package com.ibm.team.repository.client.tests.oauth;

import com.ibm.team.jfs.app.http.util.UriUtil;
import com.ibm.team.repository.client.tests.common.RestTestHelper;
import com.ibm.team.repository.client.tests.oauth.AbstractOAuthTest;
import com.ibm.team.repository.client.tests.oauth.FriendsClient;
import com.ibm.team.repository.common.UUID;
import com.ibm.team.repository.common.internal.marshal.util.XMLEscapeUtil;
import com.ibm.team.repository.common.oauth.OAuthHttpClient;
import com.ibm.team.repository.common.tests.Secure;
import com.ibm.team.repository.transport.client.RemoteTeamServer;
import com.ibm.team.repository.transport.client.TeamRawRestServiceClient;
import com.ibm.team.repository.transport.client.TeamServerFactory;
import java.net.URI;
import java.net.URLEncoder;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URLEncodedUtils;

@Secure(userid = "TestJazzUser1")
/* loaded from: input_file:team_core_client_tests.jar:com/ibm/team/repository/client/tests/oauth/AuthorizationUrlTest.class */
public class AuthorizationUrlTest extends AbstractOAuthTest {
    private String authorizeURL;
    private Pattern EXTRACT_OAUTH_TOKEN;

    public AuthorizationUrlTest(String str, AbstractOAuthTest.SigningMethod signingMethod, AbstractOAuthTest.OAuthAuthorizationLocation oAuthAuthorizationLocation) {
        super(str, signingMethod, oAuthAuthorizationLocation);
        this.EXTRACT_OAUTH_TOKEN = Pattern.compile("oauth_token=([^&#]*)");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.ibm.team.repository.client.tests.oauth.AbstractOAuthTest, com.ibm.team.repository.client.tests.AbstractAutoLoginClientTest, com.ibm.team.repository.client.tests.AbstractClientTest
    public void setUp() throws Exception {
        super.setUp();
        this.authorizeURL = new OAuthHttpClient(this.accessor, this.client).getRequestToken();
    }

    private String getAuthorizationUrl(String str) throws Exception {
        if (str != null && str.trim().length() > 0) {
            this.accessor.setProperty("oauth_callback", str.trim());
            this.accessor.requestToken = null;
            this.accessor.tokenSecret = null;
        }
        this.authorizeURL = new OAuthHttpClient(this.accessor, this.client).getRequestToken();
        if (str != null && str.trim().length() > 0) {
            this.accessor.setProperty("oauth_callback", (Object) null);
        }
        return this.authorizeURL;
    }

    public void non_needed_356440_testHTMLRedirectIE8_And_9() throws Exception {
        String hostRelativeURI = getHostRelativeURI(addParamToQuery(addParamToQuery(this.authorizeURL, "oauth_callback", "http://test.com/callback"), "authorize", "true"));
        assertTrue(this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI).find());
        PostMethod postMethod = new PostMethod(hostRelativeURI);
        postMethod.addRequestHeader("user-agent", "JazzHttpClient (compatible; MSIE 8.0; Trident/4.0;)");
        postMethod.setFollowRedirects(false);
        try {
            assertEquals("HTTP status", 200, executeMethodWithAuthorization(postMethod, true));
            Matcher matcher = Pattern.compile("url=(.*[^\\?])\\?").matcher(new String(postMethod.getResponseBody()));
            if (matcher.find() && matcher.groupCount() == 1) {
                assertEquals("The callbackUrl does not match", "http://test.com/callback", matcher.group(1));
            }
        } finally {
            postMethod.releaseConnection();
        }
    }

    public void testCallbackRedirect() throws Exception {
        String hostRelativeURI = getHostRelativeURI(addParamToQuery(addParamToQuery(this.authorizeURL, "oauth_callback", "http://test.com/callback"), "authorize", "true"));
        Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
        assertTrue(matcher.find());
        String group = matcher.group(0);
        PostMethod postMethod = new PostMethod(hostRelativeURI);
        postMethod.setFollowRedirects(false);
        try {
            assertEquals("HTTP status", 302, executeMethodWithAuthorization(postMethod, true));
            Header responseHeader = postMethod.getResponseHeader("Location");
            assertNotNull("Location header", responseHeader);
            assertEquals("Location value", String.valueOf("http://test.com/callback") + "?" + group, responseHeader.getValue());
        } finally {
            postMethod.releaseConnection();
        }
    }

    public void testCallbackRedirect01a() throws Exception {
        String hostRelativeURI = getHostRelativeURI(addParamToQuery(getAuthorizationUrl("http://test.com/callback"), "authorize", "true"));
        Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
        assertTrue(matcher.find());
        String group = matcher.group(1);
        PostMethod postMethod = new PostMethod(hostRelativeURI);
        postMethod.setFollowRedirects(false);
        try {
            assertEquals("HTTP status", 302, executeMethodWithAuthorization(postMethod, true));
            Header responseHeader = postMethod.getResponseHeader("Location");
            assertNotNull("Location header", responseHeader);
            URI uri = new URI(responseHeader.getValue());
            String uri2 = uri.toString();
            assertEquals("Location value basename", "http://test.com/callback", uri2.substring(0, uri2.indexOf(63)));
            List<NameValuePair> parse = URLEncodedUtils.parse(uri, "UTF-8");
            assertEquals("oauth_token name/redirect", "oauth_token", parse.get(0).getName());
            assertEquals("oauth_token value/redirect", group, parse.get(0).getValue());
            assertEquals("oauth_verifier name/redirect", "oauth_verifier", parse.get(1).getName());
        } finally {
            postMethod.releaseConnection();
        }
    }

