package com.ibm.team.repository.client.auth.tests;

import com.ibm.team.jfs.app.http.util.UriUtil;
import com.ibm.team.repository.client.tests.RestTest;
import com.ibm.team.repository.client.tests.tools.Helper;
import com.ibm.team.repository.client.util.FormBasedAuth;
import com.ibm.team.repository.common.TeamRepositoryException;
import com.ibm.team.repository.common.UUID;
import com.ibm.team.repository.common.internal.IItemRestService;
import com.ibm.team.repository.common.jauth.ICheckAuth;
import com.ibm.team.repository.common.jauth.IIssueAuthToken;
import com.ibm.team.repository.common.transport.HttpUtil;
import com.ibm.team.repository.common.transport.ITeamServer;
import com.ibm.team.repository.transport.client.ITeamRestServiceClient;
import com.ibm.team.repository.transport.client.RemoteTeamServer;
import com.ibm.team.repository.transport.client.TeamRawRestServiceClient;
import com.ibm.team.repository.transport.client.TeamServerFactory;
import java.io.BufferedOutputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
import java.util.StringTokenizer;
import org.apache.http.HttpVersion;
import org.apache.http.message.BasicHeader;
import org.apache.http.message.BasicRequestLine;

/* loaded from: input_file:com/ibm/team/repository/client/auth/tests/SimpleTokenTests.class */
public class SimpleTokenTests extends RestTest {
    private static final String itemServiceName = IItemRestService.class.getName();
    private static final String TEST_USER_NAME = "TestJazzUser1";

    public SimpleTokenTests(String str) throws URISyntaxException {
        super(str, itemServiceName);
    }

    public void testValidToken() throws Exception {
        validateTokenByRequest(issueToken(-1));
    }

    public void testSignin01() throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(String.valueOf(getSecureRepoUri()) + "jauth-signin").openConnection();
        httpURLConnection.setRequestMethod("POST");
        String format = String.format("userid=%s&password=%s", TEST_USER_NAME, TEST_USER_NAME);
        httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        httpURLConnection.setRequestProperty("Content-Length", Integer.toString(format.getBytes().length));
        httpURLConnection.setRequestProperty("Content-Language", "en-US");
        httpURLConnection.setRequestProperty("Accept", "text/plain");
        httpURLConnection.setRequestProperty("Accept-Charset", "ASCII");
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setDoInput(true);
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setInstanceFollowRedirects(true);
        FormBasedAuth.setupLazySSLSupport(httpURLConnection);
        BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(httpURLConnection.getOutputStream());
        bufferedOutputStream.write(format.getBytes());
        bufferedOutputStream.flush();
        bufferedOutputStream.close();
        httpURLConnection.connect();
        assertEquals(200, httpURLConnection.getResponseCode());
        String readLine = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream())).readLine();
        assertNotNull(readLine);
        validateTokenByRequest(readLine);
        validateUserAndToken(TEST_USER_NAME, readLine);
    }

    public void testSignin01a() throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(String.format("%sjauth-signin?userid=%s&password=%s", getSecureRepoUri(), TEST_USER_NAME, TEST_USER_NAME)).openConnection();
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        httpURLConnection.setRequestProperty("Content-Length", Integer.toString(0));
        httpURLConnection.setRequestProperty("Content-Language", "en-US");
        httpURLConnection.setRequestProperty("Accept", "text/plain");
        httpURLConnection.setRequestProperty("Accept-Charset", "ASCII");
        FormBasedAuth.setupLazySSLSupport(httpURLConnection);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setDoInput(true);
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setInstanceFollowRedirects(true);
        httpURLConnection.connect();
        assertEquals(200, httpURLConnection.getResponseCode());
        String readLine = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream())).readLine();
        assertNotNull(readLine);
        validateTokenByRequest(readLine);
        validateUserAndToken(TEST_USER_NAME, readLine);
    }

