package com.vmware.xenon.services.common.authn;

import com.vmware.xenon.common.BasicTestCase;
import com.vmware.xenon.common.Operation;
import com.vmware.xenon.common.ServiceStateCollectionUpdateRequest;
import com.vmware.xenon.common.UriUtils;
import com.vmware.xenon.common.Utils;
import com.vmware.xenon.common.http.netty.CookieJar;
import com.vmware.xenon.common.test.VerificationHost;
import com.vmware.xenon.services.common.AuthCredentialsService;
import com.vmware.xenon.services.common.UserService;
import com.vmware.xenon.services.common.authn.AuthenticationRequest;
import java.net.URI;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:com/vmware/xenon/services/common/authn/TestBasicAuthenticationService.class */
public class TestBasicAuthenticationService extends BasicTestCase {
    private static final String USER = "jane@doe.com";
    private static final String INVALID_USER = "janedoe@doe.com";
    private static final String PASSWORD = "password-for-jane";
    private static final String INVALID_PASSWORD = "invalid-password";
    private static final String BASIC_AUTH_PREFIX = "Basic ";
    private static final String BASIC_AUTH_USER_SEPARATOR = ":";
    private static final String SET_COOKIE_HEADER = "Set-Cookie";
    private String credentialsServiceStateSelfLink;

    @Override // com.vmware.xenon.common.BasicTestCase
    public void beforeHostStart(VerificationHost verificationHost) {
        verificationHost.setAuthorizationEnabled(true);
    }

    @Before
    public void setUp() throws Exception {
        try {
            this.host.setSystemAuthorizationContext();
            this.host.waitForServiceAvailable("/core/auth/credentials");
            this.host.waitForServiceAvailable(BasicAuthenticationService.SELF_LINK);
            this.host.waitForServiceAvailable(UserService.FACTORY_LINK);
            UserService.UserState userState = new UserService.UserState();
            userState.email = USER;
            userState.documentSelfLink = USER;
            AuthCredentialsService.AuthCredentialsServiceState authCredentialsServiceState = new AuthCredentialsService.AuthCredentialsServiceState();
            authCredentialsServiceState.userEmail = USER;
            authCredentialsServiceState.privateKey = PASSWORD;
            Operation completion = Operation.createPost(UriUtils.buildUri(this.host, UserService.FACTORY_LINK)).setBody(userState).setCompletion((operation, th) -> {
                if (th != null) {
                    this.host.failIteration(th);
                } else {
                    this.host.completeIteration();
                }
            });
            Operation completion2 = Operation.createPost(UriUtils.buildUri(this.host, "/core/auth/credentials")).setBody(authCredentialsServiceState).setCompletion((operation2, th2) -> {
                if (th2 != null) {
                    this.host.failIteration(th2);
                } else {
                    this.credentialsServiceStateSelfLink = ((AuthCredentialsService.AuthCredentialsServiceState) operation2.getBody(AuthCredentialsService.AuthCredentialsServiceState.class)).documentSelfLink;
                    this.host.completeIteration();
                }
            });
            this.host.testStart(2L);
            this.host.send(completion);
            this.host.send(completion2);
            this.host.testWait();
        } catch (Throwable th3) {
            throw new Exception(th3);
        }
    }

