package com.atlassian.jira.webtests.ztests.admin.trustedapps;

import com.atlassian.jira.functest.framework.Administration;
import com.atlassian.jira.functest.framework.BaseJiraFuncTest;
import com.atlassian.jira.functest.framework.FunctTestConstants;
import com.atlassian.jira.functest.framework.LoginAs;
import com.atlassian.jira.functest.framework.suite.Category;
import com.atlassian.jira.functest.framework.suite.WebTest;
import com.atlassian.security.auth.trustedapps.BouncyCastleEncryptionProvider;
import com.atlassian.security.auth.trustedapps.EncryptedCertificate;
import com.atlassian.security.auth.trustedapps.TrustedApplicationUtils;
import com.meterware.httpunit.GetMethodWebRequest;
import com.meterware.httpunit.WebResponse;
import java.io.File;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.spec.InvalidKeySpecException;
import javax.inject.Inject;
import org.apache.commons.codec.binary.Base64;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

@LoginAs(user = "admin")
@WebTest({Category.FUNC_TEST, Category.ADMINISTRATION, Category.BROWSING})
/* loaded from: input_file:com/atlassian/jira/webtests/ztests/admin/trustedapps/TestTrustedApplicationClient.class */
public class TestTrustedApplicationClient extends BaseJiraFuncTest {
    private static final String ID = "TestTrustedApplicationClient.id";
    private static final String REQUEST_STRING = "/sr/jira.issueviews:searchrequest-rss/temp/SearchRequest.xml";
    private static final String PRIVATE_KEY = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALJKm1u6AcDNZQljcAtaG5II+FVefBtQF+xETFhCK0EJWfLhXUNxTZIDHbZsf11IzRfs10w5sXviv5Z3vtCg8C1rJKoUuoJ5EJsWaEeBVKL6kZ4KKlOm5559KTPYBfwCP73Hbu2qMGxfUu01ZUsOyKcSEFY3rxH6IQ6Z//qMZY5tAgMBAAECgYB4QXJAkFmWXfOEPZnZTlHCUmKN0kkLcx5vsjF8ZkUefNw6wl9Rmh6kGY30+YF+vhf3xzwAoflggjSPnP0LY0Ibf0XxMcNjR1zBsl9X7gKfXghIunS6gbcwrEwBNc5GR4zkYjYaZQ4zVvm3oMS2glV9NlXAUl41VL2XAQC/ENwbUQJBAOdoAz4hZGgke9AxoKLZh215gY+PLXqVLlWf14Ypk70Efk/bVvF10EsAOuAm9queCyr0qNf/vgHrm4HHXwJz4SsCQQDFPXir5qs+Kf2Y0KQ+WO5IRaNmrOlNvWDqJP/tDGfF/TYo6nSI0dGtWNfwZyDB47PbUq3zxCHYjExBJ9vQNZLHAkEA4JlCtHYCl1X52jug1w7c9DN/vc/Q626J909aB3ypSUdoNagFPf0EexcxDcijmDSgUEQA8Qzm5cRBPfg9Tgsc2wJBAIKbiv2hmEFowtHfTvMuJlNbMbF6zF67CaLib0oEDe+QFb4QSqyS69py20MItytM4btYy3GArbzcYl4+y5La9t8CQE2BkMV3MLcpAKjxtK5SYwCyLT591k35isGxmIlSQBQbDmGP9L5ZeXmVGVxRCGbBQjCzeoafPvUZo65kaRQHUJc=";
    private String localProtocolVersion;
    private String remoteProtocolVersion;

    @Inject
    private Administration administration;

    @Before
    public void setUpTest() {
        try {
            this.localProtocolVersion = System.getProperty("trustedapps.protocol.version");
            this.remoteProtocolVersion = this.backdoor.systemProperties().getProperty("trustedapps.protocol.version");
        } catch (Exception e) {
        }
        this.administration.restoreData("TestTrustedAppsWithIssues.xml");
        this.navigation.gotoAdmin();
        this.navigation.gotoPage("/secure/admin/trustedapps/ViewTrustedApplications.jspa");
        this.tester.setFormElement("trustedAppBaseUrl", new File(getEnvironmentData().getXMLDataLocation(), "/trustedapp/").toURI().toASCIIString());
        this.tester.submit("Send Request");
        this.tester.setWorkingForm(FunctTestConstants.JIRA_FORM_NAME);
        this.tester.setFormElement("name", "TestTrustedApplicationClient");
        this.tester.setFormElement("timeout", "500");
        this.tester.submit("Add");
        this.navigation.logout();
    }

