package com.ibm.ws.security.javaeesec.fat;

import com.ibm.ws.security.javaeesec.fat_helper.JavaEESecTestBase;
import com.ibm.ws.security.javaeesec.fat_helper.ServerHelper;
import com.ibm.ws.security.javaeesec.fat_helper.WCApplicationHelper;
import com.ibm.ws.webcontainer.security.test.servlets.SSLHelper;
import componenttest.annotation.MinimumJavaLevel;
import componenttest.custom.junit.runner.FATRunner;
import componenttest.custom.junit.runner.Mode;
import componenttest.topology.impl.LibertyServer;
import componenttest.topology.impl.LibertyServerFactory;
import java.io.IOException;
import org.apache.http.HttpResponse;
import org.apache.http.impl.client.DefaultHttpClient;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TestName;
import org.junit.runner.RunWith;

@MinimumJavaLevel(javaLevel = 8)
@RunWith(FATRunner.class)
@Mode(Mode.TestMode.LITE)
/* loaded from: input_file:com/ibm/ws/security/javaeesec/fat/RememberMeTest.class */
public class RememberMeTest extends JavaEESecTestBase {
    private static final String REMEMBERME_COOKIE_NAME = "JREMEMBERMEID";
    protected String queryString;
    protected static String urlHttp;
    protected static String urlHttps;
    protected DefaultHttpClient httpclient;

    @Rule
    public TestName name;
    protected static Class<?> logClass = RememberMeTest.class;
    protected static LibertyServer myServer = LibertyServerFactory.getLibertyServer("com.ibm.ws.security.javaeesec.fat");
    protected static String[] warList = {"JavaEESec.war"};
    protected static String JAR_NAME = "JavaEESecBase.jar";

    public RememberMeTest() {
        super(myServer, logClass);
        this.queryString = "/JavaEESec/CommonServlet";
        this.name = new TestName();
    }

    @BeforeClass
    public static void setUpBeforeClass() throws Exception {
        WCApplicationHelper.addWarToServerApps(myServer, "JavaEESec.war", true, JAR_NAME, false, "web.jar.base", "web.war.servlets", "web.war.mechanisms", "web.war.mechanisms.rememberme", "web.war.identitystores", "web.war.identitystores.scoped.application", "web.war.identitystores.rememberme");
        WCApplicationHelper.addWarToServerApps(myServer, "SecureOnlyFalseHttpOnlyFalseRememberMe.war", true, JAR_NAME, false, "web.jar.base", "web.war.servlets", "web.war.mechanisms", "web.war.mechanisms.rememberme.secureonlyfalse", "web.war.identitystores", "web.war.identitystores.scoped.application", "web.war.identitystores.rememberme");
        WCApplicationHelper.addWarToServerApps(myServer, "UnprotectedRememberMe.war", true, JAR_NAME, false, "web.jar.base", "web.war.servlets.unprotected.rememberme", "web.war.mechanisms", "web.war.mechanisms.rememberme", "web.war.identitystores", "web.war.identitystores.scoped.application", "web.war.identitystores.rememberme");
        myServer.setServerConfigurationFile("rememberMe.xml");
        myServer.startServer(true);
        myServer.addInstalledAppForValidation("JavaEESec");
        myServer.addInstalledAppForValidation("SecureOnlyFalseHttpOnlyFalseRememberMe");
        myServer.addInstalledAppForValidation("UnprotectedRememberMe");
        urlHttp = "http://" + myServer.getHostname() + ":" + myServer.getHttpDefaultPort();
        urlHttps = "https://" + myServer.getHostname() + ":" + myServer.getHttpDefaultSecurePort();
    }

    @AfterClass
    public static void tearDownAfterClass() throws Exception {
        ServerHelper.commonStopServer(myServer);
    }

    @Before
    public void setUp() {
        this.httpclient = new DefaultHttpClient();
        SSLHelper.establishSSLContext(this.httpclient, 0, myServer, (String) null, (String) null, (String) null, (String) null, (String) null);
    }

