package org.nuxeo.ecm.platform.ui.web.auth;

import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.io.Writer;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.io.output.ByteArrayOutputStream;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
import org.mockito.Matchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.nuxeo.ecm.core.api.impl.UserPrincipal;
import org.nuxeo.ecm.core.event.Event;
import org.nuxeo.ecm.core.event.EventProducer;
import org.nuxeo.ecm.platform.usermanager.UserManager;
import org.nuxeo.ecm.platform.web.common.TestMobileBannerHelper;
import org.nuxeo.runtime.mockito.MockitoFeature;
import org.nuxeo.runtime.mockito.RuntimeService;
import org.nuxeo.runtime.test.runner.Deploy;
import org.nuxeo.runtime.test.runner.Deploys;
import org.nuxeo.runtime.test.runner.Features;
import org.nuxeo.runtime.test.runner.FeaturesRunner;
import org.nuxeo.runtime.test.runner.RuntimeFeature;

@RunWith(FeaturesRunner.class)
@Deploy({"org.nuxeo.ecm.platform.web.common:OSGI-INF/authentication-framework.xml"})
@Features({RuntimeFeature.class, MockitoFeature.class})
/* loaded from: input_file:org/nuxeo/ecm/platform/ui/web/auth/TestNuxeoAuthenticationFilter.class */
public class TestNuxeoAuthenticationFilter {
    protected static final String BYPASS_AUTHENTICATION_LOG = "byPassAuthenticationLog";
    protected static final String SECURITY_DOMAIN = "securityDomain";
    protected static final String EVENT_LOGIN_SUCCESS = "loginSuccess";
    protected static final String EVENT_LOGOUT = "logout";
    protected static final String SCHEME = "http";
    protected static final String HOST = "localhost";
    protected static final int PORT = 8080;
    protected static final String CONTEXT = "/nuxeo";

    @Mock
    @RuntimeService
    protected UserManager userManager;

    @Mock
    @RuntimeService
    protected EventProducer eventProducer;
    protected NuxeoAuthenticationFilter filter;
    protected DummyFilterChain chain;
    protected ArgumentCaptor<Event> eventCaptor;

    /* loaded from: input_file:org/nuxeo/ecm/platform/ui/web/auth/TestNuxeoAuthenticationFilter$DummyFilterChain.class */
    public static class DummyFilterChain implements FilterChain {
        protected boolean called;
        protected Principal principal;

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            this.called = true;
            this.principal = ((HttpServletRequest) servletRequest).getUserPrincipal();
        }
    }

    /* loaded from: input_file:org/nuxeo/ecm/platform/ui/web/auth/TestNuxeoAuthenticationFilter$DummyFilterConfig.class */
    public static class DummyFilterConfig implements FilterConfig {
        protected final Map<String, String> initParameters;

        public DummyFilterConfig(Map<String, String> map) {
            this.initParameters = map;
        }

        public String getFilterName() {
            return "NuxeoAuthenticationFilter";
        }

        public ServletContext getServletContext() {
            return null;
        }

        public String getInitParameter(String str) {
            return this.initParameters.get(str);
        }

        public Enumeration<String> getInitParameterNames() {
            return Collections.enumeration(this.initParameters.keySet());
        }
    }

    @Before
    public void setUp() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put(BYPASS_AUTHENTICATION_LOG, "false");
        hashMap.put(SECURITY_DOMAIN, "nuxeo-ecm-web");
        DummyFilterConfig dummyFilterConfig = new DummyFilterConfig(hashMap);
        this.filter = new NuxeoAuthenticationFilter();
        this.filter.init(dummyFilterConfig);
        this.chain = new DummyFilterChain();
        Mockito.when(this.userManager.getAnonymousUserId()).thenReturn(DummyAuthPluginAnonymous.DUMMY_ANONYMOUS_LOGIN);
        this.eventCaptor = ArgumentCaptor.forClass(Event.class);
    }

