package org.camunda.bpm.engine.rest.standalone;

import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import jakarta.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.camunda.bpm.engine.AuthorizationService;
import org.camunda.bpm.engine.IdentityService;
import org.camunda.bpm.engine.RepositoryService;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.GroupQuery;
import org.camunda.bpm.engine.identity.Tenant;
import org.camunda.bpm.engine.identity.TenantQuery;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.impl.AuthorizationServiceImpl;
import org.camunda.bpm.engine.impl.IdentityServiceImpl;
import org.camunda.bpm.engine.impl.digest._apacheCommonsCodec.Base64;
import org.camunda.bpm.engine.repository.ProcessDefinitionQuery;
import org.camunda.bpm.engine.rest.AbstractRestServiceTest;
import org.camunda.bpm.engine.rest.exception.InvalidRequestException;
import org.camunda.bpm.engine.rest.helper.MockProvider;
import org.hamcrest.Matchers;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/camunda/bpm/engine/rest/standalone/AbstractAuthenticationFilterTest.class */
public abstract class AbstractAuthenticationFilterTest extends AbstractRestServiceTest {
    protected static final String SERVLET_PATH = "/rest";
    protected static final String SERVICE_PATH = "/rest-test/rest/engine/{name}/process-definition";
    protected AuthorizationService authorizationServiceMock;
    protected IdentityService identityServiceMock;
    protected RepositoryService repositoryServiceMock;
    protected User userMock;
    protected List<String> groupIds;
    protected List<String> tenantIds;

    @Before
    public void setup() {
        this.authorizationServiceMock = (AuthorizationService) Mockito.mock(AuthorizationServiceImpl.class);
        this.identityServiceMock = (IdentityService) Mockito.mock(IdentityServiceImpl.class);
        this.repositoryServiceMock = (RepositoryService) Mockito.mock(RepositoryService.class);
        Mockito.when(processEngine.getAuthorizationService()).thenReturn(this.authorizationServiceMock);
        Mockito.when(processEngine.getIdentityService()).thenReturn(this.identityServiceMock);
        Mockito.when(processEngine.getRepositoryService()).thenReturn(this.repositoryServiceMock);
        this.userMock = MockProvider.createMockUser();
        this.groupIds = setupGroupQueryMock(MockProvider.createMockGroups());
        this.tenantIds = setupTenantQueryMock(Collections.singletonList(MockProvider.createMockTenant()));
        List asList = Arrays.asList(MockProvider.createMockDefinition());
        ProcessDefinitionQuery processDefinitionQuery = (ProcessDefinitionQuery) Mockito.mock(ProcessDefinitionQuery.class);
        Mockito.when(this.repositoryServiceMock.createProcessDefinitionQuery()).thenReturn(processDefinitionQuery);
        Mockito.when(processDefinitionQuery.list()).thenReturn(asList);
    }

    protected List<String> setupGroupQueryMock(List<Group> list) {
        GroupQuery groupQuery = (GroupQuery) Mockito.mock(GroupQuery.class);
        Mockito.when(this.identityServiceMock.createGroupQuery()).thenReturn(groupQuery);
        Mockito.when(groupQuery.groupMember(Mockito.anyString())).thenReturn(groupQuery);
        Mockito.when(groupQuery.list()).thenReturn(list);
        ArrayList arrayList = new ArrayList();
        Iterator<Group> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getId());
        }
        return arrayList;
    }

    protected List<String> setupTenantQueryMock(List<Tenant> list) {
        TenantQuery tenantQuery = (TenantQuery) Mockito.mock(TenantQuery.class);
        Mockito.when(this.identityServiceMock.createTenantQuery()).thenReturn(tenantQuery);
        Mockito.when(tenantQuery.userMember(Mockito.anyString())).thenReturn(tenantQuery);
        Mockito.when(tenantQuery.includingGroupsOfUser(Mockito.anyBoolean())).thenReturn(tenantQuery);
        Mockito.when(tenantQuery.list()).thenReturn(list);
        ArrayList arrayList = new ArrayList();
        Iterator<Tenant> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getId());
        }
        return arrayList;
    }

