package com.atlassian.crowd.acceptance.tests.applications.crowdid.client;

import com.atlassian.crowd.acceptance.tests.BaseUrlFromProperties;
import com.google.common.base.Functions;
import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.ResourceBundle;
import net.sourceforge.jwebunit.api.IElement;
import org.apache.commons.lang3.StringUtils;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Matchers;
import org.hamcrest.collection.IsMapContaining;
import org.junit.Assert;

/* loaded from: input_file:com/atlassian/crowd/acceptance/tests/applications/crowdid/client/OpenIDAuthenticationTest.class */
public class OpenIDAuthenticationTest extends CrowdIDClientAcceptanceTestCase {
    protected String OPENIDSERVER_LOGIN_URL_ADMIN;
    protected String OPENID_SERVER_URL;
    private String OPENID_CLIENT_REALM;
    protected static final String SERVER_NAME = "crowdid";
    private static final ResourceBundle openIdServerI18n = ResourceBundle.getBundle("com.atlassian.crowd.openid.server.action.BaseAction");

    @Override // com.atlassian.crowd.acceptance.tests.ApplicationAcceptanceTestCase
    public void setUp() throws Exception {
        super.setUp();
        loginToCrowd();
        restoreCrowdFromXML("openidauthtest.xml");
        logoutFromCrowd();
        BaseUrlFromProperties withLocalTestProperties = BaseUrlFromProperties.withLocalTestProperties();
        this.OPENID_CLIENT_REALM = withLocalTestProperties.baseUrlFor(getApplicationName());
        this.OPENID_SERVER_URL = withLocalTestProperties.baseUrlFor(SERVER_NAME);
        this.OPENIDSERVER_LOGIN_URL_ADMIN = this.OPENID_SERVER_URL + "/users/admin";
        tearDownApprovedSitesForAdmin();
    }

    public void tearDownApprovedSitesForAdmin() {
        gotoPage(this.OPENID_SERVER_URL + "/secure/interaction/editallowalways!default.action");
        assertAtServerLoginPage();
        setTextField("username", "admin");
        setTextField("password", "admin");
        setScriptingEnabled(true);
        submit();
        assertTitleEquals("Atlassian CrowdID - " + openIdServerText("allow.edit.title"));
        List elementsByXPath = getElementsByXPath("//img[@title='" + openIdServerText("allow.edit.removesite.label") + "']");
        if (!elementsByXPath.isEmpty()) {
            Iterator it = elementsByXPath.iterator();
            while (it.hasNext()) {
                clickElementByXPath("id('" + ((IElement) it.next()).getAttribute("id") + "')");
            }
            clickButtonWithText("Apply");
            Assert.assertThat(getElementTextByXPath("//p[@class='successBox']"), equalToIgnoringWhiteSpace(openIdServerText("updatesuccessful.label")));
        }
        gotoPage(this.OPENID_SERVER_URL + "/logoff.action");
        assertAtServerLoginPage();
    }

    protected void assertAtClientLoginPage() {
        assertKeyPresent("login.title");
        assertKeyNotPresent("menu.logout.label");
        assertKeyNotPresent("menu.profile.label");
    }

    protected void assertAtServerLoginPage() {
        assertTitleEquals("Atlassian CrowdID - " + openIdServerText("login.title"));
    }

    Map<String, String> scrapeKeyValueTable(String str) {
        ImmutableMap.Builder builder = ImmutableMap.builder();
        for (List list : scrapeTable(str, Functions.identity())) {
            assertEquals(2, list.size());
            builder.put(list.get(0), list.get(1));
        }
        return builder.build();
    }

    protected void assertAtServerAllowDenyPage(String str, String str2, String str3, String str4, String str5) {
        assertTitleEquals("Atlassian CrowdID - " + openIdServerText("allow.auth.title"));
        Assert.assertThat(getElementTextById("requestingSite"), equalToIgnoringWhiteSpace(str));
        Assert.assertThat(getElementTextById("requestingIdentity"), equalToIgnoringWhiteSpace(str2));
        Assert.assertThat(getElementTextById("requestingAttributes"), equalToIgnoringWhiteSpace("nickname   email   fullname   dob   gender   postcode   country   language   timezone"));
        Map<String, String> scrapeKeyValueTable = scrapeKeyValueTable("attributeTable");
        Assert.assertThat(scrapeKeyValueTable, IsMapContaining.hasEntry(openIdServerText("sreg.nickname.label"), str3));
        Assert.assertThat(scrapeKeyValueTable, IsMapContaining.hasEntry(openIdServerText("sreg.fullname.label"), str4));
        Assert.assertThat(scrapeKeyValueTable, IsMapContaining.hasEntry(openIdServerText("sreg.email.label"), str5));
        Assert.assertThat(scrapeKeyValueTable, IsMapContaining.hasKey(openIdServerText("sreg.country.label")));
        Assert.assertThat(scrapeKeyValueTable, IsMapContaining.hasKey(openIdServerText("sreg.language.label")));
    }

