package net.shibboleth.idp.authn.spnego.impl;

import java.io.IOException;
import java.security.PrivilegedActionException;
import java.util.ArrayList;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.shibboleth.idp.authn.ExternalAuthentication;
import net.shibboleth.idp.authn.ExternalAuthenticationException;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.principal.UsernamePrincipal;
import net.shibboleth.utilities.java.support.codec.Base64Support;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSName;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.opensaml.profile.context.ProfileRequestContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.web.servlet.ModelAndView;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/authn/spnego/impl/SPNEGOAuthnControllerTest.class */
public class SPNEGOAuthnControllerTest {
    private static final String TEST_CONVERSATION_KEY = "e1s1";
    private static final String NTLMSSP_HEADER_DATA = Base64Support.encode(new byte[]{78, 84, 76, 77, 83, 83, 80}, false);
    private static final String NEGOTIATE_HEADER_DATA = Base64Support.encode("testdata".getBytes(), false);
    private GSSContextAcceptor mockGSSContextAcceptor;
    private SPNEGOAuthnController controller = new SPNEGOAuthnController();
    private SPNEGOAuthnController mockedGSSController = new SPNEGOAuthnController() { // from class: net.shibboleth.idp.authn.spnego.impl.SPNEGOAuthnControllerTest.1
        @Nonnull
        protected GSSContextAcceptor createGSSContextAcceptor(@Nonnull SPNEGOContext sPNEGOContext) throws GSSException {
            return SPNEGOAuthnControllerTest.this.mockGSSContextAcceptor;
        }
    };

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/shibboleth/idp/authn/spnego/impl/SPNEGOAuthnControllerTest$StubExternalAuthentication.class */
    public class StubExternalAuthentication extends ExternalAuthentication {
        private ProfileRequestContext profileRequestContext;

        private StubExternalAuthentication() {
        }

        public void setProfileRequestContext(ProfileRequestContext profileRequestContext) {
            this.profileRequestContext = profileRequestContext;
        }

        protected void doStart(HttpServletRequest httpServletRequest) throws ExternalAuthenticationException {
        }

        protected void doFinish(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ExternalAuthenticationException, IOException {
        }

        protected ProfileRequestContext getProfileRequestContext(HttpServletRequest httpServletRequest) throws ExternalAuthenticationException {
            return this.profileRequestContext;
        }
    }

    @BeforeMethod
    public void setup() {
        this.mockGSSContextAcceptor = (GSSContextAcceptor) Mockito.mock(GSSContextAcceptor.class);
    }

    @Test(expectedExceptions = {ExternalAuthenticationException.class})
    public void withoutConversationKeyParameter_startSPNEGO_shouldThrowExternalAuthenticationException() throws ExternalAuthenticationException, IOException {
        this.controller.startSPNEGO(TEST_CONVERSATION_KEY, new MockHttpServletRequest(), (HttpServletResponse) null);
    }

    @Test(expectedExceptions = {ExternalAuthenticationException.class})
    public void givenMismatchedKeys_startSPNEGO_shouldThrowExternalAuthenticationException() throws ExternalAuthenticationException, IOException {
        this.controller.startSPNEGO("e1s2", buildConversationHttpServletRequest(TEST_CONVERSATION_KEY, new StubExternalAuthentication()), (HttpServletResponse) null);
    }

    @Test(expectedExceptions = {ExternalAuthenticationException.class})
    public void givenNullKey_startSPNEGO_shouldReturnAuthenticationException() throws ExternalAuthenticationException, IOException {
        this.controller.startSPNEGO(TEST_CONVERSATION_KEY, buildConversationHttpServletRequest(null, new StubExternalAuthentication()), (HttpServletResponse) null);
    }

    @Test
    public void withoutSPNEGOContext_startSPNEGO_shouldReturnAuthenticationError() throws ExternalAuthenticationException, IOException {
        StubExternalAuthentication stubExternalAuthentication = new StubExternalAuthentication();
        ProfileRequestContext profileRequestContext = new ProfileRequestContext();
        profileRequestContext.addSubcontext(new AuthenticationContext());
        stubExternalAuthentication.setProfileRequestContext(profileRequestContext);
        MockHttpServletRequest buildConversationHttpServletRequest = buildConversationHttpServletRequest(TEST_CONVERSATION_KEY, stubExternalAuthentication);
        assertAuthenticationError(buildConversationHttpServletRequest, this.controller.startSPNEGO(TEST_CONVERSATION_KEY, buildConversationHttpServletRequest, new MockHttpServletResponse()), "InvalidAuthenticationContext");
    }