    public void testSignin01b() throws Exception {
        deleteUserTokens(TEST_USER_NAME);
        String jAuthToken = getJAuthToken(TEST_USER_NAME);
        setReuseTokenPolicy(true);
        assertEquals(jAuthToken, getJAuthToken(TEST_USER_NAME));
    }

    public void testSignin02() throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(String.valueOf(getSecureRepoUri()) + "jauth-signin").openConnection();
        httpURLConnection.setRequestMethod("POST");
        String format = String.format("userid=%s&password=%s", TEST_USER_NAME, UUID.generate().getUuidValue());
        httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        httpURLConnection.setRequestProperty("Content-Length", Integer.toString(format.getBytes().length));
        httpURLConnection.setRequestProperty("Content-Language", "en-US");
        httpURLConnection.setRequestProperty("Accept", "text/plain");
        httpURLConnection.setRequestProperty("Accept-Charset", "ASCII");
        FormBasedAuth.setupLazySSLSupport(httpURLConnection);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setDoInput(true);
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setInstanceFollowRedirects(true);
        BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(httpURLConnection.getOutputStream());
        bufferedOutputStream.write(format.getBytes());
        bufferedOutputStream.flush();
        bufferedOutputStream.close();
        httpURLConnection.connect();
        assertEquals(401, httpURLConnection.getResponseCode());
    }

    public void testSignin03() throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(String.valueOf(getSecureRepoUri()) + "jauth-signin").openConnection();
        httpURLConnection.setRequestMethod("POST");
        String uuidValue = UUID.generate().getUuidValue();
        String format = String.format("userid=%s&password=%s", uuidValue, uuidValue);
        httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        httpURLConnection.setRequestProperty("Content-Length", Integer.toString(format.getBytes().length));
        httpURLConnection.setRequestProperty("Content-Language", "en-US");
        httpURLConnection.setRequestProperty("Accept", "text/plain");
        httpURLConnection.setRequestProperty("Accept-Charset", "ASCII");
        FormBasedAuth.setupLazySSLSupport(httpURLConnection);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setDoInput(true);
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setInstanceFollowRedirects(true);
        BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(httpURLConnection.getOutputStream());
        bufferedOutputStream.write(format.getBytes());
        bufferedOutputStream.flush();
        bufferedOutputStream.close();
        httpURLConnection.connect();
        assertEquals(401, httpURLConnection.getResponseCode());
    }

    private String getSecureRepoUri() {
        String serverUri = Helper.getServerUri(true);
        if (!serverUri.endsWith("/")) {
            serverUri = String.valueOf(serverUri) + "/";
        }
        return serverUri;
    }

    public void testInvalidToken() throws Exception {
        String format = String.format("jauth user_token=%s", java.util.UUID.randomUUID().toString());
        HttpURLConnection openConnection = openConnection(RestTest.HttpMethod.GET, String.format("itemName/Contributor/%s", "TestJazzGuest1"));
        FormBasedAuth.setupLazySSLSupport(openConnection);
        openConnection.addRequestProperty("Authorization", format);
        openConnection.addRequestProperty("Accept", HttpUtil.MediaType.JSON.toString());
        openConnection.addRequestProperty("Accept-Charset", HttpUtil.CharsetEncoding.UTF8.toString());
        openConnection.setDoInput(true);
        openConnection.setInstanceFollowRedirects(true);
        openConnection.connect();
        assertEquals(401, openConnection.getResponseCode());
        String headerField = openConnection.getHeaderField("WWW-Authenticate");
        assertNotNull(headerField);
        Map<String, String> parseAuthChallenge = parseAuthChallenge(headerField);
        assertNotNull(parseAuthChallenge.get("realm"));
        assertNotNull(parseAuthChallenge.get("token_uri"));
    }