    protected void assertAtClientProfilePage(String str, String str2, String str3, String str4) {
        assertKeyNotPresent("login.title");
        assertKeyPresent("menu.logout.label");
        assertKeyPresent("menu.profile.label");
        IElement elementByXPath = getElementByXPath("id('identifierTable')/tbody/tr/td/a");
        assertEquals(str, elementByXPath.getTextContent());
        assertEquals(str, elementByXPath.getAttribute("href"));
        assertEquals(scrapeKeyValueTable("identifierTable"), ImmutableMap.of(getText("openid.label"), str));
        Map<String, String> scrapeKeyValueTable = scrapeKeyValueTable("attributesTable");
        Assert.assertThat(scrapeKeyValueTable, IsMapContaining.hasEntry("nickname", str2));
        Assert.assertThat(scrapeKeyValueTable, IsMapContaining.hasEntry("email", str3));
        Assert.assertThat(scrapeKeyValueTable, IsMapContaining.hasEntry("fullname", str4));
        Assert.assertThat(scrapeKeyValueTable, IsMapContaining.hasKey("language"));
        Assert.assertThat(scrapeKeyValueTable, IsMapContaining.hasKey("country"));
    }

    private void submitAndAssertAtServerLoginPage() {
        setScriptingEnabled(true);
        submit();
        assertAtServerLoginPage();
        setScriptingEnabled(false);
    }

    public void testOpenIDAuthenticationAllow() {
        log("Running testOpenIDAuthenticationAllow");
        gotoPage("/");
        assertAtClientLoginPage();
        setTextField("openid_identifier", this.OPENIDSERVER_LOGIN_URL_ADMIN);
        submitAndAssertAtServerLoginPage();
        setTextField("username", "admin");
        setTextField("password", "admin");
        setScriptingEnabled(true);
        submit();
        assertAtServerAllowDenyPage(this.OPENID_CLIENT_REALM, this.OPENIDSERVER_LOGIN_URL_ADMIN, "admin", "Super User", "admin@example.com");
        setScriptingEnabled(false);
        clickLink("allow");
        assertAtClientProfilePage(this.OPENIDSERVER_LOGIN_URL_ADMIN, "admin", "admin@example.com", "Super User");
    }

    public void testOpenIDAuthenticationDeny() {
        log("Running testOpenIDAuthenticationDeny");
        gotoPage("/");
        assertAtClientLoginPage();
        setTextField("openid_identifier", this.OPENIDSERVER_LOGIN_URL_ADMIN);
        submitAndAssertAtServerLoginPage();
        setTextField("username", "admin");
        setTextField("password", "admin");
        setScriptingEnabled(true);
        submit();
        assertAtServerAllowDenyPage(this.OPENID_CLIENT_REALM, this.OPENIDSERVER_LOGIN_URL_ADMIN, "admin", "Super User", "admin@example.com");
        setScriptingEnabled(false);
        clickLink("deny");
        assertAtClientLoginPage();
        assertTextPresent("Authentication Failed: Your OpenID provider was unable to authenticate the OpenID URL. Log in to your OpenID provider and try again.");
    }

    public void testOpenIDAuthenticationFailsWhenUsernamePaddedBeforeFinalSlash() {
        String str = this.OPENID_SERVER_URL + "/users/not/the/admin";
        log("Running testOpenIDAuthenticationDeny");
        gotoPage("/");
        assertAtClientLoginPage();
        setTextField("openid_identifier", str);
        submitAndAssertAtServerLoginPage();
        setTextField("username", "admin");
        setTextField("password", "admin");
        submit();
        assertTextPresent("A request has been made to authenticate an OpenID identifier, different from the one you are logged in as.");
    }

    public void testOpenIDAuthenticationStateless() {
        log("Running testOpenIDAuthenticationStateless");
        gotoPage("/");
        assertAtClientLoginPage();
        setTextField("openid_identifier", this.OPENIDSERVER_LOGIN_URL_ADMIN);
        checkCheckbox("dummyMode");
        submitAndAssertAtServerLoginPage();
        setTextField("username", "admin");
        setTextField("password", "admin");
        submit();
        assertAtServerAllowDenyPage(this.OPENID_CLIENT_REALM, this.OPENIDSERVER_LOGIN_URL_ADMIN, "admin", "Super User", "admin@example.com");
        clickLink("allow");
        assertAtClientProfilePage(this.OPENIDSERVER_LOGIN_URL_ADMIN, "admin", "admin@example.com", "Super User");
    }

