package com.vmware.xenon.common;

import com.vmware.xenon.common.Claims;
import com.vmware.xenon.common.Operation;
import com.vmware.xenon.common.http.netty.CookieJar;
import com.vmware.xenon.common.test.AuthTestUtils;
import com.vmware.xenon.common.test.TestContext;
import com.vmware.xenon.common.test.TestNodeGroupManager;
import com.vmware.xenon.common.test.TestRequestSender;
import com.vmware.xenon.common.test.VerificationHost;
import com.vmware.xenon.services.common.ExampleService;
import com.vmware.xenon.services.common.ServiceUriPaths;
import com.vmware.xenon.services.common.SystemUserService;
import com.vmware.xenon.services.common.authn.BasicAuthenticationService;
import com.vmware.xenon.services.common.authn.BasicAuthenticationUtils;
import java.time.Duration;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/vmware/xenon/common/TestAuthentication.class */
public class TestAuthentication {
    private static final String FOO_USER_ID = "foo@vmware.com";
    private static final String FOO_USER_PATH = "/foo@vmware.com";
    private static final String SET_COOKIE_HEADER = "Set-Cookie";
    private List<VerificationHost> hostsToCleanup = new ArrayList();

    /* loaded from: input_file:com/vmware/xenon/common/TestAuthentication$TestAuthenticationService.class */
    public static class TestAuthenticationService extends StatelessService {
        public static final String SELF_LINK = UriUtils.buildUriPath(new String[]{ServiceUriPaths.CORE_AUTHN, "test"});
        public static String ACCESS_TOKEN = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ4biIsInN1YiI6Ii9jb3JlL2F1dGh6L3Vz";

        public void handleGet(Operation operation) {
            associateAuthorizationContext(this, operation, ACCESS_TOKEN);
            operation.complete();
        }

        public void handlePost(Operation operation) {
            if (!operation.hasPragmaDirective("xn-verify-token")) {
                operation.fail(new IllegalStateException("Invalid request"));
                return;
            }
            operation.removePragmaDirective("xn-verify-token");
            String authToken = BasicAuthenticationUtils.getAuthToken(operation);
            if (authToken == null) {
                operation.fail(new IllegalArgumentException("Token is empty"));
            } else if (!authToken.equals(ACCESS_TOKEN)) {
                operation.fail(new IllegalArgumentException("Invalid Token!"));
            } else {
                operation.setBody(getClaims());
                operation.complete();
            }
        }

        private void associateAuthorizationContext(Service service, Operation operation, String str) {
            Claims claims = getClaims();
            Operation.AuthorizationContext.Builder create = Operation.AuthorizationContext.Builder.create();
            create.setClaims(claims);
            create.setToken(str);
            create.setPropagateToClient(true);
            service.setAuthorizationContext(operation, create.getResult());
        }

        private Claims getClaims() {
            Claims.Builder builder = new Claims.Builder();
            builder.setIssuer("xn");
            builder.setSubject(SystemUserService.SELF_LINK);
            return builder.getResult();
        }

        public void authorizeRequest(Operation operation) {
            operation.complete();
        }

        public boolean queueRequest(Operation operation) {
            if (operation.getUri().getPath().equals(SELF_LINK)) {
                return false;
            }
            operation.addResponseHeader("location", "http://www.vmware.com");
            operation.setStatusCode(302);
            operation.complete();
            return true;
        }
    }

    private VerificationHost createAndStartHost(boolean z, Service service) throws Throwable {
        VerificationHost create = VerificationHost.create((Integer) 0);
        create.setAuthorizationEnabled(z);
        if (service != null) {
            create.setAuthenticationService(service);
        }
        create.setMaintenanceIntervalMicros(TimeUnit.MILLISECONDS.toMicros(100L));
        create.start();
        this.hostsToCleanup.add(create);
        return create;
    }

    @Test
    public void testSettingAuthenticationService() throws Throwable {
        VerificationHost createAndStartHost = createAndStartHost(true, new TestAuthenticationService());
        createAndStartHost.log("Testing setAuthenticationService", new Object[0]);
        Assert.assertNotNull(createAndStartHost.getAuthenticationServiceUri());
        Assert.assertEquals(TestAuthenticationService.SELF_LINK, createAndStartHost.getAuthenticationServiceUri().getPath());
        createAndStartHost.log("Settting authenticationService is working", new Object[0]);
    }

