package org.kuali.kfs.web.filter;

import java.io.PrintWriter;
import java.util.Optional;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.junit.jupiter.api.parallel.Execution;
import org.junit.jupiter.api.parallel.ExecutionMode;
import org.kuali.kfs.kns.bo.AuthenticationValidationResponse;
import org.kuali.kfs.kns.service.CfAuthenticationService;
import org.kuali.kfs.krad.UserSession;
import org.kuali.kfs.sys.businessobject.JwtData;
import org.kuali.kfs.sys.service.CoreApiKeyAuthenticationService;
import org.kuali.kfs.sys.service.JwtService;
import org.kuali.kfs.sys.util.BearerTokenContext;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;

@Execution(ExecutionMode.SAME_THREAD)
@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:org/kuali/kfs/web/filter/ResourceLoginFilterTest.class */
class ResourceLoginFilterTest {
    private ResourceLoginFilter cut;

    @Mock
    private HttpServletRequest requestMock;

    @Mock
    private HttpServletResponse responseMock;

    @Mock
    private HttpSession sessionMock;

    @Mock
    private PrintWriter writerMock;

    @Mock
    private FilterChain filterChainMock;

    @Mock
    private CfAuthenticationService cfAuthSvcMock;

    @Mock
    private CoreApiKeyAuthenticationService coreApiKeyAuthSvcMock;

    @Mock
    private JwtService jwtSvcMock;

    @Mock
    private UserSession userSessionMock;
    private boolean userSessionEstablished;

    ResourceLoginFilterTest() {
    }

    @BeforeEach
    void setUp() {
        this.cut = new ResourceLoginFilter() { // from class: org.kuali.kfs.web.filter.ResourceLoginFilterTest.1
            protected JwtService getJwtService() {
                return ResourceLoginFilterTest.this.jwtSvcMock;
            }

            protected CoreApiKeyAuthenticationService getCoreApiKeyAuthenticationService() {
                return ResourceLoginFilterTest.this.coreApiKeyAuthSvcMock;
            }

            protected boolean isUserSessionEstablished(HttpServletRequest httpServletRequest) {
                return ResourceLoginFilterTest.this.userSessionEstablished;
            }

            protected void establishUserSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            }

            protected void setUserSession(HttpServletRequest httpServletRequest, String str) {
            }

            protected CfAuthenticationService getCfAuthenticationService() {
                return ResourceLoginFilterTest.this.cfAuthSvcMock;
            }
        };
        this.userSessionEstablished = false;
    }

    @AfterEach
    void tearDown() {
        BearerTokenContext.clear();
    }

    @Test
    void notInSession() throws Exception {
        this.userSessionEstablished = false;
        Mockito.when(this.requestMock.getHeader("Authorization")).thenReturn((Object) null);
        this.responseMock.setStatus(401);
        Mockito.when(this.responseMock.getWriter()).thenReturn(this.writerMock);
        this.writerMock.println("[ \"Unauthorized\" ]");
        Mockito.when(this.sessionMock.getAttribute("userSession")).thenReturn(this.userSessionMock);
        Mockito.when(this.requestMock.getSession()).thenReturn(this.sessionMock);
        this.cut.doFilter(this.requestMock, this.responseMock, this.filterChainMock);
        ((HttpServletRequest) Mockito.verify(this.requestMock)).getHeader(ArgumentMatchers.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{this.requestMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.coreApiKeyAuthSvcMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.jwtSvcMock});
        Assertions.assertNull(BearerTokenContext.getBearerToken());
    }

    @Test
    void notInSessionOrRequest() throws Exception {
        this.userSessionEstablished = false;
        Mockito.when(this.requestMock.getHeader("Authorization")).thenReturn((Object) null);
        this.responseMock.setStatus(401);
        Mockito.when(this.responseMock.getWriter()).thenReturn(this.writerMock);
        this.writerMock.println("[ \"Unauthorized\" ]");
        Mockito.when(this.sessionMock.getAttribute("userSession")).thenReturn(this.userSessionMock);
        Mockito.when(this.requestMock.getSession()).thenReturn(this.sessionMock);
        this.cut.doFilter(this.requestMock, this.responseMock, this.filterChainMock);
        ((HttpServletRequest) Mockito.verify(this.requestMock)).getHeader(ArgumentMatchers.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{this.requestMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.coreApiKeyAuthSvcMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.jwtSvcMock});
        Assertions.assertNull(BearerTokenContext.getBearerToken());
    }