    public void testCallbackRedirect01b() throws Exception {
        String hostRelativeURI = getHostRelativeURI(addParamToQuery(getAuthorizationUrl("http://test.com/callback?foo=bar"), "authorize", "true"));
        Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
        assertTrue(matcher.find());
        String group = matcher.group(1);
        PostMethod postMethod = new PostMethod(hostRelativeURI);
        postMethod.setFollowRedirects(false);
        try {
            assertEquals("HTTP status", 302, executeMethodWithAuthorization(postMethod, true));
            Header responseHeader = postMethod.getResponseHeader("Location");
            assertNotNull("Location header", responseHeader);
            List<NameValuePair> parse = URLEncodedUtils.parse(new URI(responseHeader.getValue()), "UTF-8");
            assertEquals("oauth_token name/redirect", "oauth_token", parse.get(1).getName());
            assertEquals("oauth_token value/redirect", group, parse.get(1).getValue());
            assertEquals("oauth_verifier name/redirect", "oauth_verifier", parse.get(2).getName());
        } finally {
            postMethod.releaseConnection();
        }
    }

    public void testNoCallback() throws Exception {
        PostMethod postMethod = new PostMethod(getHostRelativeURI(addParamToQuery(this.authorizeURL, "authorize", "true")));
        postMethod.setFollowRedirects(false);
        try {
            assertEquals("HTTP status", 200, executeMethodWithAuthorization(postMethod, true));
        } finally {
            postMethod.releaseConnection();
        }
    }

    public void testNoCallback01a() throws Exception {
        String hostRelativeURI = getHostRelativeURI(addParamToQuery(getAuthorizationUrl("oob"), "authorize", "true"));
        assertTrue(this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI).find());
        PostMethod postMethod = new PostMethod(hostRelativeURI);
        postMethod.setFollowRedirects(false);
        try {
            assertEquals("HTTP status", 200, executeMethodWithAuthorization(postMethod, true));
        } finally {
            postMethod.releaseConnection();
        }
    }

    public void testIE8Behavior() throws Exception {
        PostMethod postMethod = new PostMethod(getHostRelativeURI(addParamToQuery(this.authorizeURL, "authorize", "true")));
        postMethod.setFollowRedirects(false);
        try {
            assertEquals("HTTP status", 200, executeMethodWithAuthorization(postMethod, true));
            assertEquals("HTTP status", 200, executeMethodWithAuthorization(postMethod, true));
        } finally {
            postMethod.releaseConnection();
        }
    }

    public void testConsumerName() throws Exception {
        String uuidValue = UUID.generate().getUuidValue();
        HttpMethod makeRestCall = RestTestHelper.makeRestCall("", "POST", String.valueOf(getRepositoryURI()) + "service/com.ibm.team.repository.service.internal.oauth.IOAuthRestService/setConsumerName?name=" + URLEncoder.encode(uuidValue, "UTF-8") + "&consumerKey=" + this.consumer.consumerKey, "TestJazzAdmin1");
        try {
            assertEquals("HTTP status", 200, makeRestCall.getStatusCode());
            makeRestCall.releaseConnection();
            GetMethod getMethod = new GetMethod(getHostRelativeURI(this.authorizeURL));
            getMethod.setFollowRedirects(false);
            try {
                assertEquals("HTTP status", 200, executeMethodWithAuthorization(getMethod, true));
                assertTrue("Response contains consumer name", getMethod.getResponseBodyAsString().contains(uuidValue));
            } finally {
                getMethod.releaseConnection();
            }
        } catch (Throwable th) {
            makeRestCall.releaseConnection();
            throw th;
        }
    }

    public void testConsumerNameWithXMLCharacters() throws Exception {
        HttpMethod makeRestCall = RestTestHelper.makeRestCall("", "POST", String.valueOf(getRepositoryURI()) + "service/com.ibm.team.repository.service.internal.oauth.IOAuthRestService/setConsumerName?name=" + URLEncoder.encode("<xml-characters/>", "UTF-8") + "&consumerKey=" + this.consumer.consumerKey, "TestJazzAdmin1");
        try {
            assertEquals("HTTP status", 200, makeRestCall.getStatusCode());
            makeRestCall.releaseConnection();
            GetMethod getMethod = new GetMethod(getHostRelativeURI(this.authorizeURL));
            getMethod.setFollowRedirects(false);
            try {
                assertEquals("HTTP status", 200, executeMethodWithAuthorization(getMethod, true));
                assertTrue("Response contains consumer name", getMethod.getResponseBodyAsString().contains(XMLEscapeUtil.convert("<xml-characters/>")));
            } finally {
                getMethod.releaseConnection();
            }
        } catch (Throwable th) {
            makeRestCall.releaseConnection();
            throw th;
        }
    }