    @Test
    public void testNoAuthenticationService() throws Throwable {
        VerificationHost createAndStartHost = createAndStartHost(true, null);
        createAndStartHost.log("Testing no authenticationService", new Object[0]);
        Assert.assertEquals(BasicAuthenticationService.SELF_LINK, createAndStartHost.getAuthenticationServiceUri().getPath());
        createAndStartHost.log("Expected behavior for no authenticationService", new Object[0]);
    }

    @Test
    public void testAuthenticationServiceRedirect() throws Throwable {
        VerificationHost createAndStartHost = createAndStartHost(true, new TestAuthenticationService());
        createAndStartHost.log("Testing authenticationService redirect", new Object[0]);
        Operation sendAndWait = new TestRequestSender(createAndStartHost).sendAndWait(Operation.createGet(createAndStartHost.getUri()));
        Assert.assertEquals(302L, sendAndWait.getStatusCode());
        Assert.assertEquals("http://www.vmware.com", sendAndWait.getResponseHeader("location"));
        createAndStartHost.log("AuthenticationService redirect is working.", new Object[0]);
    }

    @Test
    public void testAuthenticationServiceTokenRequest() throws Throwable {
        VerificationHost createAndStartHost = createAndStartHost(true, new TestAuthenticationService());
        TestRequestSender testRequestSender = new TestRequestSender(createAndStartHost);
        createAndStartHost.log("Testing authenticationService token request", new Object[0]);
        Operation sendAndWait = testRequestSender.sendAndWait(Operation.createGet(createAndStartHost, TestAuthenticationService.SELF_LINK).forceRemote());
        String responseHeader = sendAndWait.getResponseHeader(SET_COOKIE_HEADER);
        Assert.assertNotNull(responseHeader);
        Assert.assertEquals(TestAuthenticationService.ACCESS_TOKEN, CookieJar.decodeCookies(responseHeader).get("xenon-auth-cookie"));
        Assert.assertEquals(TestAuthenticationService.ACCESS_TOKEN, sendAndWait.getResponseHeader("x-xenon-auth-token"));
        createAndStartHost.log("AuthenticationService token request is working", new Object[0]);
    }

    private void createTestUsers(ServiceHost serviceHost) {
        TestContext testContext = new TestContext(1, Duration.ofSeconds(30L));
        AuthorizationSetupHelper completion = AuthorizationSetupHelper.create().setHost(serviceHost).setUserSelfLink(FOO_USER_ID).setUserEmail(FOO_USER_ID).setUserPassword("password").setDocumentKind(Utils.buildKind(ExampleService.ExampleServiceState.class)).setCompletion(testContext.getCompletion());
        AuthTestUtils.setSystemAuthorizationContext(serviceHost);
        completion.start();
        AuthTestUtils.resetAuthorizationContext(serviceHost);
        testContext.await();
    }

    @Test
    public void testWithoutAuthorizationEnabled() throws Throwable {
        VerificationHost createAndStartHost = createAndStartHost(false, new TestAuthenticationService());
        createAndStartHost.log("Testing AuthenticationService when authorization is disabled", new Object[0]);
        createTestUsers(createAndStartHost);
        Operation sendAndWait = new TestRequestSender(createAndStartHost).sendAndWait(Operation.createGet(createAndStartHost, ServiceUriPaths.CORE_AUTHZ_USERS + FOO_USER_PATH));
        Assert.assertEquals(200L, sendAndWait.getStatusCode());
        Assert.assertNull(sendAndWait.getResponseHeader("location"));
        createAndStartHost.log("Expected behavior when authorization is disabled", new Object[0]);
    }

    @Test
    public void testAuthenticatedRequestInvalidToken() throws Throwable {
        VerificationHost createAndStartHost = createAndStartHost(true, new TestAuthenticationService());
        createAndStartHost.log("Testing external authentication request with invalid token", new Object[0]);
        createTestUsers(createAndStartHost);
        TestRequestSender.setAuthToken("aasfsfsf");
        Assert.assertEquals(403L, new TestRequestSender(createAndStartHost).sendAndWaitFailure(Operation.createGet(createAndStartHost, ServiceUriPaths.CORE_AUTHZ_USERS + FOO_USER_PATH)).op.getStatusCode());
        TestRequestSender.clearAuthToken();
        createAndStartHost.log("Expected behavoir for external authentication request with invalid token", new Object[0]);
    }

