package org.apache.hadoop.security.authentication.server;

import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.net.HttpCookie;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Properties;
import java.util.Vector;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.util.Signer;
import org.apache.hadoop.security.authentication.util.SignerSecretProvider;
import org.apache.hadoop.security.authentication.util.StringSignerSecretProvider;
import org.apache.hadoop.security.authentication.util.StringSignerSecretProviderCreator;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-auth-2.7.6-tests.jar:org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.class
 */
/* loaded from: input_file:test-classes/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.class */
public class TestAuthenticationFilter {
    private static final long TOKEN_VALIDITY_SEC = 1000;

    /* JADX WARN: Classes with same name are omitted:
      input_file:hadoop-auth-2.7.6-tests.jar:org/apache/hadoop/security/authentication/server/TestAuthenticationFilter$DummyAuthenticationHandler.class
     */
    /* loaded from: input_file:test-classes/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter$DummyAuthenticationHandler.class */
    public static class DummyAuthenticationHandler implements AuthenticationHandler {
        public static boolean init;
        public static boolean managementOperationReturn;
        public static boolean destroy;
        public static boolean expired;
        public static final String TYPE = "dummy";

        public static void reset() {
            init = false;
            destroy = false;
        }

        @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
        public void init(Properties properties) throws ServletException {
            init = true;
            managementOperationReturn = properties.getProperty("management.operation.return", "true").equals("true");
            expired = properties.getProperty("expired.token", "false").equals("true");
        }

        @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
        public boolean managementOperation(AuthenticationToken authenticationToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, AuthenticationException {
            if (!managementOperationReturn) {
                httpServletResponse.setStatus(202);
            }
            return managementOperationReturn;
        }

        @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
        public void destroy() {
            destroy = true;
        }

        @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
        public String getType() {
            return TYPE;
        }

        @Override // org.apache.hadoop.security.authentication.server.AuthenticationHandler
        public AuthenticationToken authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, AuthenticationException {
            AuthenticationToken authenticationToken = null;
            String parameter = httpServletRequest.getParameter("authenticated");
            if (parameter != null && parameter.equals("true")) {
                authenticationToken = new AuthenticationToken("u", "p", "t");
                authenticationToken.setExpires(expired ? 0L : System.currentTimeMillis() + TestAuthenticationFilter.TOKEN_VALIDITY_SEC);
            } else {
                if (httpServletRequest.getHeader("WWW-Authenticate") != null) {
                    throw new AuthenticationException("AUTH FAILED");
                }
                httpServletResponse.setHeader("WWW-Authenticate", "dummyauth");
            }
            return authenticationToken;
        }
    }

    @Test
    public void testGetConfiguration() throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
        Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.CONFIG_PREFIX)).thenReturn("");
        Mockito.when(filterConfig.getInitParameter("a")).thenReturn("A");
        Mockito.when(filterConfig.getInitParameterNames()).thenReturn(new Vector(Arrays.asList("a")).elements());
        Assert.assertEquals("A", authenticationFilter.getConfiguration("", filterConfig).getProperty("a"));
        FilterConfig filterConfig2 = (FilterConfig) Mockito.mock(FilterConfig.class);
        Mockito.when(filterConfig2.getInitParameter(AuthenticationFilter.CONFIG_PREFIX)).thenReturn("foo");
        Mockito.when(filterConfig2.getInitParameter("foo.a")).thenReturn("A");
        Mockito.when(filterConfig2.getInitParameterNames()).thenReturn(new Vector(Arrays.asList("foo.a")).elements());
        Assert.assertEquals("A", authenticationFilter.getConfiguration("foo.", filterConfig2).getProperty("a"));
    }

    @Test
    public void testInitEmpty() throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        try {
            FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
            Mockito.when(filterConfig.getInitParameterNames()).thenReturn(new Vector().elements());
            authenticationFilter.init(filterConfig);
            Assert.fail();
        } catch (ServletException e) {
            Assert.assertEquals("Authentication type must be specified: simple|kerberos|<class>", e.getMessage());
        } catch (Exception e2) {
            Assert.fail();
        } finally {
            authenticationFilter.destroy();
        }
    }