    public void testTrustedAuthorizationBehavior01() throws Exception {
        try {
            String str = String.valueOf(registerApp(this.consumer.consumerKey, this.consumer.consumerSecret, false).getPublicUri()) + "/anotherSegment";
            String hostRelativeURI = getHostRelativeURI(addParamToQuery(this.authorizeURL, "oauth_callback", str));
            Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
            assertTrue(matcher.find());
            String group = matcher.group(0);
            HttpMethod makeRestCall = RestTestHelper.makeRestCall("", "POST", String.valueOf(getRepositoryURI()) + "service/com.ibm.team.repository.service.internal.oauth.IOAuthRestService/setConsumerTrusted?trusted=true&consumerKey=" + this.consumer.consumerKey, "TestJazzAdmin1");
            try {
                assertEquals("HTTP status", 200, makeRestCall.getStatusCode());
                makeRestCall.releaseConnection();
                GetMethod getMethod = new GetMethod(hostRelativeURI);
                getMethod.setFollowRedirects(false);
                try {
                    assertEquals("HTTP status", 302, executeMethodWithAuthorization(getMethod, true));
                    Header responseHeader = getMethod.getResponseHeader("Location");
                    assertNotNull("Location header", responseHeader);
                    assertEquals("Location value", String.valueOf(str) + "?" + group, responseHeader.getValue());
                    getMethod.releaseConnection();
                } catch (Throwable th) {
                    getMethod.releaseConnection();
                    throw th;
                }
            } catch (Throwable th2) {
                makeRestCall.releaseConnection();
                throw th2;
            }
        } finally {
            clearRegisteredApps();
        }
    }

    public void testTrustedAuthorizationBehavior01a() throws Exception {
        String hostRelativeURI = getHostRelativeURI(getAuthorizationUrl("http://test.com/callback"));
        Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
        assertTrue(matcher.find());
        String group = matcher.group(1);
        HttpMethod makeRestCall = RestTestHelper.makeRestCall("", "POST", String.valueOf(getRepositoryURI()) + "service/com.ibm.team.repository.service.internal.oauth.IOAuthRestService/setConsumerTrusted?trusted=true&consumerKey=" + this.consumer.consumerKey, "TestJazzAdmin1");
        try {
            assertEquals("HTTP status", 200, makeRestCall.getStatusCode());
            makeRestCall.releaseConnection();
            GetMethod getMethod = new GetMethod(hostRelativeURI);
            getMethod.setFollowRedirects(false);
            try {
                assertEquals("HTTP status", 302, executeMethodWithAuthorization(getMethod, true));
                Header responseHeader = getMethod.getResponseHeader("Location");
                assertNotNull("Location header", responseHeader);
                URI uri = new URI(responseHeader.getValue());
                String uri2 = uri.toString();
                assertEquals("Location value basename", "http://test.com/callback", uri2.substring(0, uri2.indexOf(63)));
                List<NameValuePair> parse = URLEncodedUtils.parse(uri, "UTF-8");
                assertEquals("oauth_token name/redirect", "oauth_token", parse.get(0).getName());
                assertEquals("oauth_token value/redirect", group, parse.get(0).getValue());
                assertEquals("oauth_verifier name/redirect", "oauth_verifier", parse.get(1).getName());
            } finally {
                getMethod.releaseConnection();
            }
        } catch (Throwable th) {
            makeRestCall.releaseConnection();
            throw th;
        }
    }

    public void testTrustedAuthorizationBehavior01b() throws Exception {
        try {
            registerApp(this.consumer.consumerKey, this.consumer.consumerSecret, false);
            String hostRelativeURI = getHostRelativeURI(addParamToQuery(this.authorizeURL, "oauth_callback", "http://test.com/callback"));
            HttpMethod makeRestCall = RestTestHelper.makeRestCall("", "POST", String.valueOf(getRepositoryURI()) + "service/com.ibm.team.repository.service.internal.oauth.IOAuthRestService/setConsumerTrusted?trusted=true&consumerKey=" + this.consumer.consumerKey, "TestJazzAdmin1");
            try {
                assertEquals("HTTP status", 200, makeRestCall.getStatusCode());
                makeRestCall.releaseConnection();
                GetMethod getMethod = new GetMethod(hostRelativeURI);
                getMethod.setFollowRedirects(false);
                try {
                    assertEquals("HTTP status", 200, executeMethodWithAuthorization(getMethod, true));
                    assertTrue(getMethod.getResponseBodyAsString().contains("OAuth Consumer Authorization"));
                    getMethod.releaseConnection();
                } catch (Throwable th) {
                    getMethod.releaseConnection();
                    throw th;
                }
            } catch (Throwable th2) {
                makeRestCall.releaseConnection();
                throw th2;
            }
        } finally {
            clearRegisteredApps();
        }
    }

