package com.atlassian.crowd.acceptance.tests.applications.crowdid.server;

import com.atlassian.crowd.acceptance.tests.BaseUrlFromProperties;
import com.google.common.collect.ImmutableMap;
import com.sun.jersey.api.uri.UriBuilderImpl;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriBuilder;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Description;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.hamcrest.TypeSafeMatcher;
import org.hamcrest.collection.IsCollectionWithSize;
import org.hamcrest.core.AnyOf;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.openid4java.association.Association;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.discovery.Discovery;
import org.openid4java.discovery.DiscoveryException;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.util.HttpCache;
import org.openid4java.util.HttpResponse;

/* loaded from: input_file:com/atlassian/crowd/acceptance/tests/applications/crowdid/server/OpenIDServerTestWithOpenID2.class */
public class OpenIDServerTestWithOpenID2 {
    private String baseUrl;

    @Before
    public void findBaseUrlForApplication() {
        this.baseUrl = BaseUrlFromProperties.withLocalTestProperties().baseUrlFor("crowdid");
    }

    private String getOpEndpoint() {
        return this.baseUrl + "/op";
    }

    @Test
    public void testOpenId2ResourceHasCorrectMediaType() throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(getOpEndpoint()).openConnection();
        try {
            Assert.assertEquals(200L, httpURLConnection.getResponseCode());
            MediaType valueOf = MediaType.valueOf(httpURLConnection.getContentType());
            Assert.assertEquals("application/xrds+xml", valueOf.getType() + "/" + valueOf.getSubtype());
            Assert.assertThat("There should be no parameters, except for a possible redundant charset declaration", valueOf.getParameters(), AnyOf.anyOf(CoreMatchers.is(Collections.emptyMap()), CoreMatchers.is(ImmutableMap.of("charset", "UTF-8"))));
            httpURLConnection.getInputStream().close();
        } catch (Throwable th) {
            httpURLConnection.getInputStream().close();
            throw th;
        }
    }

    @Test
    public void testOpenId2ResourceIsDiscoverable() throws DiscoveryException {
        List discover = new Discovery().discover(getOpEndpoint());
        Assert.assertThat(discover, IsCollectionWithSize.hasSize(1));
        DiscoveryInformation discoveryInformation = (DiscoveryInformation) discover.get(0);
        Assert.assertEquals(getOpEndpoint(), discoveryInformation.getOPEndpoint().toString());
        Assert.assertNull(discoveryInformation.getClaimedIdentifier());
        Assert.assertEquals("http://specs.openid.net/auth/2.0/server", discoveryInformation.getVersion());
        Assert.assertTrue(discoveryInformation.isVersion2());
    }

    @Test
    public void ableToAssociateWithProvider() throws Exception {
        ConsumerManager consumerManager = new ConsumerManager();
        Assert.assertTrue(consumerManager.associate(consumerManager.discover(getOpEndpoint())).isVersion2());
        Association load = consumerManager.getAssociations().load(getOpEndpoint());
        Assert.assertNotNull(load);
        Assert.assertThat(Long.valueOf(load.getExpiry().getTime() - System.currentTimeMillis()), Matchers.greaterThan(Long.valueOf(TimeUnit.MINUTES.toMillis(10L))));
        Assert.assertEquals("HMAC-SHA256", load.getType());
    }

    @Test
    public void authenticationRequestProvidesPromptForUserAuthentication() throws Exception {
        ConsumerManager consumerManager = new ConsumerManager();
        consumerManager.associate(consumerManager.discover(getOpEndpoint()));
        HttpCache httpCache = new HttpCache();
        ImmutableMap.Builder builder = ImmutableMap.builder();
        builder.put("openid.ns", "http://specs.openid.net/auth/2.0");
        builder.put("openid.mode", "checkid_setup");
        builder.put("openid.claimed_id", getOpEndpoint());
        builder.put("openid.identity", "http://specs.openid.net/auth/2.0/identifier_select");
        builder.put("openid.assoc_handle", consumerManager.getAssociations().load(getOpEndpoint()).getHandle());
        builder.put("openid.return_to", "http://localhost/return-to");
        HttpResponse post = httpCache.post(getOpEndpoint(), builder.build());
        Assert.assertEquals(302L, post.getStatusCode());
        Assert.assertEquals(this.baseUrl + "/secure/interaction/allowauthentication.action", post.getResponseHeader("Location").getValue());
    }

    @Test
    public void authenticationRequestFailsWhenRealmDoesNotMatchReturnToUrl() throws Exception {
        ConsumerManager consumerManager = new ConsumerManager();
        consumerManager.associate(consumerManager.discover(getOpEndpoint()));
        HttpCache httpCache = new HttpCache();
        ImmutableMap.Builder builder = ImmutableMap.builder();
        builder.put("openid.ns", "http://specs.openid.net/auth/2.0");
        builder.put("openid.mode", "checkid_setup");
        builder.put("openid.claimed_id", getOpEndpoint());
        builder.put("openid.identity", "http://specs.openid.net/auth/2.0/identifier_select");
        builder.put("openid.assoc_handle", consumerManager.getAssociations().load(getOpEndpoint()).getHandle());
        builder.put("openid.return_to", "http://example.test/return-to");
        builder.put("openid.realm", "http://localhost/");
        HttpResponse post = httpCache.post(getOpEndpoint(), builder.build());
        Assert.assertEquals(400L, post.getStatusCode());
        Assert.assertThat(post.getBody(), Matchers.containsString("AuthRequest could not be reconstructed from RequestParameters"));
    }