    private void validateTokenByRequest(String str) throws Exception {
        String format = String.format("jauth user_token=%s", str);
        HttpURLConnection openConnection = openConnection(RestTest.HttpMethod.GET, String.format("itemName/Contributor/%s", "TestJazzGuest1"));
        FormBasedAuth.setupLazySSLSupport(openConnection);
        openConnection.addRequestProperty("Authorization", format);
        openConnection.addRequestProperty("Accept", HttpUtil.MediaType.JSON.toString());
        openConnection.addRequestProperty("Accept-Charset", HttpUtil.CharsetEncoding.UTF8.toString());
        openConnection.setDoInput(true);
        openConnection.setInstanceFollowRedirects(true);
        openConnection.connect();
        assertEquals(200, openConnection.getResponseCode());
        assertNull(openConnection.getHeaderField("WWW-Authenticate"));
    }

    private void validateUserAndToken(String str, String str2) throws Exception {
        ITeamRestServiceClient.IRestClientConnection checkAuthConnection = getCheckAuthConnection();
        StringBuffer stringBuffer = new StringBuffer(511);
        stringBuffer.append(String.format("%s\n", new BasicRequestLine("GET", "/jazz/stuff", HttpVersion.HTTP_1_1)));
        stringBuffer.append(String.format("%s\n", new BasicHeader("Host", "localhost")));
        stringBuffer.append(String.format("%s\n", new BasicHeader("Authorization", String.format("jauth user_token=%s", str2))));
        ITeamRestServiceClient.IRestClientConnection.Response response = null;
        try {
            response = checkAuthConnection.doPost(new ByteArrayInputStream(stringBuffer.toString().getBytes("UTF-8")), stringBuffer.length(), "text/plain");
        } catch (Exception e) {
            fail(String.format("Unexpected error on checkAuth request: %s", e.getMessage()));
        }
        assertEquals(200, response.getHttpStatusCode());
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(response.getResponseStream(), "UTF-8"));
        String readLine = bufferedReader.readLine();
        assertNotNull(readLine);
        StringBuffer stringBuffer2 = new StringBuffer(readLine);
        String readLine2 = bufferedReader.readLine();
        while (true) {
            String str3 = readLine2;
            if (str3 == null) {
                Map parseQueryParameters = UriUtil.parseQueryParameters(stringBuffer2.toString());
                String[] strArr = (String[]) parseQueryParameters.get("authenticated");
                assertNotNull(strArr);
                assertEquals(1, strArr.length);
                assertTrue(strArr[0].equalsIgnoreCase("true"));
                String[] strArr2 = (String[]) parseQueryParameters.get("user_principal");
                assertNotNull(strArr2);
                assertEquals(1, strArr2.length);
                assertTrue(UriUtil.decode(strArr2[0]).equals(str));
                String[] strArr3 = (String[]) parseQueryParameters.get("user_token");
                assertNotNull(strArr3);
                assertEquals(1, strArr3.length);
                assertTrue(UriUtil.decode(strArr3[0]).equals(str2));
                return;
            }
            stringBuffer2.append(str3);
            readLine2 = bufferedReader.readLine();
        }
    }

    private String getJAuthToken(String str) throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(String.valueOf(getSecureRepoUri()) + "jauth-signin").openConnection();
        httpURLConnection.setRequestMethod("POST");
        String format = String.format("userid=%s&password=%s", str, str);
        httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        httpURLConnection.setRequestProperty("Content-Length", Integer.toString(format.getBytes().length));
        httpURLConnection.setRequestProperty("Content-Language", "en-US");
        httpURLConnection.setRequestProperty("Accept", "text/plain");
        httpURLConnection.setRequestProperty("Accept-Charset", "ASCII");
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setDoInput(true);
        httpURLConnection.setDoOutput(true);
        FormBasedAuth.setupLazySSLSupport(httpURLConnection);
        BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(httpURLConnection.getOutputStream());
        bufferedOutputStream.write(format.getBytes());
        bufferedOutputStream.flush();
        bufferedOutputStream.close();
        httpURLConnection.connect();
        assertEquals(200, httpURLConnection.getResponseCode());
        String readLine = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream())).readLine();
        assertNotNull(readLine);
        return readLine;
    }