    public void testTrustedAuthorizationBehavior01c() throws Exception {
        try {
            setTrustedAuthWhitelist(new String[]{"http://foo.com/foo", "http://bar.com/bar", "http://test.com/callback"});
            registerApp(this.consumer.consumerKey, this.consumer.consumerSecret, false);
            String hostRelativeURI = getHostRelativeURI(addParamToQuery(this.authorizeURL, "oauth_callback", "http://test.com/callback"));
            Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
            assertTrue(matcher.find());
            String group = matcher.group(0);
            HttpMethod makeRestCall = RestTestHelper.makeRestCall("", "POST", String.valueOf(getRepositoryURI()) + "service/com.ibm.team.repository.service.internal.oauth.IOAuthRestService/setConsumerTrusted?trusted=true&consumerKey=" + this.consumer.consumerKey, "TestJazzAdmin1");
            try {
                assertEquals("HTTP status", 200, makeRestCall.getStatusCode());
                makeRestCall.releaseConnection();
                GetMethod getMethod = new GetMethod(hostRelativeURI);
                getMethod.setFollowRedirects(false);
                try {
                    assertEquals("HTTP status", 302, executeMethodWithAuthorization(getMethod, true));
                    Header responseHeader = getMethod.getResponseHeader("Location");
                    assertNotNull("Location header", responseHeader);
                    assertEquals("Location value", String.valueOf("http://test.com/callback") + "?" + group, responseHeader.getValue());
                    getMethod.releaseConnection();
                } catch (Throwable th) {
                    getMethod.releaseConnection();
                    throw th;
                }
            } catch (Throwable th2) {
                makeRestCall.releaseConnection();
                throw th2;
            }
        } finally {
            clearRegisteredApps();
            clearTrustedAuthWhitelist();
        }
    }

    public void testTrustedAuthorizationBehavior01c_1() throws Exception {
        try {
            setTrustedAuthWhitelist(new String[]{"http://foo.com/foo", "http://bar.com/bar", "http://test.com/"});
            registerApp(this.consumer.consumerKey, this.consumer.consumerSecret, false);
            String hostRelativeURI = getHostRelativeURI(addParamToQuery(this.authorizeURL, "oauth_callback", "http://test.com/callback"));
            Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
            assertTrue(matcher.find());
            String group = matcher.group(0);
            HttpMethod makeRestCall = RestTestHelper.makeRestCall("", "POST", String.valueOf(getRepositoryURI()) + "service/com.ibm.team.repository.service.internal.oauth.IOAuthRestService/setConsumerTrusted?trusted=true&consumerKey=" + this.consumer.consumerKey, "TestJazzAdmin1");
            try {
                assertEquals("HTTP status", 200, makeRestCall.getStatusCode());
                makeRestCall.releaseConnection();
                GetMethod getMethod = new GetMethod(hostRelativeURI);
                getMethod.setFollowRedirects(false);
                try {
                    assertEquals("HTTP status", 302, executeMethodWithAuthorization(getMethod, true));
                    Header responseHeader = getMethod.getResponseHeader("Location");
                    assertNotNull("Location header", responseHeader);
                    assertEquals("Location value", String.valueOf("http://test.com/callback") + "?" + group, responseHeader.getValue());
                    getMethod.releaseConnection();
                } catch (Throwable th) {
                    getMethod.releaseConnection();
                    throw th;
                }
            } catch (Throwable th2) {
                makeRestCall.releaseConnection();
                throw th2;
            }
        } finally {
            clearRegisteredApps();
            clearTrustedAuthWhitelist();
        }
    }

    public void testTrustedAuthorizationBehavior01c_2() throws Exception {
        try {
            setTrustedAuthWhitelist(new String[]{"http://foo.com/foo", "http://bar.com/bar", "http://test.com"});
            registerApp(this.consumer.consumerKey, this.consumer.consumerSecret, false);
            String hostRelativeURI = getHostRelativeURI(addParamToQuery(this.authorizeURL, "oauth_callback", "http://test.com/callback"));
            Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
            assertTrue(matcher.find());
            String group = matcher.group(0);
            HttpMethod makeRestCall = RestTestHelper.makeRestCall("", "POST", String.valueOf(getRepositoryURI()) + "service/com.ibm.team.repository.service.internal.oauth.IOAuthRestService/setConsumerTrusted?trusted=true&consumerKey=" + this.consumer.consumerKey, "TestJazzAdmin1");
            try {
                assertEquals("HTTP status", 200, makeRestCall.getStatusCode());
                makeRestCall.releaseConnection();
                GetMethod getMethod = new GetMethod(hostRelativeURI);
                getMethod.setFollowRedirects(false);
                try {
                    assertEquals("HTTP status", 302, executeMethodWithAuthorization(getMethod, true));
                    Header responseHeader = getMethod.getResponseHeader("Location");
                    assertNotNull("Location header", responseHeader);
                    assertEquals("Location value", String.valueOf("http://test.com/callback") + "?" + group, responseHeader.getValue());
                    getMethod.releaseConnection();
                } catch (Throwable th) {
                    getMethod.releaseConnection();
                    throw th;
                }
            } catch (Throwable th2) {
                makeRestCall.releaseConnection();
                throw th2;
            }
        } finally {
            clearRegisteredApps();
            clearTrustedAuthWhitelist();
        }
    }