    @Test
    void inSession() throws Exception {
        this.userSessionEstablished = true;
        Mockito.when(this.userSessionMock.getPrincipalName()).thenReturn("SomeUser");
        Mockito.when(this.sessionMock.getAttribute("userSession")).thenReturn(this.userSessionMock);
        Mockito.when(this.requestMock.getHeader("Authorization")).thenReturn((Object) null);
        Mockito.when(this.requestMock.getSession()).thenReturn(this.sessionMock);
        this.filterChainMock.doFilter(this.requestMock, this.responseMock);
        Mockito.when(this.cfAuthSvcMock.validatePrincipalName(ArgumentMatchers.anyString())).thenReturn(AuthenticationValidationResponse.VALID_AUTHENTICATION);
        this.cut.doFilter(this.requestMock, this.responseMock, this.filterChainMock);
        ((HttpServletRequest) Mockito.verify(this.requestMock, Mockito.times(2))).getHeader(ArgumentMatchers.anyString());
        ((FilterChain) Mockito.verify(this.filterChainMock, Mockito.times(2))).doFilter(this.requestMock, this.responseMock);
        Mockito.verifyNoMoreInteractions(new Object[]{this.filterChainMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.jwtSvcMock});
        Assertions.assertNull(BearerTokenContext.getBearerToken());
    }

    @Test
    void inSessionEmptyHeader() throws Exception {
        this.userSessionEstablished = true;
        Mockito.when(this.userSessionMock.getPrincipalName()).thenReturn("SomeUser");
        Mockito.when(this.sessionMock.getAttribute("userSession")).thenReturn(this.userSessionMock);
        Mockito.when(this.requestMock.getHeader("Authorization")).thenReturn("");
        Mockito.when(this.requestMock.getSession()).thenReturn(this.sessionMock);
        this.responseMock.setStatus(401);
        this.writerMock.println("[ \"Unauthorized\" ]");
        this.filterChainMock.doFilter(this.requestMock, this.responseMock);
        Mockito.when(this.cfAuthSvcMock.validatePrincipalName(ArgumentMatchers.anyString())).thenReturn(AuthenticationValidationResponse.VALID_AUTHENTICATION);
        this.cut.doFilter(this.requestMock, this.responseMock, this.filterChainMock);
        ((HttpServletRequest) Mockito.verify(this.requestMock, Mockito.times(2))).getHeader(ArgumentMatchers.anyString());
        ((FilterChain) Mockito.verify(this.filterChainMock, Mockito.times(2))).doFilter(this.requestMock, this.responseMock);
        Mockito.verifyNoMoreInteractions(new Object[]{this.filterChainMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.jwtSvcMock});
        Assertions.assertNull(BearerTokenContext.getBearerToken());
    }

    @Test
    void blankAuthHeader() throws Exception {
        Mockito.when(this.requestMock.getHeader("Authorization")).thenReturn("");
        this.responseMock.setStatus(401);
        Mockito.when(this.responseMock.getWriter()).thenReturn(this.writerMock);
        this.writerMock.println("[ \"Unauthorized\" ]");
        Mockito.when(this.sessionMock.getAttribute("userSession")).thenReturn(this.userSessionMock);
        Mockito.when(this.requestMock.getSession()).thenReturn(this.sessionMock);
        this.cut.doFilter(this.requestMock, this.responseMock, this.filterChainMock);
        ((HttpServletRequest) Mockito.verify(this.requestMock)).getHeader(ArgumentMatchers.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{this.requestMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.coreApiKeyAuthSvcMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.filterChainMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.jwtSvcMock});
        Assertions.assertNull(BearerTokenContext.getBearerToken());
    }