    @Test
    public void testAuthenticatedRequestValidToken() throws Throwable {
        VerificationHost createAndStartHost = createAndStartHost(true, new TestAuthenticationService());
        createAndStartHost.log("Testing external authentication request with valid token", new Object[0]);
        createTestUsers(createAndStartHost);
        TestRequestSender.setAuthToken(TestAuthenticationService.ACCESS_TOKEN);
        Assert.assertEquals(200L, new TestRequestSender(createAndStartHost).sendAndWait(Operation.createGet(createAndStartHost, ServiceUriPaths.CORE_AUTHZ_USERS + FOO_USER_PATH)).getStatusCode());
        TestRequestSender.clearAuthToken();
        createAndStartHost.log("Expected behavoir for external authentication request with valid token", new Object[0]);
    }

    @Test
    public void testVerificationValidBasicAuthAccessToken() throws Throwable {
        VerificationHost createAndStartHost = createAndStartHost(true, null);
        createAndStartHost.log("Testing verification of valid token for Basic auth", new Object[0]);
        TestContext testContext = new TestContext(1, Duration.ofSeconds(30L));
        AuthorizationSetupHelper completion = AuthorizationSetupHelper.create().setHost(createAndStartHost).setUserSelfLink(FOO_USER_ID).setUserEmail(FOO_USER_ID).setUserPassword("password").setIsAdmin(false).setDocumentLink(BasicAuthenticationService.SELF_LINK).setCompletion(testContext.getCompletion());
        AuthTestUtils.setSystemAuthorizationContext(createAndStartHost);
        completion.start();
        AuthTestUtils.resetAuthorizationContext(createAndStartHost);
        testContext.await();
        String login = AuthTestUtils.login((ServiceHost) createAndStartHost, FOO_USER_ID, "password");
        TestRequestSender testRequestSender = new TestRequestSender(createAndStartHost);
        TestRequestSender.setAuthToken(login);
        Assert.assertNotNull((Claims) testRequestSender.sendAndWait(Operation.createPost(createAndStartHost, BasicAuthenticationService.SELF_LINK).addPragmaDirective("xn-verify-token")).getBody(Claims.class));
        TestRequestSender.clearAuthToken();
        createAndStartHost.log("Verification of valid token for Basic auth succeeded", new Object[0]);
    }

    @Test
    public void testVerificationInvalidBasicAuthAccessToken() throws Throwable {
        VerificationHost createAndStartHost = createAndStartHost(true, null);
        createAndStartHost.log("Testing verification of invalid token for Basic auth", new Object[0]);
        TestRequestSender.setAuthToken("aasfsfsf");
        Assert.assertNotNull(new TestRequestSender(createAndStartHost).sendAndWaitFailure(Operation.createPost(createAndStartHost, BasicAuthenticationService.SELF_LINK).addPragmaDirective("xn-verify-token")).failure);
        TestRequestSender.clearAuthToken();
        createAndStartHost.log("Verification of invalid token for Basic auth fails as expected", new Object[0]);
    }

    @Test
    public void testVerificationValidAuthServiceToken() throws Throwable {
        VerificationHost createAndStartHost = createAndStartHost(true, new TestAuthenticationService());
        createAndStartHost.log("Testing verification of valid token for external auth", new Object[0]);
        TestRequestSender testRequestSender = new TestRequestSender(createAndStartHost);
        TestRequestSender.setAuthToken(TestAuthenticationService.ACCESS_TOKEN);
        Assert.assertNotNull((Claims) testRequestSender.sendAndWait(Operation.createPost(createAndStartHost, TestAuthenticationService.SELF_LINK).addPragmaDirective("xn-verify-token")).getBody(Claims.class));
        TestRequestSender.clearAuthToken();
        createAndStartHost.log("Verification of valid token for external auth succeeded", new Object[0]);
    }