    public void testTrustedAuthorizationBehavior01c_3() throws Exception {
        try {
            setTrustedAuthWhitelist(new String[]{"http://foo.com/foo", "http://bar.com/bar", String.valueOf("http://test.com/callback") + "/"});
            registerApp(this.consumer.consumerKey, this.consumer.consumerSecret, false);
            String hostRelativeURI = getHostRelativeURI(addParamToQuery(this.authorizeURL, "oauth_callback", "http://test.com/callback"));
            Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
            assertTrue(matcher.find());
            String group = matcher.group(0);
            HttpMethod makeRestCall = RestTestHelper.makeRestCall("", "POST", String.valueOf(getRepositoryURI()) + "service/com.ibm.team.repository.service.internal.oauth.IOAuthRestService/setConsumerTrusted?trusted=true&consumerKey=" + this.consumer.consumerKey, "TestJazzAdmin1");
            try {
                assertEquals("HTTP status", 200, makeRestCall.getStatusCode());
                makeRestCall.releaseConnection();
                GetMethod getMethod = new GetMethod(hostRelativeURI);
                getMethod.setFollowRedirects(false);
                try {
                    assertEquals("HTTP status", 302, executeMethodWithAuthorization(getMethod, true));
                    Header responseHeader = getMethod.getResponseHeader("Location");
                    assertNotNull("Location header", responseHeader);
                    assertEquals("Location value", String.valueOf("http://test.com/callback") + "?" + group, responseHeader.getValue());
                    getMethod.releaseConnection();
                } catch (Throwable th) {
                    getMethod.releaseConnection();
                    throw th;
                }
            } catch (Throwable th2) {
                makeRestCall.releaseConnection();
                throw th2;
            }
        } finally {
            clearRegisteredApps();
            clearTrustedAuthWhitelist();
        }
    }

    public void testTrustedAuthorizationBehavior01c_4() throws Exception {
        try {
            setTrustedAuthWhitelist(new String[]{"http://foo.com/foo", "http://bar.com/bar", UriUtil.encode("http://test.com/callback,subdelim")});
            registerApp(this.consumer.consumerKey, this.consumer.consumerSecret, false);
            String hostRelativeURI = getHostRelativeURI(addParamToQuery(this.authorizeURL, "oauth_callback", "http://test.com/callback,subdelim"));
            Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
            assertTrue(matcher.find());
            String group = matcher.group(0);
            HttpMethod makeRestCall = RestTestHelper.makeRestCall("", "POST", String.valueOf(getRepositoryURI()) + "service/com.ibm.team.repository.service.internal.oauth.IOAuthRestService/setConsumerTrusted?trusted=true&consumerKey=" + this.consumer.consumerKey, "TestJazzAdmin1");
            try {
                assertEquals("HTTP status", 200, makeRestCall.getStatusCode());
                makeRestCall.releaseConnection();
                GetMethod getMethod = new GetMethod(hostRelativeURI);
                getMethod.setFollowRedirects(false);
                try {
                    assertEquals("HTTP status", 302, executeMethodWithAuthorization(getMethod, true));
                    Header responseHeader = getMethod.getResponseHeader("Location");
                    assertNotNull("Location header", responseHeader);
                    assertEquals("Location value", String.valueOf("http://test.com/callback,subdelim") + "?" + group, responseHeader.getValue());
                    getMethod.releaseConnection();
                } catch (Throwable th) {
                    getMethod.releaseConnection();
                    throw th;
                }
            } catch (Throwable th2) {
                makeRestCall.releaseConnection();
                throw th2;
            }
        } finally {
            clearRegisteredApps();
            clearTrustedAuthWhitelist();
        }
    }

    public void testTrustedAuthorizationBehavior01d() throws Exception {
        try {
            setTrustedAuthWhitelist(new String[]{"http://foo.com/callback", "http://bar.com/callback"});
            registerApp(this.consumer.consumerKey, this.consumer.consumerSecret, false);
            String hostRelativeURI = getHostRelativeURI(addParamToQuery(this.authorizeURL, "oauth_callback", "http://test.com/callback"));
            HttpMethod makeRestCall = RestTestHelper.makeRestCall("", "POST", String.valueOf(getRepositoryURI()) + "service/com.ibm.team.repository.service.internal.oauth.IOAuthRestService/setConsumerTrusted?trusted=true&consumerKey=" + this.consumer.consumerKey, "TestJazzAdmin1");
            try {
                assertEquals("HTTP status", 200, makeRestCall.getStatusCode());
                makeRestCall.releaseConnection();
                GetMethod getMethod = new GetMethod(hostRelativeURI);
                getMethod.setFollowRedirects(false);
                try {
                    assertEquals("HTTP status", 200, executeMethodWithAuthorization(getMethod, true));
                    assertTrue(getMethod.getResponseBodyAsString().contains("OAuth Consumer Authorization"));
                    getMethod.releaseConnection();
                } catch (Throwable th) {
                    getMethod.releaseConnection();
                    throw th;
                }
            } catch (Throwable th2) {
                makeRestCall.releaseConnection();
                throw th2;
            }
        } finally {
            clearRegisteredApps();
            clearTrustedAuthWhitelist();
        }
    }

    public void testTrustedAuthorizationBehavior01e() throws Exception {
        try {
            setTrustedAuthWhitelist(new String[]{"http://foo.com/callback", "http://bar.com/callback"});
            String hostRelativeURI = getHostRelativeURI(addParamToQuery(this.authorizeURL, "oauth_callback", "http://test.com/callback"));
            HttpMethod makeRestCall = RestTestHelper.makeRestCall("", "POST", String.valueOf(getRepositoryURI()) + "service/com.ibm.team.repository.service.internal.oauth.IOAuthRestService/setConsumerTrusted?trusted=true&consumerKey=" + this.consumer.consumerKey, "TestJazzAdmin1");
            try {
                assertEquals("HTTP status", 200, makeRestCall.getStatusCode());
                makeRestCall.releaseConnection();
                GetMethod getMethod = new GetMethod(hostRelativeURI);
                getMethod.setFollowRedirects(false);
                try {
                    assertEquals("HTTP status", 200, executeMethodWithAuthorization(getMethod, true));
                    assertTrue(getMethod.getResponseBodyAsString().contains("OAuth Consumer Authorization"));
                    getMethod.releaseConnection();
                } catch (Throwable th) {
                    getMethod.releaseConnection();
                    throw th;
                }
            } catch (Throwable th2) {
                makeRestCall.releaseConnection();
                throw th2;
            }
        } finally {
            clearRegisteredApps();
        }
    }