    @Test
    void noBearerHeader() throws Exception {
        Mockito.when(this.requestMock.getHeader("Authorization")).thenReturn("XXX");
        this.responseMock.setStatus(401);
        Mockito.when(this.responseMock.getWriter()).thenReturn(this.writerMock);
        this.writerMock.println("[ \"Unauthorized\" ]");
        Mockito.when(this.sessionMock.getAttribute("userSession")).thenReturn(this.userSessionMock);
        Mockito.when(this.requestMock.getSession()).thenReturn(this.sessionMock);
        this.cut.doFilter(this.requestMock, this.responseMock, this.filterChainMock);
        ((HttpServletRequest) Mockito.verify(this.requestMock)).getHeader(ArgumentMatchers.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{this.requestMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.coreApiKeyAuthSvcMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.filterChainMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.jwtSvcMock});
        Assertions.assertNull(BearerTokenContext.getBearerToken());
    }

    @Test
    void onlyBearerHeader() throws Exception {
        Mockito.when(this.requestMock.getHeader("Authorization")).thenReturn("Bearer");
        this.responseMock.setStatus(401);
        Mockito.when(this.responseMock.getWriter()).thenReturn(this.writerMock);
        this.writerMock.println("[ \"Unauthorized\" ]");
        Mockito.when(this.sessionMock.getAttribute("userSession")).thenReturn(this.userSessionMock);
        Mockito.when(this.requestMock.getSession()).thenReturn(this.sessionMock);
        this.cut.doFilter(this.requestMock, this.responseMock, this.filterChainMock);
        ((HttpServletRequest) Mockito.verify(this.requestMock)).getHeader(ArgumentMatchers.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{this.requestMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.coreApiKeyAuthSvcMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.filterChainMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.jwtSvcMock});
        Assertions.assertNull(BearerTokenContext.getBearerToken());
    }

    @Test
    void blankKeyHeader() throws Exception {
        Mockito.when(this.requestMock.getHeader("Authorization")).thenReturn("Bearer ");
        this.responseMock.setStatus(401);
        Mockito.when(this.responseMock.getWriter()).thenReturn(this.writerMock);
        this.writerMock.println("[ \"Unauthorized\" ]");
        Mockito.when(this.sessionMock.getAttribute("userSession")).thenReturn(this.userSessionMock);
        Mockito.when(this.requestMock.getSession()).thenReturn(this.sessionMock);
        this.cut.doFilter(this.requestMock, this.responseMock, this.filterChainMock);
        ((HttpServletRequest) Mockito.verify(this.requestMock)).getHeader(ArgumentMatchers.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{this.requestMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.coreApiKeyAuthSvcMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.filterChainMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.jwtSvcMock});
        Assertions.assertNull(BearerTokenContext.getBearerToken());
    }

    @Test
    void nonCoreBadHeader() throws Exception {
        Mockito.when(this.requestMock.getHeader("Authorization")).thenReturn("Bearer BAD");
        Mockito.when(this.sessionMock.getAttribute("userSession")).thenReturn(this.userSessionMock);
        Mockito.when(this.requestMock.getSession()).thenReturn(this.sessionMock);
        Mockito.when(Boolean.valueOf(this.coreApiKeyAuthSvcMock.useCore())).thenReturn(false);
        Mockito.when(this.jwtSvcMock.decodeJwt("BAD")).thenThrow(new Throwable[]{new RuntimeException("Error")});
        this.responseMock.setStatus(401);
        Mockito.when(this.responseMock.getWriter()).thenReturn(this.writerMock);
        this.writerMock.println("[ \"Unauthorized\" ]");
        this.cut.doFilter(this.requestMock, this.responseMock, this.filterChainMock);
        ((HttpServletRequest) Mockito.verify(this.requestMock)).getHeader(ArgumentMatchers.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{this.requestMock});
        ((CoreApiKeyAuthenticationService) Mockito.verify(this.coreApiKeyAuthSvcMock)).useCore();
        Mockito.verifyNoMoreInteractions(new Object[]{this.coreApiKeyAuthSvcMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.filterChainMock});
        ((JwtService) Mockito.verify(this.jwtSvcMock)).decodeJwt(ArgumentMatchers.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{this.jwtSvcMock});
        Assertions.assertNull(BearerTokenContext.getBearerToken());
    }

