package com.atlassian.jira.functest.framework.security.xsrf;

import com.atlassian.jira.functest.framework.Form;
import com.atlassian.jira.functest.framework.Navigation;
import com.atlassian.jira.functest.framework.locator.CssLocator;
import com.atlassian.jira.functest.framework.locator.XPathLocator;
import com.atlassian.jira.testkit.client.log.FuncTestLogger;
import com.atlassian.jira.testkit.client.log.FuncTestLoggerImpl;
import com.atlassian.jira.util.dbc.Assertions;
import com.meterware.httpunit.SubmitButton;
import com.meterware.httpunit.WebClient;
import com.meterware.httpunit.WebForm;
import com.meterware.httpunit.WebLink;
import com.meterware.httpunit.WebRequest;
import com.meterware.httpunit.WebResponse;
import java.io.IOException;
import java.util.Objects;
import java.util.function.Supplier;
import net.sourceforge.jwebunit.WebTester;
import org.assertj.core.api.Fail;
import org.w3c.dom.Attr;
import org.w3c.dom.Node;

/* loaded from: input_file:com/atlassian/jira/functest/framework/security/xsrf/XsrfCheck.class */
public class XsrfCheck {
    public static final String ATL_TOKEN = "atl_token";
    public static final String XSRF_DEFAULT_ERROR = "SecurityTokenMissing";
    public static final String CODE_403_DEFAULT_ERROR = "HTTPError403";
    private final String description;
    private final Setup setup;
    private final Submission submission;
    private Navigation navigation;
    private WebTester tester;
    private Form form;
    private boolean initCalled = false;
    private final FuncTestLogger logger = new FuncTestLoggerImpl(2);

    /* loaded from: input_file:com/atlassian/jira/functest/framework/security/xsrf/XsrfCheck$AbstractFormSubmission.class */
    public static abstract class AbstractFormSubmission extends BaseSubmission implements Submission {
        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.Submission
        public void removeToken() {
            for (WebForm webForm : getForm().getForms()) {
                if (webForm.hasParameterNamed("atl_token")) {
                    webForm.getScriptableObject().setParameterValue("atl_token", "invalidToken");
                }
                webForm.getScriptableObject().setAction(XsrfCheck.invalidTokenInUrl(webForm.getAction()));
            }
        }

        protected abstract SubmitButton getButton();

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.Submission
        public WebResponse submitRequest(String str) {
            WebRequest request = super.getTester().getDialog().getForm().getRequest(getButton());
            WebClient webClient = super.getTester().getTestContext().getWebClient();
            request.setHeaderField("Referer", str);
            try {
                return webClient.sendRequest(request);
            } catch (Exception e) {
                Fail.fail(String.format("Exception thrown: %s", e.getMessage()));
                return null;
            }
        }

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.BaseSubmission, com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.Submission
        public /* bridge */ /* synthetic */ void init(WebTester webTester, Navigation navigation, Form form) {
            super.init(webTester, navigation, form);
        }
    }

    /* loaded from: input_file:com/atlassian/jira/functest/framework/security/xsrf/XsrfCheck$AbstractLinkSubmission.class */
    public static abstract class AbstractLinkSubmission extends BaseSubmission implements Submission {
        private String urlToSubmit;

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.BaseSubmission, com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.Submission
        public void init(WebTester webTester, Navigation navigation, Form form) {
            super.init(webTester, navigation, form);
            resetReferer();
        }

        public abstract String getLink() throws Exception;

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.Submission
        public void removeToken() throws Exception {
            this.urlToSubmit = XsrfCheck.invalidTokenInUrl(getLink());
        }

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.Submission
        public void submitRequest() throws Exception {
            super.getTester().gotoPage(this.urlToSubmit);
            this.urlToSubmit = getLink();
        }

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.Submission
        public WebResponse submitRequest(String str) throws Exception {
            setReferer(str);
            submitRequest();
            resetReferer();
            return super.getTester().getDialog().getResponse();
        }

        private void setReferer(String str) {
            super.getTester().getTestContext().getWebClient().setHeaderField("Referer", str);
        }

        private void resetReferer() {
            setReferer(super.getTester().getTestContext().getBaseUrl());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/atlassian/jira/functest/framework/security/xsrf/XsrfCheck$BaseSubmission.class */
    public static abstract class BaseSubmission implements Submission {
        private WebTester tester;
        private Navigation navigation;
        private Form form;

        BaseSubmission() {
        }

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.Submission
        public void init(WebTester webTester, Navigation navigation, Form form) {
            this.tester = webTester;
            this.navigation = navigation;
            this.form = form;
        }

