package org.secnod.shiro.test.integration;

import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.representation.Form;
import com.sun.jersey.client.apache.ApacheHttpClient;
import com.sun.jersey.client.apache.config.DefaultApacheHttpClientConfig;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/secnod/shiro/test/integration/AnnotationAuthTest.class */
public class AnnotationAuthTest {
    private static final String USER1_PASSWORD = "user1pw";
    private static final String USER1 = "user1";
    private static String baseUrl = "http://localhost:8080/api/";
    private static ApacheHttpClient client;

    @Before
    public void setup() {
        logout();
    }

    @BeforeClass
    public static void setupClass() throws Exception {
        DefaultApacheHttpClientConfig defaultApacheHttpClientConfig = new DefaultApacheHttpClientConfig();
        defaultApacheHttpClientConfig.getProperties().put("com.sun.jersey.impl.client.httpclient.handleCookies", Boolean.TRUE);
        client = ApacheHttpClient.create(defaultApacheHttpClientConfig);
    }

    @AfterClass
    public static void tearDownClass() {
        client.destroy();
    }

    private WebResource resource(String str) {
        return client.resource(baseUrl + str);
    }

    private void auth(String str, String str2) {
        client.getClientHandler().getHttpClient().getParams().setAuthenticationPreemptive(true);
        client.getClientHandler().getHttpClient().getState().setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(str, str2));
    }

    private void loginUser() {
        auth(USER1, USER1_PASSWORD);
    }

    private void loginSuperUser() {
        auth("user2", "user2pw");
    }

    private void logout() {
        client.getClientHandler().getHttpClient().getState().clearCredentials();
        client.getClientHandler().getHttpClient().getState().clearCookies();
    }

    private void assertGetStatus(int i, WebResource webResource) {
        assertStatus(i, "GET", webResource);
    }

    private void assertPutStatus(int i, WebResource webResource) {
        assertStatus(i, "PUT", webResource);
    }

    private void assertStatus(int i, String str, WebResource webResource) {
        ClientResponse clientResponse = (ClientResponse) webResource.entity("foobar").method(str, ClientResponse.class);
        int status = clientResponse.getStatus();
        clientResponse.close();
        Assert.assertEquals("Unexpected HTTP status for " + str + " " + webResource, i, status);
    }

    @Test
    public void publicAccess() {
        WebResource resource = resource("public");
        assertGetStatus(200, resource);
        loginUser();
        assertGetStatus(200, resource);
    }

    private void protectedReadWrite(WebResource webResource) {
        assertGetStatus(401, webResource);
        loginUser();
        assertGetStatus(200, webResource);
        assertPutStatus(403, webResource);
        loginSuperUser();
        assertGetStatus(200, webResource);
        assertPutStatus(200, webResource);
    }

    @Test
    public void protectedByPermission() {
        protectedReadWrite(resource("protected/permission"));
    }

    @Test
    public void protectedByRole() {
        protectedReadWrite(resource("protected/role"));
    }

    @Test
    public void protectedOnlyUsers() {
        WebResource resource = resource("protected/user");
        assertGetStatus(401, resource);
        loginUser();
        assertGetStatus(200, resource);
    }

    @Test
    public void guestOnly() {
        WebResource resource = resource("guestonly");
        assertGetStatus(200, resource);
        loginUser();
        assertGetStatus(401, resource);
    }

    void rememberMeUserSession() {
        WebResource resource = resource("session");
        Form form = new Form();
        form.add("username", USER1);
        form.add("password", USER1_PASSWORD);
        form.add("rememberMe", "true");
        ClientResponse clientResponse = (ClientResponse) resource.post(ClientResponse.class, form);
        int status = clientResponse.getStatus();
        clientResponse.close();
        Assert.assertEquals(200L, status);
    }

    void invalidateSession() {
        ClientResponse clientResponse = (ClientResponse) resource("session").delete(ClientResponse.class);
        int status = clientResponse.getStatus();
        clientResponse.close();
        Assert.assertEquals(200L, status);
    }

    @Test
    public void noRememberMe() {
        WebResource resource = resource("protected/noRememberMe");
        assertGetStatus(401, resource);
        loginUser();
        assertGetStatus(200, resource);
        logout();
        rememberMeUserSession();
        assertGetStatus(200, resource);
        invalidateSession();
        assertGetStatus(401, resource);
        assertGetStatus(200, resource("protected/permission"));
    }

    @Test
    public void userAndSubjectInjection() {
        WebResource resource = resource("inject/usersubject");
        assertGetStatus(200, resource);
        loginUser();
        assertGetStatus(200, resource);
    }
}
