package org.apache.pulsar.broker.authentication;

import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import java.net.SocketAddress;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.util.Date;
import java.util.Optional;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLSession;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.pulsar.broker.ServiceConfiguration;
import org.apache.pulsar.broker.authentication.utils.AuthTokenUtils;
import org.apache.pulsar.broker.web.AuthenticationFilter;
import org.apache.pulsar.common.api.AuthData;
import org.assertj.core.util.Lists;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/pulsar/broker/authentication/AuthenticationProviderListTest.class */
public class AuthenticationProviderListTest {
    private static final String SUBJECT_A = "my-subject-a";
    private static final String SUBJECT_B = "my-subject-b";
    private AuthenticationProviderToken providerA;
    private KeyPair keyPairA;
    private AuthenticationProviderToken providerB;
    private KeyPair keyPairB;
    private String tokenAA;
    private String tokenAB;
    private String tokenBA;
    private String tokenBB;
    private String expiringTokenAA;
    private String expiringTokenAB;
    private String expiringTokenBA;
    private String expiringTokenBB;
    private AuthenticationProviderList authProvider;

    @BeforeMethod
    public void setUp() throws Exception {
        this.keyPairA = Keys.keyPairFor(SignatureAlgorithm.ES256);
        this.keyPairB = Keys.keyPairFor(SignatureAlgorithm.RS512);
        this.providerA = new AuthenticationProviderToken();
        this.providerB = new AuthenticationProviderToken();
        Properties properties = new Properties();
        properties.setProperty("tokenSettingPrefix", "a");
        properties.setProperty("atokenPublicKey", AuthTokenUtils.encodeKeyBase64(this.keyPairA.getPublic()));
        properties.setProperty("atokenPublicAlg", SignatureAlgorithm.ES256.getValue());
        ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
        serviceConfiguration.setProperties(properties);
        this.providerA.initialize(serviceConfiguration);
        Properties properties2 = new Properties();
        properties2.setProperty("tokenSettingPrefix", "b");
        properties2.setProperty("btokenPublicKey", AuthTokenUtils.encodeKeyBase64(this.keyPairB.getPublic()));
        properties2.setProperty("btokenPublicAlg", SignatureAlgorithm.RS512.getValue());
        ServiceConfiguration serviceConfiguration2 = new ServiceConfiguration();
        serviceConfiguration2.setProperties(properties2);
        this.providerB.initialize(serviceConfiguration2);
        this.authProvider = new AuthenticationProviderList(Lists.newArrayList(new AuthenticationProvider[]{this.providerA, this.providerB}));
        PrivateKey decodePrivateKey = AuthTokenUtils.decodePrivateKey((byte[]) Decoders.BASE64.decode(AuthTokenUtils.encodeKeyBase64(this.keyPairA.getPrivate())), SignatureAlgorithm.ES256);
        this.tokenAA = AuthTokenUtils.createToken(decodePrivateKey, SUBJECT_A, Optional.empty());
        this.tokenAB = AuthTokenUtils.createToken(decodePrivateKey, SUBJECT_B, Optional.empty());
        this.expiringTokenAA = AuthTokenUtils.createToken(decodePrivateKey, SUBJECT_A, Optional.of(new Date(System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(3L))));
        this.expiringTokenAB = AuthTokenUtils.createToken(decodePrivateKey, SUBJECT_B, Optional.of(new Date(System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(3L))));
        PrivateKey decodePrivateKey2 = AuthTokenUtils.decodePrivateKey((byte[]) Decoders.BASE64.decode(AuthTokenUtils.encodeKeyBase64(this.keyPairB.getPrivate())), SignatureAlgorithm.RS512);
        this.tokenBA = AuthTokenUtils.createToken(decodePrivateKey2, SUBJECT_A, Optional.empty());
        this.tokenBB = AuthTokenUtils.createToken(decodePrivateKey2, SUBJECT_B, Optional.empty());
        this.expiringTokenBA = AuthTokenUtils.createToken(decodePrivateKey2, SUBJECT_A, Optional.of(new Date(System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(3L))));
        this.expiringTokenBB = AuthTokenUtils.createToken(decodePrivateKey2, SUBJECT_B, Optional.of(new Date(System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(3L))));
    }