    @After
    public void tearDown() {
        this.httpclient.getConnectionManager().shutdown();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.ws.security.javaeesec.fat_helper.JavaEESecTestBase
    public String getCurrentTestName() {
        return this.name.getMethodName();
    }

    @Test
    public void testRememberMe() throws Exception {
        assertRememberMeCookie(driveRememerMeFlow(urlHttps + this.queryString), true, true);
        verifyUserResponse(redriveFlowWithRememberMeCookieOnly(urlHttps + this.queryString, 200), "getUserPrincipal().getName(): jaspiuser1", "getRemoteUser: jaspiuser1");
    }

    @Test
    public void testRememberMeCookieIsReceivedButNotSentBackForHttpWhenUsingCookieSecureOnly() throws Exception {
        assertRememberMeCookie(driveRememerMeFlow(urlHttp + this.queryString), true, true);
        redriveFlowWithRememberMeCookieOnly(urlHttp + this.queryString, 401);
    }

    @Test
    public void testRememberMeWithCookieSecureOnlyFalseHttpOnlyFalse() throws Exception {
        assertRememberMeCookie(driveRememerMeFlow(urlHttp + "/SecureOnlyFalseHttpOnlyFalseRememberMe/CommonServlet"), false, false);
        redriveFlowWithRememberMeCookieOnly(urlHttp + "/SecureOnlyFalseHttpOnlyFalseRememberMe/CommonServlet", 200);
    }

    @Test
    public void testRememberMeWithSecurityContextAuthenticate() throws Exception {
        HttpResponse executeGetRequestNoAuthCreds = executeGetRequestNoAuthCreds(this.httpclient, urlHttps + "/UnprotectedRememberMe/UnprotectedServlet?rememberMe=true");
        mustContain(processResponse(executeGetRequestNoAuthCreds, 200), "SecurityContext authenticate AuthenticationStatus: SUCCESS");
        assertRememberMeCookie(getCookieHeader(executeGetRequestNoAuthCreds, REMEMBERME_COOKIE_NAME).toString(), true, true);
    }

    @Test
    public void testRememberMeWithSecurityContextAuthenticateAndRememberMeFalse() throws Exception {
        HttpResponse executeGetRequestNoAuthCreds = executeGetRequestNoAuthCreds(this.httpclient, urlHttps + "/UnprotectedRememberMe/UnprotectedServlet?rememberMe=false");
        mustContain(processResponse(executeGetRequestNoAuthCreds, 200), "SecurityContext authenticate AuthenticationStatus: SUCCESS");
        validateNoCookie(executeGetRequestNoAuthCreds, REMEMBERME_COOKIE_NAME);
    }

    private String driveRememerMeFlow(String str) throws Exception, IOException {
        HttpResponse executeGetRequestBasicAuthCreds = executeGetRequestBasicAuthCreds(this.httpclient, str, "jaspiuser1", "s3cur1ty");
        verifyUserResponse(processResponse(executeGetRequestBasicAuthCreds, 200), "getUserPrincipal().getName(): jaspiuser1", "getRemoteUser: jaspiuser1");
        return getCookieHeader(executeGetRequestBasicAuthCreds, REMEMBERME_COOKIE_NAME).toString();
    }

    private void assertRememberMeCookie(String str, boolean z, boolean z2) {
        Assert.assertTrue("The Expires parameter must be set.", str.contains("Expires="));
        Assert.assertTrue("The Path parameter must be set.", str.contains("Path=/"));
        Assert.assertEquals("The Secure parameter must" + (z ? "" : " not be set."), Boolean.valueOf(z), Boolean.valueOf(str.contains("Secure")));
        Assert.assertEquals("The HttpOnly parameter must" + (z2 ? "" : " not be set."), Boolean.valueOf(z2), Boolean.valueOf(str.contains("HttpOnly")));
    }

    private String redriveFlowWithRememberMeCookieOnly(String str, int i) throws Exception {
        this.httpclient.getCredentialsProvider().clear();
        return executeGetRequestNoAuthCreds(this.httpclient, str, i);
    }
}