    public void testOpenIDAuthenticationStatelessAfterStatefulAuthentication() throws Exception {
        log("Running testOpenIDAuthenticationStatelessAfterStatefulAuthentication");
        assertIsAbleToAuthenticate("admin", "admin", this.OPENIDSERVER_LOGIN_URL_ADMIN, "admin@example.com", "Super User", "/users/admin");
        gotoPage("/logoff.action");
        assertAtClientLoginPage();
        setTextField("openid_identifier", this.OPENIDSERVER_LOGIN_URL_ADMIN);
        checkCheckbox("dummyMode");
        submit();
        assertAtServerAllowDenyPage(this.OPENID_CLIENT_REALM, this.OPENIDSERVER_LOGIN_URL_ADMIN, "admin", "Super User", "admin@example.com");
        clickLink("allow");
        assertAtClientProfilePage(this.OPENIDSERVER_LOGIN_URL_ADMIN, "admin", "admin@example.com", "Super User");
    }

    public void testOpenIDAuthenticationImmediate_fail() {
        log("Running testOpenIDAuthenticationImmediate_fail");
        gotoPage("/");
        assertAtClientLoginPage();
        setTextField("openid_identifier", this.OPENIDSERVER_LOGIN_URL_ADMIN);
        checkCheckbox("checkImmediate");
        setScriptingEnabled(true);
        submit();
        assertAtClientLoginPage();
        setScriptingEnabled(false);
        assertTextPresent("Authentication Failed: Your OpenID provider was unable to authenticate the OpenID URL. Log in to your OpenID provider and try again.");
    }

    private void establishApproveAlwaysForAdmin() {
        gotoPage("/");
        assertAtClientLoginPage();
        setTextField("openid_identifier", this.OPENIDSERVER_LOGIN_URL_ADMIN);
        submitAndAssertAtServerLoginPage();
        setTextField("username", "admin");
        setTextField("password", "admin");
        submit();
        assertAtServerAllowDenyPage(this.OPENID_CLIENT_REALM, this.OPENIDSERVER_LOGIN_URL_ADMIN, "admin", "Super User", "admin@example.com");
        clickLink("allowAlways");
        assertAtClientProfilePage(this.OPENIDSERVER_LOGIN_URL_ADMIN, "admin", "admin@example.com", "Super User");
        gotoPage("/logoff.action");
    }

    public void testOpenIDAuthenticationImmediateSucceedsAfterAllowAlwaysApproval() {
        establishApproveAlwaysForAdmin();
        gotoPage("/");
        assertAtClientLoginPage();
        setTextField("openid_identifier", this.OPENIDSERVER_LOGIN_URL_ADMIN);
        checkCheckbox("checkImmediate");
        setScriptingEnabled(true);
        submit();
        assertAtClientProfilePage(this.OPENIDSERVER_LOGIN_URL_ADMIN, "admin", "admin@example.com", "Super User");
        setScriptingEnabled(false);
    }

    public void testOpenIDClientShouldWorkWithUrlsWhichContainUTF8Characters() throws UnsupportedEncodingException {
        assertIsAbleToAuthenticate("john.tøstinógé", "john", this.OPENID_SERVER_URL + "/users/john.tøstinógé", "john@example.com", "John Tøstinógé", "/users/john.t%C3%B8stin%C3%B3g%C3%A9");
    }

    public void testOpenIDClientShouldWorkWithUrlInEncodedFormat() throws UnsupportedEncodingException {
        assertIsAbleToAuthenticate("john.tøstinógé", "john", this.OPENID_SERVER_URL + "/users/john.t%C3%B8stin%C3%B3g%C3%A9", "john@example.com", "John Tøstinógé", "/users/john.t%C3%B8stin%C3%B3g%C3%A9");
    }

    public void testOpenIDTrimsUrlsBeforeAuthenticatingRequest() {
        gotoPage("/");
        setTextField("openid_identifier", "  " + this.OPENIDSERVER_LOGIN_URL_ADMIN + "   ");
        submitAndAssertAtServerLoginPage();
        setTextField("username", "admin");
        setTextField("password", "admin");
        submit();
        assertAtServerAllowDenyPage(this.OPENID_CLIENT_REALM, this.OPENIDSERVER_LOGIN_URL_ADMIN, "admin", "Super User", "admin@example.com");
        clickLink("allow");
        assertAtClientProfilePage(this.OPENIDSERVER_LOGIN_URL_ADMIN, "admin", "admin@example.com", "Super User");
    }