    @Test
    public void withoutKerberosSettings_startSPNEGO_shouldReturnAuthenticationError() throws ExternalAuthenticationException, IOException {
        StubExternalAuthentication stubExternalAuthentication = new StubExternalAuthentication();
        ProfileRequestContext profileRequestContext = new ProfileRequestContext();
        AuthenticationContext authenticationContext = new AuthenticationContext();
        authenticationContext.addSubcontext(new SPNEGOContext());
        profileRequestContext.addSubcontext(authenticationContext);
        stubExternalAuthentication.setProfileRequestContext(profileRequestContext);
        MockHttpServletRequest buildConversationHttpServletRequest = buildConversationHttpServletRequest(TEST_CONVERSATION_KEY, stubExternalAuthentication);
        assertAuthenticationError(buildConversationHttpServletRequest, this.controller.startSPNEGO(TEST_CONVERSATION_KEY, buildConversationHttpServletRequest, new MockHttpServletResponse()), "InvalidAuthenticationContext");
    }

    @Test
    public void givenKerberosSettings_startSPNEGO_shouldReturnModelAndView() throws ExternalAuthenticationException, IOException {
        MockHttpServletRequest buildKerberosContextHttpServletRequest = buildKerberosContextHttpServletRequest();
        assertModelAndView(this.controller.startSPNEGO(TEST_CONVERSATION_KEY, buildKerberosContextHttpServletRequest, new MockHttpServletResponse()), buildKerberosContextHttpServletRequest);
    }

    @Test
    public void givenKerberosSettings_startSPNEGO_shouldPreserveQueryString() throws ExternalAuthenticationException, IOException {
        MockHttpServletRequest buildKerberosContextHttpServletRequest = buildKerberosContextHttpServletRequest();
        buildKerberosContextHttpServletRequest.setQueryString("dummy query string");
        assertModelAndView(this.controller.startSPNEGO(TEST_CONVERSATION_KEY, buildKerberosContextHttpServletRequest, new MockHttpServletResponse()), buildKerberosContextHttpServletRequest);
    }

    @Test
    public void givenKerberosSettings_startSPNEGO_shouldReplyUnauthorizedNegotiate() throws ExternalAuthenticationException, IOException {
        MockHttpServletRequest buildKerberosContextHttpServletRequest = buildKerberosContextHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.controller.startSPNEGO(TEST_CONVERSATION_KEY, buildKerberosContextHttpServletRequest, mockHttpServletResponse);
        assertResponseUnauthorizedNegotiate(mockHttpServletResponse);
    }

    @Test
    public void withoutNegotiateToken_continueSPNEGO_shouldReturnModelAndView() throws ExternalAuthenticationException, IOException {
        StubExternalAuthentication stubExternalAuthentication = new StubExternalAuthentication();
        stubExternalAuthentication.setProfileRequestContext(new ProfileRequestContext());
        MockHttpServletRequest buildConversationHttpServletRequest = buildConversationHttpServletRequest(TEST_CONVERSATION_KEY, stubExternalAuthentication);
        assertModelAndView(this.controller.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate", buildConversationHttpServletRequest, new MockHttpServletResponse()), buildConversationHttpServletRequest);
    }

    @Test
    public void withoutNegotiateToken_continueSPNEGO_shouldPreserveQueryString() throws ExternalAuthenticationException, IOException {
        StubExternalAuthentication stubExternalAuthentication = new StubExternalAuthentication();
        stubExternalAuthentication.setProfileRequestContext(new ProfileRequestContext());
        MockHttpServletRequest buildConversationHttpServletRequest = buildConversationHttpServletRequest(TEST_CONVERSATION_KEY, stubExternalAuthentication);
        buildConversationHttpServletRequest.setQueryString("dummy query string");
        assertModelAndView(this.controller.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate", buildConversationHttpServletRequest, new MockHttpServletResponse()), buildConversationHttpServletRequest);
    }

    @Test
    public void withoutNegotiateToken_continueSPNEGO_shouldReplyUnauthorizedNegotiate() throws ExternalAuthenticationException, IOException {
        StubExternalAuthentication stubExternalAuthentication = new StubExternalAuthentication();
        stubExternalAuthentication.setProfileRequestContext(new ProfileRequestContext());
        MockHttpServletRequest buildConversationHttpServletRequest = buildConversationHttpServletRequest(TEST_CONVERSATION_KEY, stubExternalAuthentication);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.controller.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate", buildConversationHttpServletRequest, mockHttpServletResponse);
        assertResponseUnauthorizedNegotiate(mockHttpServletResponse);
    }

