package com.atlassian.crowd.acceptance.tests.rest.service;

import com.atlassian.crowd.acceptance.rest.RestServer;
import com.atlassian.crowd.plugin.rest.entity.AuthenticationContextEntity;
import com.atlassian.crowd.plugin.rest.entity.SessionEntity;
import com.atlassian.crowd.plugin.rest.entity.ValidationFactorEntity;
import com.atlassian.crowd.plugin.rest.entity.ValidationFactorEntityList;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.UniformInterfaceException;
import com.sun.jersey.api.client.WebResource;
import java.net.URI;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.ws.rs.core.Response;
import org.junit.Assert;

/* loaded from: input_file:com/atlassian/crowd/acceptance/tests/rest/service/TokenResourceTest.class */
public class TokenResourceTest extends RestCrowdServiceAcceptanceTestCase {
    private static final String USERNAME = "eeeep";
    private static final String PASSWORD = "eep";
    private static final String BAD_PASSWORD = "bad_password";
    private static final ValidationFactorEntity restFactor1 = new ValidationFactorEntity("remote_address", "127.0.0.1");
    private static final ValidationFactorEntity restFactor2 = new ValidationFactorEntity("remote_host", "blah");
    private static final ValidationFactorEntityList restFactors = new ValidationFactorEntityList(ImmutableList.of(restFactor1, restFactor2));

    public TokenResourceTest(String str) {
        super(str);
    }

    public TokenResourceTest(String str, RestServer restServer) {
        super(str, restServer);
    }

    @Override // com.atlassian.crowd.acceptance.tests.rest.service.RestCrowdServiceAcceptanceTestCase
    public void setUp() throws Exception {
        super.setUp();
        deleteSessionsFor(USERNAME);
    }

    private void deleteSessionsFor(String str) {
        getRootWebResource("crowd", "qybhDMZh").path("session").queryParam(UserPermissionAdminResourceTest.USERNAME_PARAM, str).delete();
    }

    public void testUserAuthentication() {
        ClientResponse clientResponse = (ClientResponse) getRootWebResource("crowd", "qybhDMZh").path("session").entity(new AuthenticationContextEntity(USERNAME, PASSWORD, restFactors), MT).post(ClientResponse.class);
        assertEquals(201, clientResponse.getStatus());
        SessionEntity sessionEntity = (SessionEntity) clientResponse.getEntity(SessionEntity.class);
        assertNotNull("Session should contain a link", sessionEntity.getLink());
        assertNotNull("Session should contain a token key", sessionEntity.getToken());
        assertNotNull("Session creation date should be returned", sessionEntity.getCreatedDate());
        assertNotNull("Session expiry date should be returned", sessionEntity.getExpiryDate());
        assertUserEntityIsMinimal(sessionEntity);
    }

    public void testUserAuthentication_WithoutPasswordValidation() {
        ClientResponse clientResponse = (ClientResponse) getRootWebResource("crowd", "qybhDMZh").path("session").queryParam("validate-password", "false").entity(new AuthenticationContextEntity(USERNAME, (String) null, restFactors), MT).post(ClientResponse.class);
        assertEquals(201, clientResponse.getStatus());
        SessionEntity sessionEntity = (SessionEntity) clientResponse.getEntity(SessionEntity.class);
        assertNotNull("Session should contain a link", sessionEntity.getLink());
        assertNotNull("Session should contain a token key", sessionEntity.getToken());
        assertNotNull("Session creation date should be returned", sessionEntity.getCreatedDate());
        assertNotNull("Session expiry date should be returned", sessionEntity.getExpiryDate());
        assertUserEntityIsMinimal(sessionEntity);
    }

    public void testInvalidUserAuthentication() {
        try {
            getRootWebResource("crowd", "qybhDMZh").path("session").entity(new AuthenticationContextEntity(USERNAME, BAD_PASSWORD, restFactors), MT).post(SessionEntity.class);
            fail("Should have failed authentication and thrown a UniformInterfaceException.");
        } catch (UniformInterfaceException e) {
            if (e.getResponse().getStatus() != Response.Status.BAD_REQUEST.getStatusCode()) {
                fail("Should have returned a " + Response.Status.BAD_REQUEST.getStatusCode() + " status code.");
            }
        }
    }

