package com.ibm.ws.security.jwtsso.fat;

import com.gargoylesoftware.htmlunit.Page;
import com.gargoylesoftware.htmlunit.WebClient;
import com.gargoylesoftware.htmlunit.util.Cookie;
import com.ibm.ws.security.fat.common.CommonSecurityFat;
import com.ibm.ws.security.fat.common.expectations.Expectation;
import com.ibm.ws.security.fat.common.expectations.Expectations;
import com.ibm.ws.security.fat.common.expectations.ResponseFullExpectation;
import com.ibm.ws.security.fat.common.expectations.ResponseTitleExpectation;
import com.ibm.ws.security.fat.common.expectations.ServerMessageExpectation;
import com.ibm.ws.security.fat.common.validation.TestValidationUtils;
import com.ibm.ws.security.jwtsso.fat.utils.CommonExpectations;
import com.ibm.ws.security.jwtsso.fat.utils.JwtFatActions;
import com.ibm.ws.security.jwtsso.fat.utils.JwtFatConstants;
import com.ibm.ws.security.jwtsso.fat.utils.MessageConstants;
import componenttest.annotation.AllowedFFDC;
import componenttest.annotation.ExpectedFFDC;
import componenttest.annotation.Server;
import componenttest.custom.junit.runner.FATRunner;
import componenttest.custom.junit.runner.Mode;
import componenttest.topology.impl.LibertyServer;
import java.util.Iterator;
import java.util.Set;
import java.util.regex.Pattern;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;

@Mode(Mode.TestMode.FULL)
@RunWith(FATRunner.class)
/* loaded from: input_file:com/ibm/ws/security/jwtsso/fat/ConfigAttributeTests.class */
public class ConfigAttributeTests extends CommonSecurityFat {
    protected static Class<?> thisClass = ConfigAttributeTests.class;

    @Server("com.ibm.ws.security.jwtsso.fat")
    public static LibertyServer server;
    private final JwtFatActions actions = new JwtFatActions();
    private final TestValidationUtils validationUtils = new TestValidationUtils();
    private WebClient webClient = new WebClient();
    String protectedUrl = "http://" + server.getHostname() + ":" + server.getHttpDefaultPort() + JwtFatConstants.SIMPLE_SERVLET_PATH;
    String defaultUser = "testuser";
    String defaultPassword = "testuserpwd";

    @BeforeClass
    public static void setUp() throws Exception {
        server.addInstalledAppForValidation("formlogin");
        serverTracker.addServer(server);
        server.startServerUsingExpandedConfiguration("server_withFeature.xml");
    }

    @Before
    public void beforeTest() {
        this.webClient = new WebClient();
        this.webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
    }

    @Test
    @Mode(Mode.TestMode.LITE)
    public void test_cookieName_includeLtpa() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_testcookiename.xml", new String[0]);
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("invokeProtectedResource"));
        Page invokeUrl = this.actions.invokeUrl(this._testName, this.webClient, this.protectedUrl);
        this.validationUtils.validateResult(invokeUrl, "invokeProtectedResource", expectations);
        expectations.addExpectations(CommonExpectations.successfullyReachedUrl("submitLoginCredentials", this.protectedUrl));
        expectations.addExpectations(CommonExpectations.jwtCookieExists("submitLoginCredentials", this.webClient, "easyrider"));
        expectations.addExpectations(CommonExpectations.ltpaCookieExists("submitLoginCredentials", this.webClient));
        expectations.addExpectations(CommonExpectations.getResponseTextExpectationsForJwtCookie("submitLoginCredentials", "easyrider", this.defaultUser));
        expectations.addExpectations(CommonExpectations.getJwtPrincipalExpectations("submitLoginCredentials", this.defaultUser, JwtFatConstants.DEFAULT_ISS_REGEX));
        expectations.addExpectations(CommonExpectations.responseTextIncludesCookie("submitLoginCredentials", JwtFatConstants.LTPA_COOKIE_NAME));
        this.validationUtils.validateResult(this.actions.doFormLogin(invokeUrl, this.defaultUser, this.defaultPassword), "submitLoginCredentials", expectations);
    }

