package com.atlassian.jira.webtests.ztests.admin.trustedapps;

import com.atlassian.jira.functest.framework.Administration;
import com.atlassian.jira.functest.framework.BaseJiraFuncTest;
import com.atlassian.jira.functest.framework.FunctTestConstants;
import com.atlassian.jira.functest.framework.LoginAs;
import com.atlassian.jira.functest.framework.suite.Category;
import com.atlassian.jira.functest.framework.suite.WebTest;
import com.meterware.httpunit.GetMethodWebRequest;
import com.meterware.httpunit.WebResponse;
import java.io.File;
import java.io.StringWriter;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.inject.Inject;
import org.apache.commons.codec.binary.Base64;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.xml.sax.SAXException;

@LoginAs(user = "admin")
@WebTest({Category.FUNC_TEST, Category.ADMINISTRATION, Category.BROWSING})
/* loaded from: input_file:com/atlassian/jira/webtests/ztests/admin/trustedapps/TestTrustedApplicationClientVersion1.class */
public class TestTrustedApplicationClientVersion1 extends BaseJiraFuncTest {
    private static final String ID = "TestTrustedApplicationClient.id";
    private static final String REQUEST_STRING = "/sr/jira.issueviews:searchrequest-rss/temp/SearchRequest.xml";

    @Inject
    private Administration administration;

    /* loaded from: input_file:com/atlassian/jira/webtests/ztests/admin/trustedapps/TestTrustedApplicationClientVersion1$Status.class */
    private static final class Status {
        static final String ERROR = "ERROR";
        static final String OK = "OK";

        private Status() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/jira/webtests/ztests/admin/trustedapps/TestTrustedApplicationClientVersion1$Token.class */
    public static class Token {
        final PrivateKey privateKey;
        final PublicKey publicKey;
        final SecretKey secretKey;
        String unencoded;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:com/atlassian/jira/webtests/ztests/admin/trustedapps/TestTrustedApplicationClientVersion1$Token$KeyData.class */
        public static final class KeyData {
            private static final String PUBLIC_KEY = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCySptbugHAzWUJY3ALWhuSCPhVXnwbUBfsRExYQitBCVny4V1DcU2SAx22bH9dSM0X7NdMObF74r+Wd77QoPAtaySqFLqCeRCbFmhHgVSi+pGeCipTpueefSkz2AX8Aj+9x27tqjBsX1LtNWVLDsinEhBWN68R+iEOmf/6jGWObQIDAQAB";
            private static final String PRIVATE_KEY = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALJKm1u6AcDNZQljcAtaG5II+FVefBtQF+xETFhCK0EJWfLhXUNxTZIDHbZsf11IzRfs10w5sXviv5Z3vtCg8C1rJKoUuoJ5EJsWaEeBVKL6kZ4KKlOm5559KTPYBfwCP73Hbu2qMGxfUu01ZUsOyKcSEFY3rxH6IQ6Z//qMZY5tAgMBAAECgYB4QXJAkFmWXfOEPZnZTlHCUmKN0kkLcx5vsjF8ZkUefNw6wl9Rmh6kGY30+YF+vhf3xzwAoflggjSPnP0LY0Ibf0XxMcNjR1zBsl9X7gKfXghIunS6gbcwrEwBNc5GR4zkYjYaZQ4zVvm3oMS2glV9NlXAUl41VL2XAQC/ENwbUQJBAOdoAz4hZGgke9AxoKLZh215gY+PLXqVLlWf14Ypk70Efk/bVvF10EsAOuAm9queCyr0qNf/vgHrm4HHXwJz4SsCQQDFPXir5qs+Kf2Y0KQ+WO5IRaNmrOlNvWDqJP/tDGfF/TYo6nSI0dGtWNfwZyDB47PbUq3zxCHYjExBJ9vQNZLHAkEA4JlCtHYCl1X52jug1w7c9DN/vc/Q626J909aB3ypSUdoNagFPf0EexcxDcijmDSgUEQA8Qzm5cRBPfg9Tgsc2wJBAIKbiv2hmEFowtHfTvMuJlNbMbF6zF67CaLib0oEDe+QFb4QSqyS69py20MItytM4btYy3GArbzcYl4+y5La9t8CQE2BkMV3MLcpAKjxtK5SYwCyLT591k35isGxmIlSQBQbDmGP9L5ZeXmVGVxRCGbBQjCzeoafPvUZo65kaRQHUJc=";
            private static final String ALGORITHM = "RSA";
            private static final String BOUNCY_CASTLE_PROVIDER = "BC";
            private static final String STREAM_CIPHER = "RC4";
            private static final String ASYM_CIPHER = "RSA/NONE/NoPadding";
            private static final String CHARSET_NAME = "UTF-8";
            private static final String MAGIC_NUMBER = String.valueOf(-1159983122);

            private KeyData() {
            }
        }

        /* loaded from: input_file:com/atlassian/jira/webtests/ztests/admin/trustedapps/TestTrustedApplicationClientVersion1$Token$SecretKeyGenerator.class */
        class SecretKeyGenerator {
            SecretKeyGenerator() {
            }