    @After
    public void tearDown() {
        this.filter.destroy();
    }

    protected Map<String, Object> mockSessionAttributes(HttpSession httpSession) {
        HashMap hashMap = new HashMap();
        ((HttpSession) Mockito.doAnswer(invocationOnMock -> {
            return hashMap.get((String) invocationOnMock.getArguments()[0]);
        }).when(httpSession)).getAttribute(Matchers.anyString());
        ((HttpSession) Mockito.doAnswer(invocationOnMock2 -> {
            hashMap.put((String) invocationOnMock2.getArguments()[0], invocationOnMock2.getArguments()[1]);
            return null;
        }).when(httpSession)).setAttribute(Matchers.anyString(), Matchers.any());
        ((HttpSession) Mockito.doAnswer(invocationOnMock3 -> {
            hashMap.remove((String) invocationOnMock3.getArguments()[0]);
            return null;
        }).when(httpSession)).removeAttribute(Matchers.anyString());
        ((HttpSession) Mockito.doAnswer(invocationOnMock4 -> {
            hashMap.clear();
            return null;
        }).when(httpSession)).invalidate();
        return hashMap;
    }

    protected Map<String, Object> mockRequestAttributes(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        ((HttpServletRequest) Mockito.doAnswer(invocationOnMock -> {
            return hashMap.get((String) invocationOnMock.getArguments()[0]);
        }).when(httpServletRequest)).getAttribute(Matchers.anyString());
        ((HttpServletRequest) Mockito.doAnswer(invocationOnMock2 -> {
            hashMap.put((String) invocationOnMock2.getArguments()[0], invocationOnMock2.getArguments()[1]);
            return null;
        }).when(httpServletRequest)).setAttribute(Matchers.anyString(), Matchers.any());
        ((HttpServletRequest) Mockito.doAnswer(invocationOnMock3 -> {
            hashMap.remove((String) invocationOnMock3.getArguments()[0]);
            return null;
        }).when(httpServletRequest)).removeAttribute(Matchers.anyString());
        ((HttpServletRequest) Mockito.doAnswer(invocationOnMock4 -> {
            return hashMap.keySet();
        }).when(httpServletRequest)).getAttributeNames();
        return hashMap;
    }

    protected void mockRequestURI(HttpServletRequest httpServletRequest, String str, String str2, String str3) {
        mockRequestURI(httpServletRequest, str, str2, str3, null);
    }

    protected void mockRequestURI(HttpServletRequest httpServletRequest, String str, String str2, String str3, String str4) {
        if ("".equals(str2)) {
            str2 = null;
        }
        if ("".equals(str3)) {
            str3 = null;
        }
        if (str4 == null) {
            str4 = CONTEXT + str;
            if (str2 != null) {
                str4 = str4 + str2;
            }
        }
        Mockito.when(httpServletRequest.getScheme()).thenReturn(SCHEME);
        Mockito.when(httpServletRequest.getServerName()).thenReturn(HOST);
        Mockito.when(Integer.valueOf(httpServletRequest.getServerPort())).thenReturn(Integer.valueOf(PORT));
        Mockito.when(httpServletRequest.getRequestURI()).thenReturn(str4);
        Mockito.when(httpServletRequest.getContextPath()).thenReturn(CONTEXT);
        Mockito.when(httpServletRequest.getServletPath()).thenReturn(str);
        Mockito.when(httpServletRequest.getPathInfo()).thenReturn(str2);
        Mockito.when(httpServletRequest.getQueryString()).thenReturn(str3);
    }

    protected void checkEvents(String... strArr) {
        if (strArr.length == 0) {
            Mockito.verifyZeroInteractions(new Object[]{this.eventProducer});
        } else {
            ((EventProducer) Mockito.verify(this.eventProducer)).fireEvent((Event) this.eventCaptor.capture());
            Assert.assertEquals(Arrays.asList(strArr), (List) this.eventCaptor.getAllValues().stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toList()));
        }
    }

    protected void checkNoEvents() {
        checkEvents(new String[0]);
    }

    protected void checkCachedUser(Map<String, Object> map, String str) {
        CachableUserIdentificationInfo cachableUserIdentificationInfo = (CachableUserIdentificationInfo) map.get("org.nuxeo.ecm.login.identity");
        Assert.assertNotNull(cachableUserIdentificationInfo);
        Assert.assertEquals(str, cachableUserIdentificationInfo.getUserInfo().getUserName());
    }

    protected void checkNoCachedUser(Map<String, Object> map) {
        Assert.assertNull((CachableUserIdentificationInfo) map.get("org.nuxeo.ecm.login.identity"));
    }

