package org.nuxeo.ecm.tokenauth;

import java.io.IOException;
import java.net.URI;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.util.URIUtil;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.nuxeo.ecm.tokenauth.service.TokenAuthenticationService;
import org.nuxeo.runtime.api.Framework;
import org.nuxeo.runtime.test.runner.Features;
import org.nuxeo.runtime.test.runner.FeaturesRunner;
import org.nuxeo.runtime.transaction.TransactionHelper;

@RunWith(FeaturesRunner.class)
@Features({TokenAuthenticationJettyFeature.class})
/* loaded from: input_file:org/nuxeo/ecm/tokenauth/TestTokenAuthenticationServlet.class */
public class TestTokenAuthenticationServlet {
    protected void nextTransaction() {
        TransactionHelper.commitOrRollbackTransaction();
        TransactionHelper.startTransaction();
    }

    @Test
    public void testServlet() throws Exception {
        HttpClient httpClient = new HttpClient();
        HttpMethod httpMethod = null;
        try {
            Assert.assertEquals(404L, executeGetMethod(httpClient, new GetMethod("http://localhost:18080/authentication/token?applicationName=myFavoriteApp&deviceId=dead-beaf-cafe-babe&permission=rw"), "Administrator", "badPassword"));
            Assert.assertEquals(400L, executeGetMethod(httpClient, new GetMethod("http://localhost:18080/authentication/token?applicationName=myFavoriteApp"), "Administrator", "Administrator"));
            Assert.assertEquals(400L, executeGetMethod(httpClient, new GetMethod("http://localhost:18080/authentication/token?applicationName=myFavoriteApp&revoke=true"), "Administrator", "Administrator"));
            GetMethod getMethod = new GetMethod(new URI("http", null, "localhost", 18080, "/authentication/token", URIUtil.encodeQuery("applicationName=Nuxeo Drive&deviceId=dead-beaf-cafe-babe&permission=rw"), null).toString());
            Assert.assertEquals(201L, executeGetMethod(httpClient, getMethod, "Administrator", "Administrator"));
            String responseBodyAsString = getMethod.getResponseBodyAsString();
            Assert.assertNotNull(responseBodyAsString);
            Assert.assertNotNull(getTokenAuthenticationService().getUserName(responseBodyAsString));
            Assert.assertEquals(1L, getTokenAuthenticationService().getTokenBindings("Administrator").size());
            Assert.assertEquals(201L, httpClient.executeMethod(getMethod));
            Assert.assertEquals(responseBodyAsString, getMethod.getResponseBodyAsString());
            GetMethod getMethod2 = new GetMethod("http://localhost:18080/authentication/token?applicationName=nonExistingApp&deviceId=dead-beaf-cafe-babe&revoke=true");
            Assert.assertEquals(400L, executeGetMethod(httpClient, getMethod2, "Administrator", "Administrator"));
            Assert.assertEquals(String.format("No token found for userName %s, applicationName %s and deviceId %s; nothing to do.", "Administrator", "nonExistingApp", "dead-beaf-cafe-babe"), getMethod2.getResponseBodyAsString());
            httpMethod = new GetMethod(new URI("http", null, "localhost", 18080, "/authentication/token", URIUtil.encodeQuery("applicationName=Nuxeo Drive&deviceId=dead-beaf-cafe-babe&revoke=true"), null).toString());
            Assert.assertEquals(202L, executeGetMethod(httpClient, httpMethod, "Administrator", "Administrator"));
            Assert.assertEquals(String.format("Token revoked for userName %s, applicationName %s and deviceId %s.", "Administrator", "Nuxeo Drive", "dead-beaf-cafe-babe"), httpMethod.getResponseBodyAsString());
            nextTransaction();
            Assert.assertNull(getTokenAuthenticationService().getUserName(responseBodyAsString));
            Assert.assertTrue(getTokenAuthenticationService().getTokenBindings("Administrator").isEmpty());
            httpMethod.releaseConnection();
        } catch (Throwable th) {
            httpMethod.releaseConnection();
            throw th;
        }
    }

    protected final int executeGetMethod(HttpClient httpClient, HttpMethod httpMethod, String str, String str2) throws HttpException, IOException {
        httpMethod.setRequestHeader("Authorization", "Basic " + new String(Base64.encodeBase64((str + ":" + str2).getBytes())));
        return httpClient.executeMethod(httpMethod);
    }

    protected TokenAuthenticationService getTokenAuthenticationService() {
        return (TokenAuthenticationService) Framework.getLocalService(TokenAuthenticationService.class);
    }
}