    private void assertIsAbleToAuthenticate(String str, String str2, String str3, String str4, String str5, String str6) throws UnsupportedEncodingException {
        gotoPage("/");
        assertAtClientLoginPage();
        setTextField("openid_identifier", str3);
        submitAndAssertAtServerLoginPage();
        setTextField("username", str);
        setTextField("password", str2);
        submit();
        String str7 = this.OPENID_SERVER_URL + str6;
        assertAtServerAllowDenyPage(this.OPENID_CLIENT_REALM, str7, str, str5, str4);
        clickLink("allow");
        assertAtClientProfilePage(str7, str, str4, str5);
    }

    private String getOpEndpointUrl() {
        return this.OPENID_SERVER_URL + "/op";
    }

    public void testServerSelectsIdentityForLoggedInUserWhenOpEndpointIsProvided() {
        gotoPage("/");
        assertAtClientLoginPage();
        setTextField("openid_identifier", getOpEndpointUrl());
        setScriptingEnabled(true);
        submitAndAssertAtServerLoginPage();
        setTextField("username", "admin");
        setTextField("password", "admin");
        submit();
        assertAtServerAllowDenyPage(this.OPENID_CLIENT_REALM, this.OPENIDSERVER_LOGIN_URL_ADMIN, "admin", "Super User", "admin@example.com");
        clickLink("allow");
        assertAtClientProfilePage(this.OPENIDSERVER_LOGIN_URL_ADMIN, "admin", "admin@example.com", "Super User");
    }

    public void testServerSelectsIdentityForLoggedInUserWhenOpEndpointIsProvidedWithNonAdminUser() {
        gotoPage("/");
        assertAtClientLoginPage();
        setTextField("openid_identifier", getOpEndpointUrl());
        setScriptingEnabled(true);
        submitAndAssertAtServerLoginPage();
        setTextField("username", "john.tøstinógé");
        setTextField("password", "john");
        submit();
        String str = this.OPENID_SERVER_URL + "/users/john.t%C3%B8stin%C3%B3g%C3%A9";
        assertAtServerAllowDenyPage(this.OPENID_CLIENT_REALM, str, "john.tøstinógé", "John Tøstinógé", "john@example.com");
        clickLink("allow");
        assertAtClientProfilePage(str, "john.tøstinógé", "john@example.com", "John Tøstinógé");
    }

    public void testServerSelectsIdentityForLoggedInUserWhenImmediateCheckIsMade() {
        establishApproveAlwaysForAdmin();
        gotoPage("/");
        assertAtClientLoginPage();
        setTextField("openid_identifier", getOpEndpointUrl());
        checkCheckbox("checkImmediate");
        setScriptingEnabled(true);
        submit();
        assertAtClientProfilePage(this.OPENIDSERVER_LOGIN_URL_ADMIN, "admin", "admin@example.com", "Super User");
        setScriptingEnabled(false);
    }

    public void testRequiredAttribsCorrectlyEscaped() throws UnsupportedEncodingException {
        String str = "/login!login.action?openid_identifier=" + URLEncoder.encode(getOpEndpointUrl(), "us-ascii") + "&requiredAttribs=<b>test</b>";
        String str2 = "&requiredAttribs=" + StringUtils.repeat('x', 2048);
        this.tester.setScriptingEnabled(false);
        gotoPage(str + str2);
        Assert.assertThat(getPageSource(), CoreMatchers.not(Matchers.containsString("<b>test</b>")));
        Assert.assertThat(getPageSource(), Matchers.containsString("&lt;b&gt;test&lt;/b&gt;"));
    }

    public void testRequiredAttribsCorrectlyEscapedWhenRedirecting() throws MalformedURLException, IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(getBaseUrl() + ("/login!login.action?openid_identifier=" + URLEncoder.encode(getOpEndpointUrl(), "us-ascii") + "&requiredAttribs=<b>test</b>")).openConnection();
        httpURLConnection.setInstanceFollowRedirects(false);
        assertEquals(302, httpURLConnection.getResponseCode());
        Assert.assertThat(httpURLConnection.getHeaderField("Location"), Matchers.containsString("openid.sreg.required=%3Cb%3Etest%3C%2Fb%3E"));
    }

    public void testAbleToAuthenticateWithPlusInUsername() throws UnsupportedEncodingException {
        assertIsAbleToAuthenticate("user+tag", "user+tag", this.OPENID_SERVER_URL + "/users/user+tag", "user+tag@localhost", "User +Tag", "/users/user+tag");
    }

    private String openIdServerText(String str) {
        return openIdServerI18n.getString(str);
    }
}