    @After
    public void tearDownTest() {
        if (this.localProtocolVersion != null) {
            System.setProperty("trustedapps.protocol.version", this.localProtocolVersion);
        } else {
            System.clearProperty("trustedapps.protocol.version");
        }
        if (this.remoteProtocolVersion != null) {
            this.backdoor.systemProperties().setProperty("trustedapps.protocol.version", this.remoteProtocolVersion);
        } else {
            this.backdoor.systemProperties().unsetProperty("trustedapps.protocol.version");
        }
    }

    @Test
    public void testAllWithV2TrustedProtocol() throws Exception {
        this.backdoor.systemProperties().setProperty("trustedapps.protocol.version", TrustedApplicationUtils.Constant.VERSION_TWO.toString());
        System.setProperty("trustedapps.protocol.version", TrustedApplicationUtils.Constant.VERSION_TWO.toString());
        _testClientNotLoggedIn();
        _testUnknownClientLoggedInFred();
        _testClientLoggedInUnknown();
        _testClientLoggedInFred();
        _testClientLoggedInAdmin();
        _testInvalidCertData();
        _testInvalidCertSecretKey();
        _testUrlNotMatched();
    }

    @Test
    public void testAllWithV3TrustedProtocol() throws Exception {
        this.backdoor.systemProperties().setProperty("trustedapps.protocol.version", TrustedApplicationUtils.Constant.VERSION_THREE.toString());
        System.setProperty("trustedapps.protocol.version", TrustedApplicationUtils.Constant.VERSION_THREE.toString());
        _testClientNotLoggedIn();
        _testUnknownClientLoggedInFred();
        _testClientLoggedInUnknown();
        _testClientLoggedInFred();
        _testClientLoggedInAdmin();
        _testInvalidCertData();
        _testInvalidCertSecretKeyWithV3Protocol();
        _testUrlNotMatched();
    }

    public void _testClientNotLoggedIn() throws Exception {
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getGetMethodWebRequest("nothing"));
        assertResponseContainsError(sendRequest);
        assertResponseContainsNoItems(sendRequest);
    }

    public void _testClientLoggedInUnknown() throws Exception {
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getGetMethodWebRequest("unknown-user", getEnvironmentData().getBaseUrl() + "/sr/jira.issueviews:searchrequest-rss/temp/SearchRequest.xml"));
        assertResponseContainsError(sendRequest);
        assertResponseContainsNoItems(sendRequest);
    }

    public void _testClientLoggedInFred() throws Exception {
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getGetMethodWebRequest("FreD"));
        assertResponseContainsNoErrors(sendRequest);
        NodeList elementsByTagName = sendRequest.getDOM().getElementsByTagName("item");
        Assert.assertEquals(1L, elementsByTagName.getLength());
        String nodeValue = ((Element) elementsByTagName.item(0)).getElementsByTagName("title").item(0).getFirstChild().getNodeValue();
        Assert.assertNotNull(nodeValue);
        Assert.assertTrue(nodeValue.contains("HSP-1"));
        Assert.assertTrue(nodeValue.contains("A bug anyone can see"));
    }

    public void _testClientLoggedInAdmin() throws Exception {
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getGetMethodWebRequest("aDmIn"));
        assertResponseContainsNoErrors(sendRequest);
        NodeList elementsByTagName = sendRequest.getDOM().getElementsByTagName("item");
        Assert.assertEquals(2L, elementsByTagName.getLength());
        String nodeValue = ((Element) elementsByTagName.item(0)).getElementsByTagName("title").item(0).getFirstChild().getNodeValue();
        Assert.assertNotNull(nodeValue);
        Assert.assertTrue(nodeValue, nodeValue.contains("MKY-1"));
        Assert.assertTrue(nodeValue, nodeValue.contains("A bug only admin can see"));
        String nodeValue2 = ((Element) elementsByTagName.item(1)).getElementsByTagName("title").item(0).getFirstChild().getNodeValue();
        Assert.assertNotNull(nodeValue2);
        Assert.assertTrue(nodeValue2, nodeValue2.contains("HSP-1"));
        Assert.assertTrue(nodeValue2, nodeValue2.contains("A bug anyone can see"));
    }

    public void _testUnknownClientLoggedInFred() throws Exception {
        GetMethodWebRequest getMethodWebRequest = getGetMethodWebRequest("fred");
        getMethodWebRequest.setHeaderField("X-Seraph-Trusted-App-ID", "TestTrustedApplicationClient.id.unknown");
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getMethodWebRequest);
        assertResponseContainsError(sendRequest);
        assertResponseContainsNoItems(sendRequest);
    }

