package com.ibm.ws.security.javaeesec.fat;

import com.ibm.ws.security.javaeesec.fat_helper.Constants;
import com.ibm.ws.security.javaeesec.fat_helper.JavaEESecTestBase;
import com.ibm.ws.security.javaeesec.fat_helper.ServerHelper;
import com.ibm.ws.security.javaeesec.fat_helper.WCApplicationHelper;
import com.ibm.ws.webcontainer.security.test.servlets.SSLHelper;
import componenttest.annotation.AllowedFFDC;
import componenttest.annotation.MinimumJavaLevel;
import componenttest.custom.junit.runner.FATRunner;
import componenttest.custom.junit.runner.Mode;
import componenttest.topology.impl.LibertyServer;
import componenttest.topology.impl.LibertyServerFactory;
import java.io.IOException;
import org.apache.http.HttpResponse;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.params.BasicHttpParams;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TestName;
import org.junit.runner.RunWith;

@MinimumJavaLevel(javaLevel = 8)
@RunWith(FATRunner.class)
@Mode(Mode.TestMode.FULL)
/* loaded from: input_file:com/ibm/ws/security/javaeesec/fat/BasicAuthenticationMechanismTest.class */
public class BasicAuthenticationMechanismTest extends JavaEESecTestBase {
    private static final String COOKIE_NAME = "LtpaToken2";
    private static final String JAR_NAME = "JavaEESecBase.jar";
    private static final String queryString = "/JavaEESecBasicAuthServlet/JavaEESecBasic";
    private static LibertyServer myServer = LibertyServerFactory.getLibertyServer("com.ibm.ws.security.javaeesec.fat");
    private static Class<?> logClass = BasicAuthenticationMechanismTest.class;
    private static String urlHttp;
    private static String urlHttps;
    private DefaultHttpClient httpclient;

    @Rule
    public TestName name;

    public BasicAuthenticationMechanismTest() {
        super(myServer, logClass);
        this.name = new TestName();
    }

    @BeforeClass
    public static void setUpBeforeClass() throws Exception {
        ServerHelper.setupldapServer();
        WCApplicationHelper.addWarToServerApps(myServer, "JavaEESecBasicAuthServlet.war", true, JAR_NAME, false, "web.jar.base", "web.war.basic");
        WCApplicationHelper.addWarToServerApps(myServer, "JavaEESecAnnotatedBasicAuthServlet.war", true, JAR_NAME, false, "web.jar.base", "web.war.annotatedbasic", "web.war.identitystores.ldap");
        WCApplicationHelper.addWarToServerApps(myServer, "JavaEEsecFormAuth.war", true, JAR_NAME, false, "web.jar.base", "web.war.formlogin");
        WCApplicationHelper.addWarToServerApps(myServer, "JavaEEsecFormAuthRedirect.war", true, JAR_NAME, false, "web.jar.base", "web.war.redirectformlogin", "web.war.identitystores.ldap");
        myServer.startServer(true);
        urlHttp = "http://" + myServer.getHostname() + ":" + myServer.getHttpDefaultPort();
        urlHttps = "https://" + myServer.getHostname() + ":" + myServer.getHttpDefaultSecurePort();
    }

    @AfterClass
    public static void tearDownAfterClass() throws Exception {
        ServerHelper.commonStopServer(myServer, true);
    }

    @Before
    public void setUp() {
        this.httpclient = new DefaultHttpClient();
        SSLHelper.establishSSLContext(this.httpclient, 0, myServer, (String) null, (String) null, (String) null, (String) null, (String) null);
    }

    @After
    public void tearDown() {
        this.httpclient.getConnectionManager().shutdown();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.ws.security.javaeesec.fat_helper.JavaEESecTestBase
    public String getCurrentTestName() {
        return this.name.getMethodName();
    }

    @Test
    @AllowedFFDC({"com.ibm.ws.security.registry.RegistryException"})
    public void testBasicAuthValidUserInRole_AllowedAccess() throws Exception {
        verifyUserResponse(executeGetRequestBasicAuthCreds(this.httpclient, urlHttp + "/JavaEESecBasicAuthServlet/JavaEESecBasic", "jaspiuser1", "s3cur1ty", 200), "getUserPrincipal().getName(): jaspiuser1", "getRemoteUser: jaspiuser1");
    }