    @Test
    public void test_cookieName_empty() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_cookieNameEmpty.xml", new String[0]);
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("invokeProtectedResource"));
        Page invokeUrl = this.actions.invokeUrl(this._testName, this.webClient, this.protectedUrl);
        this.validationUtils.validateResult(invokeUrl, "invokeProtectedResource", expectations);
        expectations.addExpectations(CommonExpectations.successfullyReachedProtectedResourceWithJwtCookie("submitLoginCredentials", this.protectedUrl, this.defaultUser));
        expectations.addExpectation(new ServerMessageExpectation("submitLoginCredentials", server, MessageConstants.CWWKS6302E_COOKIE_NAME_CANT_BE_EMPTY));
        this.validationUtils.validateResult(this.actions.doFormLogin(invokeUrl, this.defaultUser, this.defaultPassword), "submitLoginCredentials", expectations);
    }

    @Test
    public void test_cookieName_includesWhitespace() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_cookieNameIncludesWhitespace.xml", new String[0]);
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("invokeProtectedResource"));
        Page invokeUrl = this.actions.invokeUrl(this._testName, this.webClient, this.protectedUrl);
        this.validationUtils.validateResult(invokeUrl, "invokeProtectedResource", expectations);
        expectations.addExpectations(CommonExpectations.successfullyReachedProtectedResourceWithJwtCookie("submitLoginCredentials", this.protectedUrl, this.defaultUser));
        expectations.addExpectation(new ServerMessageExpectation("submitLoginCredentials", server, MessageConstants.CWWKS6303E_COOKIE_NAME_INVALID));
        this.validationUtils.validateResult(this.actions.doFormLogin(invokeUrl, this.defaultUser, this.defaultPassword), "submitLoginCredentials", expectations);
    }

    @Test
    public void test_cookieName_invalidCookieCharacters() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_cookieNameInvalidCharacters.xml", new String[0]);
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("invokeProtectedResource"));
        Page invokeUrl = this.actions.invokeUrl(this._testName, this.webClient, this.protectedUrl);
        this.validationUtils.validateResult(invokeUrl, "invokeProtectedResource", expectations);
        expectations.addExpectations(CommonExpectations.successfullyReachedProtectedResourceWithJwtCookie("submitLoginCredentials", this.protectedUrl, this.defaultUser));
        expectations.addExpectation(new ServerMessageExpectation("submitLoginCredentials", server, MessageConstants.CWWKS6303E_COOKIE_NAME_INVALID));
        this.validationUtils.validateResult(this.actions.doFormLogin(invokeUrl, this.defaultUser, this.defaultPassword), "submitLoginCredentials", expectations);
    }

    @Test
    public void test_cookieName_unicodeInvalid() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_cookieNameInvalidUnicodeCharacters.xml", new String[0]);
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("invokeProtectedResource"));
        Page invokeUrl = this.actions.invokeUrl(this._testName, this.webClient, this.protectedUrl);
        this.validationUtils.validateResult(invokeUrl, "invokeProtectedResource", expectations);
        expectations.addExpectations(CommonExpectations.successfullyReachedProtectedResourceWithJwtCookie("submitLoginCredentials", this.protectedUrl, this.defaultUser));
        expectations.addExpectation(new ServerMessageExpectation("submitLoginCredentials", server, MessageConstants.CWWKS6303E_COOKIE_NAME_INVALID));
        this.validationUtils.validateResult(this.actions.doFormLogin(invokeUrl, this.defaultUser, this.defaultPassword), "submitLoginCredentials", expectations);
    }

    @Test
    public void test_cookieName_unicodeValid() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_cookieNameValidUnicodeCharacters.xml", new String[0]);
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("invokeProtectedResource"));
        Page invokeUrl = this.actions.invokeUrl(this._testName, this.webClient, this.protectedUrl);
        this.validationUtils.validateResult(invokeUrl, "invokeProtectedResource", expectations);
        expectations.addExpectations(CommonExpectations.successfullyReachedUrl("submitLoginCredentials", this.protectedUrl));
        expectations.addExpectations(CommonExpectations.getResponseTextExpectationsForJwtCookie("submitLoginCredentials", "MyCookie", this.defaultUser));
        expectations.addExpectations(CommonExpectations.getJwtPrincipalExpectations("submitLoginCredentials", this.defaultUser, JwtFatConstants.DEFAULT_ISS_REGEX));
        expectations.addExpectations(CommonExpectations.jwtCookieExists("submitLoginCredentials", this.webClient, "MyCookie"));
        this.validationUtils.validateResult(this.actions.doFormLogin(invokeUrl, this.defaultUser, this.defaultPassword), "submitLoginCredentials", expectations);
    }