    @Test
    public void testFallbackToRandomSecretProvider() throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        try {
            FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(PseudoAuthenticationHandler.TYPE);
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TOKEN_VALIDITY)).thenReturn(new Long(TOKEN_VALIDITY_SEC).toString());
            Mockito.when(filterConfig.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.AUTH_TOKEN_VALIDITY)).elements());
            ServletContext servletContext = (ServletContext) Mockito.mock(ServletContext.class);
            Mockito.when(servletContext.getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE)).thenReturn((Object) null);
            Mockito.when(filterConfig.getServletContext()).thenReturn(servletContext);
            authenticationFilter.init(filterConfig);
            Assert.assertEquals(PseudoAuthenticationHandler.class, authenticationFilter.getAuthenticationHandler().getClass());
            Assert.assertTrue(authenticationFilter.isRandomSecret());
            Assert.assertFalse(authenticationFilter.isCustomSignerSecretProvider());
            Assert.assertNull(authenticationFilter.getCookieDomain());
            Assert.assertNull(authenticationFilter.getCookiePath());
            Assert.assertEquals(TOKEN_VALIDITY_SEC, authenticationFilter.getValidity());
            authenticationFilter.destroy();
        } catch (Throwable th) {
            authenticationFilter.destroy();
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    @Test
    public void testInit() throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        try {
            FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(PseudoAuthenticationHandler.TYPE);
            Mockito.when(filterConfig.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE)).elements());
            ServletContext servletContext = (ServletContext) Mockito.mock(ServletContext.class);
            Mockito.when(servletContext.getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE)).thenReturn(new SignerSecretProvider() { // from class: org.apache.hadoop.security.authentication.server.TestAuthenticationFilter.1
                @Override // org.apache.hadoop.security.authentication.util.SignerSecretProvider
                public void init(Properties properties, ServletContext servletContext2, long j) {
                }

                @Override // org.apache.hadoop.security.authentication.util.SignerSecretProvider
                public byte[] getCurrentSecret() {
                    return null;
                }

