package waffle.servlet;

import com.sun.jna.platform.win32.Advapi32Util;
import com.sun.jna.platform.win32.Secur32Util;
import com.sun.jna.platform.win32.Sspi;
import com.sun.jna.platform.win32.SspiUtil;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Locale;
import javax.security.auth.Subject;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import waffle.mock.MockWindowsAuthProvider;
import waffle.mock.MockWindowsIdentity;
import waffle.mock.http.SimpleFilterChain;
import waffle.mock.http.SimpleFilterConfig;
import waffle.mock.http.SimpleHttpRequest;
import waffle.mock.http.SimpleHttpResponse;
import waffle.windows.auth.IWindowsCredentialsHandle;
import waffle.windows.auth.PrincipalFormat;
import waffle.windows.auth.impl.WindowsAccountImpl;
import waffle.windows.auth.impl.WindowsAuthProviderImpl;
import waffle.windows.auth.impl.WindowsCredentialsHandleImpl;
import waffle.windows.auth.impl.WindowsSecurityContextImpl;

/* loaded from: input_file:waffle/servlet/NegotiateSecurityFilterTest.class */
class NegotiateSecurityFilterTest {
    private static final String NEGOTIATE = "Negotiate";
    private static final String NTLM = "NTLM";
    private NegotiateSecurityFilter filter;

    /* JADX INFO: Access modifiers changed from: package-private */
    @BeforeEach
    public void setUp() throws ServletException {
        this.filter = new NegotiateSecurityFilter();
        this.filter.setAuth(new WindowsAuthProviderImpl());
        this.filter.init((FilterConfig) null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @AfterEach
    public void tearDown() {
        this.filter.destroy();
    }

    @Test
    void testChallengeGET() throws IOException, ServletException {
        SimpleHttpRequest simpleHttpRequest = new SimpleHttpRequest();
        simpleHttpRequest.setMethod("GET");
        SimpleHttpResponse simpleHttpResponse = new SimpleHttpResponse();
        this.filter.doFilter(simpleHttpRequest, simpleHttpResponse, (FilterChain) null);
        String[] headerValues = simpleHttpResponse.getHeaderValues("WWW-Authenticate");
        Assertions.assertEquals(3, headerValues.length);
        Assertions.assertEquals(NEGOTIATE, headerValues[0]);
        Assertions.assertEquals(NTLM, headerValues[1]);
        Assertions.assertTrue(headerValues[2].startsWith("Basic realm=\""));
        Assertions.assertEquals(2, simpleHttpResponse.getHeaderNamesSize());
        Assertions.assertEquals("keep-alive", simpleHttpResponse.getHeader("Connection"));
        Assertions.assertEquals(401, simpleHttpResponse.getStatus());
    }