    @Test
    void nonCoreGoodHeader() throws Exception {
        Mockito.when(this.requestMock.getHeader("Authorization")).thenReturn("Bearer GOOD");
        Mockito.when(this.sessionMock.getAttribute("userSession")).thenReturn(this.userSessionMock);
        Mockito.when(this.requestMock.getSession()).thenReturn(this.sessionMock);
        Mockito.when(Boolean.valueOf(this.coreApiKeyAuthSvcMock.useCore())).thenReturn(false);
        Mockito.when(this.jwtSvcMock.decodeJwt("GOOD")).thenReturn(new JwtData("user", 1000));
        this.filterChainMock.doFilter(this.requestMock, this.responseMock);
        Mockito.when(this.cfAuthSvcMock.validatePrincipalName(ArgumentMatchers.anyString())).thenReturn(AuthenticationValidationResponse.VALID_AUTHENTICATION);
        this.cut.doFilter(this.requestMock, this.responseMock, this.filterChainMock);
        ((HttpServletRequest) Mockito.verify(this.requestMock, Mockito.times(2))).getHeader(ArgumentMatchers.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{this.requestMock});
        ((CoreApiKeyAuthenticationService) Mockito.verify(this.coreApiKeyAuthSvcMock)).useCore();
        Mockito.verifyNoMoreInteractions(new Object[]{this.coreApiKeyAuthSvcMock});
        ((JwtService) Mockito.verify(this.jwtSvcMock)).decodeJwt(ArgumentMatchers.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{this.jwtSvcMock});
        ((FilterChain) Mockito.verify(this.filterChainMock, Mockito.times(2))).doFilter(this.requestMock, this.responseMock);
        Mockito.verifyNoMoreInteractions(new Object[]{this.filterChainMock});
        Assertions.assertEquals("GOOD", BearerTokenContext.getBearerToken());
    }

    @Test
    void coreBadHeader() throws Exception {
        Mockito.when(this.requestMock.getHeader("Authorization")).thenReturn("Bearer BAD");
        Mockito.when(this.sessionMock.getAttribute("userSession")).thenReturn(this.userSessionMock);
        Mockito.when(this.requestMock.getSession()).thenReturn(this.sessionMock);
        Mockito.when(Boolean.valueOf(this.coreApiKeyAuthSvcMock.useCore())).thenReturn(true);
        Mockito.when(this.coreApiKeyAuthSvcMock.getPrincipalIdFromApiKey("BAD", this.userSessionMock)).thenReturn(Optional.empty());
        this.responseMock.setStatus(401);
        Mockito.when(this.responseMock.getWriter()).thenReturn(this.writerMock);
        this.writerMock.println("[ \"Unauthorized\" ]");
        this.cut.doFilter(this.requestMock, this.responseMock, this.filterChainMock);
        ((HttpServletRequest) Mockito.verify(this.requestMock)).getHeader(ArgumentMatchers.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{this.requestMock});
        ((CoreApiKeyAuthenticationService) Mockito.verify(this.coreApiKeyAuthSvcMock)).useCore();
        ((CoreApiKeyAuthenticationService) Mockito.verify(this.coreApiKeyAuthSvcMock)).getPrincipalIdFromApiKey(ArgumentMatchers.anyString(), (UserSession) ArgumentMatchers.eq(this.userSessionMock));
        Mockito.verifyNoMoreInteractions(new Object[]{this.coreApiKeyAuthSvcMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.filterChainMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.jwtSvcMock});
        Assertions.assertNull(BearerTokenContext.getBearerToken());
    }