    public void testGetUserFromToken() {
        ClientResponse clientResponse = (ClientResponse) getRootWebResource("crowd", "qybhDMZh").path("session").entity(new AuthenticationContextEntity(USERNAME, PASSWORD, restFactors), MT).post(ClientResponse.class);
        assertEquals(201, clientResponse.getStatus());
        SessionEntity sessionEntity = (SessionEntity) getWebResource("crowd", "qybhDMZh", clientResponse.getLocation()).get(SessionEntity.class);
        assertNotNull("Session creation date should be returned", sessionEntity.getCreatedDate());
        assertNotNull("Session expiry date should be returned", sessionEntity.getExpiryDate());
        assertUserEntityIsExpanded(sessionEntity);
    }

    public void testValidateToken() {
        ClientResponse clientResponse = (ClientResponse) getRootWebResource("crowd", "qybhDMZh").path("session").entity(new AuthenticationContextEntity(USERNAME, PASSWORD, restFactors), MT).post(ClientResponse.class);
        assertEquals(201, clientResponse.getStatus());
        ClientResponse clientResponse2 = (ClientResponse) getWebResource("crowd", "qybhDMZh", clientResponse.getLocation()).entity(restFactors, MT).post(ClientResponse.class);
        assertEquals(200, clientResponse2.getStatus());
        SessionEntity sessionEntity = (SessionEntity) clientResponse2.getEntity(SessionEntity.class);
        assertNotNull("Session creation date should be returned", sessionEntity.getCreatedDate());
        assertNotNull("Session expiry date should be returned", sessionEntity.getExpiryDate());
        assertUserEntityIsMinimal(sessionEntity);
    }

    public void testShortLivedTokenExpiresImmediately() {
        ClientResponse clientResponse = (ClientResponse) getRootWebResource("crowd", "qybhDMZh").path("session").queryParam("duration", AliasResourceTest.MISSING_APPLICATION_ID).entity(new AuthenticationContextEntity(USERNAME, PASSWORD, restFactors), MT).post(ClientResponse.class);
        assertEquals(201, clientResponse.getStatus());
        assertEquals("Token should have expired", 404, ((ClientResponse) getWebResource("crowd", "qybhDMZh", clientResponse.getLocation()).entity(restFactors, MT).post(ClientResponse.class)).getStatus());
    }

    public void testMultipleTokensWithDifferentPrivilegesDoNotInterfereWithEachOther() {
        ValidationFactorEntity validationFactorEntity = new ValidationFactorEntity("PRIVILEGE_LEVEL", "WebSudo");
        ValidationFactorEntityList validationFactorEntityList = new ValidationFactorEntityList(ImmutableList.of(restFactor1, restFactor2));
        ValidationFactorEntityList validationFactorEntityList2 = new ValidationFactorEntityList(ImmutableList.of(restFactor1, restFactor2, validationFactorEntity));
        WebResource path = getRootWebResource("crowd", "qybhDMZh").path("session");
        ClientResponse clientResponse = (ClientResponse) path.entity(new AuthenticationContextEntity(USERNAME, PASSWORD, validationFactorEntityList), MT).post(ClientResponse.class);
        assertEquals(201, clientResponse.getStatus());
        ClientResponse clientResponse2 = (ClientResponse) path.entity(new AuthenticationContextEntity(USERNAME, PASSWORD, validationFactorEntityList2), MT).post(ClientResponse.class);
        assertEquals(201, clientResponse2.getStatus());
        Assert.assertNotEquals(clientResponse.getLocation(), clientResponse2.getLocation());
        getWebResource("crowd", "qybhDMZh", clientResponse.getLocation()).entity(validationFactorEntityList, MT).post();
        getWebResource("crowd", "qybhDMZh", clientResponse2.getLocation()).entity(validationFactorEntityList2, MT).post();
        assertEquals(400, ((ClientResponse) getWebResource("crowd", "qybhDMZh", clientResponse.getLocation()).entity(validationFactorEntityList2, MT).post(ClientResponse.class)).getStatus());
        assertEquals(400, ((ClientResponse) getWebResource("crowd", "qybhDMZh", clientResponse2.getLocation()).entity(validationFactorEntityList, MT).post(ClientResponse.class)).getStatus());
        assertEquals(204, ((ClientResponse) getWebResource("crowd", "qybhDMZh", clientResponse2.getLocation()).delete(ClientResponse.class)).getStatus());
        assertEquals(404, ((ClientResponse) getWebResource("crowd", "qybhDMZh", clientResponse2.getLocation()).entity(validationFactorEntityList2, MT).post(ClientResponse.class)).getStatus());
        getWebResource("crowd", "qybhDMZh", clientResponse.getLocation()).entity(validationFactorEntityList, MT).post();
    }