    @Test
    public void testVerificationInvalidAuthServiceToken() throws Throwable {
        VerificationHost createAndStartHost = createAndStartHost(true, new TestAuthenticationService());
        createAndStartHost.log("Testing verification of invalid token for external auth", new Object[0]);
        TestRequestSender testRequestSender = new TestRequestSender(createAndStartHost);
        TestRequestSender.setAuthToken("aasfsfsf");
        Assert.assertNotNull(testRequestSender.sendAndWaitFailure(Operation.createPost(createAndStartHost, TestAuthenticationService.SELF_LINK).addPragmaDirective("xn-verify-token")).failure);
        TestRequestSender.clearAuthToken();
        createAndStartHost.log("Verification of invalid token for external auth fails as expected", new Object[0]);
    }

    @Test
    public void testExternalAuthenticationMultinode() throws Throwable {
        ServiceHost createAndStartHost = createAndStartHost(true, new TestAuthenticationService());
        ServiceHost createAndStartHost2 = createAndStartHost(true, new TestAuthenticationService());
        ServiceHost createAndStartHost3 = createAndStartHost(true, new TestAuthenticationService());
        TestNodeGroupManager testNodeGroupManager = new TestNodeGroupManager();
        testNodeGroupManager.addHost(createAndStartHost);
        testNodeGroupManager.addHost(createAndStartHost2);
        testNodeGroupManager.addHost(createAndStartHost3);
        AuthTestUtils.executeWithSystemAuthContext(testNodeGroupManager, () -> {
            testNodeGroupManager.joinNodeGroupAndWaitForConvergence();
            testNodeGroupManager.waitForFactoryServiceAvailable("/core/examples");
        });
        ServiceHost host = testNodeGroupManager.getHost();
        createAndStartHost.log("Testing auth service redirect in multi-node", new Object[0]);
        testExternalAuthRedirectMultinode(host);
        createAndStartHost.log("Auth service redirect in multi-node working as expected", new Object[0]);
        createAndStartHost.log("Testing auth service token request in multi-node", new Object[0]);
        testExternalAuthTokenRequestMultinode(host);
        createAndStartHost.log("AuthenticationService token request is working in multi-node", new Object[0]);
        createAndStartHost.log("Testing replication with external auth in multi-node", new Object[0]);
        testExternalAuthReplicationMultinode(host);
        createAndStartHost.log("Replication with external auth in multi-node is working", new Object[0]);
    }

    private void testExternalAuthRedirectMultinode(ServiceHost serviceHost) {
        Operation sendAndWait = new TestRequestSender(serviceHost).sendAndWait(Operation.createGet(serviceHost.getUri()));
        Assert.assertEquals(302L, sendAndWait.getStatusCode());
        Assert.assertEquals("http://www.vmware.com", sendAndWait.getResponseHeader("location"));
    }

    private void testExternalAuthTokenRequestMultinode(ServiceHost serviceHost) {
        Operation sendAndWait = new TestRequestSender(serviceHost).sendAndWait(Operation.createGet(serviceHost, TestAuthenticationService.SELF_LINK).forceRemote());
        String responseHeader = sendAndWait.getResponseHeader(SET_COOKIE_HEADER);
        Assert.assertNotNull(responseHeader);
        Assert.assertEquals(TestAuthenticationService.ACCESS_TOKEN, CookieJar.decodeCookies(responseHeader).get("xenon-auth-cookie"));
        Assert.assertEquals(TestAuthenticationService.ACCESS_TOKEN, sendAndWait.getResponseHeader("x-xenon-auth-token"));
    }

    private void testExternalAuthReplicationMultinode(ServiceHost serviceHost) {
        TestRequestSender.setAuthToken(TestAuthenticationService.ACCESS_TOKEN);
        TestRequestSender testRequestSender = new TestRequestSender(serviceHost);
        ExampleService.ExampleServiceState exampleServiceState = new ExampleService.ExampleServiceState();
        exampleServiceState.documentSelfLink = "/foo";
        exampleServiceState.name = "foo";
        Assert.assertEquals("foo", testRequestSender.sendAndWait(Operation.createPost(serviceHost, "/core/examples").setBody(exampleServiceState), ExampleService.ExampleServiceState.class).name);
        Assert.assertEquals("foo", testRequestSender.sendAndWait(Operation.createGet(serviceHost, "/core/examples/foo"), ExampleService.ExampleServiceState.class).name);
        TestRequestSender.clearAuthToken();
    }

    @After
    public void tearDown() {
        this.hostsToCleanup.forEach((v0) -> {
            v0.tearDown();
        });
        this.hostsToCleanup.clear();
    }
}