    @Test
    void coreGoodHeader() throws Exception {
        Mockito.when(this.requestMock.getHeader("Authorization")).thenReturn("Bearer GOOD");
        Mockito.when(this.sessionMock.getAttribute("userSession")).thenReturn(this.userSessionMock);
        Mockito.when(this.requestMock.getSession()).thenReturn(this.sessionMock);
        Mockito.when(Boolean.valueOf(this.coreApiKeyAuthSvcMock.useCore())).thenReturn(true);
        Mockito.when(this.coreApiKeyAuthSvcMock.getPrincipalIdFromApiKey("GOOD", this.userSessionMock)).thenReturn(Optional.of("user"));
        this.filterChainMock.doFilter(this.requestMock, this.responseMock);
        Mockito.when(this.cfAuthSvcMock.validatePrincipalName(ArgumentMatchers.anyString())).thenReturn(AuthenticationValidationResponse.VALID_AUTHENTICATION);
        this.cut.doFilter(this.requestMock, this.responseMock, this.filterChainMock);
        ((HttpServletRequest) Mockito.verify(this.requestMock, Mockito.times(2))).getHeader(ArgumentMatchers.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{this.requestMock});
        ((CoreApiKeyAuthenticationService) Mockito.verify(this.coreApiKeyAuthSvcMock)).useCore();
        ((CoreApiKeyAuthenticationService) Mockito.verify(this.coreApiKeyAuthSvcMock)).getPrincipalIdFromApiKey(ArgumentMatchers.anyString(), (UserSession) ArgumentMatchers.eq(this.userSessionMock));
        Mockito.verifyNoMoreInteractions(new Object[]{this.coreApiKeyAuthSvcMock});
        ((FilterChain) Mockito.verify(this.filterChainMock, Mockito.times(2))).doFilter(this.requestMock, this.responseMock);
        Mockito.verifyNoMoreInteractions(new Object[]{this.filterChainMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.jwtSvcMock});
        Assertions.assertEquals("GOOD", BearerTokenContext.getBearerToken());
    }

    @Test
    void coreGoodHeaderInactiveUser() throws Exception {
        Mockito.when(this.requestMock.getHeader("Authorization")).thenReturn("Bearer GOOD");
        Mockito.when(Boolean.valueOf(this.coreApiKeyAuthSvcMock.useCore())).thenReturn(true);
        Mockito.when(this.sessionMock.getAttribute("userSession")).thenReturn(this.userSessionMock);
        Mockito.when(this.requestMock.getSession()).thenReturn(this.sessionMock);
        Mockito.when(this.coreApiKeyAuthSvcMock.getPrincipalIdFromApiKey("GOOD", this.userSessionMock)).thenReturn(Optional.of("user"));
        Mockito.when(this.cfAuthSvcMock.validatePrincipalName(ArgumentMatchers.anyString())).thenReturn(AuthenticationValidationResponse.INVALID_PRINCIPAL_CANNOT_LOGIN);
        expectForbiddenResponse();
        this.cut.doFilter(this.requestMock, this.responseMock, this.filterChainMock);
        ((HttpServletRequest) Mockito.verify(this.requestMock)).getHeader(ArgumentMatchers.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{this.requestMock});
        ((CoreApiKeyAuthenticationService) Mockito.verify(this.coreApiKeyAuthSvcMock)).useCore();
        ((CoreApiKeyAuthenticationService) Mockito.verify(this.coreApiKeyAuthSvcMock)).getPrincipalIdFromApiKey(ArgumentMatchers.anyString(), (UserSession) ArgumentMatchers.eq(this.userSessionMock));
        Mockito.verifyNoMoreInteractions(new Object[]{this.coreApiKeyAuthSvcMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.filterChainMock});
        Mockito.verifyNoMoreInteractions(new Object[]{this.jwtSvcMock});
        Assertions.assertNull(BearerTokenContext.getBearerToken());
    }

    private void expectForbiddenResponse() throws Exception {
        this.responseMock.setStatus(403);
        Mockito.when(this.responseMock.getWriter()).thenReturn(this.writerMock);
        this.writerMock.println("[ \"Forbidden\" ]");
    }
}