    public void testCreatedTokenUsesDirectoryCaseForUsername() {
        WebResource path = getRootWebResource("crowd", "qybhDMZh").path("session");
        String upperCase = USERNAME.toUpperCase();
        Assert.assertNotEquals(USERNAME, upperCase);
        ClientResponse clientResponse = (ClientResponse) path.entity(new AuthenticationContextEntity(upperCase, PASSWORD, restFactors), MT).post(ClientResponse.class);
        assertEquals(201, clientResponse.getStatus());
        assertEquals("The validated token username is in the directory case", USERNAME, ((SessionEntity) getWebResource("crowd", "qybhDMZh", clientResponse.getLocation()).entity(restFactors, MT).post(SessionEntity.class)).getUser().getName());
    }

    public void testValidateToken_InvalidToken() {
        assertEquals(404, ((ClientResponse) getRootWebResource("crowd", "qybhDMZh").path("session").path("invalidtoken").entity(restFactors, MT).post(ClientResponse.class)).getStatus());
    }

    public void testValidateToken_InvalidValidationFactors() {
        WebResource path = getRootWebResource("crowd", "qybhDMZh").path("session");
        ValidationFactorEntityList validationFactorEntityList = new ValidationFactorEntityList(Arrays.asList(new ValidationFactorEntity("remote_address", "wrongFactor")));
        ClientResponse clientResponse = (ClientResponse) path.entity(new AuthenticationContextEntity(USERNAME, PASSWORD, restFactors), MT).post(ClientResponse.class);
        assertEquals(201, clientResponse.getStatus());
        assertEquals(400, ((ClientResponse) getWebResource("crowd", "qybhDMZh", clientResponse.getLocation()).entity(validationFactorEntityList, MT).post(ClientResponse.class)).getStatus());
    }

    public void testInvalidateToken() {
        ClientResponse clientResponse = (ClientResponse) getRootWebResource("crowd", "qybhDMZh").path("session").entity(new AuthenticationContextEntity(USERNAME, PASSWORD, restFactors), MT).post(ClientResponse.class);
        URI location = clientResponse.getLocation();
        assertEquals(201, clientResponse.getStatus());
        assertEquals(204, ((ClientResponse) getWebResource("crowd", "qybhDMZh", location).delete(ClientResponse.class)).getStatus());
        assertEquals(404, ((ClientResponse) getWebResource("crowd", "qybhDMZh", location).entity(restFactors, MT).post(ClientResponse.class)).getStatus());
    }

    public void testTokenIsDeletedWhenUserIsRemoved() {
        intendToModifyData();
        String createSession = createSession(USERNAME, PASSWORD, restFactors);
        assertActiveSession(createSession, restFactors);
        deleteUser(USERNAME);
        assertInactiveSession(createSession, restFactors);
    }

    private void deleteUser(String str) {
        assertEquals(204, ((ClientResponse) getWebResource("crowd", "qybhDMZh", getBaseUriBuilder().path("user").queryParam(UserPermissionAdminResourceTest.USERNAME_PARAM, new Object[]{"{username}"}).build(new Object[]{str})).delete(ClientResponse.class)).getStatus());
    }