    @Test
    public void test_cookieName_extremelyLong() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_cookieNameExtremelyLong.xml", new String[0]);
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("invokeProtectedResource"));
        Page invokeUrl = this.actions.invokeUrl(this._testName, this.webClient, this.protectedUrl);
        this.validationUtils.validateResult(invokeUrl, "invokeProtectedResource", expectations);
        expectations.addExpectations(CommonExpectations.successfullyReachedUrl("submitLoginCredentials", this.protectedUrl));
        expectations.addExpectations(CommonExpectations.getResponseTextExpectationsForJwtCookie("submitLoginCredentials", "ExtremelyLongCookieNamexxxxxxxx10xxxxxxxx20", this.defaultUser));
        expectations.addExpectations(CommonExpectations.getJwtPrincipalExpectations("submitLoginCredentials", this.defaultUser, JwtFatConstants.DEFAULT_ISS_REGEX));
        this.validationUtils.validateResult(this.actions.doFormLogin(invokeUrl, this.defaultUser, this.defaultPassword), "submitLoginCredentials", expectations);
        Set cookies = this.webClient.getCookieManager().getCookies();
        int i = 0;
        Iterator it = cookies.iterator();
        while (it.hasNext()) {
            if (((Cookie) it.next()).getName().startsWith("ExtremelyLongCookieNamexxxxxxxx10xxxxxxxx20")) {
                i++;
            }
        }
        Assert.assertEquals("Did not find exactly one cookie that started with expected string [ExtremelyLongCookieNamexxxxxxxx10xxxxxxxx20]. Cookies were: " + cookies, 1L, i);
    }

    @Test
    @Mode(Mode.TestMode.LITE)
    @ExpectedFFDC({"com.ibm.websphere.security.jwt.InvalidBuilderException"})
    public void test_invalidBuilderRef_useLtpaIfJwtAbsentFalse() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_testbadbuilder.xml", new String[0]);
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("invokeProtectedResource"));
        Page invokeUrl = this.actions.invokeUrl(this._testName, this.protectedUrl);
        this.validationUtils.validateResult(invokeUrl, "invokeProtectedResource", expectations);
        expectations.addExpectation(new ResponseTitleExpectation("submitLoginCredentials", "contains", "A Form login authentication failure occurred", "Did not find the expected title for a failed form login."));
        expectations.addExpectation(new ServerMessageExpectation("submitLoginCredentials", server, MessageConstants.CWWKS6008E_JWT_BUILDER_INVALID));
        this.validationUtils.validateResult(this.actions.doFormLogin(invokeUrl, this.defaultUser, this.defaultPassword), "submitLoginCredentials", expectations);
    }

    @Test
    @Mode(Mode.TestMode.LITE)
    @AllowedFFDC({"com.ibm.websphere.security.jwt.InvalidClaimException", "com.ibm.websphere.security.jwt.InvalidTokenException", "com.ibm.ws.security.authentication.AuthenticationException"})
    public void test_validBuilderRef() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_testgoodbuilder.xml", new String[0]);
        Page invokeUrl = this.actions.invokeUrl(this._testName, this.protectedUrl);
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("invokeProtectedResource"));
        this.validationUtils.validateResult(invokeUrl, "invokeProtectedResource", expectations);
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("submitLoginCredentials"));
        expectations.addExpectation(new ServerMessageExpectation("submitLoginCredentials", server, "CWWKS6022E.+" + Pattern.quote("https://flintstone:19443/jwt/defaultJWT")));
        expectations.addExpectation(new ServerMessageExpectation("submitLoginCredentials", server, MessageConstants.CWWKS6031E_JWT_ERROR_PROCESSING_JWT));
        expectations.addExpectation(new ServerMessageExpectation("submitLoginCredentials", server, MessageConstants.CWWKS5524E_ERROR_CREATING_JWT));
        expectations.addExpectation(new ServerMessageExpectation("submitLoginCredentials", server, MessageConstants.CWWKS5523E_ERROR_CREATING_JWT_USING_TOKEN_IN_REQ));
        this.validationUtils.validateResult(this.actions.doFormLogin(invokeUrl, this.defaultUser, this.defaultPassword), "submitLoginCredentials", expectations);
    }