    @Test
    public void withoutSPNEGOContext_continueSPNEGO_shouldReturnAuthenticationError() throws ExternalAuthenticationException, IOException {
        StubExternalAuthentication stubExternalAuthentication = new StubExternalAuthentication();
        ProfileRequestContext profileRequestContext = new ProfileRequestContext();
        profileRequestContext.addSubcontext(new AuthenticationContext());
        stubExternalAuthentication.setProfileRequestContext(profileRequestContext);
        MockHttpServletRequest buildConversationHttpServletRequest = buildConversationHttpServletRequest(TEST_CONVERSATION_KEY, stubExternalAuthentication);
        assertAuthenticationError(buildConversationHttpServletRequest, this.controller.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, buildConversationHttpServletRequest, (HttpServletResponse) null), "InvalidAuthenticationContext");
    }

    @Test
    public void withoutKerberosSettings_continueSPNEGO_shouldReturnAuthenticationError() throws ExternalAuthenticationException, IOException {
        StubExternalAuthentication stubExternalAuthentication = new StubExternalAuthentication();
        stubExternalAuthentication.setProfileRequestContext(new ProfileRequestContext());
        MockHttpServletRequest buildConversationHttpServletRequest = buildConversationHttpServletRequest(TEST_CONVERSATION_KEY, stubExternalAuthentication);
        assertAuthenticationError(buildConversationHttpServletRequest, this.controller.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, buildConversationHttpServletRequest, (HttpServletResponse) null), "InvalidAuthenticationContext");
    }

    @Test
    public void givenFailedGSSContextAcceptorInstantiation_continueSPNEGO_shouldReturnAuthenticationException() throws ExternalAuthenticationException, IOException {
        final GSSException gSSException = new GSSException(0);
        SPNEGOAuthnController sPNEGOAuthnController = new SPNEGOAuthnController() { // from class: net.shibboleth.idp.authn.spnego.impl.SPNEGOAuthnControllerTest.2
            @Nonnull
            protected GSSContextAcceptor createGSSContextAcceptor(@Nonnull SPNEGOContext sPNEGOContext) throws GSSException {
                throw gSSException;
            }
        };
        MockHttpServletRequest buildKerberosContextHttpServletRequest = buildKerberosContextHttpServletRequest();
        ModelAndView continueSPNEGO = sPNEGOAuthnController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, buildKerberosContextHttpServletRequest, (HttpServletResponse) null);
        Assert.assertSame(((ExternalAuthenticationException) buildKerberosContextHttpServletRequest.getAttribute("authnException")).getCause(), gSSException);
        assertAuthenticationExceptionCause(buildKerberosContextHttpServletRequest, continueSPNEGO, GSSException.class);
    }

    @Test
    public void givenSuccessfulGSSContextAcceptorInstantiation_continueSPNEGO_shouldHaveSetAcceptorInSPNEGOContext() throws ExternalAuthenticationException, IOException, Exception {
        GSSContext gSSContext = (GSSContext) Mockito.mock(GSSContext.class);
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) Matchers.any(), Matchers.anyInt(), Matchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn(gSSContext);
        Mockito.when(Boolean.valueOf(gSSContext.isEstablished())).thenReturn(false);
        HttpServletRequest buildSPNEGOHttpServletRequest = buildSPNEGOHttpServletRequest(NEGOTIATE_HEADER_DATA);
        this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, buildSPNEGOHttpServletRequest, new MockHttpServletResponse());
        AuthenticationContext subcontext = ((StubExternalAuthentication) buildSPNEGOHttpServletRequest.getSession(true).getAttribute("conversatione1s1")).getProfileRequestContext(buildSPNEGOHttpServletRequest).getSubcontext(AuthenticationContext.class);
        SPNEGOContext sPNEGOContext = subcontext != null ? (SPNEGOContext) subcontext.getSubcontext(SPNEGOContext.class) : null;
        Assert.assertNotNull(sPNEGOContext);
        Assert.assertEquals(sPNEGOContext.getContextAcceptor(), this.mockGSSContextAcceptor);
    }

