package org.mule.test.module.spring.security;

import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.methods.GetMethod;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.mule.functional.extensions.UsesHttpExtensionFunctionalTestCase;
import org.mule.runtime.module.http.api.HttpConstants;
import org.mule.tck.junit4.rule.DynamicPort;

/* loaded from: input_file:org/mule/test/module/spring/security/CustomSecManagerHttpFilterFunctionalTestCase.class */
public class CustomSecManagerHttpFilterFunctionalTestCase extends UsesHttpExtensionFunctionalTestCase {

    @Rule
    public DynamicPort dynamicPort = new DynamicPort("port1");

    protected String getConfigFile() {
        return "custom-security-manager-test.xml";
    }

    protected String getUrl() {
        return "http://localhost:" + this.dynamicPort.getValue() + "/authenticate";
    }

    @Test
    public void testAuthenticationFailureNoContext() throws Exception {
        HttpClient httpClient = new HttpClient();
        httpClient.getParams().setAuthenticationPreemptive(true);
        GetMethod getMethod = new GetMethod(getUrl());
        getMethod.setDoAuthentication(false);
        try {
            Assert.assertThat(Integer.valueOf(httpClient.executeMethod(getMethod)), CoreMatchers.is(Integer.valueOf(HttpConstants.HttpStatus.UNAUTHORIZED.getStatusCode())));
            Assert.assertThat(getMethod.getResponseBodyAsString(), CoreMatchers.containsString("no security context on the session. Authentication denied on connector"));
            getMethod.releaseConnection();
        } catch (Throwable th) {
            getMethod.releaseConnection();
            throw th;
        }
    }

    @Test
    public void testAuthenticationFailureBadCredentials() throws Exception {
        doRequest(null, "localhost", "anonX", "anonX", getUrl(), false, 401);
    }

    @Test
    @Ignore
    public void testAuthenticationFailureBadRealm() throws Exception {
        doRequest("blah", "localhost", "anon", "anon", getUrl(), false, 401);
    }

    @Test
    public void testAuthenticationAuthorised() throws Exception {
        doRequest(null, "localhost", "anon", "anon", getUrl(), false, 200);
    }

    @Test
    public void testAuthenticationAuthorisedWithHandshake() throws Exception {
        doRequest(null, "localhost", "anon", "anon", getUrl(), true, 200);
    }

    @Test
    @Ignore
    public void testAuthenticationAuthorisedWithHandshakeAndBadRealm() throws Exception {
        doRequest("blah", "localhost", "anon", "anon", getUrl(), true, 401);
    }

    @Test
    public void testAuthenticationAuthorisedWithHandshakeAndRealm() throws Exception {
        doRequest("mule-realm", "localhost", "ross", "ross", getUrl(), true, 200);
    }

    private void doRequest(String str, String str2, String str3, String str4, String str5, boolean z, int i) throws Exception {
        HttpClient httpClient = new HttpClient();
        httpClient.getParams().setAuthenticationPreemptive(true);
        httpClient.getState().setCredentials(new AuthScope(str2, -1, str), new UsernamePasswordCredentials(str3, str4));
        GetMethod getMethod = new GetMethod(str5);
        getMethod.setDoAuthentication(z);
        try {
            int executeMethod = httpClient.executeMethod(getMethod);
            if (executeMethod == HttpConstants.HttpStatus.UNAUTHORIZED.getStatusCode() && z) {
                executeMethod = httpClient.executeMethod(getMethod);
            }
            Assert.assertEquals(i, executeMethod);
            getMethod.releaseConnection();
        } catch (Throwable th) {
            getMethod.releaseConnection();
            throw th;
        }
    }
}