                @Override // org.apache.hadoop.security.authentication.util.SignerSecretProvider
                public byte[][] getAllSecrets() {
                    return (byte[][]) null;
                }
            });
            Mockito.when(filterConfig.getServletContext()).thenReturn(servletContext);
            authenticationFilter.init(filterConfig);
            Assert.assertFalse(authenticationFilter.isRandomSecret());
            Assert.assertTrue(authenticationFilter.isCustomSignerSecretProvider());
            authenticationFilter.destroy();
            File file = new File(System.getProperty("test.build.data", "target/test-dir"));
            file.mkdirs();
            File file2 = new File(file, "http-secret.txt");
            FileWriter fileWriter = new FileWriter(file2);
            fileWriter.write("hadoop");
            fileWriter.close();
            AuthenticationFilter authenticationFilter2 = new AuthenticationFilter();
            try {
                FilterConfig filterConfig2 = (FilterConfig) Mockito.mock(FilterConfig.class);
                Mockito.when(filterConfig2.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(PseudoAuthenticationHandler.TYPE);
                Mockito.when(filterConfig2.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET_FILE)).thenReturn(file2.getAbsolutePath());
                Mockito.when(filterConfig2.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET_FILE)).elements());
                ServletContext servletContext2 = (ServletContext) Mockito.mock(ServletContext.class);
                Mockito.when(servletContext2.getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE)).thenReturn((Object) null);
                Mockito.when(filterConfig2.getServletContext()).thenReturn(servletContext2);
                authenticationFilter2.init(filterConfig2);
                Assert.assertFalse(authenticationFilter2.isRandomSecret());
                Assert.assertFalse(authenticationFilter2.isCustomSignerSecretProvider());
                authenticationFilter2.destroy();
                AuthenticationFilter authenticationFilter3 = new AuthenticationFilter();
                try {
                    FilterConfig filterConfig3 = (FilterConfig) Mockito.mock(FilterConfig.class);
                    Mockito.when(filterConfig3.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(PseudoAuthenticationHandler.TYPE);
                    Mockito.when(filterConfig3.getInitParameter(AuthenticationFilter.COOKIE_DOMAIN)).thenReturn(".foo.com");
                    Mockito.when(filterConfig3.getInitParameter(AuthenticationFilter.COOKIE_PATH)).thenReturn("/bar");
                    Mockito.when(filterConfig3.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.COOKIE_DOMAIN, AuthenticationFilter.COOKIE_PATH)).elements());
                    getMockedServletContextWithStringSigner(filterConfig3);
                    authenticationFilter3.init(filterConfig3);
                    Assert.assertEquals(".foo.com", authenticationFilter3.getCookieDomain());
                    Assert.assertEquals("/bar", authenticationFilter3.getCookiePath());
                    authenticationFilter3.destroy();
                    DummyAuthenticationHandler.reset();
                    AuthenticationFilter authenticationFilter4 = new AuthenticationFilter();
                    try {
                        FilterConfig filterConfig4 = (FilterConfig) Mockito.mock(FilterConfig.class);
                        Mockito.when(filterConfig4.getInitParameter("management.operation.return")).thenReturn("true");
                        Mockito.when(filterConfig4.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
                        Mockito.when(filterConfig4.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE, "management.operation.return")).elements());
                        getMockedServletContextWithStringSigner(filterConfig4);
                        authenticationFilter4.init(filterConfig4);
                        Assert.assertTrue(DummyAuthenticationHandler.init);
                        authenticationFilter4.destroy();
                        Assert.assertTrue(DummyAuthenticationHandler.destroy);
                        AuthenticationFilter authenticationFilter5 = new AuthenticationFilter();
                        try {
                            FilterConfig filterConfig5 = (FilterConfig) Mockito.mock(FilterConfig.class);
                            Mockito.when(filterConfig5.getServletContext()).thenReturn((ServletContext) Mockito.mock(ServletContext.class));
                            Mockito.when(filterConfig5.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(KerberosAuthenticationHandler.TYPE);
                            Mockito.when(filterConfig5.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE)).elements());
                            authenticationFilter5.init(filterConfig5);
                            Assert.assertEquals(KerberosAuthenticationHandler.class, authenticationFilter5.getAuthenticationHandler().getClass());
                            authenticationFilter5.destroy();
                        } catch (ServletException e) {
                            Assert.assertEquals(KerberosAuthenticationHandler.class, authenticationFilter5.getAuthenticationHandler().getClass());
                            authenticationFilter5.destroy();
                        } catch (Throwable th) {
                            Assert.assertEquals(KerberosAuthenticationHandler.class, authenticationFilter5.getAuthenticationHandler().getClass());
                            authenticationFilter5.destroy();
                            throw th;
                        }
                    } catch (Throwable th2) {
                        authenticationFilter4.destroy();
                        Assert.assertTrue(DummyAuthenticationHandler.destroy);
                        throw th2;
                    }
                } catch (Throwable th3) {
                    authenticationFilter3.destroy();
                    throw th3;
                }
            } catch (Throwable th4) {
                authenticationFilter2.destroy();
                throw th4;
            }
        } catch (Throwable th5) {
            authenticationFilter.destroy();
            throw th5;
        }
    }

    @Test
    public void testInitCaseSensitivity() throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        try {
            FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn("SimPle");
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TOKEN_VALIDITY)).thenReturn(new Long(TOKEN_VALIDITY_SEC).toString());
            Mockito.when(filterConfig.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.AUTH_TOKEN_VALIDITY)).elements());
            getMockedServletContextWithStringSigner(filterConfig);
            authenticationFilter.init(filterConfig);
            Assert.assertEquals(PseudoAuthenticationHandler.class, authenticationFilter.getAuthenticationHandler().getClass());
        } finally {
            authenticationFilter.destroy();
        }
    }

    @Test
    public void testGetRequestURL() throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        try {
            FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
            Mockito.when(filterConfig.getInitParameter("management.operation.return")).thenReturn("true");
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
            Mockito.when(filterConfig.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE, "management.operation.return")).elements());
            getMockedServletContextWithStringSigner(filterConfig);
            authenticationFilter.init(filterConfig);
            HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
            Mockito.when(httpServletRequest.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
            Mockito.when(httpServletRequest.getQueryString()).thenReturn("a=A&b=B");
            Assert.assertEquals("http://foo:8080/bar?a=A&b=B", authenticationFilter.getRequestURL(httpServletRequest));
            authenticationFilter.destroy();
        } catch (Throwable th) {
            authenticationFilter.destroy();
            throw th;
        }
    }