    @Test
    public void givenHeaderAuthorizationNegotiate_withNTLMdata_continueSPNEGO_shouldReturnAuthenticationError() throws ExternalAuthenticationException, IOException {
        MockHttpServletRequest buildSPNEGOHttpServletRequest = buildSPNEGOHttpServletRequest(NTLMSSP_HEADER_DATA);
        assertAuthenticationError(buildSPNEGOHttpServletRequest, this.controller.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NTLMSSP_HEADER_DATA, buildSPNEGOHttpServletRequest, (HttpServletResponse) null), "NTLMUnsupported");
    }

    @Test
    public void whenAcceptSecContextThrowsException_continueSPNEGO_shouldReturnAuthenticationException() throws ExternalAuthenticationException, IOException, LoginException, GSSException, PrivilegedActionException, Exception {
        RuntimeException runtimeException = new RuntimeException();
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) Matchers.any(), Matchers.anyInt(), Matchers.anyInt())).thenThrow(new Throwable[]{runtimeException});
        MockHttpServletRequest buildSPNEGOHttpServletRequest = buildSPNEGOHttpServletRequest(NEGOTIATE_HEADER_DATA);
        ModelAndView continueSPNEGO = this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, buildSPNEGOHttpServletRequest, (HttpServletResponse) null);
        Assert.assertSame((RuntimeException) ((ExternalAuthenticationException) buildSPNEGOHttpServletRequest.getAttribute("authnException")).getCause(), runtimeException);
        assertAuthenticationExceptionCause(buildSPNEGOHttpServletRequest, continueSPNEGO, RuntimeException.class);
    }

    @Test
    public void withoutGSSContext_continueSPNEGO_shouldReturnModelAndView() throws LoginException, GSSException, PrivilegedActionException, ExternalAuthenticationException, IOException, Exception {
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) Matchers.any(), Matchers.anyInt(), Matchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn((Object) null);
        MockHttpServletRequest buildSPNEGOHttpServletRequest = buildSPNEGOHttpServletRequest(NEGOTIATE_HEADER_DATA);
        assertModelAndView(this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "", buildSPNEGOHttpServletRequest, new MockHttpServletResponse()), buildSPNEGOHttpServletRequest);
    }

    @Test
    public void withoutGSSContext_continueSPNEGO_shouldReplyUnauthorizedNegotiate() throws LoginException, GSSException, PrivilegedActionException, ExternalAuthenticationException, IOException, Exception {
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) Matchers.any(), Matchers.anyInt(), Matchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn((Object) null);
        MockHttpServletRequest buildSPNEGOHttpServletRequest = buildSPNEGOHttpServletRequest(NEGOTIATE_HEADER_DATA);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, buildSPNEGOHttpServletRequest, mockHttpServletResponse);
        assertResponseUnauthorizedNegotiate(mockHttpServletResponse, Base64Support.encode("tokenBytes".getBytes(), false));
    }

    @Test
    public void givenGSSContextNotEstablished_continueSPNEGO_shouldReturnModelAndView() throws LoginException, GSSException, PrivilegedActionException, ExternalAuthenticationException, IOException, Exception {
        GSSContext gSSContext = (GSSContext) Mockito.mock(GSSContext.class);
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) Matchers.any(), Matchers.anyInt(), Matchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn(gSSContext);
        Mockito.when(Boolean.valueOf(gSSContext.isEstablished())).thenReturn(false);
        MockHttpServletRequest buildSPNEGOHttpServletRequest = buildSPNEGOHttpServletRequest(NEGOTIATE_HEADER_DATA);
        assertModelAndView(this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "", buildSPNEGOHttpServletRequest, new MockHttpServletResponse()), buildSPNEGOHttpServletRequest);
    }

    @Test
    public void givenGSSContextNotEstablished_continueSPNEGO_shouldReplyUnauthorizedNegotiate() throws LoginException, GSSException, PrivilegedActionException, ExternalAuthenticationException, IOException, Exception {
        GSSContext gSSContext = (GSSContext) Mockito.mock(GSSContext.class);
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) Matchers.any(), Matchers.anyInt(), Matchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn(gSSContext);
        Mockito.when(Boolean.valueOf(gSSContext.isEstablished())).thenReturn(false);
        MockHttpServletRequest buildSPNEGOHttpServletRequest = buildSPNEGOHttpServletRequest(NEGOTIATE_HEADER_DATA);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, buildSPNEGOHttpServletRequest, mockHttpServletResponse);
        assertResponseUnauthorizedNegotiate(mockHttpServletResponse, Base64Support.encode("tokenBytes".getBytes(), false));
    }