    @Test
    public void testAuth() throws Throwable {
        this.host.resetAuthorizationContext();
        URI buildUri = UriUtils.buildUri(this.host, BasicAuthenticationService.SELF_LINK);
        this.host.testStart(1L);
        this.host.send(Operation.createPost(buildUri).setBody(new Object()).setCompletion((operation, th) -> {
            if (th == null) {
                this.host.failIteration(new IllegalStateException("request should have failed"));
                return;
            }
            if (operation.getStatusCode() != 401) {
                this.host.failIteration(new IllegalStateException("Invalid status code returned"));
                return;
            }
            String responseHeader = operation.getResponseHeader("WWW-Authenticate");
            if (responseHeader == null || !responseHeader.equals("Basic realm=\"xenon\"")) {
                this.host.failIteration(new IllegalStateException("Invalid status code returned"));
            } else {
                this.host.completeIteration();
            }
        }));
        this.host.testWait();
        String constructBasicAuth = BasicAuthenticationUtils.constructBasicAuth(INVALID_USER, PASSWORD);
        this.host.testStart(1L);
        this.host.send(Operation.createPost(buildUri).setBody(new Object()).addRequestHeader("Authorization", constructBasicAuth).setCompletion((operation2, th2) -> {
            if (th2 == null) {
                this.host.failIteration(new IllegalStateException("request should have failed"));
            } else if (operation2.getStatusCode() != 403) {
                this.host.failIteration(new IllegalStateException("Invalid status code returned"));
            } else {
                this.host.completeIteration();
            }
        }));
        this.host.testWait();
        String stringBuffer = new StringBuffer(BASIC_AUTH_PREFIX).append(new String(Base64.getEncoder().encode(new StringBuffer(USER).toString().getBytes()))).toString();
        this.host.testStart(1L);
        this.host.send(Operation.createPost(buildUri).setBody(new Object()).addRequestHeader("Authorization", stringBuffer).setCompletion((operation3, th3) -> {
            if (th3 == null) {
                this.host.failIteration(new IllegalStateException("request should have failed"));
            } else if (operation3.getStatusCode() != 400) {
                this.host.failIteration(new IllegalStateException("Invalid status code returned"));
            } else {
                this.host.completeIteration();
            }
        }));
        this.host.testWait();
        String constructBasicAuth2 = BasicAuthenticationUtils.constructBasicAuth(USER, INVALID_PASSWORD);
        this.host.testStart(1L);
        this.host.send(Operation.createPost(buildUri).setBody(new Object()).addRequestHeader("Authorization", constructBasicAuth2).setCompletion((operation4, th4) -> {
            if (th4 == null) {
                this.host.failIteration(new IllegalStateException("request should have failed"));
            } else if (operation4.getStatusCode() != 403) {
                this.host.failIteration(new IllegalStateException("Invalid status code returned"));
            } else {
                this.host.completeIteration();
            }
        }));
        this.host.testWait();
        String constructBasicAuth3 = BasicAuthenticationUtils.constructBasicAuth(USER, PASSWORD);
        this.host.testStart(1L);
        this.host.send(Operation.createPost(buildUri).setBody(new Object()).addRequestHeader("Authorization", constructBasicAuth3).setCompletion((operation5, th5) -> {
            if (th5 != null) {
                this.host.failIteration(th5);
                return;
            }
            if (operation5.getStatusCode() != 200) {
                this.host.failIteration(new IllegalStateException("Invalid status code returned"));
                return;
            }
            if (operation5.getAuthorizationContext() == null) {
                this.host.failIteration(new IllegalStateException("Authorization context not set"));
                return;
            }
            AuthenticationRequest authenticationRequest = new AuthenticationRequest();
            authenticationRequest.requestType = AuthenticationRequest.AuthenticationRequestType.LOGOUT;
            Operation completion = Operation.createPost(buildUri).setBody(authenticationRequest).forceRemote().setCompletion((operation5, th5) -> {
                if (th5 != null) {
                    this.host.failIteration(th5);
                    return;
                }
                if (operation5.getStatusCode() != 200) {
                    this.host.failIteration(new IllegalStateException("Invalid status code returned"));
                    return;
                }
                String responseHeader = operation5.getResponseHeader(SET_COOKIE_HEADER);
                if (responseHeader == null) {
                    this.host.failIteration(new IllegalStateException("Cookie is null"));
                }
                if (!((String) CookieJar.decodeCookies(responseHeader).get("Max-Age")).equals("0")) {
                    this.host.failIteration(new IllegalStateException("Max-Age for cookie is not zero"));
                }
                this.host.resetAuthorizationContext();
                this.host.completeIteration();
            });
            this.host.setAuthorizationContext(operation5.getAuthorizationContext());
            this.host.send(completion);
        }));
        this.host.testWait();
        this.host.testStart(1L);
        this.host.send(Operation.createPost(buildUri).setBody(new Object()).forceRemote().addRequestHeader("Authorization", constructBasicAuth3).setCompletion((operation6, th6) -> {
            if (th6 != null) {
                this.host.failIteration(th6);
            } else if (operation6.getStatusCode() != 200) {
                this.host.failIteration(new IllegalStateException("Invalid status code returned"));
            } else if (validateAuthToken(operation6)) {
                this.host.completeIteration();
            }
        }));
        this.host.testWait();
        this.host.setSystemAuthorizationContext();
        this.host.sendAndWait(Operation.createDelete(UriUtils.buildUri(this.host, UriUtils.buildUriPath(new String[]{UserService.FACTORY_LINK, USER}))).setCompletion((operation7, th7) -> {
            if (th7 != null) {
                this.host.failIteration(th7);
            } else {
                this.host.completeIteration();
            }
        }));
        this.host.resetSystemAuthorizationContext();
        this.host.assumeIdentity(UriUtils.buildUriPath(new String[]{UserService.FACTORY_LINK, USER}));
        this.host.testStart(1L);
        this.host.send(Operation.createGet(UriUtils.buildUri(this.host, UserService.FACTORY_LINK)).forceRemote().setCompletion((operation8, th8) -> {
            if (th8 != null) {
                this.host.failIteration(th8);
            } else if (operation8.getStatusCode() != 200) {
                this.host.failIteration(new IllegalStateException("Invalid status code returned"));
            } else {
                this.host.completeIteration();
            }
        }));
        this.host.testWait();
    }