            SecretKey generateKey() {
                SecretKey generateSecretKey = generateSecretKey();
                while (true) {
                    SecretKey secretKey = generateSecretKey;
                    if (isValid(secretKey)) {
                        return secretKey;
                    }
                    generateSecretKey = generateSecretKey();
                }
            }

            private boolean isValid(SecretKey secretKey) {
                byte[] encoded = secretKey.getEncoded();
                return encoded.length == 16 && encoded[0] != 0;
            }

            private SecretKey generateSecretKey() {
                try {
                    return KeyGenerator.getInstance("RC4", "BC").generateKey();
                } catch (NoSuchAlgorithmException e) {
                    throw new RuntimeException(e);
                } catch (NoSuchProviderException e2) {
                    throw new RuntimeException(e2);
                }
            }
        }

        Token() {
            try {
                KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC");
                this.privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.decodeBase64("MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALJKm1u6AcDNZQljcAtaG5II+FVefBtQF+xETFhCK0EJWfLhXUNxTZIDHbZsf11IzRfs10w5sXviv5Z3vtCg8C1rJKoUuoJ5EJsWaEeBVKL6kZ4KKlOm5559KTPYBfwCP73Hbu2qMGxfUu01ZUsOyKcSEFY3rxH6IQ6Z//qMZY5tAgMBAAECgYB4QXJAkFmWXfOEPZnZTlHCUmKN0kkLcx5vsjF8ZkUefNw6wl9Rmh6kGY30+YF+vhf3xzwAoflggjSPnP0LY0Ibf0XxMcNjR1zBsl9X7gKfXghIunS6gbcwrEwBNc5GR4zkYjYaZQ4zVvm3oMS2glV9NlXAUl41VL2XAQC/ENwbUQJBAOdoAz4hZGgke9AxoKLZh215gY+PLXqVLlWf14Ypk70Efk/bVvF10EsAOuAm9queCyr0qNf/vgHrm4HHXwJz4SsCQQDFPXir5qs+Kf2Y0KQ+WO5IRaNmrOlNvWDqJP/tDGfF/TYo6nSI0dGtWNfwZyDB47PbUq3zxCHYjExBJ9vQNZLHAkEA4JlCtHYCl1X52jug1w7c9DN/vc/Q626J909aB3ypSUdoNagFPf0EexcxDcijmDSgUEQA8Qzm5cRBPfg9Tgsc2wJBAIKbiv2hmEFowtHfTvMuJlNbMbF6zF67CaLib0oEDe+QFb4QSqyS69py20MItytM4btYy3GArbzcYl4+y5La9t8CQE2BkMV3MLcpAKjxtK5SYwCyLT591k35isGxmIlSQBQbDmGP9L5ZeXmVGVxRCGbBQjCzeoafPvUZo65kaRQHUJc=".getBytes())));
                this.publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(Base64.decodeBase64("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCySptbugHAzWUJY3ALWhuSCPhVXnwbUBfsRExYQitBCVny4V1DcU2SAx22bH9dSM0X7NdMObF74r+Wd77QoPAtaySqFLqCeRCbFmhHgVSi+pGeCipTpueefSkz2AX8Aj+9x27tqjBsX1LtNWVLDsinEhBWN68R+iEOmf/6jGWObQIDAQAB".getBytes())));
                this.secretKey = new SecretKeyGenerator().generateKey();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }

        String getSecretKey() {
            return encrypt(this.secretKey.getEncoded());
        }

        private String encrypt(byte[] bArr) {
            try {
                Cipher cipher = Cipher.getInstance("RSA/NONE/NoPadding", "BC");
                cipher.init(1, this.privateKey);
                return new String(Base64.encodeBase64(cipher.doFinal(bArr)));
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }

        String getCert(String str) {
            try {
                Cipher cipher = Cipher.getInstance("RC4", "BC");
                cipher.init(1, this.secretKey);
                StringWriter stringWriter = new StringWriter();
                stringWriter.write(String.valueOf(System.currentTimeMillis()));
                stringWriter.write(10);
                stringWriter.write(str);
                stringWriter.write(10);
                stringWriter.write(KeyData.MAGIC_NUMBER);
                stringWriter.flush();
                this.unencoded = stringWriter.toString();
                return new String(Base64.encodeBase64(cipher.doFinal(this.unencoded.getBytes("UTF-8"))));
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }

        void populateRequest(String str, GetMethodWebRequest getMethodWebRequest) {
            getMethodWebRequest.setHeaderField("X-Seraph-Trusted-App-ID", TestTrustedApplicationClientVersion1.ID);
            getMethodWebRequest.setHeaderField("X-Seraph-Trusted-App-Key", getSecretKey());
            getMethodWebRequest.setHeaderField("X-Seraph-Trusted-App-Cert", getCert(str));
            getMethodWebRequest.setHeaderField(TrustedAppHeader.VERSION, String.valueOf(1));
            getMethodWebRequest.setHeaderField(TrustedAppHeader.MAGIC, encrypt(KeyData.MAGIC_NUMBER.getBytes()));
        }

        public String toString() {
            return this.unencoded;
        }
    }

    /* loaded from: input_file:com/atlassian/jira/webtests/ztests/admin/trustedapps/TestTrustedApplicationClientVersion1$TrustedAppHeader.class */
    private static final class TrustedAppHeader {
        public static final String VERSION = "X-Seraph-Trusted-App-Version";
        public static final String MAGIC = "X-Seraph-Trusted-App-Magic";
        static final String APP_ID = "X-Seraph-Trusted-App-ID";
        static final String CERTIFICATE = "X-Seraph-Trusted-App-Cert";
        static final String ERROR = "X-Seraph-Trusted-App-Error";
        static final String STATUS = "X-Seraph-Trusted-App-Status";
        static final String SECRET_KEY = "X-Seraph-Trusted-App-Key";

        private TrustedAppHeader() {
        }
    }

    @Before
    public void setUp() {
        this.administration.restoreData("TestTrustedAppsWithIssues.xml");
        this.navigation.gotoAdmin();
        this.tester.gotoPage("/secure/admin/trustedapps/ViewTrustedApplications.jspa");
        this.tester.setFormElement("trustedAppBaseUrl", new File(getEnvironmentData().getXMLDataLocation(), "/trustedapp/").toURI().toASCIIString());
        this.tester.submit("Send Request");
        this.tester.setWorkingForm(FunctTestConstants.JIRA_FORM_NAME);
        this.tester.setFormElement("name", "TestTrustedApplicationClient");
        this.tester.setFormElement("timeout", "500");
        this.tester.submit("Add");
        this.navigation.logout();
    }

    @Test
    public void testAll() throws Exception {
        _testClientNotLoggedIn();
        _testUnknownClientLoggedInFred();
        _testClientLoggedInUnknown();
        _testClientLoggedInFred();
        _testClientLoggedInAdmin();
        _testInvalidCertData();
        _testInvalidCertSecretKey();
        _testCertificateExpires();
        _testUrlNotMatched();
    }

    public void _testClientNotLoggedIn() throws Exception {
        this.navigation.logout();
        GetMethodWebRequest getMethodWebRequest = new GetMethodWebRequest(getEnvironmentData().getBaseUrl() + "/sr/jira.issueviews:searchrequest-rss/temp/SearchRequest.xml");
        new Token().populateRequest("nothing", getMethodWebRequest);
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getMethodWebRequest);
        assertResponseContainsError(sendRequest);
        assertResponseContainsNoItems(sendRequest);
        assertResponseContainsBadProtocolError(sendRequest);
    }

    public void _testClientLoggedInUnknown() throws Exception {
        this.navigation.logout();
        GetMethodWebRequest getMethodWebRequest = new GetMethodWebRequest(getEnvironmentData().getBaseUrl() + "/sr/jira.issueviews:searchrequest-rss/temp/SearchRequest.xml");
        new Token().populateRequest("unknown-user", getMethodWebRequest);
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getMethodWebRequest);
        assertResponseContainsError(sendRequest);
        assertResponseContainsNoItems(sendRequest);
        assertResponseContainsBadProtocolError(sendRequest);
    }

    public void _testClientLoggedInFred() throws Exception {
        this.navigation.logout();
        GetMethodWebRequest getMethodWebRequest = new GetMethodWebRequest(getEnvironmentData().getBaseUrl() + "/sr/jira.issueviews:searchrequest-rss/temp/SearchRequest.xml");
        new Token().populateRequest("FreD", getMethodWebRequest);
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getMethodWebRequest);
        assertResponseContainsError(sendRequest);
        assertResponseContainsNoItems(sendRequest);
        assertResponseContainsBadProtocolError(sendRequest);
    }

    public void _testClientLoggedInAdmin() throws Exception {
        this.navigation.logout();
        GetMethodWebRequest getMethodWebRequest = new GetMethodWebRequest(getEnvironmentData().getBaseUrl() + "/sr/jira.issueviews:searchrequest-rss/temp/SearchRequest.xml");
        new Token().populateRequest("aDmIn", getMethodWebRequest);
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getMethodWebRequest);
        assertResponseContainsError(sendRequest);
        assertResponseContainsNoItems(sendRequest);
        assertResponseContainsBadProtocolError(sendRequest);
        assertResponseContainsBadProtocolError(sendRequest);
    }