    @Test
    public void testGetToken() throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        try {
            FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
            Mockito.when(filterConfig.getInitParameter("management.operation.return")).thenReturn("true");
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
            Mockito.when(filterConfig.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements());
            SignerSecretProvider mockedServletContextWithStringSigner = getMockedServletContextWithStringSigner(filterConfig);
            authenticationFilter.init(filterConfig);
            AuthenticationToken authenticationToken = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
            authenticationToken.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
            Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, new Signer(mockedServletContextWithStringSigner).sign(authenticationToken.toString()));
            HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
            Mockito.when(httpServletRequest.getCookies()).thenReturn(new Cookie[]{cookie});
            Assert.assertEquals(authenticationToken.toString(), authenticationFilter.getToken(httpServletRequest).toString());
            authenticationFilter.destroy();
        } catch (Throwable th) {
            authenticationFilter.destroy();
            throw th;
        }
    }

    @Test
    public void testGetTokenExpired() throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        try {
            FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
            Mockito.when(filterConfig.getInitParameter("management.operation.return")).thenReturn("true");
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
            Mockito.when(filterConfig.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements());
            getMockedServletContextWithStringSigner(filterConfig);
            authenticationFilter.init(filterConfig);
            AuthenticationToken authenticationToken = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
            authenticationToken.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC);
            StringSignerSecretProvider newStringSignerSecretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
            Properties properties = new Properties();
            properties.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
            newStringSignerSecretProvider.init(properties, null, TOKEN_VALIDITY_SEC);
            Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, new Signer(newStringSignerSecretProvider).sign(authenticationToken.toString()));
            HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
            Mockito.when(httpServletRequest.getCookies()).thenReturn(new Cookie[]{cookie});
            boolean z = false;
            try {
                try {
                    authenticationFilter.getToken(httpServletRequest);
                    Assert.assertTrue("token not expired", false);
                } finally {
                }
            } catch (AuthenticationException e) {
                Assert.assertEquals("AuthenticationToken expired", e.getMessage());
                z = true;
                Assert.assertTrue("token not expired", true);
            }
            authenticationFilter.destroy();
        } catch (Throwable th) {
            authenticationFilter.destroy();
            throw th;
        }
    }

    @Test
    public void testGetTokenInvalidType() throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        try {
            FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
            Mockito.when(filterConfig.getInitParameter("management.operation.return")).thenReturn("true");
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
            Mockito.when(filterConfig.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements());
            getMockedServletContextWithStringSigner(filterConfig);
            authenticationFilter.init(filterConfig);
            AuthenticationToken authenticationToken = new AuthenticationToken("u", "p", "invalidtype");
            authenticationToken.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
            StringSignerSecretProvider newStringSignerSecretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
            Properties properties = new Properties();
            properties.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
            newStringSignerSecretProvider.init(properties, null, TOKEN_VALIDITY_SEC);
            Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, new Signer(newStringSignerSecretProvider).sign(authenticationToken.toString()));
            HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
            Mockito.when(httpServletRequest.getCookies()).thenReturn(new Cookie[]{cookie});
            boolean z = false;
            try {
                try {
                    authenticationFilter.getToken(httpServletRequest);
                    Assert.assertTrue("token not invalid type", false);
                } finally {
                }
            } catch (AuthenticationException e) {
                Assert.assertEquals("Invalid AuthenticationToken type", e.getMessage());
                z = true;
                Assert.assertTrue("token not invalid type", true);
            }
            authenticationFilter.destroy();
        } catch (Throwable th) {
            authenticationFilter.destroy();
            throw th;
        }
    }

    private static SignerSecretProvider getMockedServletContextWithStringSigner(FilterConfig filterConfig) throws Exception {
        Properties properties = new Properties();
        properties.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
        StringSignerSecretProvider newStringSignerSecretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
        newStringSignerSecretProvider.init(properties, null, TOKEN_VALIDITY_SEC);
        ServletContext servletContext = (ServletContext) Mockito.mock(ServletContext.class);
        Mockito.when(servletContext.getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE)).thenReturn(newStringSignerSecretProvider);
        Mockito.when(filterConfig.getServletContext()).thenReturn(servletContext);
        return newStringSignerSecretProvider;
    }