    @Test
    public void testGetRequestedPage() throws Exception {
        doTestGetRequestedPage("foo/bar.xhtml", "/nuxeo/foo/bar.xhtml", "/foo/bar.xhtml", null, null);
        doTestGetRequestedPage("foo/bar.xhtml", "/nuxeo/login.jsp/../foo/bar.xhtml;jsessionid=123?gee=moo", "/foo/bar.xhtml", null, "gee=moo");
        doTestGetRequestedPage("foo/bar.xhtml", "/nuxeo/foo/bar.xhtml", "/foo", "/bar.xhtml", null);
        doTestGetRequestedPage("foo/bar.xhtml", "/nuxeo/login.jsp/../foo/bar.xhtml;jsessionid=123?gee=moo", "/foo", "/bar.xhtml", "gee=moo");
        doTestGetRequestedPage("ui/index.jsp", "/nuxeo/ui/index.jsp", "/ui/index.jsp", null, null);
        doTestGetRequestedPage("ui/", "/nuxeo/ui/", "/ui/index.jsp", null, null);
    }

    protected void doTestGetRequestedPage(String str, String str2, String str3, String str4, String str5) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        mockRequestURI(httpServletRequest, str3, str4, str5, str2);
        Assert.assertEquals(str, NuxeoAuthenticationFilter.getRequestedPage(httpServletRequest));
    }

    @Test
    public void testGetRequestedUrl() {
        doTestGetRequestedUrl("", null);
        doTestGetRequestedUrl("", "");
        doTestGetRequestedUrl("?gee=moo", "gee=moo");
        doTestGetRequestedUrl("?gee=moo&abc=def", "gee=moo&abc=def");
        doTestGetRequestedUrl("?gee=moo+def", "gee=moo+def");
        doTestGetRequestedUrl("?gee=moo", "gee=moo&conversationId=1234");
        doTestGetRequestedUrl("?gee=moo", "conversationId=1234&gee=moo");
        doTestGetRequestedUrl("", "conversationId=1234");
    }

    protected void doTestGetRequestedUrl(String str, String str2) {
        doTestGetRequestedUrl("foo/bar.xhtml" + str, "/nuxeo/foo/bar.xhtml", "/foo/bar.xhtml", null, str2);
        doTestGetRequestedUrl("foo/bar.xhtml" + str, "/nuxeo/foo/bar.xhtml", "/foo", "/bar.xhtml", str2);
        doTestGetRequestedUrl("foo%20bar.xhtml" + str, "/nuxeo/foo%20bar.xhtml", "/foo bar.xhtml", null, str2);
        doTestGetRequestedUrl("foo/bar.xhtml" + str, "/nuxeo/login.jsp/../foo/bar.xhtml;jsessionid=123", "/foo", "/bar.xhtml", str2);
        doTestGetRequestedUrl("ui/index.jsp" + str, "/nuxeo/ui/index.jsp", "/ui/index.jsp", null, str2);
        doTestGetRequestedUrl("ui/" + str, "/nuxeo/ui/", "/ui/index.jsp", null, str2);
    }

    protected void doTestGetRequestedUrl(String str, String str2, String str3, String str4, String str5) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        mockRequestURI(httpServletRequest, str3, str4, str5, str2);
        Assert.assertEquals(str, NuxeoAuthenticationFilter.getRequestedUrl(httpServletRequest));
    }

    @Test
    public void testAuthCached() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Map<String, Object> mockSessionAttributes = mockSessionAttributes(httpSession);
        Mockito.when(httpServletRequest.getSession(Matchers.anyBoolean())).thenReturn(httpSession);
        mockRequestURI(httpServletRequest, "/foo/bar", "", "");
        CachableUserIdentificationInfo cachableUserIdentificationInfo = new CachableUserIdentificationInfo("bob", "bobpw");
        UserPrincipal userPrincipal = new UserPrincipal("bob", (List) null, false, false);
        cachableUserIdentificationInfo.setPrincipal(userPrincipal);
        mockSessionAttributes.put("org.nuxeo.ecm.login.identity", cachableUserIdentificationInfo);
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertTrue(this.chain.called);
        Assert.assertEquals("bob", this.chain.principal.getName());
        Assert.assertSame(userPrincipal, this.chain.principal);
        checkCachedUser(mockSessionAttributes, "bob");
        checkNoEvents();
    }

