package org.alfresco.repo.web.scripts.servlet;

import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.alfresco.repo.management.subsystems.ChildApplicationContextFactory;
import org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.util.ApplicationContextHelper;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
import org.springframework.context.ApplicationContext;
import org.springframework.extensions.webscripts.Description;
import org.springframework.extensions.webscripts.Match;
import org.springframework.extensions.webscripts.WebScript;
import org.springframework.extensions.webscripts.servlet.WebScriptServletRequest;
import org.springframework.extensions.webscripts.servlet.WebScriptServletResponse;

/* loaded from: input_file:org/alfresco/repo/web/scripts/servlet/RemoteAuthenticatorFactoryAdminConsoleAccessTest.class */
public class RemoteAuthenticatorFactoryAdminConsoleAccessTest {
    private final String[] contextLocations = {"classpath:alfresco/application-context.xml", "classpath:alfresco/web-scripts-application-context.xml", "classpath:alfresco/web-scripts-application-context-test.xml"};
    private RemoteUserAuthenticatorFactory remoteUserAuthenticatorFactory;
    private BlockingRemoteUserMapper blockingRemoteUserMapper;

    @Before
    public void before() throws Exception {
        this.blockingRemoteUserMapper = new BlockingRemoteUserMapper();
        ApplicationContext applicationContext = ApplicationContextHelper.getApplicationContext(this.contextLocations);
        DefaultChildApplicationContextManager defaultChildApplicationContextManager = (DefaultChildApplicationContextManager) applicationContext.getBean("Authentication");
        this.remoteUserAuthenticatorFactory = (RemoteUserAuthenticatorFactory) applicationContext.getBean("webscripts.authenticator.remoteuser");
        this.remoteUserAuthenticatorFactory.setRemoteUserMapper(this.blockingRemoteUserMapper);
        this.remoteUserAuthenticatorFactory.setGetRemoteUserTimeoutMilliseconds(500L);
        defaultChildApplicationContextManager.stop();
        defaultChildApplicationContextManager.setProperty("chain", "external1:external,alfrescoNtlm1:alfrescoNtlm");
        ChildApplicationContextFactory childApplicationContextFactory = defaultChildApplicationContextManager.getChildApplicationContextFactory("external1");
        childApplicationContextFactory.stop();
        childApplicationContextFactory.setProperty("external.authentication.proxyUserName", "");
    }

    @Test
    public void testAdminCanAccessAdminConsoleScript() {
        HashSet hashSet = new HashSet();
        hashSet.add("AdminConsole");
        checkForFamilies(hashSet, "Basic YWRtaW46YWRtaW4=");
    }

    @Test
    public void testAdminCanAccessAdminConsoleHelperScript() {
        HashSet hashSet = new HashSet();
        hashSet.add("AdminConsoleHelper");
        checkForFamilies(hashSet, "Basic YWRtaW46YWRtaW4=");
    }

    private void checkForFamilies(Set<String> set, String str) {
        AuthenticationUtil.getAdminUserName();
        this.blockingRemoteUserMapper.reset();
        Assert.assertFalse("This should not be authenticated as it is not an Admin Console requested.", authenticate(Collections.emptySet(), null));
        Assert.assertFalse("Because it is not an Admin Console, the timeout feature from BasicHttpAuthenticator should not be requested. Therefore the interrupt should not have been called. ", this.blockingRemoteUserMapper.isWasInterrupted());
        Assert.assertTrue("No interrupt should have been called.", this.blockingRemoteUserMapper.getTimePassed() > 999);
        this.blockingRemoteUserMapper.reset();
        Assert.assertFalse("It is an AdminConsole webscript now, but Admin basic auth header was not present. It should return 401", authenticate(set, null));
        Assert.assertTrue("Because it is an AdminConsole webscript, the interrupt should have been called.", this.blockingRemoteUserMapper.isWasInterrupted());
        Assert.assertTrue("The interrupt should have been called.", this.blockingRemoteUserMapper.getTimePassed() < 1000);
        this.blockingRemoteUserMapper.reset();
        Assert.assertTrue("It is an AdminConsole webscript now and Admin basic auth header was present. It should succeed.", authenticate(set, str));
        Assert.assertFalse("The code from blockingRemoteUserMapper shouldn't have been called", this.blockingRemoteUserMapper.isWasInterrupted());
        Assert.assertEquals("The code from blockingRemoteUserMapper shouldn't have been called", this.blockingRemoteUserMapper.getTimePassed(), 0L);
        this.blockingRemoteUserMapper.reset();
        Assert.assertFalse("It is an AdminConsole webscript now and Admin basic auth header was present BUT with wrong password. Should fail.", authenticate(set, "Basic YWRtaW46YmliaQ=="));
        Assert.assertFalse("The code from blockingRemoteUserMapper shouldn't have been called", this.blockingRemoteUserMapper.isWasInterrupted());
        Assert.assertEquals("The code from blockingRemoteUserMapper shouldn't have been called", this.blockingRemoteUserMapper.getTimePassed(), 0L);
    }

    private boolean authenticate(Set<String> set, String str) {
        return this.remoteUserAuthenticatorFactory.create(prepareMockRequest(set, str), prepareMockResponse()).authenticate(Description.RequiredAuthentication.admin, false);
    }

    private WebScriptServletRequest prepareMockRequest(Set<String> set, String str) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getScheme()).thenReturn("http");
        if (str != null) {
            Mockito.when(httpServletRequest.getHeader("Authorization")).thenReturn(str);
        }
        WebScriptServletRequest webScriptServletRequest = (WebScriptServletRequest) Mockito.mock(WebScriptServletRequest.class);
        Mockito.when(webScriptServletRequest.getHttpServletRequest()).thenReturn(httpServletRequest);
        WebScript webScript = (WebScript) Mockito.mock(WebScript.class);
        Mockito.when(webScriptServletRequest.getServiceMatch()).thenReturn(new Match("fake", Collections.EMPTY_MAP, "whatever", webScript));
        Description description = (Description) Mockito.mock(Description.class);
        Mockito.when(webScript.getDescription()).thenReturn(description);
        Mockito.when(description.getFamilys()).thenReturn(set);
        return webScriptServletRequest;
    }

    private WebScriptServletResponse prepareMockResponse() {
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        WebScriptServletResponse webScriptServletResponse = (WebScriptServletResponse) Mockito.mock(WebScriptServletResponse.class);
        Mockito.when(webScriptServletResponse.getHttpServletResponse()).thenReturn(httpServletResponse);
        return webScriptServletResponse;
    }
}