    public void _testInvalidCertData() throws Exception {
        GetMethodWebRequest getMethodWebRequest = getGetMethodWebRequest("blah");
        getMethodWebRequest.setHeaderField("X-Seraph-Trusted-App-Cert", ID);
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getMethodWebRequest);
        assertResponseContainsError(sendRequest);
        assertResponseContainsNoItems(sendRequest);
    }

    public void _testInvalidCertSecretKey() throws Exception {
        GetMethodWebRequest getMethodWebRequest = getGetMethodWebRequest("fred");
        getMethodWebRequest.setHeaderField("X-Seraph-Trusted-App-Key", ID);
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getMethodWebRequest);
        assertResponseContainsError(sendRequest);
        assertResponseContainsNoItems(sendRequest);
    }

    public void _testInvalidCertSecretKeyWithV3Protocol() throws Exception {
        GetMethodWebRequest getMethodWebRequest = getGetMethodWebRequest("fred");
        getMethodWebRequest.setHeaderField("X-Seraph-Trusted-App-Key", ID);
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getMethodWebRequest);
        assertResponseContainsNoErrors(sendRequest);
        NodeList elementsByTagName = sendRequest.getDOM().getElementsByTagName("item");
        Assert.assertEquals(1L, elementsByTagName.getLength());
        String nodeValue = ((Element) elementsByTagName.item(0)).getElementsByTagName("title").item(0).getFirstChild().getNodeValue();
        Assert.assertNotNull(nodeValue);
        Assert.assertTrue(nodeValue.contains("HSP-1"));
        Assert.assertTrue(nodeValue.contains("A bug anyone can see"));
    }

    public void _testCertificateExpires() throws Exception {
        GetMethodWebRequest getMethodWebRequest = getGetMethodWebRequest("fred");
        Thread.sleep(550L);
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getMethodWebRequest);
        assertResponseContainsError(sendRequest);
        assertResponseContainsNoItems(sendRequest);
    }

    public void _testUrlNotMatched() throws Exception {
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getGetMethodWebRequest("fred", getEnvironmentData().getBaseUrl() + "/browse/MKY-1"));
        Assert.assertNotNull(sendRequest);
        Assert.assertTrue(sendRequest.getText(), sendRequest.getText().contains("You must log in to access this page."));
    }

    private GetMethodWebRequest getGetMethodWebRequest(String str) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        return getGetMethodWebRequest(str, getEnvironmentData().getBaseUrl() + "/sr/jira.issueviews:searchrequest-rss/temp/SearchRequest.xml");
    }

    private GetMethodWebRequest getGetMethodWebRequest(String str, String str2) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        GetMethodWebRequest getMethodWebRequest = new GetMethodWebRequest(str2);
        BouncyCastleEncryptionProvider bouncyCastleEncryptionProvider = new BouncyCastleEncryptionProvider();
        populateRequest(bouncyCastleEncryptionProvider.createEncryptedCertificate(str, bouncyCastleEncryptionProvider.toPrivateKey(Base64.decodeBase64(PRIVATE_KEY.getBytes())), ID, str2), getMethodWebRequest);
        return getMethodWebRequest;
    }

    private void assertResponseContainsError(WebResponse webResponse) {
        Assert.assertNotNull(webResponse);
        Assert.assertNotNull(webResponse.getHeaderField("X-Seraph-Trusted-App-Status"));
        Assert.assertEquals("ERROR", webResponse.getHeaderField("X-Seraph-Trusted-App-Status"));
        Assert.assertNotNull(webResponse.getHeaderField("X-Seraph-Trusted-App-Error"));
    }

    private void assertResponseContainsNoItems(WebResponse webResponse) throws SAXException {
        Assert.assertNotNull(webResponse);
        Assert.assertEquals(0L, webResponse.getDOM().getElementsByTagName("item").getLength());
    }

    private void assertResponseContainsNoErrors(WebResponse webResponse) {
        Assert.assertNotNull(webResponse);
        Assert.assertNotNull(webResponse.getHeaderField("X-Seraph-Trusted-App-Status"));
        Assert.assertEquals("OK", webResponse.getHeaderField("X-Seraph-Trusted-App-Status"));
        Assert.assertNull(webResponse.getHeaderField("X-Seraph-Trusted-App-Error"));
    }

    private void populateRequest(EncryptedCertificate encryptedCertificate, GetMethodWebRequest getMethodWebRequest) {
        TrustedApplicationUtils.addRequestParameters(encryptedCertificate, (str, str2) -> {
            if (str2 != null) {
                getMethodWebRequest.setHeaderField(str, str2);
            }
        });
    }
}