    @AfterMethod(alwaysRun = true)
    public void tearDown() throws Exception {
        this.authProvider.close();
    }

    private void testAuthenticate(final String str, String str2) throws Exception {
        Assert.assertEquals(this.authProvider.authenticate(new AuthenticationDataSource() { // from class: org.apache.pulsar.broker.authentication.AuthenticationProviderListTest.1
            public boolean hasDataFromCommand() {
                return true;
            }

            public String getCommandData() {
                return str;
            }
        }), str2);
    }

    @Test
    public void testAuthenticate() throws Exception {
        testAuthenticate(this.tokenAA, SUBJECT_A);
        testAuthenticate(this.tokenAB, SUBJECT_B);
        testAuthenticate(this.tokenBA, SUBJECT_A);
        testAuthenticate(this.tokenBB, SUBJECT_B);
    }

    private void testAuthenticateAsync(final String str, String str2) throws Exception {
        Assert.assertEquals((String) this.authProvider.authenticateAsync(new AuthenticationDataSource() { // from class: org.apache.pulsar.broker.authentication.AuthenticationProviderListTest.2
            public boolean hasDataFromCommand() {
                return true;
            }

            public String getCommandData() {
                return str;
            }
        }).get(), str2);
    }

    @Test
    public void testAuthenticateAsync() throws Exception {
        testAuthenticateAsync(this.tokenAA, SUBJECT_A);
        testAuthenticateAsync(this.tokenAB, SUBJECT_B);
        testAuthenticateAsync(this.tokenBA, SUBJECT_A);
        testAuthenticateAsync(this.tokenBB, SUBJECT_B);
    }

    private AuthenticationState newAuthState(String str, String str2) throws Exception {
        AuthenticationState newAuthState = this.authProvider.newAuthState(AuthData.of(str.getBytes(StandardCharsets.UTF_8)), (SocketAddress) null, (SSLSession) null);
        newAuthState.authenticateAsync(AuthData.of(str.getBytes(StandardCharsets.UTF_8))).get();
        Assert.assertEquals(newAuthState.getAuthRole(), str2);
        Assert.assertTrue(newAuthState.isComplete());
        Assert.assertFalse(newAuthState.isExpired());
        return newAuthState;
    }

    private void verifyAuthStateExpired(AuthenticationState authenticationState, String str) throws Exception {
        Assert.assertEquals(authenticationState.getAuthRole(), str);
        Assert.assertTrue(authenticationState.isComplete());
        Assert.assertTrue(authenticationState.isExpired());
    }

    @Test
    public void testNewAuthState() throws Exception {
        AuthenticationState newAuthState = newAuthState(this.expiringTokenAA, SUBJECT_A);
        AuthenticationState newAuthState2 = newAuthState(this.expiringTokenAB, SUBJECT_B);
        AuthenticationState newAuthState3 = newAuthState(this.expiringTokenBA, SUBJECT_A);
        AuthenticationState newAuthState4 = newAuthState(this.expiringTokenBB, SUBJECT_B);
        Thread.sleep(TimeUnit.SECONDS.toMillis(6L));
        verifyAuthStateExpired(newAuthState, SUBJECT_A);
        verifyAuthStateExpired(newAuthState2, SUBJECT_B);
        verifyAuthStateExpired(newAuthState3, SUBJECT_A);
        verifyAuthStateExpired(newAuthState4, SUBJECT_B);
    }