    @Test
    void testChallengePOST() throws IOException, ServletException {
        IWindowsCredentialsHandle iWindowsCredentialsHandle = null;
        WindowsSecurityContextImpl windowsSecurityContextImpl = null;
        try {
            iWindowsCredentialsHandle = WindowsCredentialsHandleImpl.getCurrent(NEGOTIATE);
            iWindowsCredentialsHandle.initialize();
            windowsSecurityContextImpl = new WindowsSecurityContextImpl();
            windowsSecurityContextImpl.setPrincipalName(WindowsAccountImpl.getCurrentUsername());
            windowsSecurityContextImpl.setCredentialsHandle(iWindowsCredentialsHandle);
            windowsSecurityContextImpl.setSecurityPackage(NEGOTIATE);
            windowsSecurityContextImpl.initialize((Sspi.CtxtHandle) null, (Sspi.SecBufferDesc) null, WindowsAccountImpl.getCurrentUsername());
            SimpleHttpRequest simpleHttpRequest = new SimpleHttpRequest();
            simpleHttpRequest.setMethod("POST");
            simpleHttpRequest.setContentLength(0);
            simpleHttpRequest.addHeader("Authorization", "Negotiate " + Base64.getEncoder().encodeToString(windowsSecurityContextImpl.getToken()));
            SimpleHttpResponse simpleHttpResponse = new SimpleHttpResponse();
            this.filter.doFilter(simpleHttpRequest, simpleHttpResponse, (FilterChain) null);
            Assertions.assertTrue(simpleHttpResponse.getHeader("WWW-Authenticate").startsWith("Negotiate "));
            Assertions.assertEquals("keep-alive", simpleHttpResponse.getHeader("Connection"));
            Assertions.assertEquals(2, simpleHttpResponse.getHeaderNamesSize());
            Assertions.assertEquals(401, simpleHttpResponse.getStatus());
            if (windowsSecurityContextImpl != null) {
                windowsSecurityContextImpl.dispose();
            }
            if (iWindowsCredentialsHandle != null) {
                iWindowsCredentialsHandle.dispose();
            }
        } catch (Throwable th) {
            if (windowsSecurityContextImpl != null) {
                windowsSecurityContextImpl.dispose();
            }
            if (iWindowsCredentialsHandle != null) {
                iWindowsCredentialsHandle.dispose();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Test
    public void testNegotiate() throws IOException, ServletException {
        SimpleHttpResponse simpleHttpResponse;
        boolean z;
        IWindowsCredentialsHandle iWindowsCredentialsHandle = null;
        WindowsSecurityContextImpl windowsSecurityContextImpl = null;
        this.filter.setRoleFormat("both");
        try {
            iWindowsCredentialsHandle = WindowsCredentialsHandleImpl.getCurrent(NEGOTIATE);
            iWindowsCredentialsHandle.initialize();
            windowsSecurityContextImpl = new WindowsSecurityContextImpl();
            windowsSecurityContextImpl.setPrincipalName(WindowsAccountImpl.getCurrentUsername());
            windowsSecurityContextImpl.setCredentialsHandle(iWindowsCredentialsHandle);
            windowsSecurityContextImpl.setSecurityPackage(NEGOTIATE);
            windowsSecurityContextImpl.initialize((Sspi.CtxtHandle) null, (Sspi.SecBufferDesc) null, WindowsAccountImpl.getCurrentUsername());
            SimpleFilterChain simpleFilterChain = new SimpleFilterChain();
            SimpleHttpRequest simpleHttpRequest = new SimpleHttpRequest();
            while (true) {
                simpleHttpRequest.addHeader("Authorization", "Negotiate " + Base64.getEncoder().encodeToString(windowsSecurityContextImpl.getToken()));
                simpleHttpResponse = new SimpleHttpResponse();
                this.filter.doFilter(simpleHttpRequest, simpleHttpResponse, simpleFilterChain);
                Subject subject = (Subject) simpleHttpRequest.getSession(false).getAttribute("javax.security.auth.subject");
                z = subject != null && subject.getPrincipals().size() > 0;
                if (z) {
                    break;
                }
                Assertions.assertTrue(simpleHttpResponse.getHeader("WWW-Authenticate").startsWith("Negotiate "));
                Assertions.assertEquals("keep-alive", simpleHttpResponse.getHeader("Connection"));
                Assertions.assertEquals(2, simpleHttpResponse.getHeaderNamesSize());
                Assertions.assertEquals(401, simpleHttpResponse.getStatus());
                byte[] decode = Base64.getDecoder().decode(simpleHttpResponse.getHeader("WWW-Authenticate").substring(NEGOTIATE.length() + 1));
                org.assertj.core.api.Assertions.assertThat(decode).isNotEmpty();
                windowsSecurityContextImpl.initialize(windowsSecurityContextImpl.getHandle(), new SspiUtil.ManagedSecBufferDesc(2, decode), "localhost");
            }
            org.assertj.core.api.Assertions.assertThat(simpleHttpResponse.getHeaderNamesSize()).isNotNegative();
            Assertions.assertTrue(z);
            Assertions.assertTrue(simpleFilterChain.getRequest() instanceof NegotiateRequestWrapper);
            Assertions.assertTrue(simpleFilterChain.getResponse() instanceof SimpleHttpResponse);
            NegotiateRequestWrapper request = simpleFilterChain.getRequest();
            Assertions.assertEquals(NEGOTIATE.toUpperCase(Locale.ENGLISH), request.getAuthType());
            Assertions.assertEquals(Secur32Util.getUserNameEx(2), request.getRemoteUser());
            Assertions.assertTrue(request.getUserPrincipal() instanceof WindowsPrincipal);
            Assertions.assertTrue(request.isUserInRole(Advapi32Util.getAccountBySid("S-1-1-0").name));
            Assertions.assertTrue(request.isUserInRole("S-1-1-0"));
            if (windowsSecurityContextImpl != null) {
                windowsSecurityContextImpl.dispose();
            }
            if (iWindowsCredentialsHandle != null) {
                iWindowsCredentialsHandle.dispose();
            }
        } catch (Throwable th) {
            if (windowsSecurityContextImpl != null) {
                windowsSecurityContextImpl.dispose();
            }
            if (iWindowsCredentialsHandle != null) {
                iWindowsCredentialsHandle.dispose();
            }
            throw th;
        }
    }