    @Test
    public void testHttpBasicAuthenticationCheck() {
        Mockito.when(Boolean.valueOf(this.identityServiceMock.checkPassword(MockProvider.EXAMPLE_USER_ID, MockProvider.EXAMPLE_USER_PASSWORD))).thenReturn(true);
        RestAssured.given().auth().basic(MockProvider.EXAMPLE_USER_ID, MockProvider.EXAMPLE_USER_PASSWORD).pathParam("name", MockProvider.EXAMPLE_PROCESS_ENGINE_NAME).then().expect().statusCode(Response.Status.OK.getStatusCode()).contentType(MockProvider.FORMAT_APPLICATION_JSON).when().get(SERVICE_PATH, new Object[0]);
        ((IdentityService) Mockito.verify(this.identityServiceMock)).setAuthentication(MockProvider.EXAMPLE_USER_ID, this.groupIds, this.tenantIds);
    }

    @Test
    public void testFailingAuthenticationCheck() {
        Mockito.when(Boolean.valueOf(this.identityServiceMock.checkPassword(MockProvider.EXAMPLE_USER_ID, MockProvider.EXAMPLE_USER_PASSWORD))).thenReturn(false);
        RestAssured.given().auth().basic(MockProvider.EXAMPLE_USER_ID, MockProvider.EXAMPLE_USER_PASSWORD).pathParam("name", MockProvider.EXAMPLE_PROCESS_ENGINE_NAME).then().expect().statusCode(Response.Status.UNAUTHORIZED.getStatusCode()).header("WWW-Authenticate", "Basic realm=\"default\"").when().get(SERVICE_PATH, new Object[0]);
    }

    @Test
    public void testMissingAuthHeader() {
        RestAssured.given().pathParam("name", "someengine").then().expect().statusCode(Response.Status.UNAUTHORIZED.getStatusCode()).header("WWW-Authenticate", "Basic realm=\"someengine\"").when().get(SERVICE_PATH, new Object[0]);
    }

    @Test
    public void testUnexpectedAuthHeaderFormat() {
        RestAssured.given().header("Authorization", "Digest somevalues, and, some, more", new Object[0]).pathParam("name", "someengine").then().expect().statusCode(Response.Status.UNAUTHORIZED.getStatusCode()).header("WWW-Authenticate", "Basic realm=\"someengine\"").when().get(SERVICE_PATH, new Object[0]);
    }

    @Test
    public void testMalformedCredentials() {
        RestAssured.given().header("Authorization", "Basic " + new String(Base64.encodeBase64("this is not a valid format".getBytes())), new Object[0]).pathParam("name", MockProvider.EXAMPLE_PROCESS_ENGINE_NAME).then().expect().statusCode(Response.Status.UNAUTHORIZED.getStatusCode()).header("WWW-Authenticate", "Basic realm=\"default\"").when().get(SERVICE_PATH, new Object[0]);
    }

    @Test
    public void testNonExistingEngineAuthentication() {
        RestAssured.given().auth().basic(MockProvider.EXAMPLE_USER_ID, MockProvider.EXAMPLE_USER_PASSWORD).pathParam("name", MockProvider.NON_EXISTING_PROCESS_ENGINE_NAME).then().expect().statusCode(Response.Status.NOT_FOUND.getStatusCode()).contentType(ContentType.JSON).body("type", Matchers.equalTo(InvalidRequestException.class.getSimpleName()), new Object[0]).body(MockProvider.EXAMPLE_EVENT_SUBSCRIPTION_TYPE, Matchers.equalTo("Process engine aNonExistingEngineName not available"), new Object[0]).when().get(SERVICE_PATH, new Object[0]);
    }

    @Test
    public void testMalformedBase64Value() {
        RestAssured.given().header("Authorization", "Basic someNonBase64Characters!(#", new Object[0]).pathParam("name", MockProvider.EXAMPLE_PROCESS_ENGINE_NAME).then().expect().statusCode(Response.Status.UNAUTHORIZED.getStatusCode()).header("WWW-Authenticate", "Basic realm=\"default\"").when().get(SERVICE_PATH, new Object[0]);
    }
}
