* either express or implied. See the License for the specific language
 * governing permissions and limitations under the License.
 */
package org.codelibs.fess.app.web.api.admin.reqheader;

import static org.codelibs.fess.app.web.admin.reqheader.AdminReqheaderAction.getRequestHeader;

import java.util.List;
import java.util.stream.Collectors;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

import io.restassured.path.json.JsonPath;

@Tag("it")
public class ReqHeaderTests extends CrudTestBase {

    private static final String NAME_PREFIX = "reqHeaderTest_";
    private static final String API_PATH = "/api/admin/reqheader";
    private static final String LIST_ENDPOINT_SUFFIX = "settings";
    private static final String ITEM_ENDPOINT_SUFFIX = "setting";

    private static final String KEY_PROPERTY = "name";

    @Override

        verifyPathPattern("AdminRelatedcontent", "/admin/relatedcontent/");
        verifyPathPattern("AdminRelatedquery", "/admin/relatedquery/");
        verifyPathPattern("AdminReqheader", "/admin/reqheader/");
        verifyPathPattern("AdminRole", "/admin/role/");
        verifyPathPattern("AdminScheduler", "/admin/scheduler/");
        verifyPathPattern("AdminUser", "/admin/user/");

        public String getMethod() {
            return method;
        }

        public void setHeader(String name, String value) {
            if ("Origin".equals(name)) {
                originHeader = value;
            }
        }

        @Override
        public String getHeader(String name) {
            if ("Origin".equals(name)) {
                return originHeader;
            }

        when(request.getHeader("Authorization")).thenReturn(null);
        when(httpSession.getAttribute("NtlmHttpAuth")).thenReturn(null);

        filter.doFilter(request, response, filterChain);

        verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        verify(response).setHeader("WWW-Authenticate", "NTLM");

        // Setup: No "Authorization" header
        when(mockRequest.getHeader("Authorization")).thenReturn(null);

        // Execute
        NtlmPasswordAuthentication result = NtlmSsp.authenticate(mockCifsContext, mockRequest, mockResponse, challenge);

        // Verify
        assertNull(result, "Authentication result should be null");
        verify(mockResponse).setHeader("WWW-Authenticate", "NTLM");

    public static NtlmPasswordAuthentication authenticate(final CIFSContext tc, final HttpServletRequest req,
            final HttpServletResponse resp, final byte[] challenge) throws IOException {
        String msg = req.getHeader("Authorization");
        if (msg != null && msg.startsWith("NTLM ")) {
            final byte[] src = Base64.decode(msg.substring(5));
            if (src[8] == 1) {

        ntlmServlet.init(servletConfig);
        when(request.getHeader("Authorization")).thenReturn(null);
        when(request.getSession(false)).thenReturn(null);
        lenient().when(request.isSecure()).thenReturn(true);

        ntlmServlet.service(request, response);

        verify(response).setHeader("WWW-Authenticate", "NTLM");

        initializeNetworkExplorer(false, "jCIFS");

        when(request.getHeader("Authorization")).thenReturn(null);

        networkExplorer.doGet(request, response);

        verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        verify(response).setHeader("WWW-Authenticate", "NTLM");
        verify(response).flushBuffer();
    }

    /**

     */
    public static NtlmPasswordAuthentication authenticate(final HttpServletRequest req, final HttpServletResponse resp,
            final byte[] challenge) throws IOException, ServletException {
        String msg = req.getHeader("Authorization");
        if (msg != null && msg.startsWith("NTLM ")) {
            final byte[] src = Base64.decode(msg.substring(5));
            if (src[8] == 1) {