    @Test
    public void testNoAuthPlugins() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(httpServletRequest.getSession(Matchers.eq(false))).thenReturn((Object) null);
        mockRequestURI(httpServletRequest, "/foo/bar", "", "");
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertTrue(this.chain.called);
        Assert.assertNull(this.chain.principal);
    }

    @Test
    @Deploys({@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-loginmodule.xml"}), @Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-token.xml"})})
    public void testAuthPluginToken() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Map<String, Object> mockSessionAttributes = mockSessionAttributes(httpSession);
        Mockito.when(httpServletRequest.getSession(Matchers.anyBoolean())).thenReturn(httpSession);
        mockRequestURI(httpServletRequest, "/foo/bar", "", "");
        Mockito.when(httpServletRequest.getParameter((String) Matchers.eq(DummyAuthPluginToken.DUMMY_AUTH_TOKEN_KEY))).thenReturn("bob");
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertTrue(this.chain.called);
        Assert.assertEquals("bob", this.chain.principal.getName());
        checkEvents(EVENT_LOGIN_SUCCESS);
        checkCachedUser(mockSessionAttributes, "bob");
    }

    @Test
    @Deploys({@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-loginmodule.xml"}), @Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-token.xml"})})
    public void testAuthPluginTokenThenRedirectToPage() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Map<String, Object> mockSessionAttributes = mockSessionAttributes(httpSession);
        Mockito.when(httpServletRequest.getSession(Matchers.anyBoolean())).thenReturn(httpSession);
        mockRequestURI(httpServletRequest, "/foo/bar", "", "");
        Mockito.when(httpServletRequest.getParameter((String) Matchers.eq(DummyAuthPluginToken.DUMMY_AUTH_TOKEN_KEY))).thenReturn("bob");
        Mockito.when(httpServletRequest.getParameter((String) Matchers.eq("requestedUrl"))).thenReturn("my/page");
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertFalse(this.chain.called);
        checkEvents(EVENT_LOGIN_SUCCESS);
        checkCachedUser(mockSessionAttributes, "bob");
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendRedirect((String) Matchers.eq("http://localhost:8080/nuxeo/my/page"));
    }

    @Test
    @Deploys({@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-loginmodule.xml"}), @Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-token.xml"})})
    public void testAuthPluginTokenFailedSoRedirectToLoginPage() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        mockSessionAttributes(httpSession);
        Mockito.when(httpServletRequest.getSession(Matchers.anyBoolean())).thenReturn(httpSession);
        mockRequestURI(httpServletRequest, "/no/prompt", "", "");
        Mockito.when(httpServletResponse.getWriter()).thenReturn(new PrintWriter((Writer) new OutputStreamWriter((OutputStream) new ByteArrayOutputStream(), StandardCharsets.UTF_8), true));
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertFalse(this.chain.called);
        checkNoEvents();
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).setStatus(401);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).addHeader((String) Matchers.eq("Location"), (String) Matchers.eq("http://localhost:8080/nuxeo/login"));
    }

    @Test
    @Deploys({@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-loginmodule.xml"}), @Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-anonymous.xml"})})
    public void testAuthPluginAnonymous() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Map<String, Object> mockSessionAttributes = mockSessionAttributes(httpSession);
        Mockito.when(httpServletRequest.getSession(Matchers.anyBoolean())).thenReturn(httpSession);
        mockRequestURI(httpServletRequest, "/my/page", "", "");
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertTrue(this.chain.called);
        Assert.assertEquals(DummyAuthPluginAnonymous.DUMMY_ANONYMOUS_LOGIN, this.chain.principal.getName());
        checkEvents(EVENT_LOGIN_SUCCESS);
        checkCachedUser(mockSessionAttributes, DummyAuthPluginAnonymous.DUMMY_ANONYMOUS_LOGIN);
    }