    @Test
    void testNegotiatePreviousAuthWithWindowsPrincipal() throws IOException, ServletException {
        MockWindowsIdentity mockWindowsIdentity = new MockWindowsIdentity("user", new ArrayList());
        SimpleHttpRequest simpleHttpRequest = new SimpleHttpRequest();
        WindowsPrincipal windowsPrincipal = new WindowsPrincipal(mockWindowsIdentity);
        simpleHttpRequest.setUserPrincipal(windowsPrincipal);
        SimpleFilterChain simpleFilterChain = new SimpleFilterChain();
        this.filter.doFilter(simpleHttpRequest, new SimpleHttpResponse(), simpleFilterChain);
        Assertions.assertTrue(simpleFilterChain.getRequest() instanceof NegotiateRequestWrapper);
        NegotiateRequestWrapper request = simpleFilterChain.getRequest();
        Assertions.assertTrue(request.getUserPrincipal() instanceof WindowsPrincipal);
        Assertions.assertEquals(windowsPrincipal, request.getUserPrincipal());
    }

    @Test
    void testChallengeNTLMPOST() throws IOException, ServletException {
        MockWindowsIdentity mockWindowsIdentity = new MockWindowsIdentity("user", new ArrayList());
        SimpleHttpRequest simpleHttpRequest = new SimpleHttpRequest();
        simpleHttpRequest.setUserPrincipal(new WindowsPrincipal(mockWindowsIdentity));
        simpleHttpRequest.setMethod("POST");
        simpleHttpRequest.setContentLength(0);
        simpleHttpRequest.addHeader("Authorization", "NTLM TlRMTVNTUAABAAAABzIAAAYABgArAAAACwALACAAAABXT1JLU1RBVElPTkRPTUFJTg==");
        SimpleFilterChain simpleFilterChain = new SimpleFilterChain();
        SimpleHttpResponse simpleHttpResponse = new SimpleHttpResponse();
        this.filter.doFilter(simpleHttpRequest, simpleHttpResponse, simpleFilterChain);
        Assertions.assertEquals(401, simpleHttpResponse.getStatus());
        String[] headerValues = simpleHttpResponse.getHeaderValues("WWW-Authenticate");
        Assertions.assertEquals(1, headerValues.length);
        Assertions.assertTrue(headerValues[0].startsWith("NTLM "));
        Assertions.assertEquals(2, simpleHttpResponse.getHeaderNamesSize());
        Assertions.assertEquals("keep-alive", simpleHttpResponse.getHeader("Connection"));
        Assertions.assertEquals(401, simpleHttpResponse.getStatus());
    }

    @Test
    void testChallengeNTLMPUT() throws IOException, ServletException {
        MockWindowsIdentity mockWindowsIdentity = new MockWindowsIdentity("user", new ArrayList());
        SimpleHttpRequest simpleHttpRequest = new SimpleHttpRequest();
        simpleHttpRequest.setUserPrincipal(new WindowsPrincipal(mockWindowsIdentity));
        simpleHttpRequest.setMethod("PUT");
        simpleHttpRequest.setContentLength(0);
        simpleHttpRequest.addHeader("Authorization", "NTLM TlRMTVNTUAABAAAABzIAAAYABgArAAAACwALACAAAABXT1JLU1RBVElPTkRPTUFJTg==");
        SimpleFilterChain simpleFilterChain = new SimpleFilterChain();
        SimpleHttpResponse simpleHttpResponse = new SimpleHttpResponse();
        this.filter.doFilter(simpleHttpRequest, simpleHttpResponse, simpleFilterChain);
        Assertions.assertEquals(401, simpleHttpResponse.getStatus());
        String[] headerValues = simpleHttpResponse.getHeaderValues("WWW-Authenticate");
        Assertions.assertEquals(1, headerValues.length);
        Assertions.assertTrue(headerValues[0].startsWith("NTLM "));
        Assertions.assertEquals(2, simpleHttpResponse.getHeaderNamesSize());
        Assertions.assertEquals("keep-alive", simpleHttpResponse.getHeader("Connection"));
        Assertions.assertEquals(401, simpleHttpResponse.getStatus());
    }