    @Test
    @Mode(Mode.TestMode.LITE)
    public void test_validConsumerRef() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_testgoodconsumer.xml", new String[0]);
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("invokeProtectedResource"));
        WebClient webClient = new WebClient();
        Page invokeUrl = this.actions.invokeUrl(this._testName, webClient, this.protectedUrl);
        this.validationUtils.validateResult(invokeUrl, "invokeProtectedResource", expectations);
        Assert.assertTrue("Issuer in token did not match the one configured in the builder", this.actions.doFormLogin(invokeUrl, this.defaultUser, this.defaultPassword).getWebResponse().getContentAsString().contains("\"iss\":\"https://flintstone:19443/jwt/defaultJWT\""));
        Assert.assertTrue("Did not access protected resource with custom consumer", this.actions.invokeUrl(this._testName, webClient, this.protectedUrl).getWebResponse().getContentAsString().contains("SimpleServlet"));
    }

    @Mode(Mode.TestMode.LITE)
    @AllowedFFDC({"com.ibm.ws.security.authentication.AuthenticationException"})
    @Test
    @ExpectedFFDC({"com.ibm.ws.security.mp.jwt.error.MpJwtProcessingException"})
    public void test_invalidConsumerRef() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_testbadconsumer.xml", new String[0]);
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("invokeProtectedResource"));
        expectations.addExpectation(new ServerMessageExpectation("invokeProtectedResource", server, MessageConstants.CWWKS5521E_MANY_JWT_CONSUMER_CONFIGS));
        Page invokeUrl = this.actions.invokeUrl(this._testName, this.protectedUrl);
        this.validationUtils.validateResult(invokeUrl, "invokeProtectedResource", expectations);
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("submitLoginCredentials"));
        expectations.addExpectation(new ServerMessageExpectation("submitLoginCredentials", server, MessageConstants.CWWKS6301E_MANY_JWT_CONSUMER_CONFIGS));
        this.validationUtils.validateResult(this.actions.doFormLogin(invokeUrl, this.defaultUser, this.defaultPassword), "submitLoginCredentials", expectations);
    }

    @Test
    @Mode(Mode.TestMode.LITE)
    public void test_useLtpaIfJwtAbsent_true() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_noFeature.xml", new String[]{"CWWKT0016I.*formlogin"});
        Cookie logInAndObtainLtpaCookie = this.actions.logInAndObtainLtpaCookie(this._testName, this.protectedUrl, this.defaultUser, this.defaultPassword);
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_useLtpaIfJwtAbsent_true.xml", new String[]{"CWWKT0016I.*formlogin"});
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedUrl("invokeProtectedResource", this.protectedUrl));
        expectations.addExpectations(CommonExpectations.responseTextIncludesCookie("invokeProtectedResource", JwtFatConstants.LTPA_COOKIE_NAME));
        expectations.addExpectations(CommonExpectations.responseTextIncludesExpectedRemoteUser("invokeProtectedResource", this.defaultUser));
        expectations.addExpectations(CommonExpectations.responseTextIncludesJwtPrincipal("invokeProtectedResource"));
        expectations.addExpectation(new ResponseFullExpectation("invokeProtectedResource", "matches", "Principal: \\{.+\\}", "Should have found a JWT in the subject principals, but did not."));
        expectations.addExpectation(Expectation.createResponseExpectation("invokeProtectedResource", "Principal: WSPrincipal:" + this.defaultUser, "Should have found a WSPrincipal in the subject principals, but did not."));
        expectations.addExpectations(CommonExpectations.responseTextIncludesExpectedAccessId("invokeProtectedResource", "BasicRealm", this.defaultUser));
        expectations.addExpectations(CommonExpectations.responseTextMissingCookie("invokeProtectedResource", JwtFatConstants.JWT_COOKIE_NAME));
        this.validationUtils.validateResult(this.actions.invokeUrlWithCookie(this._testName, this.protectedUrl, logInAndObtainLtpaCookie), "invokeProtectedResource", expectations);
    }