    @Test
    @Deploys({@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-loginmodule.xml"}), @Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-anonymous.xml"})})
    public void testAuthForceAnonymousLogin() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Map<String, Object> mockSessionAttributes = mockSessionAttributes(httpSession);
        Mockito.when(httpServletRequest.getSession(Matchers.anyBoolean())).thenReturn(httpSession);
        mockRequestURI(httpServletRequest, "/mystart/foo", "", "forceAnonymousLogin=true");
        Mockito.when(httpServletRequest.getParameter((String) Matchers.eq("forceAnonymousLogin"))).thenReturn("true");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrintWriter printWriter = new PrintWriter((Writer) new OutputStreamWriter((OutputStream) byteArrayOutputStream, StandardCharsets.UTF_8), true);
        Mockito.when(httpServletResponse.getWriter()).thenReturn(printWriter);
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertFalse(this.chain.called);
        checkNoCachedUser(mockSessionAttributes);
        checkNoEvents();
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).setContentType((String) Matchers.eq("text/html;charset=UTF-8"));
        printWriter.flush();
        String byteArrayOutputStream2 = byteArrayOutputStream.toString(StandardCharsets.UTF_8);
        Assert.assertTrue(byteArrayOutputStream2, byteArrayOutputStream2.contains("window.location = 'http://localhost:8080/nuxeo/dummy_login.jsp?requestedUrl=mystart%2Ffoo';"));
    }

    @Test
    @Deploys({@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-loginmodule.xml"}), @Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-form.xml"})})
    public void testAuthPluginFormRedirectToLoginPage() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Map<String, Object> mockSessionAttributes = mockSessionAttributes(httpSession);
        Mockito.when(httpServletRequest.getSession(Matchers.anyBoolean())).thenReturn(httpSession);
        mockRequestURI(httpServletRequest, "/mystart/foo", "", "");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrintWriter printWriter = new PrintWriter((Writer) new OutputStreamWriter((OutputStream) byteArrayOutputStream, StandardCharsets.UTF_8), true);
        Mockito.when(httpServletResponse.getWriter()).thenReturn(printWriter);
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertFalse(this.chain.called);
        checkNoCachedUser(mockSessionAttributes);
        checkNoEvents();
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).setStatus(Matchers.eq(401));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).setContentType((String) Matchers.eq("text/html;charset=UTF-8"));
        printWriter.flush();
        String byteArrayOutputStream2 = byteArrayOutputStream.toString(StandardCharsets.UTF_8);
        Assert.assertTrue(byteArrayOutputStream2, byteArrayOutputStream2.contains("window.location = 'http://localhost:8080/nuxeo/dummy_login.jsp?requestedUrl=mystart%2Ffoo';"));
    }

    @Test
    @Deploys({@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-loginmodule.xml"}), @Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-form.xml"})})
    public void testAuthPluginFormReLogin() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Map<String, Object> mockSessionAttributes = mockSessionAttributes(httpSession);
        Mockito.when(httpServletRequest.getSession(Matchers.anyBoolean())).thenReturn(httpSession);
        mockRequestURI(httpServletRequest, "/login", "", "");
        CachableUserIdentificationInfo cachableUserIdentificationInfo = new CachableUserIdentificationInfo("bob", "bobpw");
        cachableUserIdentificationInfo.setPrincipal(new UserPrincipal("bob", (List) null, false, false));
        mockSessionAttributes.put("org.nuxeo.ecm.login.identity", cachableUserIdentificationInfo);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrintWriter printWriter = new PrintWriter((Writer) new OutputStreamWriter((OutputStream) byteArrayOutputStream, StandardCharsets.UTF_8), true);
        Mockito.when(httpServletResponse.getWriter()).thenReturn(printWriter);
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertFalse(this.chain.called);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).setStatus(Matchers.eq(401));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).setContentType((String) Matchers.eq("text/html;charset=UTF-8"));
        printWriter.flush();
        String byteArrayOutputStream2 = byteArrayOutputStream.toString(StandardCharsets.UTF_8);
        Assert.assertTrue(byteArrayOutputStream2, byteArrayOutputStream2.contains("window.location = 'http://localhost:8080/nuxeo/dummy_login.jsp';"));
    }

