package it.com.atlassian.applinks.refapp_refapp;

import com.atlassian.applinks.fisheye.deploy.CleanUpTestPage;
import com.atlassian.webdriver.applinks.AuthType;
import com.atlassian.webdriver.applinks.component.AppLinkAdminLogin;
import com.atlassian.webdriver.applinks.component.ApplicationDetailsSection;
import com.atlassian.webdriver.applinks.component.BasicAccessAuthenticationSection;
import com.atlassian.webdriver.applinks.component.TrustedApplicationAuthenticationSection;
import com.atlassian.webdriver.applinks.component.XsrfWarning;
import com.atlassian.webdriver.applinks.externalcomponent.WebSudoPage;
import com.atlassian.webdriver.applinks.page.ListApplicationLinkPage;
import it.com.atlassian.applinks.AbstractAppLinksTest;
import it.com.atlassian.applinks.Creators;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:it/com/atlassian/applinks/refapp_refapp/XsrfProtectionTest.class */
public class XsrfProtectionTest extends AbstractAppLinksTest {
    private ApplicationDetailsSection detailsSection;
    private String remoteUrl;

    @Before
    public void setup() {
        loginAsSysadmin(PRODUCT, PRODUCT2);
        Creators.createApplicationLinkToRefapp2(AuthType.TRUSTED_APPS);
        this.remoteUrl = ((ListApplicationLinkPage.ApplicationLinkEntryRow) PRODUCT.visit(ListApplicationLinkPage.class, new Object[0]).getApplicationLinks().get(0)).getApplicationUrl();
        this.detailsSection = PRODUCT.visit(ListApplicationLinkPage.class, new Object[0]).configureApplicationLink(this.remoteUrl);
    }

    @After
    public void teardown() {
        PRODUCT.visit(ListApplicationLinkPage.class, new Object[0]).deleteApplicationLink(this.remoteUrl).deleteTwoWayLink();
        logout(PRODUCT, PRODUCT2);
        PRODUCT.visit(CleanUpTestPage.class, new Object[0]);
        PRODUCT2.visit(CleanUpTestPage.class, new Object[0]);
    }

    @Test
    public void testXsrfForIncomingTrustedApplication() {
        TrustedApplicationAuthenticationSection openIncomingTrustedApplications = this.detailsSection.openIncomingTrustedApplications();
        handleAdminLoginScreen();
        runTrustedApplicationTest(openIncomingTrustedApplications);
    }

    @Test
    public void testXsrfForOutgoingTrustedApplication() {
        TrustedApplicationAuthenticationSection openOutgoingTrustedApplications = this.detailsSection.openOutgoingTrustedApplications();
        handleAdminLoginScreen();
        runTrustedApplicationTest(openOutgoingTrustedApplications);
    }

    @Test
    public void testXsrfForIncomingBasicAccess() {
        BasicAccessAuthenticationSection openIncomingBasicAccess = this.detailsSection.openIncomingBasicAccess();
        handleAdminLoginScreen();
        runBasicAccessTest(openIncomingBasicAccess);
    }

    @Test
    public void testXsrfForOutgoingBasicAccess() {
        BasicAccessAuthenticationSection openOutgoingBasicAccess = this.detailsSection.openOutgoingBasicAccess();
        handleAdminLoginScreen();
        runBasicAccessTest(openOutgoingBasicAccess);
    }

    private void runBasicAccessTest(BasicAccessAuthenticationSection basicAccessAuthenticationSection) {
        basicAccessAuthenticationSection.setUsername("admin").setPassword("admin").modifyAtlToken().enable();
        XsrfWarning xsrfWarning = basicAccessAuthenticationSection.getXsrfWarning();
        Assert.assertTrue("Modifying the atl_token should have resulted in an XSRF warning", xsrfWarning.isVisible());
        xsrfWarning.retryOperation();
        Assert.assertTrue("Retrying the operation should have saved the basic configuration", basicAccessAuthenticationSection.isConfigured());
        basicAccessAuthenticationSection.safeClose();
    }

    private void runTrustedApplicationTest(TrustedApplicationAuthenticationSection trustedApplicationAuthenticationSection) {
        trustedApplicationAuthenticationSection.setIpPatterns("*.*.*.*").modifyAtlToken().update();
        XsrfWarning xsrfWarning = trustedApplicationAuthenticationSection.getXsrfWarning();
        Assert.assertTrue("Modifying the atl_token should have resulted in an XSRF warning", xsrfWarning.isVisible());
        xsrfWarning.retryOperation();
        handleAdminLoginScreen();
        Assert.assertEquals("Retrying the operation should have persisted the IP Patterns", "*.*.*.*", trustedApplicationAuthenticationSection.getIpPatterns());
        trustedApplicationAuthenticationSection.safeClose();
    }

    private void handleAdminLoginScreen() {
        ((AppLinkAdminLogin) PRODUCT.getPageBinder().bind(AppLinkAdminLogin.class, new Object[]{new WebSudoPage()})).handleWebLoginIfRequired("admin", "admin");
        ((WebSudoPage) PRODUCT.getPageBinder().bind(WebSudoPage.class, new Object[0])).handleIfRequired("admin");
    }
}
