package com.ibm.ws.security.jwtsso.fat;

import com.gargoylesoftware.htmlunit.HttpMethod;
import com.gargoylesoftware.htmlunit.Page;
import com.gargoylesoftware.htmlunit.WebClient;
import com.gargoylesoftware.htmlunit.WebRequest;
import com.gargoylesoftware.htmlunit.util.NameValuePair;
import com.ibm.websphere.simplicity.log.Log;
import com.ibm.ws.security.fat.common.CommonSecurityFat;
import com.ibm.ws.security.fat.common.actions.TestActions;
import com.ibm.ws.security.fat.common.expectations.Expectations;
import com.ibm.ws.security.fat.common.validation.TestValidationUtils;
import com.ibm.ws.security.jwtsso.fat.expectations.CookieExpectation;
import com.ibm.ws.security.jwtsso.fat.utils.CommonExpectations;
import com.ibm.ws.security.jwtsso.fat.utils.JwtFatConstants;
import componenttest.annotation.Server;
import componenttest.custom.junit.runner.FATRunner;
import componenttest.custom.junit.runner.Mode;
import componenttest.topology.impl.LibertyServer;
import java.net.URL;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(FATRunner.class)
/* loaded from: input_file:com/ibm/ws/security/jwtsso/fat/CookieProcessingTests.class */
public class CookieProcessingTests extends CommonSecurityFat {
    protected static Class<?> thisClass = CookieProcessingTests.class;

    @Server("com.ibm.ws.security.jwtsso.fat")
    public static LibertyServer server;
    Page response = null;
    Expectations expectations = null;
    WebClient wc = null;
    String protectedUrl = "http://" + server.getHostname() + ":" + server.getHttpDefaultPort() + JwtFatConstants.SIMPLE_SERVLET_PATH;
    String defaultUser = "testuser";
    String defaultPassword = "testuserpwd";
    private final TestActions actions = new TestActions();
    private final TestValidationUtils validationUtils = new TestValidationUtils();

    @BeforeClass
    public static void setUp() throws Exception {
        server.addInstalledAppForValidation("formlogin");
        serverTracker.addServer(server);
        server.startServerUsingExpandedConfiguration("server_withFeature.xml");
    }

    void doHappyPath() throws Exception {
        this.wc = new WebClient();
        this.expectations = new Expectations();
        this.expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("invokeProtectedResource"));
        this.response = this.actions.invokeUrl(this._testName, this.wc, this.protectedUrl);
        this.validationUtils.validateResult(this.response, "invokeProtectedResource", this.expectations);
        this.expectations.addExpectations(CommonExpectations.successfullyReachedUrl("submitLoginCredentials", this.protectedUrl));
        this.expectations.addExpectation(new CookieExpectation("submitLoginCredentials", this.wc, JwtFatConstants.JWT_COOKIE_NAME, ".+", false, true));
        this.expectations.addExpectations(CommonExpectations.getResponseTextExpectationsForJwtCookie("submitLoginCredentials", JwtFatConstants.JWT_COOKIE_NAME, this.defaultUser));
        this.expectations.addExpectations(CommonExpectations.getJwtPrincipalExpectations("submitLoginCredentials", this.defaultUser, JwtFatConstants.DEFAULT_ISS_REGEX));
        this.response = this.actions.doFormLogin(this.response, "testuser", "testuserpwd");
        this.validationUtils.validateResult(this.response, "submitLoginCredentials", this.expectations);
    }

    @Test
    @Mode(Mode.TestMode.LITE)
    public void test_largeCookies() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_testlargecookies.xml", new String[0]);
        doHappyPath();
        String contentAsString = this.response.getWebResponse().getContentAsString();
        Assert.assertTrue("expected cookie MPJWT    not found in cookies", contentAsString.contains(JwtFatConstants.EXPECTED_COOKIE_NAME));
        Assert.assertTrue("expected cookie MPJWT02  not found in cookies", contentAsString.contains(JwtFatConstants.EXPECTED_COOKIE_2_NAME));
        this.response = this.actions.invokeUrl(this._testName, this.wc, this.protectedUrl);
        Assert.assertTrue("Did not successfully access the protected resource a second time", this.response.getWebResponse().getContentAsString().contains("SimpleServlet"));
    }

    void confirmCookiesCleared(boolean z) {
        String str = null;
        for (NameValuePair nameValuePair : this.response.getWebResponse().getResponseHeaders()) {
            if (nameValuePair.getName().equals("Set-Cookie")) {
                str = str + nameValuePair.getValue() + " ";
            }
        }
        Log.info(thisClass, "", "value of combined cookie header values: " + str);
        Assert.assertTrue("did not find expected  cookie", str != null);
        Assert.assertTrue("cookie name is wrong", str.contains(JwtFatConstants.JWT_COOKIE_NAME));
        Assert.assertTrue("cookie MPJWT is not cleared", str.contains("JWT=\"\";"));
        if (z) {
            Assert.assertTrue("cookie MPJWT02 is not cleared", str.contains("JWT02=\"\";"));
        }
    }