    @Test
    @Deploys({@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-loginmodule.xml"}), @Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-form.xml"})})
    public void testAuthPluginFormGet() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        mockRequestURI(httpServletRequest, "/dummy_form_login.jsp", "", "");
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertTrue(this.chain.called);
        Assert.assertNull(this.chain.principal);
    }

    @Test
    @Deploys({@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-loginmodule.xml"}), @Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-form.xml"})})
    public void testAuthPluginFormSubmit() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Map<String, Object> mockSessionAttributes = mockSessionAttributes(httpSession);
        Mockito.when(httpServletRequest.getSession(Matchers.anyBoolean())).thenReturn(httpSession);
        mockRequestURI(httpServletRequest, "/doesnotmatter", "", "requestedUrl=mystart/foo");
        Mockito.when(httpServletRequest.getParameter((String) Matchers.eq(DummyAuthPluginForm.DUMMY_AUTH_FORM_USERNAME_KEY))).thenReturn("bob");
        Mockito.when(httpServletRequest.getParameter((String) Matchers.eq(DummyAuthPluginForm.DUMMY_AUTH_FORM_PASSWORD_KEY))).thenReturn("bob");
        Mockito.when(httpServletRequest.getParameter((String) Matchers.eq("requestedUrl"))).thenReturn("mystart/foo");
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertFalse(this.chain.called);
        checkEvents(EVENT_LOGIN_SUCCESS);
        checkCachedUser(mockSessionAttributes, "bob");
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendRedirect((String) Matchers.eq("http://localhost:8080/nuxeo/mystart/foo"));
    }

    @Test
    @Deploys({@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-loginmodule.xml"}), @Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-form.xml"})})
    public void testAuthPluginFormFailedSoRedirectToLoginPage() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Map<String, Object> mockRequestAttributes = mockRequestAttributes(httpServletRequest);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        mockSessionAttributes(httpSession);
        Mockito.when(httpServletRequest.getSession(Matchers.anyBoolean())).thenReturn(httpSession);
        mockRequestURI(httpServletRequest, "/doesnotmatter", "", "requestedUrl=mystart/foo");
        Mockito.when(httpServletRequest.getParameter((String) Matchers.eq(DummyAuthPluginForm.DUMMY_AUTH_FORM_USERNAME_KEY))).thenReturn("bob");
        Mockito.when(httpServletRequest.getParameter((String) Matchers.eq(DummyAuthPluginForm.DUMMY_AUTH_FORM_PASSWORD_KEY))).thenReturn("");
        Mockito.when(httpServletRequest.getParameter((String) Matchers.eq("requestedUrl"))).thenReturn("mystart/foo");
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertFalse(this.chain.called);
        checkNoEvents();
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendRedirect((String) Matchers.eq("http://localhost:8080/nuxeo/dummy_login.jsp?loginFailed=true"));
        Assert.assertEquals("Username and password do not match", mockRequestAttributes.get("org.nuxeo.ecm.login.error"));
    }

    @Test
    @Deploys({@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-loginmodule.xml"}), @Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-form.xml"})})
    public void testAuthPluginFormLogout() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Map<String, Object> mockSessionAttributes = mockSessionAttributes(httpSession);
        initAuthPluginFormLogoutRequest(httpServletRequest, httpSession, mockSessionAttributes);
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertFalse(this.chain.called);
        checkEvents(EVENT_LOGOUT);
        checkNoCachedUser(mockSessionAttributes);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendRedirect((String) Matchers.eq("http://localhost:8080/nuxeo/home.html"));
    }

    protected void initAuthPluginFormLogoutRequest(HttpServletRequest httpServletRequest, HttpSession httpSession, Map<String, Object> map) throws LoginException {
        Mockito.when(httpServletRequest.getSession(Matchers.anyBoolean())).thenReturn(httpSession);
        mockRequestURI(httpServletRequest, "/logout", "", "");
        CachableUserIdentificationInfo cachableUserIdentificationInfo = new CachableUserIdentificationInfo("bob", "bobpw");
        cachableUserIdentificationInfo.getUserInfo().setAuthPluginName("DUMMY_AUTH_FORM");
        cachableUserIdentificationInfo.setPrincipal(new UserPrincipal("bob", (List) null, false, false));
        LoginContext loginContext = (LoginContext) Mockito.mock(LoginContext.class);
        ((LoginContext) Mockito.doNothing().when(loginContext)).logout();
        cachableUserIdentificationInfo.setLoginContext(loginContext);
        map.put("org.nuxeo.ecm.login.identity", cachableUserIdentificationInfo);
    }

