package org.apache.pulsar.broker.auth;

import com.google.common.collect.Sets;
import java.io.IOException;
import javax.naming.AuthenticationException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.pulsar.broker.ServiceConfiguration;
import org.apache.pulsar.broker.authentication.AuthenticationDataHttps;
import org.apache.pulsar.broker.authentication.AuthenticationDataSource;
import org.apache.pulsar.broker.authentication.AuthenticationProvider;
import org.apache.pulsar.broker.authentication.AuthenticationService;
import org.apache.pulsar.broker.web.AuthenticationFilter;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/pulsar/broker/auth/AuthenticationServiceTest.class */
public class AuthenticationServiceTest {
    private static final String s_authentication_success = "authenticated";

    /* loaded from: input_file:org/apache/pulsar/broker/auth/AuthenticationServiceTest$MockAuthenticationProvider.class */
    public static class MockAuthenticationProvider implements AuthenticationProvider {
        public void close() throws IOException {
        }

        public void initialize(ServiceConfiguration serviceConfiguration) throws IOException {
        }

        public String getAuthMethodName() {
            return "auth";
        }

        public String authenticate(AuthenticationDataSource authenticationDataSource) throws AuthenticationException {
            return AuthenticationServiceTest.s_authentication_success;
        }
    }

    /* loaded from: input_file:org/apache/pulsar/broker/auth/AuthenticationServiceTest$MockAuthenticationProviderAlwaysFail.class */
    public static class MockAuthenticationProviderAlwaysFail implements AuthenticationProvider {
        public void close() throws IOException {
        }

        public void initialize(ServiceConfiguration serviceConfiguration) throws IOException {
        }

        public String getAuthMethodName() {
            return "auth";
        }

        public String authenticate(AuthenticationDataSource authenticationDataSource) throws AuthenticationException {
            throw new AuthenticationException("I failed");
        }
    }

    /* loaded from: input_file:org/apache/pulsar/broker/auth/AuthenticationServiceTest$MockAuthenticationProviderWithDifferentName.class */
    public static class MockAuthenticationProviderWithDifferentName implements AuthenticationProvider {
        public void close() throws IOException {
        }

        public void initialize(ServiceConfiguration serviceConfiguration) throws IOException {
        }

        public String getAuthMethodName() {
            return "customAuthProvider";
        }

        public String authenticate(AuthenticationDataSource authenticationDataSource) throws AuthenticationException {
            return AuthenticationServiceTest.s_authentication_success;
        }
    }

    @Test(timeOut = 10000)
    public void testAuthenticationHttp() throws Exception {
        ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
        serviceConfiguration.setAuthenticationProviders(Sets.newHashSet(new String[]{MockAuthenticationProvider.class.getName()}));
        serviceConfiguration.setAuthenticationEnabled(true);
        AuthenticationService authenticationService = new AuthenticationService(serviceConfiguration);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getRemoteAddr()).thenReturn("192.168.1.1");
        Mockito.when(Integer.valueOf(httpServletRequest.getRemotePort())).thenReturn(8080);
        Mockito.when(httpServletRequest.getHeader("X-Pulsar-Auth-Method-Name")).thenReturn("auth");
        Assert.assertEquals(authenticationService.authenticateHttpRequest(httpServletRequest), s_authentication_success);
        authenticationService.close();
    }

    @Test(timeOut = 10000)
    public void testAuthenticationHttpWithMultipleProviders() throws Exception {
        ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
        serviceConfiguration.setAuthenticationProviders(Sets.newHashSet(new String[]{MockAuthenticationProvider.class.getName(), MockAuthenticationProviderWithDifferentName.class.getName()}));
        serviceConfiguration.setAuthenticationEnabled(true);
        AuthenticationService authenticationService = new AuthenticationService(serviceConfiguration);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getRemoteAddr()).thenReturn("192.168.1.1");
        Mockito.when(Integer.valueOf(httpServletRequest.getRemotePort())).thenReturn(8080);
        Mockito.when(httpServletRequest.getHeader("X-Pulsar-Auth-Method-Name")).thenReturn("auth");
        Assert.assertEquals(authenticationService.authenticateHttpRequest(httpServletRequest), s_authentication_success);
        HttpServletRequest httpServletRequest2 = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest2.getRemoteAddr()).thenReturn("192.168.1.1");
        Mockito.when(Integer.valueOf(httpServletRequest2.getRemotePort())).thenReturn(8080);
        Mockito.when(httpServletRequest2.getHeader("X-Pulsar-Auth-Method-Name")).thenReturn("customAuthProvider");
        Assert.assertEquals(authenticationService.authenticateHttpRequest(httpServletRequest2), s_authentication_success);
        HttpServletRequest httpServletRequest3 = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest3.getRemoteAddr()).thenReturn("192.168.1.1");
        Mockito.when(Integer.valueOf(httpServletRequest3.getRemotePort())).thenReturn(8080);
        Mockito.when(httpServletRequest3.getHeader("X-Pulsar-Auth-Method-Name")).thenReturn("unsupportedAuthProvider");
        Assert.assertThrows(() -> {
            authenticationService.authenticateHttpRequest(httpServletRequest3);
        });
        authenticationService.close();
    }