    @Test
    public void testDoFilterNotAuthenticated() throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        try {
            FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
            Mockito.when(filterConfig.getInitParameter("management.operation.return")).thenReturn("true");
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
            Mockito.when(filterConfig.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE, "management.operation.return")).elements());
            getMockedServletContextWithStringSigner(filterConfig);
            authenticationFilter.init(filterConfig);
            HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
            Mockito.when(httpServletRequest.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
            HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
            FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
            ((FilterChain) Mockito.doAnswer(new Answer<Object>() { // from class: org.apache.hadoop.security.authentication.server.TestAuthenticationFilter.2
                public Object answer(InvocationOnMock invocationOnMock) throws Throwable {
                    Assert.fail();
                    return null;
                }
            }).when(filterChain)).doFilter((ServletRequest) Mockito.anyObject(), (ServletResponse) Mockito.anyObject());
            Mockito.when(Boolean.valueOf(httpServletResponse.containsHeader("WWW-Authenticate"))).thenReturn(true);
            authenticationFilter.doFilter((ServletRequest) httpServletRequest, (ServletResponse) httpServletResponse, filterChain);
            ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendError(401, "Authentication required");
            authenticationFilter.destroy();
        } catch (Throwable th) {
            authenticationFilter.destroy();
            throw th;
        }
    }

    private void _testDoFilterAuthentication(boolean z, boolean z2, boolean z3) throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
        Mockito.when(filterConfig.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(filterConfig.getInitParameter("expired.token")).thenReturn(Boolean.toString(z3));
        Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TOKEN_VALIDITY)).thenReturn(new Long(TOKEN_VALIDITY_SEC).toString());
        Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
        Mockito.when(filterConfig.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.AUTH_TOKEN_VALIDITY, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return", "expired.token")).elements());
        getMockedServletContextWithStringSigner(filterConfig);
        if (z) {
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.COOKIE_DOMAIN)).thenReturn(".foo.com");
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.COOKIE_PATH)).thenReturn("/bar");
            Mockito.when(filterConfig.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.AUTH_TOKEN_VALIDITY, AuthenticationFilter.SIGNATURE_SECRET, AuthenticationFilter.COOKIE_DOMAIN, AuthenticationFilter.COOKIE_PATH, "management.operation.return")).elements());
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getParameter("authenticated")).thenReturn("true");
        Mockito.when(httpServletRequest.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
        Mockito.when(httpServletRequest.getQueryString()).thenReturn("authenticated=true");
        if (z2) {
            Mockito.when(httpServletRequest.getCookies()).thenReturn(new Cookie[]{new Cookie(AuthenticatedURL.AUTH_COOKIE, "foo")});
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        final HashMap hashMap = new HashMap();
        ((HttpServletResponse) Mockito.doAnswer(new Answer<Object>() { // from class: org.apache.hadoop.security.authentication.server.TestAuthenticationFilter.3
            public Object answer(InvocationOnMock invocationOnMock) throws Throwable {
                TestAuthenticationFilter.parseCookieMap((String) invocationOnMock.getArguments()[1], hashMap);
                return null;
            }
        }).when(httpServletResponse)).addHeader((String) Mockito.eq("Set-Cookie"), Mockito.anyString());
        try {
            authenticationFilter.init(filterConfig);
            authenticationFilter.doFilter((ServletRequest) httpServletRequest, (ServletResponse) httpServletResponse, filterChain);
            if (z3) {
                ((HttpServletResponse) Mockito.verify(httpServletResponse, Mockito.never())).addHeader((String) Mockito.eq("Set-Cookie"), Mockito.anyString());
            } else {
                String str = (String) hashMap.get(AuthenticatedURL.AUTH_COOKIE);
                Assert.assertNotNull("cookie missing", str);
                Assert.assertTrue(str.contains("u=") && str.contains("p=") && str.contains("t=") && str.contains("e=") && str.contains("s="));
                ((FilterChain) Mockito.verify(filterChain)).doFilter((ServletRequest) Mockito.any(ServletRequest.class), (ServletResponse) Mockito.any(ServletResponse.class));
                StringSignerSecretProvider newStringSignerSecretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
                Properties properties = new Properties();
                properties.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
                newStringSignerSecretProvider.init(properties, null, TOKEN_VALIDITY_SEC);
                Assert.assertThat(Long.valueOf(AuthenticationToken.parse(new Signer(newStringSignerSecretProvider).verifyAndExtract(str)).getExpires()), CoreMatchers.not(0L));
                if (z) {
                    Assert.assertEquals(".foo.com", hashMap.get("Domain"));
                    Assert.assertEquals("/bar", hashMap.get("Path"));
                } else {
                    Assert.assertFalse(hashMap.containsKey("Domain"));
                    Assert.assertFalse(hashMap.containsKey("Path"));
                }
            }
        } finally {
            authenticationFilter.destroy();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void parseCookieMap(String str, HashMap<String, String> hashMap) {
        for (HttpCookie httpCookie : HttpCookie.parse(str)) {
            if (AuthenticatedURL.AUTH_COOKIE.equals(httpCookie.getName())) {
                hashMap.put(httpCookie.getName(), httpCookie.getValue());
                if (httpCookie.getPath() != null) {
                    hashMap.put("Path", httpCookie.getPath());
                }
                if (httpCookie.getDomain() != null) {
                    hashMap.put("Domain", httpCookie.getDomain());
                }
            }
        }
    }

