package org.sonar.server.authentication;

import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import org.assertj.core.api.Java6Assertions;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mockito.Mockito;
import org.sonar.api.utils.System2;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.DbTester;
import org.sonar.db.user.UserDto;
import org.sonar.db.user.UserTesting;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationExceptionMatcher;
import org.sonar.server.usertoken.UserTokenAuthenticator;

/* loaded from: input_file:org/sonar/server/authentication/BasicAuthenticatorTest.class */
public class BasicAuthenticatorTest {
    private static final String PASSWORD = "password";

    @Rule
    public ExpectedException expectedException = ExpectedException.none();

    @Rule
    public DbTester dbTester = DbTester.create(System2.INSTANCE);
    private DbClient dbClient = this.dbTester.getDbClient();
    private DbSession dbSession = this.dbTester.getSession();
    private CredentialsAuthenticator credentialsAuthenticator = (CredentialsAuthenticator) Mockito.mock(CredentialsAuthenticator.class);
    private UserTokenAuthenticator userTokenAuthenticator = (UserTokenAuthenticator) Mockito.mock(UserTokenAuthenticator.class);
    private HttpServletRequest request = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
    private AuthenticationEvent authenticationEvent = (AuthenticationEvent) Mockito.mock(AuthenticationEvent.class);
    private BasicAuthenticator underTest = new BasicAuthenticator(this.dbClient, this.credentialsAuthenticator, this.userTokenAuthenticator, this.authenticationEvent);
    private static final Base64.Encoder BASE64_ENCODER = Base64.getEncoder();
    private static final String CREDENTIALS_IN_BASE64 = toBase64("login:password");
    private static final String LOGIN = "login";
    private static final UserDto USER = UserTesting.newUserDto().setLogin(LOGIN);

    @Test
    public void authenticate_from_basic_http_header() throws Exception {
        Mockito.when(this.request.getHeader("Authorization")).thenReturn("Basic " + CREDENTIALS_IN_BASE64);
        Mockito.when(this.credentialsAuthenticator.authenticate(LOGIN, PASSWORD, this.request, AuthenticationEvent.Method.BASIC)).thenReturn(USER);
        this.underTest.authenticate(this.request);
        ((CredentialsAuthenticator) Mockito.verify(this.credentialsAuthenticator)).authenticate(LOGIN, PASSWORD, this.request, AuthenticationEvent.Method.BASIC);
        Mockito.verifyNoMoreInteractions(new Object[]{this.authenticationEvent});
    }

    @Test
    public void authenticate_from_basic_http_header_with_password_containing_semi_colon() throws Exception {
        Mockito.when(this.request.getHeader("Authorization")).thenReturn("Basic " + toBase64("login:!ascii-only:-)@"));
        Mockito.when(this.credentialsAuthenticator.authenticate(LOGIN, "!ascii-only:-)@", this.request, AuthenticationEvent.Method.BASIC)).thenReturn(USER);
        this.underTest.authenticate(this.request);
        ((CredentialsAuthenticator) Mockito.verify(this.credentialsAuthenticator)).authenticate(LOGIN, "!ascii-only:-)@", this.request, AuthenticationEvent.Method.BASIC);
        Mockito.verifyNoMoreInteractions(new Object[]{this.authenticationEvent});
    }

    @Test
    public void does_not_authenticate_when_no_authorization_header() throws Exception {
        this.underTest.authenticate(this.request);
        Mockito.verifyZeroInteractions(new Object[]{this.credentialsAuthenticator, this.authenticationEvent});
    }

    @Test
    public void does_not_authenticate_when_authorization_header_is_not_BASIC() throws Exception {
        Mockito.when(this.request.getHeader("Authorization")).thenReturn("OTHER " + CREDENTIALS_IN_BASE64);
        this.underTest.authenticate(this.request);
        Mockito.verifyZeroInteractions(new Object[]{this.credentialsAuthenticator, this.authenticationEvent});
    }