    @Test
    public void testAuthExpiration() throws Throwable {
        this.host.resetAuthorizationContext();
        URI buildUri = UriUtils.buildUri(this.host, BasicAuthenticationService.SELF_LINK);
        String constructBasicAuth = BasicAuthenticationUtils.constructBasicAuth(USER, PASSWORD);
        long systemNowMicrosUtc = Utils.getSystemNowMicrosUtc() + TimeUnit.HOURS.toMicros(1L);
        AuthenticationRequest authenticationRequest = new AuthenticationRequest();
        this.host.testStart(1L);
        this.host.send(Operation.createPost(buildUri).setBody(authenticationRequest).addRequestHeader("Authorization", constructBasicAuth).setCompletion((operation, th) -> {
            if (th != null) {
                this.host.failIteration(th);
                return;
            }
            validateExpirationTimeRange(operation.getAuthorizationContext(), Long.valueOf(systemNowMicrosUtc), Long.valueOf(Utils.getSystemNowMicrosUtc() + TimeUnit.HOURS.toMicros(1L)));
            this.host.completeIteration();
        }));
        this.host.testWait();
        AuthenticationRequest authenticationRequest2 = new AuthenticationRequest();
        authenticationRequest2.sessionExpirationSeconds = 60L;
        this.host.testStart(1L);
        this.host.send(Operation.createPost(buildUri).setBody(authenticationRequest2).addRequestHeader("Authorization", constructBasicAuth).setCompletion((operation2, th2) -> {
            if (th2 != null) {
                this.host.failIteration(th2);
                return;
            }
            validateExpirationTimeRange(operation2.getAuthorizationContext(), null, Long.valueOf(Utils.getSystemNowMicrosUtc() + TimeUnit.MINUTES.toMicros(10L)));
            this.host.completeIteration();
        }));
        this.host.testWait();
        AuthenticationRequest authenticationRequest3 = new AuthenticationRequest();
        authenticationRequest3.sessionExpirationSeconds = -1L;
        this.host.testStart(1L);
        this.host.send(Operation.createPost(buildUri).setBody(authenticationRequest3).addRequestHeader("Authorization", constructBasicAuth).setCompletion((operation3, th3) -> {
            if (th3 != null) {
                this.host.failIteration(th3);
            } else {
                validateExpirationTimeRange(operation3.getAuthorizationContext(), null, Long.valueOf(Utils.getSystemNowMicrosUtc()));
                this.host.completeIteration();
            }
        }));
        this.host.testWait();
        AuthenticationRequest authenticationRequest4 = new AuthenticationRequest();
        authenticationRequest4.sessionExpirationSeconds = 0L;
        this.host.testStart(1L);
        this.host.send(Operation.createPost(buildUri).setBody(authenticationRequest4).addRequestHeader("Authorization", constructBasicAuth).setCompletion((operation4, th4) -> {
            if (th4 != null) {
                this.host.failIteration(th4);
            } else {
                validateExpirationTimeRange(operation4.getAuthorizationContext(), null, Long.valueOf(Utils.getSystemNowMicrosUtc()));
                this.host.completeIteration();
            }
        }));
        this.host.testWait();
    }