    @Test
    @Deploys({@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-loginmodule.xml"}), @Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-form.xml"})})
    public void testAuthPluginFormLogoutCallbackURL() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Map<String, Object> mockSessionAttributes = mockSessionAttributes(httpSession);
        initAuthPluginFormLogoutRequest(httpServletRequest, httpSession, mockSessionAttributes);
        Mockito.when(httpServletRequest.getParameter((String) Matchers.eq("callbackURL"))).thenReturn("http://localhost:8080/nuxeo/redirect");
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertFalse(this.chain.called);
        checkEvents(EVENT_LOGOUT);
        checkNoCachedUser(mockSessionAttributes);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendRedirect((String) Matchers.eq("http://localhost:8080/nuxeo/redirect"));
    }

    @Test
    @Deploys({@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-loginmodule.xml"}), @Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-form.xml"})})
    public void testAuthPluginFormLogoutInvalidCallbackURL() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Map<String, Object> mockSessionAttributes = mockSessionAttributes(httpSession);
        initAuthPluginFormLogoutRequest(httpServletRequest, httpSession, mockSessionAttributes);
        Mockito.when(httpServletRequest.getParameter((String) Matchers.eq("callbackURL"))).thenReturn("http://example.com/redirect");
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertFalse(this.chain.called);
        checkEvents(EVENT_LOGOUT);
        checkNoCachedUser(mockSessionAttributes);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendRedirect((String) Matchers.eq("http://localhost:8080/nuxeo/home.html"));
    }

    @Test
    @Deploys({@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-loginmodule.xml"}), @Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-sso.xml"})})
    public void testAuthPluginSSORedirectToSSOLoginPage() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        mockSessionAttributes(httpSession);
        Mockito.when(httpServletRequest.getSession(Matchers.anyBoolean())).thenReturn(httpSession);
        mockRequestURI(httpServletRequest, "/mystart/foo", "", "bar=baz");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrintWriter printWriter = new PrintWriter((Writer) new OutputStreamWriter((OutputStream) byteArrayOutputStream, StandardCharsets.UTF_8), true);
        Mockito.when(httpServletResponse.getWriter()).thenReturn(printWriter);
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertFalse(this.chain.called);
        checkNoEvents();
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).setStatus(Matchers.eq(401));
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).setContentType((String) Matchers.eq("text/html;charset=UTF-8"));
        printWriter.flush();
        String byteArrayOutputStream2 = byteArrayOutputStream.toString(StandardCharsets.UTF_8);
        Assert.assertTrue(byteArrayOutputStream2, byteArrayOutputStream2.contains("window.location = 'http://sso.example.com/login?redirect=" + URLEncoder.encode("http://localhost:8080//nuxeo/mystart/foo?bar=baz", "UTF-8") + "';"));
    }

    @Test
    @Deploys({@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-loginmodule.xml"}), @Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-sso.xml"})})
    public void testAuthPluginSSOWithTicket() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Map<String, Object> mockSessionAttributes = mockSessionAttributes(httpSession);
        Mockito.when(httpServletRequest.getSession(Matchers.anyBoolean())).thenReturn(httpSession);
        mockRequestURI(httpServletRequest, "/mystart/foo", "", "ticket=bob");
        Mockito.when(httpServletRequest.getParameter((String) Matchers.eq(DummyAuthPluginSSO.DUMMY_SSO_TICKET))).thenReturn("bob");
        Mockito.when(httpServletResponse.getWriter()).thenReturn(new PrintWriter((Writer) new OutputStreamWriter((OutputStream) new ByteArrayOutputStream(), StandardCharsets.UTF_8), true));
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertTrue(this.chain.called);
        Assert.assertEquals("bob", this.chain.principal.getName());
        checkEvents(EVENT_LOGIN_SUCCESS);
        checkCachedUser(mockSessionAttributes, "bob");
    }