        WebTester getTester() {
            return this.tester;
        }

        Navigation getNavigation() {
            return this.navigation;
        }

        Form getForm() {
            return this.form;
        }
    }

    /* loaded from: input_file:com/atlassian/jira/functest/framework/security/xsrf/XsrfCheck$CssLocatorLinkSubmission.class */
    public static class CssLocatorLinkSubmission extends AbstractLinkSubmission {
        private final int index;
        private final String cssExpression;
        private String originalUrl;

        public CssLocatorLinkSubmission(String str, int i) {
            this.cssExpression = str;
            this.index = i;
        }

        public CssLocatorLinkSubmission(String str) {
            this(str, 0);
        }

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.AbstractLinkSubmission
        public String getLink() throws Exception {
            if (this.originalUrl == null) {
                Node[] nodes = new CssLocator(super.getTester(), this.cssExpression).getNodes();
                if (this.index >= nodes.length) {
                    Fail.fail(String.format("Unable to find link %d at '%s'.", Integer.valueOf(this.index), this.cssExpression));
                }
                this.originalUrl = ((Attr) nodes[this.index].getAttributes().getNamedItem("href")).getValue();
            }
            return this.originalUrl;
        }
    }

    /* loaded from: input_file:com/atlassian/jira/functest/framework/security/xsrf/XsrfCheck$FormSubmission.class */
    public static class FormSubmission extends AbstractFormSubmission {
        private final String submitName;

        public FormSubmission(String str) {
            this.submitName = str;
        }

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.Submission
        public void submitRequest() {
            super.getTester().submit(this.submitName);
        }

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.AbstractFormSubmission
        protected SubmitButton getButton() {
            WebTester tester = super.getTester();
            tester.assertSubmitButtonPresent(this.submitName);
            return tester.getDialog().getSubmitButton(this.submitName);
        }
    }

    /* loaded from: input_file:com/atlassian/jira/functest/framework/security/xsrf/XsrfCheck$FormSubmissionWithId.class */
    public static class FormSubmissionWithId extends AbstractFormSubmission {
        private final String submitId;

        public FormSubmissionWithId(String str) {
            this.submitId = str;
        }

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.Submission
        public void submitRequest() {
            super.getTester().clickButton(this.submitId);
        }

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.AbstractFormSubmission
        protected SubmitButton getButton() {
            WebTester tester = super.getTester();
            tester.assertButtonPresent(this.submitId);
            return tester.getDialog().getForm().getSubmitButtonWithID(this.submitId);
        }
    }

    /* loaded from: input_file:com/atlassian/jira/functest/framework/security/xsrf/XsrfCheck$LinkWithIdSubmission.class */
    public static class LinkWithIdSubmission extends AbstractLinkSubmission {
        private final String linkId;
        private String originalUrl;

        public LinkWithIdSubmission(String str) {
            this.linkId = str;
        }

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.AbstractLinkSubmission
        public String getLink() throws Exception {
            if (this.originalUrl == null) {
                WebLink linkWithID = super.getTester().getDialog().getResponse().getLinkWithID(this.linkId);
                Assertions.notNull("link", linkWithID);
                this.originalUrl = linkWithID.getURLString();
            }
            return this.originalUrl;
        }
    }

    /* loaded from: input_file:com/atlassian/jira/functest/framework/security/xsrf/XsrfCheck$LinkWithTextSubmission.class */
    public static class LinkWithTextSubmission extends AbstractLinkSubmission {
        private final String linkText;
        private String originalUrl;

        public LinkWithTextSubmission(String str) {
            this.linkText = str;
        }

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.AbstractLinkSubmission
        public String getLink() throws Exception {
            if (this.originalUrl == null) {
                WebLink linkWith = super.getTester().getDialog().getResponse().getLinkWith(this.linkText);
                Assertions.notNull("link", linkWith);
                this.originalUrl = linkWith.getURLString();
            }
            return this.originalUrl;
        }
    }

    /* loaded from: input_file:com/atlassian/jira/functest/framework/security/xsrf/XsrfCheck$Setup.class */
    public interface Setup {

        /* loaded from: input_file:com/atlassian/jira/functest/framework/security/xsrf/XsrfCheck$Setup$None.class */
        public static final class None implements Setup {
            @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.Setup
            public void setup() {
            }
        }

        void setup();
    }

    /* loaded from: input_file:com/atlassian/jira/functest/framework/security/xsrf/XsrfCheck$Submission.class */
    public interface Submission {
        void init(WebTester webTester, Navigation navigation, Form form);

        void removeToken() throws Exception;

        void submitRequest() throws Exception;

