package org.owasp.esapi;

import java.util.Iterator;
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;

/* JADX WARN: Classes with same name are omitted:
  input_file:ESAPI/build/classes/org/owasp/esapi/AccessControllerTest.class
 */
/* loaded from: input_file:ESAPI/esapi_1.0.jar:org/owasp/esapi/AccessControllerTest.class */
public class AccessControllerTest extends TestCase {
    public AccessControllerTest(String str) throws Exception {
        super(str);
        Authenticator authenticator = Authenticator.getInstance();
        Iterator it = authenticator.getUserNames().iterator();
        while (it.hasNext()) {
            authenticator.removeUser((String) it.next());
        }
        String generateStrongPassword = authenticator.generateStrongPassword();
        User createUser = authenticator.createUser("testuser1", generateStrongPassword, generateStrongPassword);
        createUser.addRole("user");
        authenticator.setCurrentUser(createUser);
        User createUser2 = authenticator.createUser("testuser2", generateStrongPassword, generateStrongPassword);
        createUser2.addRole("admin");
        authenticator.setCurrentUser(createUser2);
        User createUser3 = authenticator.createUser("testuser3", generateStrongPassword, generateStrongPassword);
        createUser3.addRole("admin");
        createUser3.addRole("user");
        authenticator.setCurrentUser(createUser3);
    }

    protected void setUp() throws Exception {
    }

    protected void tearDown() throws Exception {
    }

    public static Test suite() {
        return new TestSuite(AccessControllerTest.class);
    }

    public void testIsAuthorizedForURL() throws Exception {
        System.out.println("isAuthorizedForURL");
        AccessController accessController = AccessController.getInstance();
        Authenticator.getInstance().setCurrentUser(Authenticator.getInstance().getUser("testuser1"));
        assertFalse(accessController.isAuthorizedForURL("/nobody"));
        assertFalse(accessController.isAuthorizedForURL("/test/admin"));
        assertTrue(accessController.isAuthorizedForURL("/test/user"));
        assertTrue(accessController.isAuthorizedForURL("/test/all"));
        assertFalse(accessController.isAuthorizedForURL("/test/none"));
        assertTrue(accessController.isAuthorizedForURL("/test/none/test.gif"));
        assertFalse(accessController.isAuthorizedForURL("/test/none/test.exe"));
        Authenticator.getInstance().setCurrentUser(Authenticator.getInstance().getUser("testuser2"));
        assertFalse(accessController.isAuthorizedForURL("/nobody"));
        assertTrue(accessController.isAuthorizedForURL("/test/admin"));
        assertFalse(accessController.isAuthorizedForURL("/test/user"));
        assertTrue(accessController.isAuthorizedForURL("/test/all"));
        assertFalse(accessController.isAuthorizedForURL("/test/none"));
        Authenticator.getInstance().setCurrentUser(Authenticator.getInstance().getUser("testuser3"));
        assertFalse(accessController.isAuthorizedForURL("/nobody"));
        assertTrue(accessController.isAuthorizedForURL("/test/admin"));
        assertTrue(accessController.isAuthorizedForURL("/test/user"));
        assertTrue(accessController.isAuthorizedForURL("/test/all"));
        assertFalse(accessController.isAuthorizedForURL("/test/none"));
    }

    public void testIsAuthorizedForFunction() {
        System.out.println("isAuthorizedForFunction");
        AccessController accessController = AccessController.getInstance();
        Authenticator.getInstance().setCurrentUser(Authenticator.getInstance().getUser("testuser1"));
        assertTrue(accessController.isAuthorizedForFunction("/FunctionA"));
        assertFalse(accessController.isAuthorizedForFunction("/FunctionAdeny"));
        assertFalse(accessController.isAuthorizedForFunction("/FunctionB"));
        assertFalse(accessController.isAuthorizedForFunction("/FunctionBdeny"));
        Authenticator.getInstance().setCurrentUser(Authenticator.getInstance().getUser("testuser2"));
        assertFalse(accessController.isAuthorizedForFunction("/FunctionA"));
        assertFalse(accessController.isAuthorizedForFunction("/FunctionAdeny"));
        assertTrue(accessController.isAuthorizedForFunction("/FunctionB"));
        assertFalse(accessController.isAuthorizedForFunction("/FunctionBdeny"));
        Authenticator.getInstance().setCurrentUser(Authenticator.getInstance().getUser("testuser3"));
        assertTrue(accessController.isAuthorizedForFunction("/FunctionA"));
        assertFalse(accessController.isAuthorizedForFunction("/FunctionAdeny"));
        assertTrue(accessController.isAuthorizedForFunction("/FunctionB"));
        assertFalse(accessController.isAuthorizedForFunction("/FunctionBdeny"));
    }

