package org.mortbay.jetty.security;

import java.io.IOException;
import java.security.Principal;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import junit.framework.TestCase;
import junit.textui.TestRunner;
import org.mortbay.jetty.Connector;
import org.mortbay.jetty.LocalConnector;
import org.mortbay.jetty.Request;
import org.mortbay.jetty.Server;
import org.mortbay.jetty.handler.AbstractHandler;
import org.mortbay.jetty.handler.ContextHandler;
import org.mortbay.jetty.servlet.SessionHandler;
import org.mortbay.xml.XmlConfigurationTest;

/* loaded from: input_file:org/mortbay/jetty/security/ConstraintTest.class */
public class ConstraintTest extends TestCase {
    Server _server;
    LocalConnector _connector;
    ContextHandler _context;
    SessionHandler _session;
    SecurityHandler _security;
    RequestHandler _handler;
    UserRealm _realm;
    static Class class$org$mortbay$jetty$security$ConstraintTest;

    /* loaded from: input_file:org/mortbay/jetty/security/ConstraintTest$RequestHandler.class */
    class RequestHandler extends AbstractHandler {
        private final ConstraintTest this$0;

        RequestHandler(ConstraintTest constraintTest) {
            this.this$0 = constraintTest;
        }

        public void handle(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i) throws IOException, ServletException {
            ((Request) httpServletRequest).setHandled(true);
            httpServletResponse.setStatus(200);
            httpServletResponse.getOutputStream().println(httpServletRequest.getRequestURI());
        }
    }

    /* loaded from: input_file:org/mortbay/jetty/security/ConstraintTest$TestUserRealm.class */
    class TestUserRealm implements UserRealm {
        String _username = "user";
        Object _credentials = "pass";
        private final ConstraintTest this$0;

        TestUserRealm(ConstraintTest constraintTest) {
            this.this$0 = constraintTest;
        }

        public Principal authenticate(String str, Object obj, Request request) {
            if (this._username == null || !this._username.equals(str) || this._credentials == null || !this._credentials.equals(obj)) {
                return null;
            }
            return new Principal(this) { // from class: org.mortbay.jetty.security.ConstraintTest.TestUserRealm.1
                private final TestUserRealm this$1;

                {
                    this.this$1 = this;
                }

                @Override // java.security.Principal
                public String getName() {
                    return this.this$1._username;
                }
            };
        }

        public void disassociate(Principal principal) {
        }

        public String getName() {
            return "TestRealm";
        }

        public Principal getPrincipal(String str) {
            return new Principal(this, str) { // from class: org.mortbay.jetty.security.ConstraintTest.TestUserRealm.2
                private final String val$username;
                private final TestUserRealm this$1;

                {
                    this.this$1 = this;
                    this.val$username = str;
                }

                @Override // java.security.Principal
                public String getName() {
                    return this.val$username;
                }
            };
        }

        public boolean isUserInRole(Principal principal, String str) {
            return false;
        }

        public void logout(Principal principal) {
        }

        public Principal popRole(Principal principal) {
            return null;
        }

        public Principal pushRole(Principal principal, String str) {
            return null;
        }

        public boolean reauthenticate(Principal principal) {
            return principal != null;
        }
    }

    public ConstraintTest(String str) {
        super(str);
        this._server = new Server();
        this._connector = new LocalConnector();
        this._context = new ContextHandler();
        this._session = new SessionHandler();
        this._security = new SecurityHandler();
        this._handler = new RequestHandler(this);
        this._realm = new TestUserRealm(this);
        this._server.setConnectors(new Connector[]{this._connector});
        this._context.setContextPath("/ctx");
        this._server.setHandler(this._context);
        this._context.setHandler(this._session);
        this._session.setHandler(this._security);
        this._security.setHandler(this._handler);
        Constraint constraint = new Constraint();
        constraint.setAuthenticate(true);
        constraint.setName("forbid");
        ConstraintMapping constraintMapping = new ConstraintMapping();
        constraintMapping.setPathSpec("/forbid/*");
        constraintMapping.setConstraint(constraint);
        Constraint constraint2 = new Constraint();
        constraint2.setAuthenticate(true);
        constraint2.setName("auth");
        constraint2.setRoles(new String[]{"*"});
        ConstraintMapping constraintMapping2 = new ConstraintMapping();
        constraintMapping2.setPathSpec("/auth/*");
        constraintMapping2.setConstraint(constraint2);
        this._security.setUserRealm(this._realm);
        this._security.setConstraintMappings(new ConstraintMapping[]{constraintMapping, constraintMapping2});
    }

    public static void main(String[] strArr) {
        Class cls;
        if (class$org$mortbay$jetty$security$ConstraintTest == null) {
            cls = class$("org.mortbay.jetty.security.ConstraintTest");
            class$org$mortbay$jetty$security$ConstraintTest = cls;
        } else {
            cls = class$org$mortbay$jetty$security$ConstraintTest;
        }
        TestRunner.run(cls);
    }