    @Test
    @Deploys({@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-loginmodule.xml"}), @Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-sso.xml"})})
    public void testAuthPluginSSOLogout() throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        HttpSession httpSession = (HttpSession) Mockito.mock(HttpSession.class);
        Map<String, Object> mockSessionAttributes = mockSessionAttributes(httpSession);
        Mockito.when(httpServletRequest.getSession(Matchers.anyBoolean())).thenReturn(httpSession);
        mockRequestURI(httpServletRequest, "/logout", "", "");
        CachableUserIdentificationInfo cachableUserIdentificationInfo = new CachableUserIdentificationInfo("bob", "bobpw");
        cachableUserIdentificationInfo.getUserInfo().setAuthPluginName("DUMMY_AUTH_SSO");
        cachableUserIdentificationInfo.setPrincipal(new UserPrincipal("bob", (List) null, false, false));
        LoginContext loginContext = (LoginContext) Mockito.mock(LoginContext.class);
        ((LoginContext) Mockito.doNothing().when(loginContext)).logout();
        cachableUserIdentificationInfo.setLoginContext(loginContext);
        mockSessionAttributes.put("org.nuxeo.ecm.login.identity", cachableUserIdentificationInfo);
        Mockito.when(httpServletRequest.getParameter((String) Matchers.eq("callbackURL"))).thenReturn("http://example.com/redirected");
        this.filter.doFilter(httpServletRequest, httpServletResponse, this.chain);
        Assert.assertFalse(this.chain.called);
        checkEvents(EVENT_LOGOUT);
        checkNoCachedUser(mockSessionAttributes);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).sendRedirect((String) Matchers.eq(DummyAuthPluginSSO.DUMMY_SSO_LOGOUT_URL));
    }

    @Test
    @Deploys({@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-loginmodule.xml"}), @Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-authchain-dummy-form.xml"})})
    public void testCallbackURL() {
        Assert.assertFalse(this.filter.isCallbackURLValid((String) null, TestMobileBannerHelper.BASE_URL));
        Assert.assertFalse(this.filter.isCallbackURLValid("http://foo.bar/nuxeo/redirect", (String) null));
        Assert.assertTrue(this.filter.isCallbackURLValid("http://localhost:8080/nuxeo/redirect", TestMobileBannerHelper.BASE_URL));
        Assert.assertFalse(this.filter.isCallbackURLValid("https://example.com/redirect", TestMobileBannerHelper.BASE_URL));
        Assert.assertTrue(this.filter.isCallbackURLValid("nuxeo://redirect", TestMobileBannerHelper.BASE_URL));
        Assert.assertTrue(this.filter.isCallbackURLValid("nxdrive://redirect", TestMobileBannerHelper.BASE_URL));
        Assert.assertFalse(this.filter.isCallbackURLValid("foo://", TestMobileBannerHelper.BASE_URL));
        Assert.assertEquals("http://localhost:8080/nuxeo/home.html", this.filter.getLogoutRedirectURL("https://example.com/redirect", TestMobileBannerHelper.BASE_URL, (Map) null));
        Assert.assertEquals("http://localhost:8080/nuxeo/home.html", this.filter.getLogoutRedirectURL((String) null, TestMobileBannerHelper.BASE_URL, (Map) null));
        Assert.assertEquals("http://localhost:8080/nuxeo/home.html", this.filter.getLogoutRedirectURL("foo://redirect", TestMobileBannerHelper.BASE_URL, (Map) null));
        Assert.assertEquals("http://localhost:8080/nuxeo/redirect", this.filter.getLogoutRedirectURL("http://localhost:8080/nuxeo/redirect", TestMobileBannerHelper.BASE_URL, (Map) null));
        Assert.assertEquals("nuxeo://redirect", this.filter.getLogoutRedirectURL("nuxeo://redirect", TestMobileBannerHelper.BASE_URL, (Map) null));
        Assert.assertEquals("nxdrive://redirect", this.filter.getLogoutRedirectURL("nxdrive://redirect", TestMobileBannerHelper.BASE_URL, (Map) null));
    }
}