    private String issueToken(int i) throws Exception {
        ITeamRestServiceClient.IRestClientConnection.Response doPost = getConnection(IIssueAuthToken.class, i != -1 ? String.format("?expiration=%d", Integer.valueOf(i)) : "", "text/plain", "ASCII").doPost(new ByteArrayInputStream("".getBytes()), 0L, "text/plain");
        assertEquals(200, doPost.getHttpStatusCode());
        InputStream responseStream = doPost.getResponseStream();
        assertNotNull(responseStream);
        String readLine = new BufferedReader(new InputStreamReader(responseStream, "ASCII")).readLine();
        assertNotNull(readLine);
        return readLine;
    }

    private ITeamRestServiceClient.IRestClientConnection getCheckAuthConnection() throws URISyntaxException {
        return getConnection(ICheckAuth.class, "", "application/x-www-form-urlencoded", "UTF-8");
    }

    private ITeamRestServiceClient.IRestClientConnection getConnection(Class<?> cls, String str, String str2, String str3) throws URISyntaxException {
        if (cls == null) {
            throw new IllegalArgumentException("service must not be null");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("mimeType must not be null");
        }
        if (str3 == null) {
            throw new IllegalArgumentException("charset must not be null");
        }
        if (str == null) {
            str = "";
        }
        ITeamServer newTeamServerFromURL = TeamServerFactory.INSTANCE.newTeamServerFromURL(getRepositoryURI());
        newTeamServerFromURL.setCredentials("TestJazzAdmin2", "TestJazzAdmin2");
        ITeamRestServiceClient.IRestClientConnection connection = ((ITeamRestServiceClient) newTeamServerFromURL.getService(cls).getImplementation()).getConnection(new URI(str));
        connection.addRequestHeader("Accept", str2);
        connection.addRequestHeader("Accept-Charset", str3);
        return connection;
    }

    private Map<String, String> parseAuthChallenge(String str) {
        if (str == null) {
            fail("Empty WWW-Authentication challenge header");
        }
        HashMap hashMap = new HashMap(5);
        String trim = str.trim();
        int indexOf = trim.indexOf(" ");
        if (indexOf == -1) {
            fail(String.format("\"%s\" - missing or invalid jauth challenge", trim));
        }
        if (!trim.substring(0, indexOf).trim().equalsIgnoreCase("jauth")) {
            fail(String.format("\"%s\" - missing or invalid jauth challenge", trim));
        }
        StringTokenizer stringTokenizer = new StringTokenizer(trim.substring(indexOf + 1), ",");
        while (stringTokenizer.hasMoreTokens()) {
            StringTokenizer stringTokenizer2 = new StringTokenizer(stringTokenizer.nextToken(), "=");
            hashMap.put(stringTokenizer2.nextToken().trim(), stringTokenizer2.nextToken().trim());
        }
        return hashMap;
    }

    private void setReuseTokenPolicy(boolean z) throws URISyntaxException, IOException, TeamRepositoryException {
        RemoteTeamServer newTeamServerFromURL = TeamServerFactory.INSTANCE.newTeamServerFromURL(getRepositoryURI());
        newTeamServerFromURL.setCredentials("TestJazzAdmin2", "TestJazzAdmin2");
        new AuthConfigClient(new TeamRawRestServiceClient(newTeamServerFromURL), getRepositoryURI()).setReuseOnIssue(z);
        newTeamServerFromURL.closeConnections();
    }

    protected void deleteUserTokens(String str) throws Exception {
        RemoteTeamServer newTeamServerFromURL = TeamServerFactory.INSTANCE.newTeamServerFromURL(getRepositoryURI());
        newTeamServerFromURL.setCredentials("TestJazzAdmin2", "TestJazzAdmin2");
        new TeamRawRestServiceClient(newTeamServerFromURL).getConnection(new URI(String.format("service/com.ibm.team.repository.service.tests.jts.auth.IAuthTokenTestService?user_principal=%s", str))).doDelete();
    }
}
