package net.krotscheck.kangaroo.authz.admin.v1.auth.filter;

import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import javax.annotation.Priority;
import javax.inject.Provider;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import net.krotscheck.kangaroo.authz.admin.v1.auth.OAuth2SecurityContext;
import net.krotscheck.kangaroo.authz.admin.v1.auth.exception.OAuth2NotAuthorizedException;
import net.krotscheck.kangaroo.authz.common.authenticator.AuthenticatorType;
import net.krotscheck.kangaroo.authz.common.database.entity.ClientType;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthToken;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthTokenType;
import net.krotscheck.kangaroo.authz.test.ApplicationBuilder;
import net.krotscheck.kangaroo.common.hibernate.id.IdUtil;
import net.krotscheck.kangaroo.test.jersey.DatabaseTest;
import net.krotscheck.kangaroo.test.rule.TestDataResource;
import net.krotscheck.kangaroo.util.HttpUtil;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.MapConfiguration;
import org.hibernate.Session;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.Mockito;

/* loaded from: input_file:net/krotscheck/kangaroo/authz/admin/v1/auth/filter/OAuth2AuthenticationFilterTest.class */
public class OAuth2AuthenticationFilterTest extends DatabaseTest {
    private static ApplicationBuilder.ApplicationContext context;

    @ClassRule
    public static final TestDataResource TEST_DATA_RESOURCE = new TestDataResource(HIBERNATE_RESOURCE) { // from class: net.krotscheck.kangaroo.authz.admin.v1.auth.filter.OAuth2AuthenticationFilterTest.1
        protected void loadTestData(Session session) {
            ApplicationBuilder.ApplicationContext unused = OAuth2AuthenticationFilterTest.context = ApplicationBuilder.newApplication(session).role("admin").scope("one").scope("two").client(ClientType.OwnerCredentials).authenticator(AuthenticatorType.Test).user().build();
        }
    };
    private final Provider<Session> sessionProvider = this::getSession;
    private final Provider<Configuration> configProvider = () -> {
        HashMap hashMap = new HashMap();
        hashMap.put("application_id", IdUtil.toString(context.getApplication().getId()));
        return new MapConfiguration(hashMap);
    };
    private ContainerRequestContext requestContext;
    private SecurityContext securityContext;

    @Test
    public void assertCorrectPriority() throws Exception {
        Assert.assertEquals(1000L, OAuth2AuthenticationFilter.class.getAnnotation(Priority.class).value());
    }

    @Before
    public void setup() {
        this.requestContext = (ContainerRequestContext) Mockito.mock(ContainerRequestContext.class);
        this.securityContext = (SecurityContext) Mockito.mock(SecurityContext.class);
        UriInfo uriInfo = (UriInfo) Mockito.mock(UriInfo.class);
        UriBuilder fromPath = UriBuilder.fromPath("http://example.com/");
        List singletonList = Collections.singletonList("path");
        ((ContainerRequestContext) Mockito.doReturn(this.securityContext).when(this.requestContext)).getSecurityContext();
        ((ContainerRequestContext) Mockito.doReturn(uriInfo).when(this.requestContext)).getUriInfo();
        ((UriInfo) Mockito.doReturn(fromPath).when(uriInfo)).getBaseUriBuilder();
        ((UriInfo) Mockito.doReturn(singletonList).when(uriInfo)).getMatchedURIs();
    }

    @Test
    public void assertValidToken() throws Exception {
        OAuthToken token = context.getBuilder().bearerToken("one").build().getToken();
        OAuth2AuthenticationFilter oAuth2AuthenticationFilter = new OAuth2AuthenticationFilter(this.sessionProvider, this.configProvider, new String[]{"one"});
        ((ContainerRequestContext) Mockito.doReturn(HttpUtil.authHeaderBearer(token.getId())).when(this.requestContext)).getHeaderString("Authorization");
        oAuth2AuthenticationFilter.filter(this.requestContext);
        ArgumentCaptor forClass = ArgumentCaptor.forClass(OAuth2SecurityContext.class);
        ((ContainerRequestContext) Mockito.verify(this.requestContext, Mockito.times(1))).setSecurityContext((SecurityContext) forClass.capture());
        Assert.assertEquals(token, ((OAuth2SecurityContext) forClass.getValue()).getUserPrincipal());
    }

