package com.atlassian.jira.webtests.ztests.attachment;

import com.atlassian.integrationtesting.runner.restore.RestoreOnce;
import com.atlassian.jira.functest.framework.BaseJiraFuncTest;
import com.atlassian.jira.functest.framework.suite.Category;
import com.atlassian.jira.functest.framework.suite.WebTest;
import com.atlassian.jira.functest.rule.Rules;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.HashSet;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import javax.ws.rs.core.UriBuilder;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.BasicAuthCache;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.hamcrest.collection.IsIterableContainingInAnyOrder;
import org.hamcrest.core.IsEqual;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TestRule;

@RestoreOnce("TestAttachmentZipServlet/TestAttachmentZipServlet.xml")
@WebTest({Category.FUNC_TEST, Category.ATTACHMENTS})
/* loaded from: input_file:com/atlassian/jira/webtests/ztests/attachment/TestAttachmentZipServlet.class */
public class TestAttachmentZipServlet extends BaseJiraFuncTest {
    public static final int ID_OF_ISSUE_WITH_MANY_ATTACHMENTS = 10001;
    public static final int ID_OF_ISSUE_WITH_ZIP_ARCHIVE_ATTACHMENT = 10000;
    public static final int XML_ATTACHMENT_ID = 10000;
    public static final int ZIP_ATTACHMENT_ID = 10001;
    public static final int PNG_ATTACHMENT_ID = 10002;
    public static final int JPEG_ATTACHMENT_ID = 10100;
    private final CloseableHttpClient httpClient = HttpClientBuilder.create().build();
    private final HttpClientContext httpContext = HttpClientContext.create();

    @Rule
    public TestRule copyAttachmentsRule = Rules.prepareAttachments(this::getEnvironmentData, this::getBackdoor, "TestAttachmentZipServlet/attachments");

    @Before
    public void setUpTest() throws URISyntaxException {
        URI uri = this.environmentData.getBaseUrl().toURI();
        HttpHost httpHost = new HttpHost(uri.getHost(), uri.getPort(), uri.getScheme());
        BasicCredentialsProvider createCredentialsProvider = createCredentialsProvider(httpHost, "admin", "admin");
        BasicAuthCache basicAuthCache = new BasicAuthCache();
        basicAuthCache.put(httpHost, new BasicScheme());
        this.httpContext.setCredentialsProvider(createCredentialsProvider);
        this.httpContext.setAuthCache(basicAuthCache);
    }

    @Test
    public void testDownloadAllAttachmentsOfIssueAsZip() throws Exception {
        InputStream content = makeRequestToAttachmentServlet(zipAllAttachmentsUri().toString()).getEntity().getContent();
        try {
            assertResponseZipContainsEntries(content, "test1.xml", "test3.png", "test1.xml.zip", "test.jpeg");
            IOUtils.closeQuietly(content);
        } catch (Throwable th) {
            IOUtils.closeQuietly(content);
            throw th;
        }
    }

    @Test
    public void testCanDownloadOneEntryFromZip() throws Exception {
        InputStream content = makeRequestToAttachmentServlet(unzipFileUri(0).toString()).getEntity().getContent();
        try {
            assertResponseBodyEqualsTo(content, " <someXmlContent>here</someXmlContent>");
        } finally {
            IOUtils.closeQuietly(content);
        }
    }

    @Test
    public void testShouldHaveAppropriateHeaderAccordingToFileType() throws IOException, URISyntaxException {
        verifyAttachmentWithIdProvidedWithAppropriateContentType("text/xml", 10000);
        verifyAttachmentWithIdProvidedWithAppropriateContentType("application/zip", 10001);
        verifyAttachmentWithIdProvidedWithAppropriateContentType("image/png", PNG_ATTACHMENT_ID);
        verifyAttachmentWithIdProvidedWithAppropriateContentType("image/jpeg", JPEG_ATTACHMENT_ID);
    }

    @Test
    public void testShouldHaveContentSecurityPolicySandbox() throws IOException, URISyntaxException {
        verifyAttachmentWithIdProvidedWithSandboxPolicy(10000);
        verifyAttachmentWithIdProvidedWithSandboxPolicy(10001);
        verifyAttachmentWithIdProvidedWithSandboxPolicy(PNG_ATTACHMENT_ID);
        verifyAttachmentWithIdProvidedWithSandboxPolicy(JPEG_ATTACHMENT_ID);
    }

    @Test
    public void testShouldNotAllowToUnzipFileBiggerThanMaxAttachmentProperty() throws Exception {
        this.backdoor.applicationProperties().setString("webwork.multipart.maxSize", Long.toString(10L));
        try {
            Assert.assertNotEquals(200L, this.httpClient.execute(new HttpGet(unzipFileUri(0)), this.httpContext).getStatusLine().getStatusCode());
            this.backdoor.applicationProperties().setString("webwork.multipart.maxSize", Long.toString(10000000L));
        } catch (Throwable th) {
            this.backdoor.applicationProperties().setString("webwork.multipart.maxSize", Long.toString(10000000L));
            throw th;
        }
    }