    @Test
    @Mode(Mode.TestMode.LITE)
    public void test_ServletLogout() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_testlargecookies.xml", new String[0]);
        doHappyPath();
        this.response = this.actions.invokeUrl(this._testName, this.wc, this.protectedUrl + "?logout=true");
        Assert.assertTrue("Did not get a response indicating logout was invoked", this.response.getWebResponse().getContentAsString().contains("Test Application class BaseServlet logged out"));
        confirmCookiesCleared(true);
        this.response = this.actions.invokeUrl(this._testName, this.wc, this.protectedUrl);
        Assert.assertFalse("should not have been able to access protected url ", this.response.getWebResponse().getContentAsString().contains("SimpleServlet"));
    }

    @Test
    @Mode(Mode.TestMode.LITE)
    public void test_ibm_security_logout() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_testlargecookies.xml", new String[0]);
        doHappyPath();
        this.response = this.actions.submitRequest(this._testName, this.wc, new WebRequest(new URL(this.protectedUrl.replace("SimpleServlet", "ibm_security_logout")), HttpMethod.POST));
        confirmCookiesCleared(true);
        this.response = this.actions.invokeUrl(this._testName, this.wc, this.protectedUrl);
        Assert.assertFalse("should not have been able to access protected url ", this.response.getWebResponse().getContentAsString().contains("SimpleServlet"));
    }

    @Test
    @Mode(Mode.TestMode.LITE)
    public void test_CookieReplay() throws Exception {
        doHappyPath();
        String contentAsString = this.response.getWebResponse().getContentAsString();
        int indexOf = contentAsString.indexOf("cookie: JWT value: ") + "cookie: JWT value: ".length();
        String substring = contentAsString.substring(indexOf, contentAsString.indexOf("\n", indexOf));
        Log.info(thisClass, "", "value of cookie from response text " + substring);
        Assert.assertTrue("did not find expected  cookie", substring != null);
        this.response = this.actions.invokeUrl(this._testName, this.wc, this.protectedUrl + "?logout=true");
        Assert.assertTrue("Did not get a response indicating logout was invoked", this.response.getWebResponse().getContentAsString().contains("Test Application class BaseServlet logged out"));
        this.loggingUtils.printMethodName("test_CookieReplay");
        WebRequest webRequest = new WebRequest(new URL(this.protectedUrl), HttpMethod.GET);
        Log.info(thisClass, "", "setting cookie for replay:" + substring);
        webRequest.setAdditionalHeader("Cookie", "JWT=" + substring);
        this.loggingUtils.printRequestParts(this.wc, webRequest, this._testName);
        Page page = this.wc.getPage(webRequest);
        this.loggingUtils.printResponseParts(page, this._testName, "Response from URL: ");
        Assert.assertFalse("should not have been able to access the protected resource", page.getWebResponse().getContentAsString().contains("SimpleServlet"));
        Assert.assertFalse("Did not find expected replay warning message CWWKS9126A in log", server.waitForStringInLogUsingMark("CWWKS9126A", 100L) == null);
    }

    @Test
    @Mode(Mode.TestMode.LITE)
    public void test_TokenInAuthHeader() throws Exception {
        String str = "https://" + server.getHostname() + ":" + server.getHttpDefaultSecurePort() + "/jwt/ibm/api/defaultJwtSso/token";
        this.wc = new WebClient();
        this.wc.getOptions().setUseInsecureSSL(true);
        this.response = this.actions.invokeUrlWithBasicAuth(this._testName, this.wc, str, this.defaultUser, this.defaultPassword);
        String contentAsString = this.response.getWebResponse().getContentAsString();
        Log.info(thisClass, "", "received this from token endpoint: " + contentAsString);
        String replaceAll = contentAsString.replace("{\"token\": ", "").replaceAll("\"}", "");
        Log.info(thisClass, "", "parsed token: " + replaceAll);
        this.wc = new WebClient();
        this.response = this.actions.invokeUrlWithBearerToken(this._testName, this.wc, this.protectedUrl, replaceAll);
        Assert.assertTrue("Did not successfully access the protected resource", this.response.getWebResponse().getContentAsString().contains("SimpleServlet"));
    }
}