    public void testGetUserFromTokenEnforcesApplicationAuthenticationChecks() {
        WebResource path = getRootWebResource("crowd", "qybhDMZh").path("session");
        WebResource path2 = getRootWebResource("no-user-application", "password").path("session");
        AuthenticationContextEntity authenticationContextEntity = new AuthenticationContextEntity(USERNAME, PASSWORD, restFactors);
        assertEquals("User cannot log into appNotAllowed", Response.Status.FORBIDDEN.getStatusCode(), ((ClientResponse) path2.queryParam("validate-password", "true").entity(authenticationContextEntity, MT).post(ClientResponse.class)).getStatus());
        SessionEntity sessionEntity = (SessionEntity) path.queryParam("validate-password", "true").entity(authenticationContextEntity, MT).post(SessionEntity.class);
        assertEquals(USERNAME, sessionEntity.getUser().getName());
        String token = sessionEntity.getToken();
        assertEquals("The token is accepted for appAllowed", USERNAME, ((SessionEntity) path.path(token).get(SessionEntity.class)).getUser().getName());
        assertEquals("The token fails against appNotAllowed", Response.Status.FORBIDDEN.getStatusCode(), ((ClientResponse) path2.path(token).get(ClientResponse.class)).getStatus());
    }

    private String createSession(String str, String str2, ValidationFactorEntityList validationFactorEntityList) {
        return ((SessionEntity) getRootWebResource("crowd", "qybhDMZh").path("session").entity(new AuthenticationContextEntity(str, str2, validationFactorEntityList), MT).post(SessionEntity.class)).getToken();
    }

    private int sessionStatus(String str, ValidationFactorEntityList validationFactorEntityList) {
        return ((ClientResponse) getRootWebResource("crowd", "qybhDMZh").path("session").path(str).entity(validationFactorEntityList, MT).post(ClientResponse.class)).getStatus();
    }

    private void assertActiveSession(String str, ValidationFactorEntityList validationFactorEntityList) {
        assertEquals(200, sessionStatus(str, validationFactorEntityList));
    }

    private void assertInactiveSession(String str, ValidationFactorEntityList validationFactorEntityList) {
        assertEquals(404, sessionStatus(str, validationFactorEntityList));
    }

    private Map<String, ValidationFactorEntityList> createUserSessions(int i) {
        HashMap hashMap = new HashMap();
        for (int i2 = 0; i2 < i; i2++) {
            ValidationFactorEntityList validationFactorEntityList = new ValidationFactorEntityList(ImmutableList.of(new ValidationFactorEntity("remote_address", "127.0.0." + i2)));
            hashMap.put(createSession(USERNAME, PASSWORD, validationFactorEntityList), validationFactorEntityList);
        }
        assertEquals(i, hashMap.size());
        return hashMap;
    }

    public void testAllSessionsForUserAreInvalidatedByDeleteWithUsernameSpecified() {
        Map<String, ValidationFactorEntityList> createUserSessions = createUserSessions(5);
        String createSession = createSession("secondadmin", "secondadmin", restFactors);
        for (Map.Entry<String, ValidationFactorEntityList> entry : createUserSessions.entrySet()) {
            assertActiveSession(entry.getKey(), entry.getValue());
        }
        assertActiveSession(createSession, restFactors);
        assertEquals(204, ((ClientResponse) getRootWebResource("crowd", "qybhDMZh").path("session").queryParam(UserPermissionAdminResourceTest.USERNAME_PARAM, USERNAME).delete(ClientResponse.class)).getStatus());
        for (Map.Entry<String, ValidationFactorEntityList> entry2 : createUserSessions.entrySet()) {
            assertInactiveSession(entry2.getKey(), entry2.getValue());
        }
        assertActiveSession(createSession, restFactors);
    }