    private void validateExpirationTimeRange(Operation.AuthorizationContext authorizationContext, Long l, Long l2) {
        Assert.assertNotNull(authorizationContext);
        Assert.assertNotNull(authorizationContext.getClaims());
        Assert.assertNotNull(authorizationContext.getClaims().getExpirationTime());
        long longValue = authorizationContext.getClaims().getExpirationTime().longValue();
        if (l != null && longValue < l.longValue()) {
            this.host.failIteration(new IllegalStateException(String.format("expiration must be greater than %d but was %d", l, Long.valueOf(longValue))));
        }
        if (l2 == null || l2.longValue() >= longValue) {
            return;
        }
        this.host.failIteration(new IllegalStateException(String.format("expiration must be greater less %d but was %d", l2, Long.valueOf(longValue))));
    }

    @Test
    public void testCustomPropertiesAndTenantLinks() throws Throwable {
        String str = "Property1";
        String str2 = "Value1";
        String str3 = "Property2";
        String str4 = "Value2";
        String str5 = "UpdatedValue";
        URI buildUri = UriUtils.buildUri(this.host, this.credentialsServiceStateSelfLink);
        AuthCredentialsService.AuthCredentialsServiceState authCredentialsServiceState = new AuthCredentialsService.AuthCredentialsServiceState();
        HashMap hashMap = new HashMap();
        hashMap.put("Property1", "Value1");
        authCredentialsServiceState.customProperties = hashMap;
        Operation completion = Operation.createPatch(buildUri).setBody(authCredentialsServiceState).setCompletion((operation, th) -> {
            if (th != null) {
                this.host.failIteration(th);
                return;
            }
            AuthCredentialsService.AuthCredentialsServiceState authCredentialsServiceState2 = (AuthCredentialsService.AuthCredentialsServiceState) operation.getBody(AuthCredentialsService.AuthCredentialsServiceState.class);
            Assert.assertEquals("There should be only one custom property", authCredentialsServiceState2.customProperties.size(), 1L);
            Assert.assertEquals(authCredentialsServiceState2.customProperties.get(str), str2);
            this.host.completeIteration();
        });
        this.host.testStart(1L);
        this.host.send(completion);
        this.host.testWait();
        hashMap.put("Property1", "UpdatedValue");
        hashMap.put("Property2", "Value2");
        authCredentialsServiceState.customProperties = hashMap;
        Operation completion2 = Operation.createPatch(buildUri).setBody(authCredentialsServiceState).setCompletion((operation2, th2) -> {
            if (th2 != null) {
                this.host.failIteration(th2);
                return;
            }
            AuthCredentialsService.AuthCredentialsServiceState authCredentialsServiceState2 = (AuthCredentialsService.AuthCredentialsServiceState) operation2.getBody(AuthCredentialsService.AuthCredentialsServiceState.class);
            Assert.assertEquals("There should be two custom properties", authCredentialsServiceState2.customProperties.size(), 2L);
            Assert.assertEquals(authCredentialsServiceState2.customProperties.get(str), str5);
            Assert.assertEquals(authCredentialsServiceState2.customProperties.get(str3), str4);
            this.host.completeIteration();
        });
        this.host.testStart(1L);
        this.host.send(completion2);
        this.host.testWait();
        ArrayList arrayList = new ArrayList();
        arrayList.add("foo");
        HashMap hashMap2 = new HashMap();
        hashMap2.put("tenantLinks", new ArrayList(arrayList));
        Operation completion3 = Operation.createPatch(buildUri).setBody(ServiceStateCollectionUpdateRequest.create(hashMap2, (Map) null)).setCompletion((operation3, th3) -> {
            if (th3 != null) {
                this.host.failIteration(th3);
            } else {
                Assert.assertEquals("There should be one tenantLink", ((AuthCredentialsService.AuthCredentialsServiceState) operation3.getBody(AuthCredentialsService.AuthCredentialsServiceState.class)).tenantLinks.size(), 1L);
                this.host.completeIteration();
            }
        });
        this.host.testStart(1L);
        this.host.send(completion3);
        this.host.testWait();
        HashMap hashMap3 = new HashMap();
        hashMap3.put("tenantLinks", new ArrayList(arrayList));
        Operation completion4 = Operation.createPatch(buildUri).setBody(ServiceStateCollectionUpdateRequest.create((Map) null, hashMap3)).setCompletion((operation4, th4) -> {
            if (th4 != null) {
                this.host.failIteration(th4);
            } else {
                Assert.assertEquals("There should be no tenantLink", ((AuthCredentialsService.AuthCredentialsServiceState) operation4.getBody(AuthCredentialsService.AuthCredentialsServiceState.class)).tenantLinks.size(), 0L);
                this.host.completeIteration();
            }
        });
        this.host.testStart(1L);
        this.host.send(completion4);
        this.host.testWait();
    }