        WebResponse submitRequest(String str) throws Exception;
    }

    /* loaded from: input_file:com/atlassian/jira/functest/framework/security/xsrf/XsrfCheck$SuppliedLinkSubmission.class */
    public static class SuppliedLinkSubmission extends AbstractLinkSubmission {
        private String originalUrl;
        private Supplier<String> urlSupplier;

        public SuppliedLinkSubmission(Supplier<String> supplier) {
            this.urlSupplier = (Supplier) Objects.requireNonNull(supplier);
        }

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.AbstractLinkSubmission
        public String getLink() throws Exception {
            if (this.originalUrl == null) {
                this.originalUrl = (String) Objects.requireNonNull(this.urlSupplier.get());
            }
            return this.originalUrl;
        }
    }

    /* loaded from: input_file:com/atlassian/jira/functest/framework/security/xsrf/XsrfCheck$XPathLinkSubmission.class */
    public static class XPathLinkSubmission extends AbstractLinkSubmission {
        private final String xPathExpression;
        private String originalUrl;

        public XPathLinkSubmission(String str) {
            this.xPathExpression = str;
        }

        @Override // com.atlassian.jira.functest.framework.security.xsrf.XsrfCheck.AbstractLinkSubmission
        public String getLink() throws Exception {
            if (this.originalUrl == null) {
                Node node = new XPathLocator(super.getTester(), this.xPathExpression).getNode();
                Assertions.notNull("node not found for xPathExpression [" + this.xPathExpression + "]", node);
                this.originalUrl = ((Attr) node.getAttributes().getNamedItem("href")).getValue();
            }
            return this.originalUrl;
        }
    }

    public XsrfCheck(String str, Setup setup, Submission submission) {
        this.description = str;
        this.setup = setup;
        this.submission = submission;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void init(WebTester webTester, Navigation navigation, Form form) {
        this.tester = webTester;
        this.navigation = navigation;
        this.form = form;
        this.submission.init(webTester, navigation, form);
        this.initCalled = true;
    }

    public void run() throws Exception {
        run(XSRF_DEFAULT_ERROR, CODE_403_DEFAULT_ERROR);
    }

    public void run(String str, String str2) throws Exception {
        if (!this.initCalled) {
            throw new IllegalStateException("init() must be called before running the check!");
        }
        this.logger.log("STARTING: " + this.description);
        setupStep();
        this.logger.log("\t SUBMITTING DODGY TOKEN");
        this.submission.removeToken();
        this.submission.submitRequest();
        getTester().assertTextPresent(str);
        getTester().assertTextNotPresent(str2);
        setupStep();
        this.logger.log("\t SUBMITTING DODGY TOKEN FROM INVALID ORIGIN");
        this.submission.removeToken();
        WebResponse submitRequest = this.submission.submitRequest("http://example.com");
        org.assertj.core.api.Assertions.assertThat(submitRequest.getResponseCode()).isEqualTo(403);
        org.assertj.core.api.Assertions.assertThat(isTextInResponse(submitRequest, str)).overridingErrorMessage("Text found in response when not expected: [" + str + "]", new Object[0]).isFalse();
        org.assertj.core.api.Assertions.assertThat(isTextInResponse(submitRequest, str2)).overridingErrorMessage("Expected text not found in response: [" + str2 + "]", new Object[0]).isTrue();
        setupStep();
        this.logger.log("\t SUBMITTING VALID TOKEN");
        this.submission.submitRequest();
        getTester().assertTextNotPresent(str);
        getTester().assertTextNotPresent(str2);
        this.logger.log("COMPLETED: " + this.description);
    }

    private void setupStep() {
        this.logger.log("\t SETUP");
        getTester().gotoPage("");
        this.setup.setup();
    }

    private WebTester getTester() {
        return this.tester;
    }

    private Navigation getNavigation() {
        return this.navigation;
    }

    private Form getForm() {
        return this.form;
    }

    private boolean isTextInResponse(WebResponse webResponse, String str) throws IOException {
        return webResponse.getText().indexOf(str) >= 0;
    }

    public static String invalidTokenInUrl(String str) {
        int indexOf = str.indexOf("atl_token");
        if (indexOf == -1) {
            return str;
        }
        StringBuilder sb = new StringBuilder(str);
        sb.insert(indexOf + "atl_token".length() + 1, "invalidToken");
        return sb.toString();
    }
}