    @Test
    public void testDoFilterAuthentication() throws Exception {
        _testDoFilterAuthentication(false, false, false);
    }

    @Test
    public void testDoFilterAuthenticationImmediateExpiration() throws Exception {
        _testDoFilterAuthentication(false, false, true);
    }

    @Test
    public void testDoFilterAuthenticationWithInvalidToken() throws Exception {
        _testDoFilterAuthentication(false, true, false);
    }

    @Test
    public void testDoFilterAuthenticationWithDomainPath() throws Exception {
        _testDoFilterAuthentication(true, false, false);
    }

    @Test
    public void testDoFilterAuthenticated() throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        try {
            FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
            Mockito.when(filterConfig.getInitParameter("management.operation.return")).thenReturn("true");
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
            Mockito.when(filterConfig.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE, "management.operation.return")).elements());
            getMockedServletContextWithStringSigner(filterConfig);
            authenticationFilter.init(filterConfig);
            HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
            Mockito.when(httpServletRequest.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
            AuthenticationToken authenticationToken = new AuthenticationToken("u", "p", "t");
            authenticationToken.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
            StringSignerSecretProvider newStringSignerSecretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
            Properties properties = new Properties();
            properties.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
            newStringSignerSecretProvider.init(properties, null, TOKEN_VALIDITY_SEC);
            Mockito.when(httpServletRequest.getCookies()).thenReturn(new Cookie[]{new Cookie(AuthenticatedURL.AUTH_COOKIE, new Signer(newStringSignerSecretProvider).sign(authenticationToken.toString()))});
            HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
            FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
            ((FilterChain) Mockito.doAnswer(new Answer<Object>() { // from class: org.apache.hadoop.security.authentication.server.TestAuthenticationFilter.4
                public Object answer(InvocationOnMock invocationOnMock) throws Throwable {
                    HttpServletRequest httpServletRequest2 = (HttpServletRequest) invocationOnMock.getArguments()[0];
                    Assert.assertEquals("u", httpServletRequest2.getRemoteUser());
                    Assert.assertEquals("p", httpServletRequest2.getUserPrincipal().getName());
                    return null;
                }
            }).when(filterChain)).doFilter((ServletRequest) Mockito.anyObject(), (ServletResponse) Mockito.anyObject());
            authenticationFilter.doFilter((ServletRequest) httpServletRequest, (ServletResponse) httpServletResponse, filterChain);
            authenticationFilter.destroy();
        } catch (Throwable th) {
            authenticationFilter.destroy();
            throw th;
        }
    }

