package com.atlassian.crowd.acceptance.tests.applications.crowd;

import com.atlassian.crowd.acceptance.tests.BaseUrlFromProperties;
import com.google.common.base.Splitter;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.net.HttpCookie;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import org.apache.commons.io.IOUtils;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Matchers;
import org.hamcrest.text.IsEqualIgnoringCase;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/atlassian/crowd/acceptance/tests/applications/crowd/WebAppTest.class */
public class WebAppTest {
    @Test
    public void classpathResourceCannotBeFetched() throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(BaseUrlFromProperties.withLocalTestProperties().baseUrlFor("crowd") + "/s///X/_/WEB-INF/web.xml").openConnection();
        Assert.assertEquals(404L, httpURLConnection.getResponseCode());
        Assert.assertThat(IOUtils.toString(httpURLConnection.getErrorStream(), "utf-8"), CoreMatchers.not(Matchers.containsString("<web-app")));
    }

    @Test
    public void classpathResourceCannotBeFetchedWithParentTraversal() throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(BaseUrlFromProperties.withLocalTestProperties().baseUrlFor("crowd") + "/s///X/_/download/../WEB-INF/web.xml").openConnection();
        Assert.assertEquals(404L, httpURLConnection.getResponseCode());
        Assert.assertThat(IOUtils.toString(httpURLConnection.getErrorStream(), "utf-8"), CoreMatchers.not(Matchers.containsString("<web-app")));
    }

    @Test
    public void classpathResourceCannotBeFetchedWithPercentEncodedParentTraversal() throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(BaseUrlFromProperties.withLocalTestProperties().baseUrlFor("crowd") + "/s///X/_/download/%2E./WEB-INF/web.xml").openConnection();
        Assert.assertEquals(404L, httpURLConnection.getResponseCode());
        Assert.assertThat(IOUtils.toString(httpURLConnection.getErrorStream(), "utf-8"), CoreMatchers.not(Matchers.containsString("<web-app")));
    }

    @Test
    public void staticResourceCanBeFetchedAndHasExpirySet() throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(BaseUrlFromProperties.withLocalTestProperties().baseUrlFor("crowd") + "/s///X/_/download/batch/com.atlassian.plugins.jquery:jquery/com.atlassian.plugins.jquery:jquery.js").openConnection();
        Assert.assertEquals(200L, httpURLConnection.getResponseCode());
        Assert.assertThat(httpURLConnection.getContentType(), Matchers.either(Matchers.startsWith("text/javascript")).or(Matchers.startsWith("application/javascript")));
        long expiration = httpURLConnection.getExpiration();
        Assert.assertNotEquals(expiration, 0L);
        Assert.assertThat(new Date(expiration), Matchers.greaterThan(new Date(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(30L))));
        Assert.assertThat(IOUtils.toString(httpURLConnection.getInputStream(), "utf-8"), Matchers.containsString("jquery"));
    }

    @Test
    public void tomcatJSessionIdIsHttpOnlyCookie() throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(BaseUrlFromProperties.withLocalTestProperties().baseUrlFor("crowd") + "/").openConnection();
        httpURLConnection.setInstanceFollowRedirects(false);
        httpURLConnection.connect();
        Assert.assertEquals("Should be redirected", 302L, httpURLConnection.getResponseCode());
        String headerField = httpURLConnection.getHeaderField("Set-Cookie");
        Assert.assertNotNull("Should be provided with a session cookie", headerField);
        try {
            Assert.assertEquals("JSESSIONID", HttpCookie.parse(headerField).get(0).getName());
        } catch (IllegalArgumentException e) {
            Assert.fail(e.toString() + ": " + headerField);
        }
        Assert.assertThat(ImmutableList.copyOf(Splitter.on(';').trimResults().split(headerField)), Matchers.hasItem(IsEqualIgnoringCase.equalToIgnoringCase("HttpOnly")));
    }
}