    public void testSpecifiedUserSessionIsExcludedFromDeletionByUsername() {
        Map<String, ValidationFactorEntityList> createUserSessions = createUserSessions(5);
        for (Map.Entry<String, ValidationFactorEntityList> entry : createUserSessions.entrySet()) {
            assertActiveSession(entry.getKey(), entry.getValue());
        }
        String str = (String) Iterables.getLast(createUserSessions.keySet());
        assertEquals(204, ((ClientResponse) getRootWebResource("crowd", "qybhDMZh").path("session").queryParam(UserPermissionAdminResourceTest.USERNAME_PARAM, USERNAME).queryParam("exclude", str).delete(ClientResponse.class)).getStatus());
        HashMap hashMap = new HashMap();
        Iterator<Map.Entry<String, ValidationFactorEntityList>> it = createUserSessions.entrySet().iterator();
        while (it.hasNext()) {
            hashMap.put(it.next().getKey(), 404);
        }
        hashMap.put(str, 200);
        HashMap hashMap2 = new HashMap();
        for (Map.Entry<String, ValidationFactorEntityList> entry2 : createUserSessions.entrySet()) {
            hashMap2.put(entry2.getKey(), Integer.valueOf(sessionStatus(entry2.getKey(), entry2.getValue())));
        }
        assertEquals(hashMap, hashMap2);
    }

    public void testStatusNotFoundWhenDeletingTokensForNonexistentUser() {
        assertEquals(404, ((ClientResponse) getRootWebResource("crowd", "qybhDMZh").path("session").queryParam(UserPermissionAdminResourceTest.USERNAME_PARAM, "no-such-user").delete(ClientResponse.class)).getStatus());
    }

    private static void assertUserEntityIsMinimal(SessionEntity sessionEntity) {
        assertEquals(USERNAME, sessionEntity.getUser().getName());
        assertNull("User entity should not contain a first name", sessionEntity.getUser().getFirstName());
        assertNull("User entity should not contain a last name", sessionEntity.getUser().getLastName());
        assertNull("User entity should not contain a display name", sessionEntity.getUser().getDisplayName());
        assertNull("User entity should not contain an email ", sessionEntity.getUser().getEmail());
        assertNull("User entity should not contain a password", sessionEntity.getUser().getPassword());
    }

    private static void assertUserEntityIsExpanded(SessionEntity sessionEntity) {
        assertEquals(USERNAME, sessionEntity.getUser().getName());
        assertEquals("Zeee Pop!", sessionEntity.getUser().getDisplayName());
        assertEquals("Zeee", sessionEntity.getUser().getFirstName());
        assertEquals("Pop!", sessionEntity.getUser().getLastName());
        assertEquals("doflynn@atlassian.com", sessionEntity.getUser().getEmail());
        assertTrue("User should be active", sessionEntity.getUser().isActive().booleanValue());
        assertNull("Password should not be visible", sessionEntity.getUser().getPassword().getValue());
    }

    SessionEntity createSessionAsApplication(String str, String str2, String str3, String str4) {
        ClientResponse clientResponse = (ClientResponse) getRootWebResource(str, str2).path("session").entity(new AuthenticationContextEntity(str3, str4, restFactors), MT).post(ClientResponse.class);
        assertEquals(201, clientResponse.getStatus());
        return (SessionEntity) clientResponse.getEntity(SessionEntity.class);
    }

    SessionEntity createSessionAsUnaliasedApplication(String str, String str2) {
        return createSessionAsApplication("crowd", "qybhDMZh", str, str2);
    }

    SessionEntity createSessionAsAliasedApplication(String str, String str2) {
        return createSessionAsApplication("aliases", "aliases", str, str2);
    }

    public void testSessionCreatedWithUnaliasedApplicationShowsAliasedNameWhenRetrievedWithAliasingApplication() {
        SessionEntity createSessionAsUnaliasedApplication = createSessionAsUnaliasedApplication(USERNAME, PASSWORD);
        assertEquals(USERNAME, createSessionAsUnaliasedApplication.getUser().getName());
        assertEquals("alias2", ((SessionEntity) getWebResource("aliases", "aliases", createSessionAsUnaliasedApplication.getLink().getHref()).get(SessionEntity.class)).getUser().getName());
    }