    public void testIsAuthorizedForData() {
        System.out.println("isAuthorizedForData");
        AccessController accessController = AccessController.getInstance();
        Authenticator.getInstance().setCurrentUser(Authenticator.getInstance().getUser("testuser1"));
        assertTrue(accessController.isAuthorizedForData("/Data1"));
        assertFalse(accessController.isAuthorizedForData("/Data2"));
        assertFalse(accessController.isAuthorizedForData("/not_listed"));
        Authenticator.getInstance().setCurrentUser(Authenticator.getInstance().getUser("testuser2"));
        assertFalse(accessController.isAuthorizedForData("/Data1"));
        assertTrue(accessController.isAuthorizedForData("/Data2"));
        assertFalse(accessController.isAuthorizedForData("/not_listed"));
        Authenticator.getInstance().setCurrentUser(Authenticator.getInstance().getUser("testuser3"));
        assertTrue(accessController.isAuthorizedForData("/Data1"));
        assertTrue(accessController.isAuthorizedForData("/Data2"));
        assertFalse(accessController.isAuthorizedForData("/not_listed"));
    }

    public void testIsAuthorizedForFile() {
        System.out.println("isAuthorizedForFile");
        AccessController accessController = AccessController.getInstance();
        Authenticator.getInstance().setCurrentUser(Authenticator.getInstance().getUser("testuser1"));
        assertTrue(accessController.isAuthorizedForFile("/Dir/File1"));
        assertFalse(accessController.isAuthorizedForFile("/Dir/File2"));
        assertFalse(accessController.isAuthorizedForFile("/Dir/ridiculous"));
        Authenticator.getInstance().setCurrentUser(Authenticator.getInstance().getUser("testuser2"));
        assertFalse(accessController.isAuthorizedForFile("/Dir/File1"));
        assertTrue(accessController.isAuthorizedForFile("/Dir/File2"));
        assertFalse(accessController.isAuthorizedForFile("/Dir/ridiculous"));
        Authenticator.getInstance().setCurrentUser(Authenticator.getInstance().getUser("testuser3"));
        assertTrue(accessController.isAuthorizedForFile("/Dir/File1"));
        assertTrue(accessController.isAuthorizedForFile("/Dir/File2"));
        assertFalse(accessController.isAuthorizedForFile("/Dir/ridiculous"));
    }

    public void testIsAuthorizedForBackendService() {
        System.out.println("isAuthorizedForBackendService");
        AccessController accessController = AccessController.getInstance();
        Authenticator.getInstance().setCurrentUser(Authenticator.getInstance().getUser("testuser1"));
        assertTrue(accessController.isAuthorizedForService("/services/ServiceA"));
        assertFalse(accessController.isAuthorizedForService("/services/ServiceB"));
        assertFalse(accessController.isAuthorizedForService("/test/ridiculous"));
        Authenticator.getInstance().setCurrentUser(Authenticator.getInstance().getUser("testuser2"));
        assertFalse(accessController.isAuthorizedForService("/services/ServiceA"));
        assertTrue(accessController.isAuthorizedForService("/services/ServiceB"));
        assertFalse(accessController.isAuthorizedForService("/test/ridiculous"));
        Authenticator.getInstance().setCurrentUser(Authenticator.getInstance().getUser("testuser3"));
        assertTrue(accessController.isAuthorizedForService("/services/ServiceA"));
        assertTrue(accessController.isAuthorizedForService("/services/ServiceB"));
        assertFalse(accessController.isAuthorizedForService("/test/ridiculous"));
    }
}
