package org.mule.module.cxf;

import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.StringRequestEntity;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.mule.tck.junit4.FunctionalTestCase;
import org.mule.tck.junit4.rule.DynamicPort;

/* loaded from: input_file:org/mule/module/cxf/HttpSecurityFilterFunctionalTestCase.class */
public class HttpSecurityFilterFunctionalTestCase extends FunctionalTestCase {
    private static String soapRequest = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:unk=\"http://unknown.namespace/\"><soapenv:Header/><soapenv:Body><unk:echo><arg0>asdf</arg0></unk:echo></soapenv:Body></soapenv:Envelope>";

    @Rule
    public DynamicPort dynamicPort1 = new DynamicPort("port1");

    @Rule
    public DynamicPort dynamicPort2 = new DynamicPort("port2");

    protected String getConfigResources() {
        return "http-security-filter-test.xml";
    }

    @Test
    public void testAuthenticationFailureBadCredentialsGetHttps() throws Exception {
        doGet(null, "localhost", "anonX", "anonX", "https://localhost:" + this.dynamicPort2.getNumber() + "/services/Echo", true, true, 401);
    }

    @Test
    public void testAuthenticationFailureNoContextGet() throws Exception {
        new HttpClient().getParams().setAuthenticationPreemptive(true);
        GetMethod getMethod = new GetMethod("http://localhost:" + this.dynamicPort1.getNumber() + "/services/Echo");
        getMethod.setDoAuthentication(false);
        try {
            Assert.assertEquals(401L, r0.executeMethod(getMethod));
            Assert.assertEquals("Registered authentication is set to org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter but there was no security context on the session. Authentication denied on endpoint http://localhost:" + this.dynamicPort1.getNumber() + "/services/Echo. Message payload is of type: String", getMethod.getResponseBodyAsString());
            getMethod.releaseConnection();
        } catch (Throwable th) {
            getMethod.releaseConnection();
            throw th;
        }
    }

    @Test
    public void testAuthenticationFailureNoContextPost() throws Exception {
        new HttpClient().getParams().setAuthenticationPreemptive(true);
        PostMethod postMethod = new PostMethod("http://localhost:" + this.dynamicPort1.getNumber() + "/services/Echo");
        postMethod.setDoAuthentication(false);
        postMethod.setRequestEntity(new StringRequestEntity(soapRequest, "text/xml", "UTF-8"));
        try {
            Assert.assertEquals(401L, r0.executeMethod(postMethod));
            Assert.assertEquals("Registered authentication is set to org.mule.module.acegi.filters.http.HttpBasicAuthenticationFilter but there was no security context on the session. Authentication denied on endpoint http://localhost:" + this.dynamicPort1.getNumber() + "/services/Echo. Message payload is of type: ContentLengthInputStream", postMethod.getResponseBodyAsString());
            postMethod.releaseConnection();
        } catch (Throwable th) {
            postMethod.releaseConnection();
            throw th;
        }
    }

    @Test
    public void testAuthenticationFailureBadCredentialsGet() throws Exception {
        doGet(null, "localhost", "anonX", "anonX", "http://localhost:" + this.dynamicPort1.getNumber() + "/services/Echo/echo/echo/hello", true, true, 401);
    }

    @Test
    public void testAuthenticationFailureBadCredentialsPost() throws Exception {
        doPost(null, "localhost", "anonX", "anonX", "http://localhost:" + this.dynamicPort1.getNumber() + "/services/Echo", true, true, 401);
    }

    @Test
    public void testAuthenticationFailureBadCredentialsPostHttps() throws Exception {
        doPost(null, "localhost", "anonX", "anonX", "https://localhost:" + this.dynamicPort2.getNumber() + "/services/Echo", true, true, 401);
    }

    @Test
    public void testAuthenticationAuthorisedGet() throws Exception {
        doGet(null, "localhost", "anon", "anon", "http://localhost:" + this.dynamicPort1.getNumber() + "/services/Echo/echo/echo/hello", false, true, 200);
    }