    @Test
    public void testAuthWithUserInfo() throws Throwable {
        doTestAuthWithUserInfo(false);
        doTestAuthWithUserInfo(true);
    }

    private void doTestAuthWithUserInfo(boolean z) throws Throwable {
        this.host.resetAuthorizationContext();
        URI buildUri = UriUtils.buildUri(this.host, BasicAuthenticationService.SELF_LINK, (String) null, USER + BASIC_AUTH_USER_SEPARATOR + PASSWORD);
        this.host.testStart(1L);
        Operation completion = Operation.createPost(buildUri).setBody(new Object()).setCompletion((operation, th) -> {
            if (th != null) {
                this.host.failIteration(th);
                return;
            }
            if (operation.getStatusCode() != 200) {
                this.host.failIteration(new IllegalStateException("Invalid status code returned"));
                return;
            }
            if (!operation.isRemote() && operation.getAuthorizationContext() == null) {
                this.host.failIteration(new IllegalStateException("Authorization context not set"));
                return;
            }
            AuthenticationRequest authenticationRequest = new AuthenticationRequest();
            authenticationRequest.requestType = AuthenticationRequest.AuthenticationRequestType.LOGOUT;
            Operation completion2 = Operation.createPost(buildUri).setBody(authenticationRequest).forceRemote().setCompletion((operation, th) -> {
                if (th != null) {
                    this.host.failIteration(th);
                    return;
                }
                if (operation.getStatusCode() != 200) {
                    this.host.failIteration(new IllegalStateException("Invalid status code returned"));
                    return;
                }
                String responseHeader = operation.getResponseHeader(SET_COOKIE_HEADER);
                if (responseHeader == null) {
                    this.host.failIteration(new IllegalStateException("Cookie is null"));
                }
                if (!((String) CookieJar.decodeCookies(responseHeader).get("Max-Age")).equals("0")) {
                    this.host.failIteration(new IllegalStateException("Max-Age for cookie is not zero"));
                }
                this.host.resetAuthorizationContext();
                this.host.completeIteration();
            });
            this.host.setAuthorizationContext(operation.getAuthorizationContext());
            this.host.send(completion2);
        });
        if (z) {
            completion.forceRemote();
        }
        this.host.send(completion);
        this.host.testWait();
    }

    private boolean validateAuthToken(Operation operation) {
        String responseHeader = operation.getResponseHeader(SET_COOKIE_HEADER);
        if (responseHeader == null) {
            this.host.failIteration(new IllegalStateException("Missing cookie header"));
            return false;
        }
        Map decodeCookies = CookieJar.decodeCookies(responseHeader);
        if (!decodeCookies.containsKey("xenon-auth-cookie")) {
            this.host.failIteration(new IllegalStateException("Missing auth cookie"));
            return false;
        }
        if (operation.getResponseHeader("x-xenon-auth-token") == null) {
            this.host.failIteration(new IllegalStateException("Missing auth token"));
            return false;
        }
        if (((String) decodeCookies.get("xenon-auth-cookie")).equals(operation.getResponseHeader("x-xenon-auth-token"))) {
            return true;
        }
        this.host.failIteration(new IllegalStateException("Auth token and auth cookie don't match"));
        return false;
    }
}