    public void testSessionCreatedWithUnaliasedApplicationShowsAliasedNameWhenValidatedWithAliasingApplication() {
        SessionEntity createSessionAsUnaliasedApplication = createSessionAsUnaliasedApplication(USERNAME, PASSWORD);
        assertEquals(USERNAME, createSessionAsUnaliasedApplication.getUser().getName());
        ClientResponse clientResponse = (ClientResponse) getWebResource("aliases", "aliases", createSessionAsUnaliasedApplication.getLink().getHref()).entity(restFactors, MT).post(ClientResponse.class);
        assertEquals(200, clientResponse.getStatus());
        assertEquals("alias2", ((SessionEntity) clientResponse.getEntity(SessionEntity.class)).getUser().getName());
    }

    public void testSessionCreatedThroughAliasedApplicationShowsOriginalNameWhenRetrievedWithNonAliasingApplication() {
        SessionEntity createSessionAsAliasedApplication = createSessionAsAliasedApplication("alias2", PASSWORD);
        assertEquals("alias2", createSessionAsAliasedApplication.getUser().getName());
        assertEquals(USERNAME, ((SessionEntity) getWebResource("crowd", "qybhDMZh", createSessionAsAliasedApplication.getLink().getHref()).get(SessionEntity.class)).getUser().getName());
    }

    public void testSessionCreatedWithDifferentCaseReturnsCorrectCaseForUsername() {
        assertEquals(USERNAME, createSessionAsUnaliasedApplication("EeeeP", PASSWORD).getUser().getName());
    }

    public void testSessionCreatedThroughAliasWithDifferentCaseReturnsCorrectCase() {
        assertEquals("alias2", createSessionAsAliasedApplication("AliaS2", PASSWORD).getUser().getName());
    }

    public void testSessionCannotBeCreatedWithAliasThroughUnaliasedApplication() {
        assertEquals(400, ((ClientResponse) getRootWebResource("crowd", "qybhDMZh").path("session").entity(new AuthenticationContextEntity("alias2", PASSWORD, restFactors), MT).post(ClientResponse.class)).getStatus());
    }

    public void testAliasedApplicationAlsoAcceptsUnaliasedUsername() {
        assertEquals("alias2", createSessionAsAliasedApplication(USERNAME, PASSWORD).getUser().getName());
    }

    protected void setAliasForUsername(String str) {
        getWebResource("admin", "admin", getBaseUriBuilder("appmanagement", "1").path("aliases").path(AliasResourceTest.APPLICATION_ID).path("alias").queryParam("user", new Object[]{USERNAME}).build(new Object[0])).put(str);
    }

    public void testAliasChangesAreReflectedInSessionUsername() {
        intendToModifyData();
        SessionEntity createSessionAsUnaliasedApplication = createSessionAsUnaliasedApplication(USERNAME, PASSWORD);
        assertEquals(USERNAME, createSessionAsUnaliasedApplication.getUser().getName());
        WebResource webResource = getWebResource("aliases", "aliases", createSessionAsUnaliasedApplication.getLink().getHref());
        setAliasForUsername("new-alias");
        assertEquals("new-alias", ((SessionEntity) webResource.get(SessionEntity.class)).getUser().getName());
        setAliasForUsername("new-alias-2");
        assertEquals("new-alias-2", ((SessionEntity) webResource.get(SessionEntity.class)).getUser().getName());
    }

    public void testSessionForAliasedApplicationIncludesUnaliasedUsernameAsAnExtraField() {
        SessionEntity createSessionAsUnaliasedApplication = createSessionAsUnaliasedApplication(USERNAME, PASSWORD);
        assertEquals(USERNAME, createSessionAsUnaliasedApplication.getUser().getName());
        assertNull(createSessionAsUnaliasedApplication.getUnaliasedUsername());
        SessionEntity sessionEntity = (SessionEntity) getWebResource("aliases", "aliases", createSessionAsUnaliasedApplication.getLink().getHref()).get(SessionEntity.class);
        assertEquals("alias2", sessionEntity.getUser().getName());
        assertEquals(USERNAME, sessionEntity.getUnaliasedUsername());
    }
}