    public void _testUnknownClientLoggedInFred() throws Exception {
        this.navigation.logout();
        GetMethodWebRequest getMethodWebRequest = new GetMethodWebRequest(getEnvironmentData().getBaseUrl() + "/sr/jira.issueviews:searchrequest-rss/temp/SearchRequest.xml");
        new Token().populateRequest("fred", getMethodWebRequest);
        getMethodWebRequest.setHeaderField("X-Seraph-Trusted-App-ID", "TestTrustedApplicationClient.id.unknown");
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getMethodWebRequest);
        assertResponseContainsError(sendRequest);
        assertResponseContainsNoItems(sendRequest);
        assertResponseContainsBadProtocolError(sendRequest);
    }

    public void _testInvalidCertData() throws Exception {
        this.navigation.logout();
        GetMethodWebRequest getMethodWebRequest = new GetMethodWebRequest(getEnvironmentData().getBaseUrl() + "/sr/jira.issueviews:searchrequest-rss/temp/SearchRequest.xml");
        new Token().populateRequest("blah", getMethodWebRequest);
        getMethodWebRequest.setHeaderField("X-Seraph-Trusted-App-Cert", ID);
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getMethodWebRequest);
        assertResponseContainsError(sendRequest);
        assertResponseContainsNoItems(sendRequest);
        assertResponseContainsBadProtocolError(sendRequest);
    }

    public void _testInvalidCertSecretKey() throws Exception {
        this.navigation.logout();
        GetMethodWebRequest getMethodWebRequest = new GetMethodWebRequest(getEnvironmentData().getBaseUrl() + "/sr/jira.issueviews:searchrequest-rss/temp/SearchRequest.xml");
        new Token().populateRequest("fred", getMethodWebRequest);
        getMethodWebRequest.setHeaderField("X-Seraph-Trusted-App-Key", ID);
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getMethodWebRequest);
        assertResponseContainsError(sendRequest);
        assertResponseContainsNoItems(sendRequest);
        assertResponseContainsBadProtocolError(sendRequest);
    }

    public void _testCertificateExpires() throws Exception {
        this.navigation.logout();
        GetMethodWebRequest getMethodWebRequest = new GetMethodWebRequest(getEnvironmentData().getBaseUrl() + "/sr/jira.issueviews:searchrequest-rss/temp/SearchRequest.xml");
        new Token().populateRequest("fred", getMethodWebRequest);
        Thread.sleep(550L);
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getMethodWebRequest);
        assertResponseContainsError(sendRequest);
        assertResponseContainsNoItems(sendRequest);
        assertResponseContainsBadProtocolError(sendRequest);
    }

    public void _testUrlNotMatched() throws Exception {
        this.navigation.logout();
        GetMethodWebRequest getMethodWebRequest = new GetMethodWebRequest(getEnvironmentData().getBaseUrl() + "/browse/MKY-1");
        new Token().populateRequest("fred", getMethodWebRequest);
        WebResponse sendRequest = this.tester.getTestContext().getWebClient().sendRequest(getMethodWebRequest);
        Assert.assertTrue(sendRequest.getText(), sendRequest.getText().indexOf("You must log in to access this page.") >= 0);
    }

    private void assertResponseContainsError(WebResponse webResponse) {
        Assert.assertNotNull(webResponse);
        Assert.assertNotNull(webResponse.getHeaderField("X-Seraph-Trusted-App-Status"));
        Assert.assertEquals("ERROR", webResponse.getHeaderField("X-Seraph-Trusted-App-Status"));
        Assert.assertNotNull(webResponse.getHeaderField("X-Seraph-Trusted-App-Error"));
    }

    private void assertResponseContainsBadProtocolError(WebResponse webResponse) {
        Assert.assertEquals("BAD_PROTOCOL_VERSION; Unsupported protocol version: {0}. required {1}; [\"1\",\"2\"]", webResponse.getHeaderField("X-Seraph-Trusted-App-Error"));
    }

    private void assertResponseContainsNoItems(WebResponse webResponse) throws SAXException {
        Assert.assertNotNull(webResponse);
        Assert.assertEquals(0L, webResponse.getDOM().getElementsByTagName("item").getLength());
    }

    static {
        try {
            Security.addProvider((Provider) Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider").newInstance());
        } catch (ClassNotFoundException e) {
        } catch (IllegalAccessException e2) {
            throw new RuntimeException(e2);
        } catch (InstantiationException e3) {
            throw new RuntimeException(e3);
        }
    }
}
