package com.ibm.ws.security.wim.adapter.ldap.fat;

import com.ibm.websphere.simplicity.RemoteFile;
import com.ibm.websphere.simplicity.log.Log;
import com.ibm.ws.webcontainer.security.test.servlets.SSLBasicAuthClient;
import componenttest.annotation.AllowedFFDC;
import componenttest.custom.junit.runner.FATRunner;
import componenttest.custom.junit.runner.Mode;
import componenttest.topology.impl.LibertyServer;
import componenttest.topology.impl.LibertyServerFactory;
import componenttest.topology.utils.LDAPUtils;
import org.junit.After;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TestName;
import org.junit.runner.RunWith;

@RunWith(FATRunner.class)
@Mode(Mode.TestMode.FULL)
/* loaded from: input_file:com/ibm/ws/security/wim/adapter/ldap/fat/OutboundSSLLDAPTest.class */
public class OutboundSSLLDAPTest {
    protected static final String BASIC_AUTH_SERVLET = "basicauth";
    protected static final String LDAP_DEFAULT_OUTBOUND_SSL = "LDAPwithDefaultOutboundSSL.xml";
    protected static final String LDAP_OUTBOUND_FILTER = "LDAPwithDynamicOutboundSSL.xml";
    private static final boolean IS_MANAGER_ROLE = true;
    private static final boolean NOT_EMPLOYEE_ROLE = false;
    private static final String ldapManagerUser = "LDAPUser2";
    private static final String ldapManagerPassword = "security";

    @Rule
    public TestName name = new TestName();
    private static LibertyServer myServer = LibertyServerFactory.getLibertyServer("com.ibm.ws.security.wim.adapter.ldap.fat.outbound.ssl");
    private static final Class<?> c = OutboundSSLLDAPTest.class;
    protected static final String DEFAULT_CONFIG_FILE = "outboundSSL.server.xml";
    protected static String serverConfigurationFile = DEFAULT_CONFIG_FILE;

    @Before
    public void setUp() throws Exception {
        LDAPUtils.addLDAPVariables(myServer);
        Log.info(c, "setUp", "Starting the server... ");
        myServer.addInstalledAppForValidation(BASIC_AUTH_SERVLET);
        myServer.setServerConfigurationFile("/outboundSSL.server.xml");
        myServer.startServer(true);
        Assert.assertNotNull("FeatureManager did not report update was complete", myServer.waitForStringInLog("CWWKF0008I"));
        Assert.assertNotNull("Security service did not report it was ready", myServer.waitForStringInLog("CWWKS0008I"));
        Assert.assertNotNull("The application did not report is was started", myServer.waitForStringInLog("CWWKZ0001I"));
        Assert.assertNotNull("We need to wait for the SSL port to be open", myServer.waitForStringInLog("CWWKO0219I:.*defaultHttpEndpoint-ssl"));
        Assert.assertNotNull("Server did not came up", myServer.waitForStringInLog("CWWKF0011I"));
        Assert.assertNotNull("Did not get the expect Handshake error from LDAP", myServer.waitForStringInLog("FFDC1015I:"));
    }

    @After
    public void tearDown() throws Exception {
        Log.info(c, "tearDown", "Stopping the server...");
        myServer.stopServer(new String[]{"CWPKI0022E:"});
    }

    private static void setServerConfiguration(String str) throws Exception {
        if (serverConfigurationFile.equals(str)) {
            return;
        }
        myServer.setMarkToEndOfLog(new RemoteFile[]{myServer.getDefaultLogFile()});
        Log.info(c, "setServerConfiguration", "setServerConfigurationFile to : " + str);
        myServer.setServerConfigurationFile("/" + str);
        Log.info(c, "setServerConfiguration", "waitForStringInLogUsingMark: CWWKG0017I: The server configuration was successfully updated.");
        myServer.waitForStringInLogUsingMark("CWWKG0017I");
        myServer.waitForStringInLogUsingMark("CWWKO0219I:.*defaultHttpEndpoint-ssl");
        serverConfigurationFile = str;
    }

    @Test
    @AllowedFFDC({"java.security.cert.CertPathBuilderException", "sun.security.validator.ValidatorException", "javax.naming.CommunicationException"})
    public void testLDAPUsingDefaultOutboundSSLConfiguration() throws Exception {
        Log.info(c, this.name.getMethodName(), "Entering " + this.name.getMethodName());
        setServerConfiguration(LDAP_DEFAULT_OUTBOUND_SSL);
        SSLBasicAuthClient sSLBasicAuthClient = new SSLBasicAuthClient(myServer, "Basic Authentication", "ServletName: BasicAuthServlet", "/basicauth", (String) null, (String) null, (String) null, (String) null, "SSL");
        Assert.assertTrue("Did not get the expected response", sSLBasicAuthClient.verifyResponse(sSLBasicAuthClient.accessProtectedServletWithAuthorizedCredentials("/ManagerRoleServlet", ldapManagerUser, ldapManagerPassword), ldapManagerUser, false, true));
        Log.info(c, this.name.getMethodName(), "Exiting " + this.name.getMethodName());
    }

    @Test
    @AllowedFFDC({"java.security.cert.CertPathBuilderException", "sun.security.validator.ValidatorException", "javax.naming.CommunicationException"})
    public void testLDAPUsingDynamicOutboundSSLConfiguration() throws Exception {
        Assume.assumeTrue(!LDAPUtils.USE_LOCAL_LDAP_SERVER);
        Log.info(c, this.name.getMethodName(), "Entering " + this.name.getMethodName());
        setServerConfiguration(LDAP_OUTBOUND_FILTER);
        SSLBasicAuthClient sSLBasicAuthClient = new SSLBasicAuthClient(myServer, "Basic Authentication", "ServletName: BasicAuthServlet", "/basicauth", (String) null, (String) null, (String) null, (String) null, "SSL");
        Assert.assertTrue("Did not get the expected response", sSLBasicAuthClient.verifyResponse(sSLBasicAuthClient.accessProtectedServletWithAuthorizedCredentials("/ManagerRoleServlet", ldapManagerUser, ldapManagerPassword), ldapManagerUser, false, true));
        Log.info(c, this.name.getMethodName(), "Exiting " + this.name.getMethodName());
    }
}