    @Test
    void testInitBasicSecurityFilterProvider() throws ServletException {
        SimpleFilterConfig simpleFilterConfig = new SimpleFilterConfig();
        simpleFilterConfig.setParameter("principalFormat", "sid");
        simpleFilterConfig.setParameter("roleFormat", "none");
        simpleFilterConfig.setParameter("allowGuestLogin", "true");
        simpleFilterConfig.setParameter("securityFilterProviders", "waffle.servlet.spi.BasicSecurityFilterProvider");
        simpleFilterConfig.setParameter("waffle.servlet.spi.BasicSecurityFilterProvider/realm", "DemoRealm");
        simpleFilterConfig.setParameter("authProvider", MockWindowsAuthProvider.class.getName());
        this.filter.init(simpleFilterConfig);
        Assertions.assertEquals(this.filter.getPrincipalFormat(), PrincipalFormat.SID);
        Assertions.assertEquals(this.filter.getRoleFormat(), PrincipalFormat.NONE);
        Assertions.assertTrue(this.filter.isAllowGuestLogin());
        Assertions.assertEquals(1, this.filter.getProviders().size());
        Assertions.assertTrue(this.filter.getAuth() instanceof MockWindowsAuthProvider);
    }

    @Test
    void testInitTwoSecurityFilterProviders() throws ServletException {
        SimpleFilterConfig simpleFilterConfig = new SimpleFilterConfig();
        simpleFilterConfig.setParameter("securityFilterProviders", "waffle.servlet.spi.BasicSecurityFilterProvider\nwaffle.servlet.spi.NegotiateSecurityFilterProvider waffle.servlet.spi.BasicSecurityFilterProvider");
        this.filter.init(simpleFilterConfig);
        Assertions.assertEquals(3, this.filter.getProviders().size());
    }

    @Test
    void testInitNegotiateSecurityFilterProvider() throws ServletException {
        SimpleFilterConfig simpleFilterConfig = new SimpleFilterConfig();
        simpleFilterConfig.setParameter("securityFilterProviders", "waffle.servlet.spi.NegotiateSecurityFilterProvider");
        simpleFilterConfig.setParameter("waffle.servlet.spi.NegotiateSecurityFilterProvider/protocols", "NTLM\nNegotiate NTLM");
        this.filter.init(simpleFilterConfig);
        Assertions.assertEquals(this.filter.getPrincipalFormat(), PrincipalFormat.FQN);
        Assertions.assertEquals(this.filter.getRoleFormat(), PrincipalFormat.FQN);
        Assertions.assertTrue(this.filter.isAllowGuestLogin());
        Assertions.assertEquals(1, this.filter.getProviders().size());
    }

    @Test
    void testInitNegotiateSecurityFilterProviderInvalidProtocol() {
        SimpleFilterConfig simpleFilterConfig = new SimpleFilterConfig();
        simpleFilterConfig.setParameter("securityFilterProviders", "waffle.servlet.spi.NegotiateSecurityFilterProvider");
        simpleFilterConfig.setParameter("waffle.servlet.spi.NegotiateSecurityFilterProvider/protocols", "INVALID");
        try {
            this.filter.init(simpleFilterConfig);
            Assertions.fail("expected ServletException");
        } catch (ServletException e) {
            Assertions.assertEquals("java.lang.RuntimeException: Unsupported protocol: INVALID", e.getMessage());
        }
    }

    @Test
    void testInitInvalidParameter() {
        try {
            SimpleFilterConfig simpleFilterConfig = new SimpleFilterConfig();
            simpleFilterConfig.setParameter("invalidParameter", "random");
            this.filter.init(simpleFilterConfig);
            Assertions.fail("expected ServletException");
        } catch (ServletException e) {
            Assertions.assertEquals("Invalid parameter: invalidParameter", e.getMessage());
        }
    }

    @Test
    void testInitInvalidClassInParameter() {
        try {
            SimpleFilterConfig simpleFilterConfig = new SimpleFilterConfig();
            simpleFilterConfig.setParameter("invalidClass/invalidParameter", "random");
            this.filter.init(simpleFilterConfig);
            Assertions.fail("expected ServletException");
        } catch (ServletException e) {
            Assertions.assertEquals("java.lang.ClassNotFoundException: invalidClass", e.getMessage());
        }
    }
}