    public void testTrustedAuthorizationBehavior01f() throws Exception {
        try {
            String str = String.valueOf(registerApp(this.consumer.consumerKey, this.consumer.consumerSecret, false).getPublicUri()) + "/anotherSegment";
            String hostRelativeURI = getHostRelativeURI(addParamToQuery(this.authorizeURL, "oauth_callback", str));
            Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
            assertTrue(matcher.find());
            String group = matcher.group(0);
            HttpMethod makeRestCall = RestTestHelper.makeRestCall("", "POST", String.valueOf(getRepositoryURI()) + "service/com.ibm.team.repository.service.internal.oauth.IOAuthRestService/setConsumerTrusted?trusted=true&consumerKey=" + this.consumer.consumerKey, "TestJazzAdmin1");
            try {
                assertEquals("HTTP status", 200, makeRestCall.getStatusCode());
                makeRestCall.releaseConnection();
                GetMethod getMethod = new GetMethod(hostRelativeURI);
                getMethod.setFollowRedirects(false);
                try {
                    assertEquals("HTTP status", 302, executeMethodAsUser(getMethod, true, "TestJazzUser1"));
                    Header responseHeader = getMethod.getResponseHeader("Location");
                    assertNotNull("Location header", responseHeader);
                    assertEquals("Location value", String.valueOf(str) + "?" + group, responseHeader.getValue());
                    getMethod.releaseConnection();
                } catch (Throwable th) {
                    getMethod.releaseConnection();
                    throw th;
                }
            } catch (Throwable th2) {
                makeRestCall.releaseConnection();
                throw th2;
            }
        } finally {
            clearRegisteredApps();
        }
    }

    public void testTrustedAuthorizationBehavior01g() throws Exception {
        try {
            setTrustedAuthWhitelist(new String[]{"http://foo.com/foo", "http://bar.com/bar", "http://test.com/callback"});
            registerApp(this.consumer.consumerKey, this.consumer.consumerSecret, false);
            String hostRelativeURI = getHostRelativeURI(addParamToQuery(this.authorizeURL, "oauth_callback", "http://test.com/callback"));
            Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
            assertTrue(matcher.find());
            String group = matcher.group(0);
            HttpMethod makeRestCall = RestTestHelper.makeRestCall("", "POST", String.valueOf(getRepositoryURI()) + "service/com.ibm.team.repository.service.internal.oauth.IOAuthRestService/setConsumerTrusted?trusted=true&consumerKey=" + this.consumer.consumerKey, "TestJazzAdmin1");
            try {
                assertEquals("HTTP status", 200, makeRestCall.getStatusCode());
                makeRestCall.releaseConnection();
                GetMethod getMethod = new GetMethod(hostRelativeURI);
                getMethod.setFollowRedirects(false);
                try {
                    assertEquals("HTTP status", 302, executeMethodAsUser(getMethod, true, "TestJazzUser1"));
                    Header responseHeader = getMethod.getResponseHeader("Location");
                    assertNotNull("Location header", responseHeader);
                    assertEquals("Location value", String.valueOf("http://test.com/callback") + "?" + group, responseHeader.getValue());
                    getMethod.releaseConnection();
                } catch (Throwable th) {
                    getMethod.releaseConnection();
                    throw th;
                }
            } catch (Throwable th2) {
                makeRestCall.releaseConnection();
                throw th2;
            }
        } finally {
            clearRegisteredApps();
            clearTrustedAuthWhitelist();
        }
    }

    public void testCallbackNeedsEncoding() throws Exception {
        String hostRelativeURI = getHostRelativeURI(addParamToQuery(addParamToQuery(this.authorizeURL, "oauth_callback", "http://test.com/callback%20callback"), "authorize", "true"));
        Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
        assertTrue(matcher.find());
        String group = matcher.group(0);
        PostMethod postMethod = new PostMethod(hostRelativeURI);
        postMethod.setFollowRedirects(false);
        try {
            assertEquals("HTTP status", 302, executeMethodWithAuthorization(postMethod, true));
            Header responseHeader = postMethod.getResponseHeader("Location");
            assertNotNull("Location header", responseHeader);
            assertEquals("Location value", String.valueOf("http://test.com/callback%20callback") + "?" + group, responseHeader.getValue());
        } finally {
            postMethod.releaseConnection();
        }
    }