    @Test(timeOut = 10000)
    public void testAuthenticationHttpRequestResponse() throws Exception {
        ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
        serviceConfiguration.setAuthenticationProviders(Sets.newHashSet(new String[]{MockAuthenticationProvider.class.getName()}));
        serviceConfiguration.setAuthenticationEnabled(true);
        AuthenticationService authenticationService = new AuthenticationService(serviceConfiguration);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getRemoteAddr()).thenReturn("192.168.1.1");
        Mockito.when(Integer.valueOf(httpServletRequest.getRemotePort())).thenReturn(8080);
        Mockito.when(httpServletRequest.getHeader("X-Pulsar-Auth-Method-Name")).thenReturn("auth");
        Assert.assertTrue(authenticationService.authenticateHttpRequest(httpServletRequest, (HttpServletResponse) null), "Authentication should have succeeded");
        ((HttpServletRequest) Mockito.verify(httpServletRequest)).setAttribute(AuthenticationFilter.AuthenticatedRoleAttributeName, s_authentication_success);
        ((HttpServletRequest) Mockito.verify(httpServletRequest)).setAttribute((String) ArgumentMatchers.eq(AuthenticationFilter.AuthenticatedDataAttributeName), ArgumentMatchers.any(AuthenticationDataHttps.class));
        authenticationService.close();
    }

    @Test(timeOut = 10000)
    public void testAuthenticationHttpRequestResponseWithMultipleProviders() throws Exception {
        ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
        serviceConfiguration.setAuthenticationProviders(Sets.newHashSet(new String[]{MockAuthenticationProvider.class.getName(), MockAuthenticationProviderWithDifferentName.class.getName()}));
        serviceConfiguration.setAuthenticationEnabled(true);
        AuthenticationService authenticationService = new AuthenticationService(serviceConfiguration);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getRemoteAddr()).thenReturn("192.168.1.1");
        Mockito.when(Integer.valueOf(httpServletRequest.getRemotePort())).thenReturn(8080);
        Mockito.when(httpServletRequest.getHeader("X-Pulsar-Auth-Method-Name")).thenReturn("auth");
        Assert.assertTrue(authenticationService.authenticateHttpRequest(httpServletRequest, (HttpServletResponse) null), "Authentication should have succeeded");
        ((HttpServletRequest) Mockito.verify(httpServletRequest)).setAttribute(AuthenticationFilter.AuthenticatedRoleAttributeName, s_authentication_success);
        HttpServletRequest httpServletRequest2 = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest2.getRemoteAddr()).thenReturn("192.168.1.1");
        Mockito.when(Integer.valueOf(httpServletRequest2.getRemotePort())).thenReturn(8080);
        Mockito.when(httpServletRequest2.getHeader("X-Pulsar-Auth-Method-Name")).thenReturn("customAuthProvider");
        Assert.assertTrue(authenticationService.authenticateHttpRequest(httpServletRequest2, (HttpServletResponse) null), "Authentication should have succeeded");
        ((HttpServletRequest) Mockito.verify(httpServletRequest2)).setAttribute(AuthenticationFilter.AuthenticatedRoleAttributeName, s_authentication_success);
        HttpServletRequest httpServletRequest3 = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest3.getRemoteAddr()).thenReturn("192.168.1.1");
        Mockito.when(Integer.valueOf(httpServletRequest3.getRemotePort())).thenReturn(8080);
        Mockito.when(httpServletRequest3.getHeader("X-Pulsar-Auth-Method-Name")).thenReturn("unsupportedAuthProvider");
        Assert.assertThrows(() -> {
            authenticationService.authenticateHttpRequest(httpServletRequest3, (HttpServletResponse) null);
        });
        authenticationService.close();
    }

    @Test(timeOut = 10000)
    public void testAuthenticationHttpRequestResponseWithAnonymousRole() throws Exception {
        ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
        serviceConfiguration.setAuthenticationProviders(Sets.newHashSet(new String[]{MockAuthenticationProviderAlwaysFail.class.getName()}));
        serviceConfiguration.setAuthenticationEnabled(true);
        serviceConfiguration.setAnonymousUserRole("anon");
        AuthenticationService authenticationService = new AuthenticationService(serviceConfiguration);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getRemoteAddr()).thenReturn("192.168.1.1");
        Mockito.when(Integer.valueOf(httpServletRequest.getRemotePort())).thenReturn(8080);
        Assert.assertTrue(authenticationService.authenticateHttpRequest(httpServletRequest, (HttpServletResponse) null), "Authentication should have succeeded");
        ((HttpServletRequest) Mockito.verify(httpServletRequest)).setAttribute(AuthenticationFilter.AuthenticatedRoleAttributeName, "anon");
        authenticationService.close();
    }
}