    @Test
    public void fail_to_authenticate_when_no_login() throws Exception {
        Mockito.when(this.request.getHeader("Authorization")).thenReturn("Basic " + toBase64(":password"));
        this.expectedException.expect(AuthenticationExceptionMatcher.authenticationException().from(AuthenticationEvent.Source.local(AuthenticationEvent.Method.BASIC)).withoutLogin().andNoPublicMessage());
        try {
            this.underTest.authenticate(this.request);
            Mockito.verifyZeroInteractions(new Object[]{this.authenticationEvent});
        } catch (Throwable th) {
            Mockito.verifyZeroInteractions(new Object[]{this.authenticationEvent});
            throw th;
        }
    }

    @Test
    public void fail_to_authenticate_when_invalid_header() throws Exception {
        Mockito.when(this.request.getHeader("Authorization")).thenReturn("Basic Invàlid");
        this.expectedException.expect(AuthenticationExceptionMatcher.authenticationException().from(AuthenticationEvent.Source.local(AuthenticationEvent.Method.BASIC)).withoutLogin().andNoPublicMessage());
        this.expectedException.expectMessage("Invalid basic header");
        this.underTest.authenticate(this.request);
    }

    @Test
    public void authenticate_from_user_token() throws Exception {
        insertUser(UserTesting.newUserDto().setLogin(LOGIN));
        Mockito.when(this.userTokenAuthenticator.authenticate("token")).thenReturn(Optional.of(LOGIN));
        Mockito.when(this.request.getHeader("Authorization")).thenReturn("Basic " + toBase64("token:"));
        Optional authenticate = this.underTest.authenticate(this.request);
        Java6Assertions.assertThat(authenticate.isPresent()).isTrue();
        Java6Assertions.assertThat(((UserDto) authenticate.get()).getLogin()).isEqualTo(LOGIN);
        ((AuthenticationEvent) Mockito.verify(this.authenticationEvent)).loginSuccess(this.request, LOGIN, AuthenticationEvent.Source.local(AuthenticationEvent.Method.BASIC_TOKEN));
    }

    @Test
    public void does_not_authenticate_from_user_token_when_token_is_invalid() throws Exception {
        insertUser(UserTesting.newUserDto().setLogin(LOGIN));
        Mockito.when(this.userTokenAuthenticator.authenticate("token")).thenReturn(Optional.empty());
        Mockito.when(this.request.getHeader("Authorization")).thenReturn("Basic " + toBase64("token:"));
        this.expectedException.expect(AuthenticationExceptionMatcher.authenticationException().from(AuthenticationEvent.Source.local(AuthenticationEvent.Method.BASIC_TOKEN)).withoutLogin().andNoPublicMessage());
        try {
            this.underTest.authenticate(this.request);
            Mockito.verifyZeroInteractions(new Object[]{this.authenticationEvent});
        } catch (Throwable th) {
            Mockito.verifyZeroInteractions(new Object[]{this.authenticationEvent});
            throw th;
        }
    }

    @Test
    public void does_not_authenticate_from_user_token_when_token_does_not_match_active_user() throws Exception {
        insertUser(UserTesting.newUserDto().setLogin(LOGIN));
        Mockito.when(this.userTokenAuthenticator.authenticate("token")).thenReturn(Optional.of("Unknown user"));
        Mockito.when(this.request.getHeader("Authorization")).thenReturn("Basic " + toBase64("token:"));
        this.expectedException.expect(AuthenticationExceptionMatcher.authenticationException().from(AuthenticationEvent.Source.local(AuthenticationEvent.Method.BASIC_TOKEN)).withoutLogin().andNoPublicMessage());
        try {
            this.underTest.authenticate(this.request);
            Mockito.verifyZeroInteractions(new Object[]{this.authenticationEvent});
        } catch (Throwable th) {
            Mockito.verifyZeroInteractions(new Object[]{this.authenticationEvent});
            throw th;
        }
    }

    private UserDto insertUser(UserDto userDto) {
        this.dbClient.userDao().insert(this.dbSession, userDto);
        this.dbSession.commit();
        return userDto;
    }

    private static String toBase64(String str) {
        return new String(BASE64_ENCODER.encode(str.getBytes(StandardCharsets.UTF_8)));
    }
}
