package com.hortonworks.registries.auth;

import com.hortonworks.registries.auth.server.AuthenticationToken;
import com.hortonworks.registries.auth.server.KerberosAuthenticationHandler;
import com.hortonworks.registries.auth.util.JaasConfiguration;
import com.hortonworks.registries.auth.util.KerberosUtil;
import java.io.File;
import java.util.HashMap;
import java.util.Properties;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.minikdc.KerberosSecurityTestcase;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:com/hortonworks/registries/auth/TestKerberosLogin.class */
public class TestKerberosLogin extends KerberosSecurityTestcase {
    protected KerberosAuthenticationHandler handler;

    protected KerberosAuthenticationHandler getNewAuthenticationHandler() {
        return new KerberosAuthenticationHandler();
    }

    protected Properties getDefaultProperties() {
        Properties properties = new Properties();
        properties.setProperty("kerberos.principal", KerberosTestUtils.getServerPrincipal());
        properties.setProperty("kerberos.keytab", KerberosTestUtils.getKeytabFile());
        properties.setProperty("kerberos.name.rules", "RULE:[1:$1@$0](.*@" + KerberosTestUtils.getRealm() + ")s/@.*//\n");
        return properties;
    }

    @Before
    public void setup() throws Exception {
        File file = new File(KerberosTestUtils.getKeytabFile());
        String clientPrincipal = KerberosTestUtils.getClientPrincipal();
        String serverPrincipal = KerberosTestUtils.getServerPrincipal();
        getKdc().createPrincipal(file, new String[]{serverPrincipal.substring(0, serverPrincipal.lastIndexOf("@")), clientPrincipal.substring(0, clientPrincipal.lastIndexOf("@"))});
        this.handler = getNewAuthenticationHandler();
        try {
            this.handler.init(getDefaultProperties());
        } catch (Exception e) {
            this.handler = null;
            throw e;
        }
    }

    @Test(timeout = 60000)
    public void testRequestWithKerberosAuthorization() throws Exception {
        KerberosLogin kerberosLogin = new KerberosLogin();
        System.out.println(KerberosTestUtils.getJaasConfigForClientPrincipal());
        kerberosLogin.configure(new HashMap(), "RegistryClient", new JaasConfiguration("RegistryClient", KerberosTestUtils.getJaasConfigForClientPrincipal()));
        kerberosLogin.login();
        String str = (String) Subject.doAs(kerberosLogin.loginContext.getSubject(), () -> {
            GSSManager gSSManager = GSSManager.getInstance();
            GSSContext gSSContext = null;
            try {
                gSSContext = gSSManager.createContext(gSSManager.createName(KerberosTestUtils.getServerPrincipal(), KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL")), KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID"), (GSSCredential) null, 0);
                gSSContext.requestCredDeleg(true);
                gSSContext.requestMutualAuth(true);
                byte[] bArr = new byte[0];
                String encodeToString = new Base64(0).encodeToString(gSSContext.initSecContext(bArr, 0, bArr.length));
                if (gSSContext != null) {
                    gSSContext.dispose();
                }
                return encodeToString;
            } catch (Throwable th) {
                if (gSSContext != null) {
                    gSSContext.dispose();
                }
                throw th;
            }
        });
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(httpServletRequest.getHeader("Authorization")).thenReturn("Negotiate " + str);
        Mockito.when(httpServletRequest.getServerName()).thenReturn("localhost");
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        AuthenticationToken authenticate = this.handler.authenticate(httpServletRequest, httpServletResponse);
        if (authenticate == null) {
            ((HttpServletResponse) Mockito.verify(httpServletResponse)).setHeader((String) Mockito.eq("WWW-Authenticate"), Mockito.matches("Negotiate .*"));
            ((HttpServletResponse) Mockito.verify(httpServletResponse)).setStatus(401);
        } else {
            ((HttpServletResponse) Mockito.verify(httpServletResponse)).setHeader((String) Mockito.eq("WWW-Authenticate"), Mockito.matches("Negotiate .*"));
            ((HttpServletResponse) Mockito.verify(httpServletResponse)).setStatus(200);
            Assert.assertEquals(KerberosTestUtils.getClientPrincipal(), authenticate.getName());
            Assert.assertTrue(KerberosTestUtils.getClientPrincipal().startsWith(authenticate.getUserName()));
        }
    }

    @After
    public void tearDown() throws Exception {
        if (this.handler != null) {
            this.handler.destroy();
            this.handler = null;
        }
    }
}