    @Test
    public void givenGSSContextEstablished_andGSSException_continueSPNEGO_shouldReturnAuthenticationError() throws LoginException, GSSException, PrivilegedActionException, ExternalAuthenticationException, IOException, Exception {
        GSSContext gSSContext = (GSSContext) Mockito.mock(GSSContext.class);
        Throwable gSSException = new GSSException(0);
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) Matchers.any(), Matchers.anyInt(), Matchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn(gSSContext);
        Mockito.when(Boolean.valueOf(gSSContext.isEstablished())).thenReturn(true);
        Mockito.when(gSSContext.getSrcName()).thenThrow(new Throwable[]{gSSException});
        MockHttpServletRequest buildSPNEGOHttpServletRequest = buildSPNEGOHttpServletRequest(NEGOTIATE_HEADER_DATA);
        ModelAndView continueSPNEGO = this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, buildSPNEGOHttpServletRequest, (HttpServletResponse) null);
        Assert.assertSame(((ExternalAuthenticationException) buildSPNEGOHttpServletRequest.getAttribute("authnException")).getCause(), gSSException);
        assertAuthenticationExceptionCause(buildSPNEGOHttpServletRequest, continueSPNEGO, GSSException.class);
    }

    @Test
    public void givenGSSContextEstablished_continueSPNEGO_shouldReturnNull() throws LoginException, GSSException, PrivilegedActionException, ExternalAuthenticationException, IOException, Exception {
        GSSContext gSSContext = (GSSContext) Mockito.mock(GSSContext.class);
        GSSName gSSName = (GSSName) Mockito.mock(GSSName.class);
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) Matchers.any(), Matchers.anyInt(), Matchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn(gSSContext);
        Mockito.when(Boolean.valueOf(gSSContext.isEstablished())).thenReturn(true);
        Mockito.when(gSSContext.getSrcName()).thenReturn(gSSName);
        Mockito.when(gSSName.toString()).thenReturn("testname@realm");
        Assert.assertNull(this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, buildSPNEGOHttpServletRequest(NEGOTIATE_HEADER_DATA), (HttpServletResponse) null));
    }

    @Test
    public void givenGSSContextEstablished_continueSPNEGO_shouldSetAuthenticationSubjectAttribute() throws LoginException, GSSException, PrivilegedActionException, ExternalAuthenticationException, IOException, Exception {
        GSSContext gSSContext = (GSSContext) Mockito.mock(GSSContext.class);
        GSSName gSSName = (GSSName) Mockito.mock(GSSName.class);
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) Matchers.any(), Matchers.anyInt(), Matchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn(gSSContext);
        Mockito.when(Boolean.valueOf(gSSContext.isEstablished())).thenReturn(true);
        Mockito.when(gSSContext.getSrcName()).thenReturn(gSSName);
        Mockito.when(gSSName.toString()).thenReturn("testname@realm");
        MockHttpServletRequest buildSPNEGOHttpServletRequest = buildSPNEGOHttpServletRequest(NEGOTIATE_HEADER_DATA);
        this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, buildSPNEGOHttpServletRequest, (HttpServletResponse) null);
        Subject subject = (Subject) buildSPNEGOHttpServletRequest.getAttribute("subject");
        Assert.assertEquals(subject.getClass(), Subject.class);
        Assert.assertTrue(subject.getPrincipals(KerberosPrincipal.class).contains(new KerberosPrincipal("testname@realm")));
        Assert.assertTrue(subject.getPrincipals(UsernamePrincipal.class).contains(new UsernamePrincipal("testname@realm")));
    }

    @Test
    public void givenGSSContextEstablishedButNoGSSNameIsNull_continueSPNEGO_shouldSetAuthenticationSubjectAttribute() throws LoginException, GSSException, PrivilegedActionException, ExternalAuthenticationException, IOException, Exception {
        GSSContext gSSContext = (GSSContext) Mockito.mock(GSSContext.class);
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) Matchers.any(), Matchers.anyInt(), Matchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn(gSSContext);
        Mockito.when(Boolean.valueOf(gSSContext.isEstablished())).thenReturn(true);
        Mockito.when(gSSContext.getSrcName()).thenReturn((Object) null);
        MockHttpServletRequest buildSPNEGOHttpServletRequest = buildSPNEGOHttpServletRequest(NEGOTIATE_HEADER_DATA);
        Assert.assertNull(this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, buildSPNEGOHttpServletRequest, (HttpServletResponse) null));
        Assert.assertEquals(((ExternalAuthenticationException) buildSPNEGOHttpServletRequest.getAttribute("authnException")).getClass(), ExternalAuthenticationException.class);
    }

