package it.com.atlassian.applinks.refapp_refapp;

import com.atlassian.applinks.core.util.URIUtil;
import com.atlassian.applinks.fisheye.deploy.CleanUpTestPage;
import com.atlassian.webdriver.applinks.component.ApplicationDetailsSection;
import com.atlassian.webdriver.applinks.component.CorsAuthenticationSection;
import com.atlassian.webdriver.applinks.page.ListApplicationLinkPage;
import it.com.atlassian.applinks.AbstractAppLinksTest;
import java.io.ByteArrayOutputStream;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:it/com/atlassian/applinks/refapp_refapp/CorsConfigurationTest.class */
public class CorsConfigurationTest extends AbstractAppLinksTest {
    private ApplicationDetailsSection detailsSection;

    @Before
    public void setup() {
        String baseUrl = PRODUCT2.getProductInstance().getBaseUrl();
        login(PRODUCT, PRODUCT2);
        this.detailsSection = PRODUCT.visit(ListApplicationLinkPage.class, new Object[0]).addApplicationLink().setApplicationUrl(baseUrl).nextExpectsUalStep2().configureTwoWayLink("admin", "admin", PRODUCT.getProductInstance().getBaseUrl()).acceptDefaults().configureApplicationLink(baseUrl);
    }

    @After
    public void teardown() {
        PRODUCT.visit(ListApplicationLinkPage.class, new Object[0]).deleteApplicationLink(PRODUCT2.getProductInstance().getBaseUrl()).deleteTwoWayLink();
        logout(PRODUCT, PRODUCT2);
        PRODUCT.visit(CleanUpTestPage.class, new Object[0]);
        PRODUCT2.visit(CleanUpTestPage.class, new Object[0]);
    }

    @Test
    public void testConfiguringCors() throws Exception {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        String str = PRODUCT.getProductInstance().getBaseUrl() + "/plugins/servlet/applinks/applinks-tests/cors-test?action=test&origin=" + URIUtil.utf8Encode(PRODUCT2.getProductInstance().getBaseUrl());
        CorsAuthenticationSection openIncomingCors = this.detailsSection.openIncomingCors();
        Assert.assertTrue("CORS requests with credentials should be disabled by default", openIncomingCors.isNotConfigured());
        assertTestResults(defaultHttpClient, str, false);
        openIncomingCors.enable();
        Assert.assertTrue("Clicking Enable should have enabled credentialed CORS requests", openIncomingCors.isConfigured());
        assertTestResults(defaultHttpClient, str, true);
        openIncomingCors.disable();
        Assert.assertTrue("Clicking Disable should have disabled credentialed CORS requests", openIncomingCors.isNotConfigured());
        assertTestResults(defaultHttpClient, str, false);
    }

    private static void assertTestResults(HttpClient httpClient, String str, boolean z) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        httpClient.execute(new HttpGet(str)).getEntity().writeTo(byteArrayOutputStream);
        String byteArrayOutputStream2 = byteArrayOutputStream.toString();
        Assert.assertTrue("Origin should always be allowed", byteArrayOutputStream2.contains("id=\"allows-origin\">true<"));
        if (z) {
            Assert.assertTrue("Credentials should be allowed", byteArrayOutputStream2.contains("id=\"allows-credentials\">true<"));
            Assert.assertTrue("Authorization header should be allowed when credentials are", byteArrayOutputStream2.contains("id=\"allowed-request-headers\">Authorization<"));
        } else {
            Assert.assertTrue("Credentials should not be allowed", byteArrayOutputStream2.contains("id=\"allows-credentials\">false<"));
            Assert.assertTrue("No headers should be allowed when credentials are not allowed", byteArrayOutputStream2.contains("id=\"allowed-request-headers\"><"));
        }
    }
}