    @Test
    public void testShouldNotAllowToUnzipAttachmentIfUserDoesntHaveAccessToIssueWhenProvidingThatIssue() throws URISyntaxException, IOException {
        testShouldNotAllowToUnzipAttachmentIfUserDoesntHaveAccessToIssue(JPEG_ATTACHMENT_ID);
    }

    @Test
    public void testShouldNotAllowToUnzipAttachmentIfUserDoesntHaveAccessToIssueWhenProvidingAnotherIssue() throws URISyntaxException, IOException {
        testShouldNotAllowToUnzipAttachmentIfUserDoesntHaveAccessToIssue(10000);
    }

    private void testShouldNotAllowToUnzipAttachmentIfUserDoesntHaveAccessToIssue(int i) throws URISyntaxException, IOException {
        URI uri = this.environmentData.getBaseUrl().toURI();
        this.httpContext.setCredentialsProvider(createCredentialsProvider(new HttpHost(uri.getHost(), uri.getPort(), uri.getScheme()), "fred", "fred"));
        HttpGet httpGet = new HttpGet(unzipFileUri(i, 10200, 0));
        httpGet.setHeader("User-Agent", "Mozilla/5.0 (compatible; MSIE 7.01; Windows NT 5.0)");
        String iOUtils = IOUtils.toString(this.httpClient.execute(httpGet, this.httpContext).getEntity().getContent(), Charset.defaultCharset());
        Assert.assertEquals(200L, r0.getStatusLine().getStatusCode());
        MatcherAssert.assertThat(iOUtils, CoreMatchers.containsString("<title>Access Denied - Your Company Jira</title>"));
    }

    private void verifyAttachmentWithIdProvidedWithAppropriateContentType(String str, int i) throws IOException, URISyntaxException {
        CloseableHttpResponse makeRequestToAttachmentServlet = makeRequestToAttachmentServlet(getAttachmentURI(i).toString());
        try {
            MatcherAssert.assertThat(makeRequestToAttachmentServlet.getFirstHeader("Content-Type").getValue(), CoreMatchers.startsWith(str));
            if (makeRequestToAttachmentServlet != null) {
                makeRequestToAttachmentServlet.close();
            }
        } catch (Throwable th) {
            if (makeRequestToAttachmentServlet != null) {
                try {
                    makeRequestToAttachmentServlet.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void verifyAttachmentWithIdProvidedWithSandboxPolicy(int i) throws IOException, URISyntaxException {
        CloseableHttpResponse makeRequestToAttachmentServlet = makeRequestToAttachmentServlet(getAttachmentURI(i).toString());
        try {
            Assert.assertEquals("sandbox", makeRequestToAttachmentServlet.getFirstHeader("Content-Security-Policy").getValue());
            if (makeRequestToAttachmentServlet != null) {
                makeRequestToAttachmentServlet.close();
            }
        } catch (Throwable th) {
            if (makeRequestToAttachmentServlet != null) {
                try {
                    makeRequestToAttachmentServlet.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void assertResponseBodyEqualsTo(InputStream inputStream, String str) throws IOException {
        MatcherAssert.assertThat(IOUtils.toString(inputStream, StandardCharsets.UTF_8), IsEqual.equalTo(str));
    }

    private void assertResponseZipContainsEntries(InputStream inputStream, String... strArr) throws Exception {
        ZipInputStream zipInputStream = new ZipInputStream(inputStream);
        HashSet hashSet = new HashSet();
        while (true) {
            ZipEntry nextEntry = zipInputStream.getNextEntry();
            if (nextEntry == null) {
                MatcherAssert.assertThat(hashSet, IsIterableContainingInAnyOrder.containsInAnyOrder(strArr));
                return;
            }
            hashSet.add(nextEntry.getName());
        }
    }

    private CloseableHttpResponse makeRequestToAttachmentServlet(String str) throws IOException {
        HttpGet httpGet = new HttpGet(str);
        httpGet.setHeader("User-Agent", "Mozilla/5.0 (compatible; MSIE 7.01; Windows NT 5.0)");
        CloseableHttpResponse execute = this.httpClient.execute(httpGet, this.httpContext);
        Assert.assertEquals(200L, execute.getStatusLine().getStatusCode());
        return execute;
    }

    private URI getAttachmentURI(int i) throws URISyntaxException {
        return getUriBuilder().path("secure/attachment/" + i + "/").build(new Object[0]);
    }

    private URI unzipFileUri(int i) throws URISyntaxException {
        return unzipFileUri(10000, 10003, i);
    }

    private URI unzipFileUri(int i, int i2, int i3) throws URISyntaxException {
        return getUriBuilder().path("secure/attachmentzip/unzip/" + i + "/" + i2 + "%5B" + i3 + "%5D/").build(new Object[0]);
    }

    private URI zipAllAttachmentsUri() throws URISyntaxException {
        return getUriBuilder().path("secure/attachmentzip/10001.zip").build(new Object[0]);
    }

    private UriBuilder getUriBuilder() throws URISyntaxException {
        return UriBuilder.fromUri(this.environmentData.getBaseUrl().toURI());
    }

    private BasicCredentialsProvider createCredentialsProvider(HttpHost httpHost, String str, String str2) {
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(new AuthScope(httpHost.getHostName(), httpHost.getPort()), new UsernamePasswordCredentials(str, str2));
        return basicCredentialsProvider;
    }
}