    @Test
    @Mode(Mode.TestMode.LITE)
    public void test_useLtpaIfJwtAbsent_false() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_noFeature.xml", new String[]{"CWWKT0016I.*formlogin"});
        Cookie logInAndObtainLtpaCookie = this.actions.logInAndObtainLtpaCookie(this._testName, this.protectedUrl, this.defaultUser, this.defaultPassword);
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_useLtpaIfJwtAbsent_false.xml", new String[]{"CWWKT0016I.*formlogin"});
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("invokeProtectedResource"));
        this.validationUtils.validateResult(this.actions.invokeUrlWithCookie(this._testName, this.protectedUrl, logInAndObtainLtpaCookie), "invokeProtectedResource", expectations);
    }

    @Test
    @Mode(Mode.TestMode.LITE)
    public void test_cookieSecureTrue_httpOnlyTrue() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_testcookiesecure.xml", new String[0]);
        WebClient webClient = new WebClient();
        Page invokeUrl = this.actions.invokeUrl(this._testName, webClient, this.protectedUrl);
        webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("submitLoginCredentials"));
        expectations.addExpectation(new ServerMessageExpectation("submitLoginCredentials", server, MessageConstants.CWWKS9127W_JWT_COOKIE_SECURITY_MISMATCH));
        expectations.addExpectations(CommonExpectations.jwtCookieExists("submitLoginCredentials", webClient, JwtFatConstants.JWT_COOKIE_NAME, true, true));
        this.validationUtils.validateResult(this.actions.doFormLogin(invokeUrl, this.defaultUser, this.defaultPassword), "submitLoginCredentials", expectations);
    }

    @Test
    @Mode(Mode.TestMode.LITE)
    public void test_cookieSecureTrue_httpOnlyFalse() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "server_testcookiesecure_httponlyfalse.xml", new String[0]);
        WebClient webClient = new WebClient();
        Page invokeUrl = this.actions.invokeUrl(this._testName, webClient, this.protectedUrl);
        webClient.getOptions().setRedirectEnabled(false);
        webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ServerMessageExpectation("submitLoginCredentials", server, MessageConstants.CWWKS9127W_JWT_COOKIE_SECURITY_MISMATCH));
        expectations.addExpectations(CommonExpectations.jwtCookieExists("submitLoginCredentials", webClient, JwtFatConstants.JWT_COOKIE_NAME, true, false));
        this.validationUtils.validateResult(this.actions.doFormLogin(invokeUrl, this.defaultUser, this.defaultPassword), "submitLoginCredentials", expectations);
    }

    @Test
    public void test_sslPortNotDefined() throws Exception {
        server.reconfigureServerUsingExpandedConfiguration(this._testName, "/server_noSslPort.xml", new String[0]);
        Expectations expectations = new Expectations();
        expectations.addExpectations(CommonExpectations.successfullyReachedLoginPage("invokeProtectedResource"));
        Page invokeUrl = this.actions.invokeUrl(this._testName, this.webClient, this.protectedUrl);
        this.validationUtils.validateResult(invokeUrl, "invokeProtectedResource", expectations);
        expectations.addExpectations(CommonExpectations.successfullyReachedProtectedResourceWithJwtCookie("submitLoginCredentials", this.protectedUrl, this.defaultUser, "http://[^/]+/jwt/defaultJwtSso"));
        expectations.addExpectations(CommonExpectations.responseTextMissingCookie("submitLoginCredentials", JwtFatConstants.LTPA_COOKIE_NAME));
        this.validationUtils.validateResult(this.actions.doFormLogin(invokeUrl, this.defaultUser, this.defaultPassword), "submitLoginCredentials", expectations);
    }
}