    @Test
    public void testDoFilterAuthenticationFailure() throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        try {
            FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
            Mockito.when(filterConfig.getInitParameter("management.operation.return")).thenReturn("true");
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
            Mockito.when(filterConfig.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE, "management.operation.return")).elements());
            getMockedServletContextWithStringSigner(filterConfig);
            authenticationFilter.init(filterConfig);
            HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
            Mockito.when(httpServletRequest.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
            Mockito.when(httpServletRequest.getCookies()).thenReturn(new Cookie[0]);
            Mockito.when(httpServletRequest.getHeader("WWW-Authenticate")).thenReturn("dummyauth");
            HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
            FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
            final HashMap hashMap = new HashMap();
            ((HttpServletResponse) Mockito.doAnswer(new Answer<Object>() { // from class: org.apache.hadoop.security.authentication.server.TestAuthenticationFilter.5
                public Object answer(InvocationOnMock invocationOnMock) throws Throwable {
                    TestAuthenticationFilter.parseCookieMap((String) invocationOnMock.getArguments()[1], hashMap);
                    return null;
                }
            }).when(httpServletResponse)).addHeader((String) Mockito.eq("Set-Cookie"), Mockito.anyString());
            ((FilterChain) Mockito.doAnswer(new Answer<Object>() { // from class: org.apache.hadoop.security.authentication.server.TestAuthenticationFilter.6
                public Object answer(InvocationOnMock invocationOnMock) throws Throwable {
                    Assert.fail("shouldn't get here");
                    return null;
                }
            }).when(filterChain)).doFilter((ServletRequest) Mockito.anyObject(), (ServletResponse) Mockito.anyObject());
            authenticationFilter.doFilter((ServletRequest) httpServletRequest, (ServletResponse) httpServletResponse, filterChain);
            ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendError(403, "AUTH FAILED");
            ((HttpServletResponse) Mockito.verify(httpServletResponse, Mockito.never())).setHeader((String) Mockito.eq("WWW-Authenticate"), Mockito.anyString());
            String str = (String) hashMap.get(AuthenticatedURL.AUTH_COOKIE);
            Assert.assertNotNull("cookie missing", str);
            Assert.assertEquals("", str);
            authenticationFilter.destroy();
        } catch (Throwable th) {
            authenticationFilter.destroy();
            throw th;
        }
    }

    @Test
    public void testDoFilterAuthenticatedExpired() throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        try {
            FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
            Mockito.when(filterConfig.getInitParameter("management.operation.return")).thenReturn("true");
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
            Mockito.when(filterConfig.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements());
            getMockedServletContextWithStringSigner(filterConfig);
            authenticationFilter.init(filterConfig);
            HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
            Mockito.when(httpServletRequest.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
            AuthenticationToken authenticationToken = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
            authenticationToken.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC);
            StringSignerSecretProvider newStringSignerSecretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
            Properties properties = new Properties();
            properties.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
            newStringSignerSecretProvider.init(properties, null, TOKEN_VALIDITY_SEC);
            Mockito.when(httpServletRequest.getCookies()).thenReturn(new Cookie[]{new Cookie(AuthenticatedURL.AUTH_COOKIE, new Signer(newStringSignerSecretProvider).sign(authenticationToken.toString()))});
            HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
            Mockito.when(Boolean.valueOf(httpServletResponse.containsHeader("WWW-Authenticate"))).thenReturn(true);
            verifyUnauthorized(authenticationFilter, httpServletRequest, httpServletResponse, (FilterChain) Mockito.mock(FilterChain.class));
            authenticationFilter.destroy();
        } catch (Throwable th) {
            authenticationFilter.destroy();
            throw th;
        }
    }