    @Test
    @AllowedFFDC({"com.ibm.ws.security.registry.RegistryException"})
    public void testAnnotatedBasicAuthValidUserInRole_AllowedAccess() throws Exception {
        verifyUserResponse(executeGetRequestBasicAuthCreds(this.httpclient, urlHttp + "/JavaEESecAnnotatedBasicAuthServlet/JavaEESecAnnotatedBasic", Constants.javaeesec_basicRoleLDAPUser, "s3cur1ty", 200), "getUserPrincipal().getName(): jaspildapuser1", "getRemoteUser: jaspildapuser1");
    }

    @Test
    public void testBasicAuthValidUserInRole_DeniedAccess() throws Exception {
        executeGetRequestBasicAuthCreds(this.httpclient, urlHttp + "/JavaEESecBasicAuthServlet/JavaEESecBasic", Constants.jaspi_invalidUser, Constants.jaspi_invalidPwd, 403);
    }

    @Test
    public void testBasicAuthValidUserInRole_DeniedAccess_WrongPassword() throws Exception {
        executeGetRequestBasicAuthCreds(this.httpclient, urlHttp + "/JavaEESecBasicAuthServlet/JavaEESecBasic", "jaspiuser1", Constants.jaspi_invalidPwd, 403);
    }

    @Test
    public void testSSOForBasicAuthenticationMechanismDefinition() throws Exception {
        assertCookie(driveResourceFlow(urlHttps + "/JavaEESecAnnotatedBasicAuthServlet/JavaEESecAnnotatedBasic"), false, true);
        verifyUserResponse(redriveFlowWithCookieOnly(urlHttps + "/JavaEESecAnnotatedBasicAuthServlet/JavaEESecAnnotatedBasic", 200), "getUserPrincipal().getName(): jaspildapuser1", "getRemoteUser: jaspildapuser1");
    }

    @Test
    public void testRedirectToSSL() throws Exception {
        BasicHttpParams basicHttpParams = new BasicHttpParams();
        basicHttpParams.setParameter("http.protocol.handle-redirects", Boolean.FALSE);
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient(basicHttpParams);
        SSLHelper.establishSSLContext(defaultHttpClient, 0, myServer, (String) null, (String) null, (String) null, (String) null, (String) null);
        try {
            Assert.assertEquals("the request should be redirected to the SSL transport.", accessPageNoChallenge(defaultHttpClient, urlHttp + "/JavaEESecAnnotatedBasicAuthServlet/ForceSSL", 302, null), urlHttps + "/JavaEESecAnnotatedBasicAuthServlet/ForceSSL");
            defaultHttpClient.getConnectionManager().shutdown();
        } catch (Throwable th) {
            defaultHttpClient.getConnectionManager().shutdown();
            throw th;
        }
    }

    @Test
    public void testEveryoneRole() throws Exception {
        this.httpclient.getCredentialsProvider().clear();
        verifyUserResponse(accessPageNoChallenge(this.httpclient, urlHttp + "/JavaEESecAnnotatedBasicAuthServlet/Everyone", 200, "/JavaEESecAnnotatedBasicAuthServlet/Everyone"), Constants.getUserPrincipalNull, Constants.getRemoteUserNull);
    }

    private String driveResourceFlow(String str) throws Exception, IOException {
        HttpResponse executeGetRequestBasicAuthCreds = executeGetRequestBasicAuthCreds(this.httpclient, str, Constants.javaeesec_basicRoleLDAPUser, "s3cur1ty");
        verifyUserResponse(processResponse(executeGetRequestBasicAuthCreds, 200), "getUserPrincipal().getName(): jaspildapuser1", "getRemoteUser: jaspildapuser1");
        return getCookieHeader(executeGetRequestBasicAuthCreds, COOKIE_NAME).toString();
    }

    private String redriveFlowWithCookieOnly(String str, int i) throws Exception {
        this.httpclient.getCredentialsProvider().clear();
        return executeGetRequestNoAuthCreds(this.httpclient, str, i);
    }
}
