package com.facebook.presto.server.security;

import com.facebook.presto.execution.TestThriftTaskStatus;
import com.facebook.presto.server.InternalAuthenticationManager;
import com.facebook.presto.server.MockContainerRequestContext;
import com.facebook.presto.server.TaskResource;
import com.google.common.collect.ImmutableListMultimap;
import com.google.common.hash.Hashing;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.lang.reflect.Method;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.time.ZonedDateTime;
import java.util.Date;
import java.util.Optional;
import javax.ws.rs.container.ResourceInfo;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:com/facebook/presto/server/security/TestInternalAuthenticationFilter.class */
public class TestInternalAuthenticationFilter {

    /* loaded from: input_file:com/facebook/presto/server/security/TestInternalAuthenticationFilter$ResourceInfoBuilder.class */
    private static class ResourceInfoBuilder {
        private final Class<?> clazz;
        private final String methodName;
        private final Class<?>[] parameterTypes;

        ResourceInfoBuilder(Class<?> cls, String str, Class<?>... clsArr) {
            this.clazz = cls;
            this.methodName = str;
            this.parameterTypes = clsArr;
        }

        ResourceInfo build() {
            return new ResourceInfo() { // from class: com.facebook.presto.server.security.TestInternalAuthenticationFilter.ResourceInfoBuilder.1
                public Method getResourceMethod() {
                    if (ResourceInfoBuilder.this.methodName == null || ResourceInfoBuilder.this.methodName.isEmpty()) {
                        return null;
                    }
                    Method method = null;
                    try {
                        method = ResourceInfoBuilder.this.clazz.getMethod(ResourceInfoBuilder.this.methodName, ResourceInfoBuilder.this.parameterTypes);
                    } catch (NoSuchMethodException e) {
                    }
                    return method;
                }

                public Class<?> getResourceClass() {
                    return ResourceInfoBuilder.this.clazz;
                }
            };
        }
    }

    @Test
    public void testJwtAuthenticationRejectsWithNoBearerTokenJwtEnabled() {
        InternalAuthenticationFilter internalAuthenticationFilter = new InternalAuthenticationFilter(new InternalAuthenticationManager(Optional.of("secret"), "nodeId", true), new ResourceInfoBuilder(TaskResource.class, null, null).build());
        MockContainerRequestContext mockContainerRequestContext = new MockContainerRequestContext(ImmutableListMultimap.of());
        internalAuthenticationFilter.filter(mockContainerRequestContext);
        Assert.assertEquals(mockContainerRequestContext.getResponse().getStatus(), 401);
        Assert.assertEquals("Unauthorized", mockContainerRequestContext.getResponse().getStatusInfo().getReasonPhrase());
    }

    @Test
    public void testJwtAuthenticationPassesWithNoBearerTokenJwtDisabledNoAuthenticators() {
        InternalAuthenticationFilter internalAuthenticationFilter = new InternalAuthenticationFilter(new InternalAuthenticationManager(Optional.of("secret"), "nodeId", false), new ResourceInfoBuilder(TaskResource.class, null, null).build());
        MockContainerRequestContext mockContainerRequestContext = new MockContainerRequestContext(ImmutableListMultimap.of());
        internalAuthenticationFilter.filter(mockContainerRequestContext);
        Assert.assertEquals(mockContainerRequestContext.getResponse().getStatus(), TestThriftTaskStatus.RUNNING_PARTITIONED_DRIVERS);
        Assert.assertFalse(internalAuthenticationFilter.getPrincipal().isPresent());
    }

    @Test
    public void testJwtAuthenticationPassesWithBearerTokenJwtEnabled() {
        InternalAuthenticationFilter internalAuthenticationFilter = new InternalAuthenticationFilter(new InternalAuthenticationManager(Optional.of("secret"), "nodeId", true), new ResourceInfoBuilder(TaskResource.class, null, null).build());
        MockContainerRequestContext mockContainerRequestContext = new MockContainerRequestContext(ImmutableListMultimap.of("X-Presto-Internal-Bearer", Jwts.builder().signWith(SignatureAlgorithm.HS256, Hashing.sha256().hashString("secret", StandardCharsets.UTF_8).asBytes()).setSubject("456").setExpiration(Date.from(ZonedDateTime.now().plusMinutes(5L).toInstant())).compact()));
        internalAuthenticationFilter.filter(mockContainerRequestContext);
        Assert.assertTrue(internalAuthenticationFilter.getPrincipal().isPresent());
        Assert.assertEquals(((Principal) internalAuthenticationFilter.getPrincipal().get()).toString(), "456");
        Assert.assertEquals(mockContainerRequestContext.getResponse().getStatus(), TestThriftTaskStatus.RUNNING_PARTITIONED_DRIVERS);
    }

    @Test
    public void testJwtAuthenticationRejectsWithBearerTokenJwtDisabled() {
        InternalAuthenticationFilter internalAuthenticationFilter = new InternalAuthenticationFilter(new InternalAuthenticationManager(Optional.of("secret"), "nodeId", false), new ResourceInfoBuilder(TaskResource.class, null, null).build());
        MockContainerRequestContext mockContainerRequestContext = new MockContainerRequestContext(ImmutableListMultimap.of("X-Presto-Internal-Bearer", Jwts.builder().signWith(SignatureAlgorithm.HS256, Hashing.sha256().hashString("secret", StandardCharsets.UTF_8).asBytes()).setSubject("456").setExpiration(Date.from(ZonedDateTime.now().plusMinutes(5L).toInstant())).compact()));
        internalAuthenticationFilter.filter(mockContainerRequestContext);
        Assert.assertEquals(mockContainerRequestContext.getResponse().getStatus(), 401);
        Assert.assertEquals("Unauthorized", mockContainerRequestContext.getResponse().getStatusInfo().getReasonPhrase());
        Assert.assertFalse(internalAuthenticationFilter.getPrincipal().isPresent());
    }
}