    private static void verifyUnauthorized(AuthenticationFilter authenticationFilter, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        final HashMap hashMap = new HashMap();
        ((HttpServletResponse) Mockito.doAnswer(new Answer<Object>() { // from class: org.apache.hadoop.security.authentication.server.TestAuthenticationFilter.7
            public Object answer(InvocationOnMock invocationOnMock) throws Throwable {
                TestAuthenticationFilter.parseCookieMap((String) invocationOnMock.getArguments()[1], hashMap);
                return null;
            }
        }).when(httpServletResponse)).addHeader((String) Mockito.eq("Set-Cookie"), Mockito.anyString());
        authenticationFilter.doFilter((ServletRequest) httpServletRequest, (ServletResponse) httpServletResponse, filterChain);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendError(Mockito.eq(401), Mockito.anyString());
        ((FilterChain) Mockito.verify(filterChain, Mockito.never())).doFilter((ServletRequest) Mockito.any(ServletRequest.class), (ServletResponse) Mockito.any(ServletResponse.class));
        Assert.assertTrue("cookie is missing", hashMap.containsKey(AuthenticatedURL.AUTH_COOKIE));
        Assert.assertEquals("", hashMap.get(AuthenticatedURL.AUTH_COOKIE));
    }

    @Test
    public void testDoFilterAuthenticatedInvalidType() throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        try {
            FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
            Mockito.when(filterConfig.getInitParameter("management.operation.return")).thenReturn("true");
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
            Mockito.when(filterConfig.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements());
            getMockedServletContextWithStringSigner(filterConfig);
            authenticationFilter.init(filterConfig);
            HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
            Mockito.when(httpServletRequest.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
            AuthenticationToken authenticationToken = new AuthenticationToken("u", "p", "invalidtype");
            authenticationToken.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
            StringSignerSecretProvider newStringSignerSecretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
            Properties properties = new Properties();
            properties.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
            newStringSignerSecretProvider.init(properties, null, TOKEN_VALIDITY_SEC);
            Mockito.when(httpServletRequest.getCookies()).thenReturn(new Cookie[]{new Cookie(AuthenticatedURL.AUTH_COOKIE, new Signer(newStringSignerSecretProvider).sign(authenticationToken.toString()))});
            HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
            Mockito.when(Boolean.valueOf(httpServletResponse.containsHeader("WWW-Authenticate"))).thenReturn(true);
            verifyUnauthorized(authenticationFilter, httpServletRequest, httpServletResponse, (FilterChain) Mockito.mock(FilterChain.class));
            authenticationFilter.destroy();
        } catch (Throwable th) {
            authenticationFilter.destroy();
            throw th;
        }
    }

    @Test
    public void testManagementOperation() throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        try {
            FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
            Mockito.when(filterConfig.getInitParameter("management.operation.return")).thenReturn("false");
            Mockito.when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
            Mockito.when(filterConfig.getInitParameterNames()).thenReturn(new Vector(Arrays.asList(AuthenticationFilter.AUTH_TYPE, "management.operation.return")).elements());
            getMockedServletContextWithStringSigner(filterConfig);
            authenticationFilter.init(filterConfig);
            HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
            Mockito.when(httpServletRequest.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
            HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
            FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
            authenticationFilter.doFilter((ServletRequest) httpServletRequest, (ServletResponse) httpServletResponse, filterChain);
            ((HttpServletResponse) Mockito.verify(httpServletResponse)).setStatus(202);
            Mockito.verifyNoMoreInteractions(new Object[]{httpServletResponse});
            Mockito.reset(new HttpServletRequest[]{httpServletRequest});
            Mockito.reset(new HttpServletResponse[]{httpServletResponse});
            AuthenticationToken authenticationToken = new AuthenticationToken("u", "p", "t");
            authenticationToken.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
            StringSignerSecretProvider newStringSignerSecretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
            Properties properties = new Properties();
            properties.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
            newStringSignerSecretProvider.init(properties, null, TOKEN_VALIDITY_SEC);
            Mockito.when(httpServletRequest.getCookies()).thenReturn(new Cookie[]{new Cookie(AuthenticatedURL.AUTH_COOKIE, new Signer(newStringSignerSecretProvider).sign(authenticationToken.toString()))});
            authenticationFilter.doFilter((ServletRequest) httpServletRequest, (ServletResponse) httpServletResponse, filterChain);
            ((HttpServletResponse) Mockito.verify(httpServletResponse)).setStatus(202);
            Mockito.verifyNoMoreInteractions(new Object[]{httpServletResponse});
            authenticationFilter.destroy();
        } catch (Throwable th) {
            authenticationFilter.destroy();
            throw th;
        }
    }
}