    @Test(expected = OAuth2NotAuthorizedException.class)
    public void assertNoContext() throws Exception {
        ((ContainerRequestContext) Mockito.doReturn((Object) null).when(this.requestContext)).getSecurityContext();
        new OAuth2AuthenticationFilter(this.sessionProvider, this.configProvider, new String[]{"one"}).filter(this.requestContext);
    }

    @Test(expected = OAuth2NotAuthorizedException.class)
    public void assertEmptyToken() throws Exception {
        OAuth2AuthenticationFilter oAuth2AuthenticationFilter = new OAuth2AuthenticationFilter(this.sessionProvider, this.configProvider, new String[]{"one"});
        ((ContainerRequestContext) Mockito.doReturn(HttpUtil.authHeaderBearer("")).when(this.requestContext)).getHeaderString("Authorization");
        oAuth2AuthenticationFilter.filter(this.requestContext);
    }

    @Test(expected = OAuth2NotAuthorizedException.class)
    public void assertInvalidToken() throws Exception {
        OAuth2AuthenticationFilter oAuth2AuthenticationFilter = new OAuth2AuthenticationFilter(this.sessionProvider, this.configProvider, new String[]{"one"});
        ((ContainerRequestContext) Mockito.doReturn(HttpUtil.authHeaderBearer(IdUtil.next())).when(this.requestContext)).getHeaderString("Authorization");
        oAuth2AuthenticationFilter.filter(this.requestContext);
    }

    @Test(expected = OAuth2NotAuthorizedException.class)
    public void assertExpiredToken() throws Exception {
        OAuthToken token = context.getBuilder().token(OAuthTokenType.Bearer, true, "one", null, null).build().getToken();
        OAuth2AuthenticationFilter oAuth2AuthenticationFilter = new OAuth2AuthenticationFilter(this.sessionProvider, this.configProvider, new String[]{"one"});
        ((ContainerRequestContext) Mockito.doReturn(HttpUtil.authHeaderBearer(token.getId())).when(this.requestContext)).getHeaderString("Authorization");
        oAuth2AuthenticationFilter.filter(this.requestContext);
    }

    @Test(expected = OAuth2NotAuthorizedException.class)
    public void assertEmptyHeader() throws Exception {
        OAuth2AuthenticationFilter oAuth2AuthenticationFilter = new OAuth2AuthenticationFilter(this.sessionProvider, this.configProvider, new String[]{"one"});
        ((ContainerRequestContext) Mockito.doReturn("").when(this.requestContext)).getHeaderString("Authorization");
        oAuth2AuthenticationFilter.filter(this.requestContext);
    }

    @Test(expected = OAuth2NotAuthorizedException.class)
    public void assertBadlyFormattedHeader() throws Exception {
        OAuth2AuthenticationFilter oAuth2AuthenticationFilter = new OAuth2AuthenticationFilter(this.sessionProvider, this.configProvider, new String[]{"one"});
        ((ContainerRequestContext) Mockito.doReturn("invalid_format").when(this.requestContext)).getHeaderString("Authorization");
        oAuth2AuthenticationFilter.filter(this.requestContext);
    }

    @Test(expected = OAuth2NotAuthorizedException.class)
    public void assertNoBearerHeader() throws Exception {
        OAuth2AuthenticationFilter oAuth2AuthenticationFilter = new OAuth2AuthenticationFilter(this.sessionProvider, this.configProvider, new String[]{"one"});
        ((ContainerRequestContext) Mockito.doReturn("HMAC Token").when(this.requestContext)).getHeaderString("Authorization");
        oAuth2AuthenticationFilter.filter(this.requestContext);
    }

    @Test(expected = OAuth2NotAuthorizedException.class)
    public void assertBadlyFormedToken() throws Exception {
        OAuth2AuthenticationFilter oAuth2AuthenticationFilter = new OAuth2AuthenticationFilter(this.sessionProvider, this.configProvider, new String[]{"one"});
        ((ContainerRequestContext) Mockito.doReturn("Bearer not_a_BigInteger").when(this.requestContext)).getHeaderString("Authorization");
        oAuth2AuthenticationFilter.filter(this.requestContext);
    }
}