    public void testCallbackNeedsEncoding01a() throws Exception {
        String hostRelativeURI = getHostRelativeURI(addParamToQuery(getAuthorizationUrl("http://test.com/callback%20callback"), "authorize", "true"));
        Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
        assertTrue(matcher.find());
        String group = matcher.group(1);
        PostMethod postMethod = new PostMethod(hostRelativeURI);
        postMethod.setFollowRedirects(false);
        try {
            assertEquals("HTTP status", 302, executeMethodWithAuthorization(postMethod, true));
            Header responseHeader = postMethod.getResponseHeader("Location");
            assertNotNull("Location header", responseHeader);
            URI uri = new URI(responseHeader.getValue());
            String uri2 = uri.toString();
            assertEquals("Location value basename", "http://test.com/callback%20callback", uri2.substring(0, uri2.indexOf(63)));
            List<NameValuePair> parse = URLEncodedUtils.parse(uri, "UTF-8");
            assertEquals("oauth_token name/redirect", "oauth_token", parse.get(0).getName());
            assertEquals("oauth_token value/redirect", group, parse.get(0).getValue());
            assertEquals("oauth_verifier name/redirect", "oauth_verifier", parse.get(1).getName());
        } finally {
            postMethod.releaseConnection();
        }
    }

    public void testCallbackNeedsEncodingWithParams() throws Exception {
        String hostRelativeURI = getHostRelativeURI(addParamToQuery(addParamToQuery(this.authorizeURL, "oauth_callback", "http://test.com/callback%20callback?param1=val1&param2=val%202"), "authorize", "true"));
        Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
        assertTrue(matcher.find());
        String group = matcher.group(0);
        PostMethod postMethod = new PostMethod(hostRelativeURI);
        postMethod.setFollowRedirects(false);
        try {
            assertEquals("HTTP status", 302, executeMethodWithAuthorization(postMethod, true));
            Header responseHeader = postMethod.getResponseHeader("Location");
            assertNotNull("Location header", responseHeader);
            assertEquals("Location value", String.valueOf("http://test.com/callback%20callback?param1=val1&param2=val%202") + "&" + group, responseHeader.getValue());
        } finally {
            postMethod.releaseConnection();
        }
    }

    public void testCallbackNeedsEncodingWithParams01a() throws Exception {
        String hostRelativeURI = getHostRelativeURI(addParamToQuery(getAuthorizationUrl("http://test.com/callback%20callback?param1=val1&param2=val%202"), "authorize", "true"));
        Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
        assertTrue(matcher.find());
        String group = matcher.group(1);
        PostMethod postMethod = new PostMethod(hostRelativeURI);
        postMethod.setFollowRedirects(false);
        try {
            assertEquals("HTTP status", 302, executeMethodWithAuthorization(postMethod, true));
            Header responseHeader = postMethod.getResponseHeader("Location");
            assertNotNull("Location header", responseHeader);
            List<NameValuePair> parse = URLEncodedUtils.parse(new URI(responseHeader.getValue()), "UTF-8");
            assertEquals("oauth_token name/redirect", "oauth_token", parse.get(2).getName());
            assertEquals("oauth_token value/redirect", group, parse.get(2).getValue());
            assertEquals("oauth_verifier name/redirect", "oauth_verifier", parse.get(3).getName());
        } finally {
            postMethod.releaseConnection();
        }
    }

    public void testCallbackHasEncodedReservedCharsInArgs() throws Exception {
        String hostRelativeURI = getHostRelativeURI(addParamToQuery(addParamToQuery(this.authorizeURL, "oauth_callback", "http://test.com/callback%20callback?param1=val1&param2=%24%26%2B%2C%2F%3A%3B%3D%3F%40%7E%2A"), "authorize", "true"));
        Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
        assertTrue(matcher.find());
        String group = matcher.group(0);
        PostMethod postMethod = new PostMethod(hostRelativeURI);
        postMethod.setFollowRedirects(false);
        try {
            assertEquals("HTTP status", 302, executeMethodWithAuthorization(postMethod, true));
            Header responseHeader = postMethod.getResponseHeader("Location");
            assertNotNull("Location header", responseHeader);
            assertEquals("Location value", String.valueOf("http://test.com/callback%20callback?param1=val1&param2=%24%26%2B%2C%2F%3A%3B%3D%3F%40%7E%2A") + "&" + group, responseHeader.getValue());
        } finally {
            postMethod.releaseConnection();
        }
    }

    public void testCallbackHasEncodedReservedCharsInArgs01a() throws Exception {
        String hostRelativeURI = getHostRelativeURI(addParamToQuery(getAuthorizationUrl("http://test.com/callback%20callback?param1=val1&param2=%24%26%2B%2C%2F%3A%3B%3D%3F%40%7E%2A"), "authorize", "true"));
        Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
        assertTrue(matcher.find());
        String group = matcher.group(1);
        PostMethod postMethod = new PostMethod(hostRelativeURI);
        postMethod.setFollowRedirects(false);
        try {
            assertEquals("HTTP status", 302, executeMethodWithAuthorization(postMethod, true));
            Header responseHeader = postMethod.getResponseHeader("Location");
            assertNotNull("Location header", responseHeader);
            List<NameValuePair> parse = URLEncodedUtils.parse(new URI(responseHeader.getValue()), "UTF-8");
            assertEquals("oauth_token name/redirect", "oauth_token", parse.get(2).getName());
            assertEquals("oauth_token value/redirect", group, parse.get(2).getValue());
            assertEquals("oauth_verifier name/redirect", "oauth_verifier", parse.get(3).getName());
        } finally {
            postMethod.releaseConnection();
        }
    }