    protected void setUp() throws Exception {
        super.setUp();
        this._server.start();
    }

    protected void tearDown() throws Exception {
        super.tearDown();
        this._server.stop();
    }

    public void testBasic() throws Exception {
        this._security.setAuthenticator(new BasicAuthenticator());
        assertTrue(this._connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n").startsWith("HTTP/1.1 200 OK"));
        this._connector.reopen();
        assertTrue(this._connector.getResponses("GET /ctx/forbid/info HTTP/1.0\r\n\r\n").startsWith("HTTP/1.1 403 Forbidden"));
        this._connector.reopen();
        String responses = this._connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
        assertTrue(responses.startsWith("HTTP/1.1 401 Unauthorized"));
        assertTrue(responses.indexOf("WWW-Authenticate: Basic realm=\"TestRealm\"") > 0);
        this._connector.reopen();
        String responses2 = this._connector.getResponses(new StringBuffer().append("GET /ctx/auth/info HTTP/1.0\r\nAuthorization: ").append(B64Code.encode("user:wrong")).append(XmlConfigurationTest.__CRLF).append(XmlConfigurationTest.__CRLF).toString());
        assertTrue(responses2.startsWith("HTTP/1.1 401 Unauthorized"));
        assertTrue(responses2.indexOf("WWW-Authenticate: Basic realm=\"TestRealm\"") > 0);
        this._connector.reopen();
        assertTrue(this._connector.getResponses(new StringBuffer().append("GET /ctx/auth/info HTTP/1.0\r\nAuthorization: ").append(B64Code.encode("user:pass")).append(XmlConfigurationTest.__CRLF).append(XmlConfigurationTest.__CRLF).toString()).startsWith("HTTP/1.1 200 OK"));
    }

    public void testForm() throws Exception {
        FormAuthenticator formAuthenticator = new FormAuthenticator();
        formAuthenticator.setErrorPage("/testErrorPage");
        formAuthenticator.setLoginPage("/testLoginPage");
        this._security.setAuthenticator(formAuthenticator);
        this._connector.reopen();
        assertTrue(this._connector.getResponses("GET /ctx/noauth/info HTTP/1.0\r\n\r\n").startsWith("HTTP/1.1 200 OK"));
        this._connector.reopen();
        assertTrue(this._connector.getResponses("GET /ctx/forbid/info HTTP/1.0\r\n\r\n").startsWith("HTTP/1.1 403 Forbidden"));
        this._connector.reopen();
        String responses = this._connector.getResponses("GET /ctx/auth/info HTTP/1.0\r\n\r\n");
        assertTrue(responses.startsWith("HTTP/1.1 302 Found"));
        assertTrue(responses.indexOf("Location") > 0);
        assertTrue(responses.indexOf("testLoginPage") > 0);
        String substring = responses.substring(responses.indexOf("JSESSIONID=") + 11, responses.indexOf(";Path=/ctx"));
        this._connector.reopen();
        String responses2 = this._connector.getResponses(new StringBuffer().append("POST /ctx/j_security_check HTTP/1.0\r\nCookie: JSESSIONID=").append(substring).append(XmlConfigurationTest.__CRLF).append("Content-Type: application/x-www-form-urlencoded\r\n").append("Content-Length: 31\r\n").append(XmlConfigurationTest.__CRLF).append("j_username=user&j_password=wrong\r\n").toString());
        assertTrue(responses2.startsWith("HTTP/1.1 302 Found"));
        assertTrue(responses2.indexOf("Location") > 0);
        assertTrue(responses2.indexOf("testErrorPage") > 0);
        this._connector.reopen();
        String responses3 = this._connector.getResponses(new StringBuffer().append("POST /ctx/j_security_check HTTP/1.0\r\nCookie: JSESSIONID=").append(substring).append(XmlConfigurationTest.__CRLF).append("Content-Type: application/x-www-form-urlencoded\r\n").append("Content-Length: 31\r\n").append(XmlConfigurationTest.__CRLF).append("j_username=user&j_password=pass\r\n").toString());
        assertTrue(responses3.startsWith("HTTP/1.1 302 Found"));
        assertTrue(responses3.indexOf("Location") > 0);
        assertTrue(responses3.indexOf("/ctx/auth/info") > 0);
        this._connector.reopen();
        assertTrue(this._connector.getResponses(new StringBuffer().append("GET /ctx/auth/info HTTP/1.0\r\nCookie: JSESSIONID=").append(substring).append(XmlConfigurationTest.__CRLF).append(XmlConfigurationTest.__CRLF).toString()).startsWith("HTTP/1.1 200 OK"));
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