    @Test
    public void authenticationRequestPassesWhenRealmIsProvidedAndMatchesReturnToUrl() throws Exception {
        ConsumerManager consumerManager = new ConsumerManager();
        consumerManager.associate(consumerManager.discover(getOpEndpoint()));
        HttpCache httpCache = new HttpCache();
        ImmutableMap.Builder builder = ImmutableMap.builder();
        builder.put("openid.ns", "http://specs.openid.net/auth/2.0");
        builder.put("openid.mode", "checkid_setup");
        builder.put("openid.claimed_id", getOpEndpoint());
        builder.put("openid.identity", "http://specs.openid.net/auth/2.0/identifier_select");
        builder.put("openid.assoc_handle", consumerManager.getAssociations().load(getOpEndpoint()).getHandle());
        builder.put("openid.return_to", "http://www.example.test/return-to");
        builder.put("openid.realm", "http://*.example.test/");
        HttpResponse post = httpCache.post(getOpEndpoint(), builder.build());
        Assert.assertEquals(302L, post.getStatusCode());
        Assert.assertEquals(this.baseUrl + "/secure/interaction/allowauthentication.action", post.getResponseHeader("Location").getValue());
    }

    @Test
    public void authenticationRequestRedirectedAsGetProvidesPromptForUserAuthentication() throws Exception {
        ConsumerManager consumerManager = new ConsumerManager();
        consumerManager.associate(consumerManager.discover(getOpEndpoint()));
        ImmutableMap.Builder builder = ImmutableMap.builder();
        builder.put("openid.ns", "http://specs.openid.net/auth/2.0");
        builder.put("openid.mode", "checkid_setup");
        builder.put("openid.claimed_id", getOpEndpoint());
        builder.put("openid.identity", "http://specs.openid.net/auth/2.0/identifier_select");
        builder.put("openid.assoc_handle", consumerManager.getAssociations().load(getOpEndpoint()).getHandle());
        builder.put("openid.return_to", "http://localhost/return-to");
        UriBuilder fromUri = UriBuilderImpl.fromUri(getOpEndpoint());
        Iterator it = builder.build().entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry entry = (Map.Entry) it.next();
            fromUri.queryParam((String) entry.getKey(), new Object[]{entry.getValue()});
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) fromUri.build(new Object[0]).toURL().openConnection();
        httpURLConnection.setInstanceFollowRedirects(false);
        Assert.assertEquals(302L, httpURLConnection.getResponseCode());
        Assert.assertEquals(this.baseUrl + "/secure/interaction/allowauthentication.action", httpURLConnection.getHeaderField("Location"));
    }

    @Test
    public void userIdentityPageIsServedAsHtmlByDefault() throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(this.baseUrl + "/users/admin").openConnection();
        try {
            Assert.assertEquals(200L, httpURLConnection.getResponseCode());
            MediaType valueOf = MediaType.valueOf(httpURLConnection.getContentType());
            Assert.assertEquals("text/html", valueOf.getType() + "/" + valueOf.getSubtype());
            Assert.assertThat("There should be no parameters, except for a possible redundant charset declaration", valueOf.getParameters(), AnyOf.anyOf(CoreMatchers.is(Collections.emptyMap()), CoreMatchers.is(ImmutableMap.of("charset", "UTF-8"))));
            httpURLConnection.getInputStream().close();
        } catch (Throwable th) {
            httpURLConnection.getInputStream().close();
            throw th;
        }
    }

    @Test
    public void discoveryOfUserIdentifierFindsSignons() throws DiscoveryException {
        Discovery discovery = new Discovery();
        String str = this.baseUrl + "/users/admin";
        List discover = discovery.discover(str);
        Assert.assertThat(discover, CoreMatchers.hasItem(openIdWithVersionEndpointAndClaimedId("http://openid.net/signon/1.1", this.baseUrl + "/server.openid", str)));
        Assert.assertThat(discover, CoreMatchers.hasItem(openIdWithVersionEndpointAndClaimedId("http://specs.openid.net/auth/2.0/signon", getOpEndpoint(), str)));
    }

    public static Matcher<DiscoveryInformation> openIdWithVersionEndpointAndClaimedId(final String str, final String str2, final String str3) {
        return new TypeSafeMatcher<DiscoveryInformation>(DiscoveryInformation.class) { // from class: com.atlassian.crowd.acceptance.tests.applications.crowdid.server.OpenIDServerTestWithOpenID2.1
            public void describeTo(Description description) {
                description.appendText("A version '" + str + "' identifier with endpoint '" + str2 + "' and claimed ID '" + str3 + "'");
            }

            /* JADX INFO: Access modifiers changed from: protected */
            public boolean matchesSafely(DiscoveryInformation discoveryInformation) {
                return discoveryInformation.getVersion().equals(str) && discoveryInformation.getOPEndpoint().toString().equals(str2) && discoveryInformation.getClaimedIdentifier().toString().equals(str3);
            }
        };
    }
}
