package hudson.plugins.git.security;

import com.gargoylesoftware.htmlunit.HttpMethod;
import com.gargoylesoftware.htmlunit.WebRequest;
import com.gargoylesoftware.htmlunit.WebResponse;
import com.gargoylesoftware.htmlunit.util.NameValuePair;
import hudson.plugins.git.ApiTokenPropertyConfiguration;
import hudson.security.Permission;
import java.util.Collections;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.MockAuthorizationStrategy;

/* loaded from: input_file:hudson/plugins/git/security/ApiTokenPropertyConfigurationTest.class */
public class ApiTokenPropertyConfigurationTest {

    @Rule
    public JenkinsRule j = new JenkinsRule();

    @Before
    public void init() {
        this.j.jenkins.setSecurityRealm(this.j.createDummySecurityRealm());
        MockAuthorizationStrategy mockAuthorizationStrategy = new MockAuthorizationStrategy();
        mockAuthorizationStrategy.grant(new Permission[]{Jenkins.ADMINISTER}).everywhere().to(new String[]{"alice"});
        mockAuthorizationStrategy.grant(new Permission[]{Jenkins.READ}).everywhere().to(new String[]{"bob"});
        this.j.jenkins.setAuthorizationStrategy(mockAuthorizationStrategy);
    }

    @Test
    public void testAdminPermissionRequiredToGenerateNewApiTokens() throws Exception {
        JenkinsRule.WebClient createWebClient = this.j.createWebClient();
        try {
            createWebClient.login("bob");
            WebRequest webRequest = new WebRequest(createWebClient.createCrumbedUrl(ApiTokenPropertyConfiguration.get().getDescriptorUrl() + "/generate"), HttpMethod.POST);
            webRequest.setRequestBody("{\"apiTokenName\":\"test\"}");
            createWebClient.setThrowExceptionOnFailingStatusCode(false);
            WebResponse webResponse = createWebClient.getPage(webRequest).getWebResponse();
            Assert.assertEquals(403L, webResponse.getStatusCode());
            Assert.assertTrue(webResponse.getContentAsString().contains("bob is missing the Overall/Administer permission"));
            if (createWebClient != null) {
                createWebClient.close();
            }
        } catch (Throwable th) {
            if (createWebClient != null) {
                try {
                    createWebClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void adminPermissionsRequiredToRevokeApiTokens() throws Exception {
        JenkinsRule.WebClient createWebClient = this.j.createWebClient();
        try {
            createWebClient.login("bob");
            WebRequest webRequest = new WebRequest(createWebClient.createCrumbedUrl(ApiTokenPropertyConfiguration.get().getDescriptorUrl() + "/revoke"), HttpMethod.POST);
            createWebClient.setThrowExceptionOnFailingStatusCode(false);
            WebResponse webResponse = createWebClient.getPage(webRequest).getWebResponse();
            Assert.assertEquals(403L, webResponse.getStatusCode());
            Assert.assertTrue(webResponse.getContentAsString().contains("bob is missing the Overall/Administer permission"));
            if (createWebClient != null) {
                createWebClient.close();
            }
        } catch (Throwable th) {
            if (createWebClient != null) {
                try {
                    createWebClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testBasicGenerationAndRevocation() throws Exception {
        JenkinsRule.WebClient createWebClient = this.j.createWebClient();
        try {
            createWebClient.login("alice");
            WebRequest webRequest = new WebRequest(createWebClient.createCrumbedUrl(ApiTokenPropertyConfiguration.get().getDescriptorUrl() + "/generate"), HttpMethod.POST);
            webRequest.setRequestParameters(Collections.singletonList(new NameValuePair("apiTokenName", "token")));
            String string = JSONObject.fromObject(createWebClient.getPage(webRequest).getWebResponse().getContentAsString()).getJSONObject("data").getString("uuid");
            webRequest.setRequestParameters(Collections.singletonList(new NameValuePair("apiTokenName", "nekot")));
            String string2 = JSONObject.fromObject(createWebClient.getPage(webRequest).getWebResponse().getContentAsString()).getJSONObject("data").getString("uuid");
            MatcherAssert.assertThat(ApiTokenPropertyConfiguration.get().getApiTokens(), Matchers.allOf(Matchers.iterableWithSize(2), Matchers.hasItem(Matchers.allOf(Matchers.hasProperty("name", Matchers.is("token")), Matchers.hasProperty("uuid", Matchers.is(string)))), Matchers.hasItem(Matchers.allOf(Matchers.hasProperty("name", Matchers.is("nekot")), Matchers.hasProperty("uuid", Matchers.is(string2))))));
            WebRequest webRequest2 = new WebRequest(createWebClient.createCrumbedUrl(ApiTokenPropertyConfiguration.get().getDescriptorUrl() + "/revoke"), HttpMethod.POST);
            webRequest2.setRequestParameters(Collections.singletonList(new NameValuePair("apiTokenUuid", string)));
            createWebClient.getPage(webRequest2);
            MatcherAssert.assertThat(ApiTokenPropertyConfiguration.get().getApiTokens(), Matchers.allOf(Matchers.iterableWithSize(1), Matchers.hasItem(Matchers.allOf(Matchers.hasProperty("name", Matchers.is("nekot")), Matchers.hasProperty("uuid", Matchers.is(string2))))));
            if (createWebClient != null) {
                createWebClient.close();
            }
        } catch (Throwable th) {
            if (createWebClient != null) {
                try {
                    createWebClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void isValidApiTokenReturnsTrueIfGivenApiTokenExists() {
        Assert.assertTrue(ApiTokenPropertyConfiguration.get().isValidApiToken(ApiTokenPropertyConfiguration.get().generateApiToken("test").getString("value")));
    }
}
