/*
 * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/*
 * @test
 * @bug 8225425
 * @summary Verifies that transparent NTLM (on Windows) is not used by default,
 *          and is used only when the relevant property is set.
 * @requires os.family == "windows"
 * @library /test/lib
 * @run testng/othervm
 *      -Dtest.auth.succeed=false
 *      TestTransparentNTLM
 * @run testng/othervm
 *      -Djdk.http.ntlm.transparentAuth=allHosts
 *      -Dtest.auth.succeed=true
 *      TestTransparentNTLM
 * @run testng/othervm
 *      -Djdk.http.ntlm.transparentAuth=blahblah
 *      -Dtest.auth.succeed=false
 *      TestTransparentNTLM
 * @run testng/othervm
 *      -Djdk.http.ntlm.transparentAuth=trustedHosts
 *      -Dtest.auth.succeed=false
 *      TestTransparentNTLM
 */

// Run with `trustedHosts` to exercise the native code, nothing more.

import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URL;
import jdk.test.lib.net.URIBuilder;
import org.testng.annotations.AfterTest;
import org.testng.annotations.BeforeTest;
import org.testng.annotations.Test;
import org.testng.SkipException;
import static java.lang.System.out;
import static java.net.Proxy.NO_PROXY;
import static java.nio.charset.StandardCharsets.UTF_8;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.fail;

public class TestTransparentNTLM {

    boolean succeed;  // true if authentication is expected to succeed
    Server server;
    URL url;

    @Test
    public void testNTLM() throws IOException {
        out.println("connecting to url: " + url);
        HttpURLConnection uc = (HttpURLConnection)url.openConnection(NO_PROXY);
        int respCode = uc.getResponseCode();
        out.println("received: " + respCode);

        if (succeed) {
            assertEquals(respCode, HttpURLConnection.HTTP_OK);
            String body = new String(uc.getInputStream().readAllBytes(), UTF_8);
            out.println("received body: " + body);
        } else {
            assertEquals(respCode, HttpURLConnection.HTTP_UNAUTHORIZED);
        }
    }

    static class Server extends Thread implements  Closeable {

        static final InetAddress LOOPBACK = InetAddress.getLoopbackAddress();
        final ServerSocket serverSocket;
        final boolean expectAuthToSucceed;

        Server(boolean expectAuthToSucceed) throws IOException {
            super("TestTransparentNTLM-Server");
            serverSocket = new ServerSocket();
            serverSocket.bind(new InetSocketAddress(LOOPBACK, 0));
            this.expectAuthToSucceed = expectAuthToSucceed;
        }

        int port() {
            return serverSocket.getLocalPort();
        }

        static final String AUTH_REQUIRED =
                "HTTP/1.1 401 Unauthorized\r\n" +
                "Content-Length: 0\r\n" +
                "Connection: close\r\n" +
                "WWW-Authenticate: NTLM\r\n\r\n";

        static final String AUTH_STAGE_TWO =
                "HTTP/1.1 401 Unauthorized\r\n" +
                "Content-Length: 0\r\n" +
                "WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAU3J2Tm9uY2UAAAAAAAAAAA==\r\n\r\n";

        static final String AUTH_SUCCESSFUL =
                "HTTP/1.1 200 OK\r\n" +
                "Content-Length: 11\r\n\r\n" +
                "Hello world";

        @Override
        public void run() {
            try {
                try (Socket s = serverSocket.accept()) {
                    out.println("Server accepted connection - 1");
                    readRequestHeaders(s.getInputStream());
                    s.getOutputStream().write(AUTH_REQUIRED.getBytes(UTF_8));
                }

                if (expectAuthToSucceed) {
                    // await the second follow up connection
                    try (Socket s = serverSocket.accept()) {
                        out.println("Server accepted connection - 2");
                        readRequestHeaders(s.getInputStream());
                        s.getOutputStream().write(AUTH_STAGE_TWO.getBytes(UTF_8));
                        readRequestHeaders(s.getInputStream());
                        s.getOutputStream().write(AUTH_SUCCESSFUL.getBytes(UTF_8));
                    }
                }
            } catch (IOException e) {
                fail("Unexpected exception", e);
            }
        }

        @Override
        public void close() throws IOException {
            serverSocket.close();
        }

        static final byte[] REQUEST_END = new byte[] {'\r', '\n', '\r', '\n'};

        // Read until the end of the HTTP request headers
        static void readRequestHeaders(InputStream is) throws IOException {
            int requestEndCount = 0, r;
            while ((r = is.read()) != -1) {
                if (r == REQUEST_END[requestEndCount]) {
                    requestEndCount++;
                    if (requestEndCount == 4) {
                        break;
                    }
                } else {
                    requestEndCount = 0;
                }
            }
        }
    }

    @BeforeTest
    public void setup() throws Exception {
        succeed = System.getProperty("test.auth.succeed").equals("true");
        if (succeed)
            out.println("Expect client to succeed, with 200 Ok");
        else
            out.println("Expect client to fail, with 401 Unauthorized");

        server = new Server(succeed);
        server.start();
        url = URIBuilder.newBuilder()
                .scheme("http")
                .loopback()
                .port(server.port())
                .path("/xxyyzz")
                .toURL();
    }

    @AfterTest
    public void teardown() throws Exception {
        server.close();
        server.join();
    }
}