    private MockHttpServletRequest buildSPNEGOHttpServletRequest(String str) {
        MockHttpServletRequest buildKerberosContextHttpServletRequest = buildKerberosContextHttpServletRequest();
        buildKerberosContextHttpServletRequest.addHeader("Authorization", "Negotiate " + str);
        return buildKerberosContextHttpServletRequest;
    }

    private MockHttpServletRequest buildKerberosContextHttpServletRequest() {
        StubExternalAuthentication stubExternalAuthentication = new StubExternalAuthentication();
        stubExternalAuthentication.setProfileRequestContext(buildKerberosProfileRequestContext());
        return buildConversationHttpServletRequest(TEST_CONVERSATION_KEY, stubExternalAuthentication);
    }

    private ProfileRequestContext buildKerberosProfileRequestContext() {
        ProfileRequestContext profileRequestContext = new ProfileRequestContext();
        AuthenticationContext authenticationContext = new AuthenticationContext();
        SPNEGOContext sPNEGOContext = new SPNEGOContext();
        KerberosSettings kerberosSettings = new KerberosSettings();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new KerberosRealmSettings());
        kerberosSettings.setRealms(arrayList);
        sPNEGOContext.setKerberosSettings(kerberosSettings);
        authenticationContext.addSubcontext(sPNEGOContext);
        profileRequestContext.addSubcontext(authenticationContext);
        return profileRequestContext;
    }

    private MockHttpServletRequest buildConversationHttpServletRequest(String str, ExternalAuthentication externalAuthentication) {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("conversation", str);
        mockHttpServletRequest.getSession(true).setAttribute("conversatione1s1", externalAuthentication);
        return mockHttpServletRequest;
    }

    private void assertAuthenticationError(MockHttpServletRequest mockHttpServletRequest, ModelAndView modelAndView, String str) {
        Assert.assertNull(modelAndView);
        Assert.assertEquals(mockHttpServletRequest.getAttribute("authnError").toString(), str);
    }

    private void assertAuthenticationExceptionCause(MockHttpServletRequest mockHttpServletRequest, ModelAndView modelAndView, Class cls) {
        Assert.assertNull(modelAndView);
        Assert.assertEquals(((ExternalAuthenticationException) mockHttpServletRequest.getAttribute("authnException")).getCause().getClass(), cls);
    }

    private void assertModelAndView(ModelAndView modelAndView, MockHttpServletRequest mockHttpServletRequest) {
        Assert.assertEquals(modelAndView.getViewName(), "spnego-unavailable");
        Map model = modelAndView.getModel();
        Assert.assertTrue(model.containsKey("encoder"), "Model doesn't contain \"encoder\"");
        Assert.assertEquals(model.get("encoder").getClass(), Class.class);
        Assert.assertTrue(model.containsKey("errorUrl"), "Model doesn't contain \"errorUrl\"");
        Assert.assertEquals(model.get("errorUrl").getClass(), String.class);
        if (mockHttpServletRequest.getQueryString() != null) {
            Assert.assertTrue(((String) model.get("errorUrl")).endsWith("/error?" + mockHttpServletRequest.getQueryString()));
        } else {
            Assert.assertTrue(((String) model.get("errorUrl")).endsWith("/error"));
        }
        Assert.assertTrue(model.containsKey("request"), "Model doesn't contain \"request\"");
        Assert.assertTrue(model.get("request") instanceof HttpServletRequest);
    }

    private void assertResponseUnauthorizedNegotiate(MockHttpServletResponse mockHttpServletResponse) {
        Assert.assertEquals(new Integer(mockHttpServletResponse.getStatus()), new Integer(401));
        Assert.assertEquals(mockHttpServletResponse.getHeader("WWW-Authenticate"), "Negotiate");
    }

    private void assertResponseUnauthorizedNegotiate(MockHttpServletResponse mockHttpServletResponse, String str) {
        Assert.assertEquals(new Integer(mockHttpServletResponse.getStatus()), new Integer(401));
        Assert.assertEquals(mockHttpServletResponse.getHeader("WWW-Authenticate"), "Negotiate " + str);
    }
}