    @Test
    public void testAuthenticateHttpRequest() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getRemoteAddr()).thenReturn("127.0.0.1");
        Mockito.when(Integer.valueOf(httpServletRequest.getRemotePort())).thenReturn(8080);
        Mockito.when(httpServletRequest.getHeader("Authorization")).thenReturn("Bearer " + this.expiringTokenAA);
        Assert.assertTrue(this.authProvider.authenticateHttpRequest(httpServletRequest, (HttpServletResponse) null));
        ((HttpServletRequest) Mockito.verify(httpServletRequest)).setAttribute((String) ArgumentMatchers.eq(AuthenticationFilter.AuthenticatedRoleAttributeName), ArgumentMatchers.eq(SUBJECT_A));
        ((HttpServletRequest) Mockito.verify(httpServletRequest)).setAttribute((String) ArgumentMatchers.eq(AuthenticationFilter.AuthenticatedDataAttributeName), ArgumentMatchers.isA(AuthenticationDataSource.class));
        HttpServletRequest httpServletRequest2 = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest2.getRemoteAddr()).thenReturn("127.0.0.1");
        Mockito.when(Integer.valueOf(httpServletRequest2.getRemotePort())).thenReturn(8080);
        Mockito.when(httpServletRequest2.getHeader("Authorization")).thenReturn("Bearer " + this.expiringTokenAB);
        Assert.assertTrue(this.authProvider.authenticateHttpRequest(httpServletRequest2, (HttpServletResponse) null));
        ((HttpServletRequest) Mockito.verify(httpServletRequest2)).setAttribute((String) ArgumentMatchers.eq(AuthenticationFilter.AuthenticatedRoleAttributeName), ArgumentMatchers.eq(SUBJECT_B));
        ((HttpServletRequest) Mockito.verify(httpServletRequest2)).setAttribute((String) ArgumentMatchers.eq(AuthenticationFilter.AuthenticatedDataAttributeName), ArgumentMatchers.isA(AuthenticationDataSource.class));
        HttpServletRequest httpServletRequest3 = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest3.getRemoteAddr()).thenReturn("127.0.0.1");
        Mockito.when(Integer.valueOf(httpServletRequest3.getRemotePort())).thenReturn(8080);
        Mockito.when(httpServletRequest3.getHeader("Authorization")).thenReturn("Bearer " + this.expiringTokenBA);
        Assert.assertTrue(this.authProvider.authenticateHttpRequest(httpServletRequest3, (HttpServletResponse) null));
        ((HttpServletRequest) Mockito.verify(httpServletRequest3)).setAttribute((String) ArgumentMatchers.eq(AuthenticationFilter.AuthenticatedRoleAttributeName), ArgumentMatchers.eq(SUBJECT_A));
        ((HttpServletRequest) Mockito.verify(httpServletRequest3)).setAttribute((String) ArgumentMatchers.eq(AuthenticationFilter.AuthenticatedDataAttributeName), ArgumentMatchers.isA(AuthenticationDataSource.class));
        HttpServletRequest httpServletRequest4 = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest4.getRemoteAddr()).thenReturn("127.0.0.1");
        Mockito.when(Integer.valueOf(httpServletRequest4.getRemotePort())).thenReturn(8080);
        Mockito.when(httpServletRequest4.getHeader("Authorization")).thenReturn("Bearer " + this.expiringTokenBB);
        Assert.assertTrue(this.authProvider.authenticateHttpRequest(httpServletRequest4, (HttpServletResponse) null));
        ((HttpServletRequest) Mockito.verify(httpServletRequest4)).setAttribute((String) ArgumentMatchers.eq(AuthenticationFilter.AuthenticatedRoleAttributeName), ArgumentMatchers.eq(SUBJECT_B));
        ((HttpServletRequest) Mockito.verify(httpServletRequest4)).setAttribute((String) ArgumentMatchers.eq(AuthenticationFilter.AuthenticatedDataAttributeName), ArgumentMatchers.isA(AuthenticationDataSource.class));
    }
}