    public void testCallbackContainsEscapedURL() throws Exception {
        String hostRelativeURI = getHostRelativeURI(addParamToQuery(addParamToQuery(this.authorizeURL, "oauth_callback", "https://127.0.0.1:9443/jazz/_proxy/https%3A%2F%2Flocalhost%3A9444%2Fjazz%2Fservice%2Fcom.ibm.team.repository.service.internal.ILicenseAdminRestService%2FlicenseInfo"), "authorize", "true"));
        Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
        assertTrue(matcher.find());
        String group = matcher.group(0);
        PostMethod postMethod = new PostMethod(hostRelativeURI);
        postMethod.setFollowRedirects(false);
        try {
            assertEquals("HTTP status", 302, executeMethodWithAuthorization(postMethod, true));
            Header responseHeader = postMethod.getResponseHeader("Location");
            assertNotNull("Location header", responseHeader);
            assertEquals("Location value", String.valueOf("https://127.0.0.1:9443/jazz/_proxy/https%3A%2F%2Flocalhost%3A9444%2Fjazz%2Fservice%2Fcom.ibm.team.repository.service.internal.ILicenseAdminRestService%2FlicenseInfo") + "?" + group, responseHeader.getValue());
        } finally {
            postMethod.releaseConnection();
        }
    }

    public void testCallbackContainsEscapedURL01a() throws Exception {
        String hostRelativeURI = getHostRelativeURI(addParamToQuery(getAuthorizationUrl("https://127.0.0.1:9443/jazz/_proxy/https%3A%2F%2Flocalhost%3A9444%2Fjazz%2Fservice%2Fcom.ibm.team.repository.service.internal.ILicenseAdminRestService%2FlicenseInfo"), "authorize", "true"));
        Matcher matcher = this.EXTRACT_OAUTH_TOKEN.matcher(hostRelativeURI);
        assertTrue(matcher.find());
        String group = matcher.group(1);
        PostMethod postMethod = new PostMethod(hostRelativeURI);
        postMethod.setFollowRedirects(false);
        try {
            assertEquals("HTTP status", 302, executeMethodWithAuthorization(postMethod, true));
            Header responseHeader = postMethod.getResponseHeader("Location");
            assertNotNull("Location header", responseHeader);
            URI uri = new URI(responseHeader.getValue());
            String uri2 = uri.toString();
            assertEquals("Location value basename", "https://127.0.0.1:9443/jazz/_proxy/https%3A%2F%2Flocalhost%3A9444%2Fjazz%2Fservice%2Fcom.ibm.team.repository.service.internal.ILicenseAdminRestService%2FlicenseInfo", uri2.substring(0, uri2.indexOf(63)));
            List<NameValuePair> parse = URLEncodedUtils.parse(uri, "UTF-8");
            assertEquals("oauth_token name/redirect", "oauth_token", parse.get(0).getName());
            assertEquals("oauth_token value/redirect", group, parse.get(0).getValue());
            assertEquals("oauth_verifier name/redirect", "oauth_verifier", parse.get(1).getName());
        } finally {
            postMethod.releaseConnection();
        }
    }

    private FriendsClient.RegisteredApp registerApp(String str, String str2, boolean z) throws Exception {
        RemoteTeamServer newTeamServerFromURL = TeamServerFactory.INSTANCE.newTeamServerFromURL(getRepositoryURI());
        newTeamServerFromURL.setCredentials("TestJazzAdmin1", "password");
        FriendsClient friendsClient = new FriendsClient(new TeamRawRestServiceClient(newTeamServerFromURL), getRepositoryURI());
        FriendsClient.RegisteredApp addInternalFriend = friendsClient.addInternalFriend(friendsClient.getRootServicesUrl(), str, str2, z);
        newTeamServerFromURL.closeConnections();
        if (addInternalFriend == null) {
            fail("Unexpected failure retrieving application id");
        }
        return addInternalFriend;
    }

    private void clearRegisteredApps() throws Exception {
        RemoteTeamServer newTeamServerFromURL = TeamServerFactory.INSTANCE.newTeamServerFromURL(getRepositoryURI());
        newTeamServerFromURL.setCredentials("TestJazzAdmin1", "password");
        new FriendsClient(new TeamRawRestServiceClient(newTeamServerFromURL), getRepositoryURI()).clearFriendsConfiguration();
        newTeamServerFromURL.closeConnections();
    }

    private void clearTrustedAuthWhitelist() throws Exception {
        RemoteTeamServer newTeamServerFromURL = TeamServerFactory.INSTANCE.newTeamServerFromURL(getRepositoryURI());
        newTeamServerFromURL.setCredentials("TestJazzAdmin1", "password");
        try {
            new TrustedCallbackConfigClient(new TeamRawRestServiceClient(newTeamServerFromURL), getRepositoryURI()).setAuthorizedCallbacksWhiteList(new String[]{""});
        } finally {
            newTeamServerFromURL.closeConnections();
        }
    }

    private void setTrustedAuthWhitelist(String[] strArr) throws Exception {
        RemoteTeamServer newTeamServerFromURL = TeamServerFactory.INSTANCE.newTeamServerFromURL(getRepositoryURI());
        newTeamServerFromURL.setCredentials("TestJazzAdmin1", "password");
        try {
            new TrustedCallbackConfigClient(new TeamRawRestServiceClient(newTeamServerFromURL), getRepositoryURI()).setAuthorizedCallbacksWhiteList(strArr);
        } finally {
            newTeamServerFromURL.closeConnections();
        }
    }
}