    @Test
    public void testAuthenticationAuthorisedGetHttps() throws Exception {
        doGet(null, "localhost", "anon", "anon", "https://localhost:" + this.dynamicPort2.getNumber() + "/services/Echo/echo/echo/hello", false, true, 200);
    }

    @Test
    public void testAuthenticationAuthorisedPost() throws Exception {
        doPost(null, "localhost", "anon", "anon", "http://localhost:" + this.dynamicPort1.getNumber() + "/services/Echo", false, true, 200);
    }

    @Test
    public void testAuthenticationAuthorisedPostHttps() throws Exception {
        doPost(null, "localhost", "anon", "anon", "https://localhost:" + this.dynamicPort2.getNumber() + "/services/Echo", false, true, 200);
    }

    @Test
    public void testAuthenticationAuthorisedWithHandshakeGet() throws Exception {
        doGet(null, "localhost", "anon", "anon", "http://localhost:" + this.dynamicPort1.getNumber() + "/services/Echo/echo/echo/hello", true, false, 200);
    }

    @Test
    public void testAuthenticationAuthorisedWithHandshakePost() throws Exception {
        doPost(null, "localhost", "anon", "anon", "http://localhost:" + this.dynamicPort1.getNumber() + "/services/Echo", true, false, 200);
    }

    @Test
    public void testAuthenticationAuthorisedWithHandshakeAndBadRealmGet() throws Exception {
        doGet("blah", "localhost", "anon", "anon", "http://localhost:" + this.dynamicPort1.getNumber() + "/services/Echo/echo/echo/hello", true, false, 401);
    }

    @Test
    public void testAuthenticationAuthorisedWithHandshakeAndBadRealmPost() throws Exception {
        doPost("blah", "localhost", "anon", "anon", "http://localhost:" + this.dynamicPort1.getNumber() + "/services/Echo", true, false, 401);
    }

    @Test
    public void testAuthenticationAuthorisedWithHandshakeAndRealmGet() throws Exception {
        doGet("mule-realm", "localhost", "ross", "ross", "http://localhost:" + this.dynamicPort1.getNumber() + "/services/Echo/echo/echo/hello", true, false, 200);
    }

    @Test
    public void testAuthenticationAuthorisedWithHandshakeAndRealmPost() throws Exception {
        doPost("mule-realm", "localhost", "ross", "ross", "http://localhost:" + this.dynamicPort1.getNumber() + "/services/Echo", true, false, 200);
    }

    private void doGet(String str, String str2, String str3, String str4, String str5, boolean z, boolean z2, int i) throws Exception {
        HttpClient httpClient = new HttpClient();
        httpClient.getParams().setAuthenticationPreemptive(z2);
        httpClient.getState().setCredentials(new AuthScope(str2, -1, str), new UsernamePasswordCredentials(str3, str4));
        GetMethod getMethod = new GetMethod(str5);
        getMethod.setDoAuthentication(z);
        try {
            Assert.assertEquals(i, httpClient.executeMethod(getMethod));
            getMethod.releaseConnection();
        } catch (Throwable th) {
            getMethod.releaseConnection();
            throw th;
        }
    }

    private void doPost(String str, String str2, String str3, String str4, String str5, boolean z, boolean z2, int i) throws Exception {
        HttpClient httpClient = new HttpClient();
        httpClient.getParams().setAuthenticationPreemptive(z2);
        httpClient.getState().setCredentials(new AuthScope(str2, -1, str), new UsernamePasswordCredentials(str3, str4));
        PostMethod postMethod = new PostMethod(str5);
        postMethod.setDoAuthentication(z);
        postMethod.setRequestEntity(new StringRequestEntity(soapRequest, "text/xml", "UTF-8"));
        try {
            Assert.assertEquals(i, httpClient.executeMethod(postMethod));
            Assert.assertNotNull(postMethod.getResponseBodyAsString());
            postMethod.releaseConnection();
        } catch (Throwable th) {
            postMethod.releaseConnection();
            throw th;
        }
    }
}
