((RemoteUserMapper) this.childApplicationContextFactory.getApplicationContext().getBean("remoteUserMapper")).getRemoteUser(httpServletRequest));
        Mockito.when(httpServletRequest.getHeader("X-Alfresco-Remote-User")).thenReturn("abc-AdMiN-998");
        assertNull(((RemoteUserMapper) this.childApplicationContextFactory.getApplicationContext().getBean("remoteUserMapper")).getRemoteUser(httpServletRequest));
        Mockito.when(httpServletRequest.getRemoteUser()).thenReturn((Object) null);
        assertNull(((RemoteUserMapper) this.childApplicationContextFactory.getApplicationContext().getBean("remoteUserMapper")).getRemoteUser(httpServletRequest));
    }

    public void testRemoteUserFromCert() throws Exception {
        this.childApplicationContextFactory.stop();
        this.childApplicationContextFactory.setProperty("external.authentication.proxyUserName", "CN=alfresco-system");
        this.childApplicationContextFactory.setProperty("external.authentication.proxyHeader", "X-Alfresco-Remote-User");
        X509Certificate x509Certificate = (X509Certificate) Mockito.mock(X509Certificate.class);
        Mockito.when(x509Certificate.getSubjectX500Principal()).thenReturn(new X500Principal("CN=alfresco-system"));
        X509Certificate[] x509CertificateArr = {x509Certificate};
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getRemoteUser()).thenReturn((Object) null);
        Mockito.when(httpServletRequest.getScheme()).thenReturn("https");
        Mockito.when(httpServletRequest.getAttribute("javax.servlet.request.X509Certificate")).thenReturn(x509CertificateArr);
        Mockito.when(httpServletRequest.getHeader("X-Alfresco-Remote-User")).thenReturn("admin");
        assertEquals("admin", ((RemoteUserMapper) this.childApplicationContextFactory.getApplicationContext().getBean("remoteUserMapper")).getRemoteUser(httpServletRequest));
        Mockito.when(httpServletRequest.getRemoteUser()).thenReturn((Object) null);
        Mockito.when(httpServletRequest.getScheme()).thenReturn("https");
        Mockito.when(httpServletRequest.getAttribute("javax.servlet.request.X509Certificate")).thenReturn(x509CertificateArr);
        Mockito.when(httpServletRequest.getHeader("X-Alfresco-Remote-User")).thenReturn((Object) null);
        assertEquals("CN=alfresco-system", ((RemoteUserMapper) this.childApplicationContextFactory.getApplicationContext().getBean("remoteUserMapper")).getRemoteUser(httpServletRequest));
        Mockito.when(httpServletRequest.getRemoteUser()).thenReturn((Object) null);
        Mockito.when(httpServletRequest.getScheme()).thenReturn("http");
        Mockito.when(httpServletRequest.getAttribute("javax.servlet.request.X509Certificate")).thenReturn((Object) null);
        Mockito.when(httpServletRequest.getHeader("X-Alfresco-Remote-User")).thenReturn("admin");
        assertNull(((RemoteUserMapper) this.childApplicationContextFactory.getApplicationContext().getBean("remoteUserMapper")).getRemoteUser(httpServletRequest));
    }
}
