package org.apache.sling.launchpad.webapp.integrationtest.auth;

import java.io.IOException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.sling.commons.testing.integration.HttpTest;
import org.apache.sling.testing.tools.junit.RemoteLogDumper;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TestRule;

/* loaded from: input_file:org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.class */
public class AuthenticationResponseCodeTest {

    @Rule
    public TestRule logRule = new RemoteLogDumper();
    private final HttpTest H = new HttpTest();

    @Before
    public void setup() throws Exception {
        this.H.setUp();
    }

    @After
    public void cleanup() throws Exception {
        this.H.tearDown();
    }

    @Test
    public void testValidatingCorrectFormCredentials() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_username", "admin"));
        arrayList.add(new NameValuePair("j_password", "admin"));
        arrayList.add(new NameValuePair("j_validate", "true"));
        Assert.assertTrue(this.H.assertPostStatus(new StringBuilder().append(HttpTest.HTTP_BASE_URL).append("/j_security_check").toString(), 200, arrayList, (String) null).getResponseBodyAsString().length() == 0);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new NameValuePair("j_validate", "true"));
        Assert.assertTrue(this.H.assertPostStatus(new StringBuilder().append(HttpTest.HTTP_BASE_URL).append("/j_security_check").toString(), 200, arrayList2, (String) null).getResponseBodyAsString().length() == 0);
    }

    @Test
    public void testValidatingCorrectHttpBasicCredentials() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_validate", "true"));
        Assert.assertTrue(this.H.assertPostStatus(new StringBuilder().append(HttpTest.HTTP_BASE_URL).append("/j_security_check").toString(), 200, arrayList, (String) null).getResponseBodyAsString().length() == 0);
        Assert.assertTrue(this.H.assertHttpStatus(new StringBuilder().append(HttpTest.HTTP_BASE_URL).append("/?j_validate=true").toString(), 200).getResponseBodyAsString().length() == 0);
    }

    @Test
    public void testValidatingIncorrectCredentials() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_username", "garbage"));
        arrayList.add(new NameValuePair("j_password", "garbage"));
        arrayList.add(new NameValuePair("j_validate", "true"));
        Assert.assertNotNull(this.H.assertPostStatus(HttpTest.HTTP_BASE_URL + "/j_security_check", 403, arrayList, (String) null).getResponseHeader("X-Reason"));
    }

    @Test
    public void testValidatingIncorrectCookie() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_validate", "true"));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new Header("Cookie", "sling.formauth=garbage"));
        assertXReason(assertPostStatus(HttpTest.HTTP_BASE_URL + "/j_security_check", 403, arrayList, arrayList2, null));
    }

    @Test
    public void testValidatingIncorrectHttpBasicCredentials() throws Exception {
        URL url = new URL(HttpTest.HTTP_BASE_URL);
        this.H.getHttpClient().getState().setCredentials(new AuthScope(url.getHost(), url.getPort(), AuthScope.ANY_REALM), new UsernamePasswordCredentials("garbage", "garbage"));
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_validate", "true"));
        assertXReason(this.H.assertPostStatus(HttpTest.HTTP_BASE_URL + "/j_security_check", 403, arrayList, (String) null));
        assertXReason(this.H.assertHttpStatus(HttpTest.HTTP_BASE_URL + "/?j_validate=true", 403));
    }

    @Test
    public void testPreventLoopIncorrectHttpBasicCredentials() throws Exception {
        URL url = new URL(HttpTest.HTTP_BASE_URL);
        this.H.getHttpClient().getState().setCredentials(new AuthScope(url.getHost(), url.getPort(), AuthScope.ANY_REALM), new UsernamePasswordCredentials("garbage", "garbage"));
        String str = HttpTest.HTTP_BASE_URL + "/junk?param1=1";
        GetMethod getMethod = new GetMethod(str);
        getMethod.setRequestHeader("Referer", str);
        getMethod.setRequestHeader("User-Agent", "Mozilla/5.0 Sling Integration Test");
        Assert.assertEquals(401L, this.H.getHttpClient().executeMethod(getMethod));
    }

    @Test
    public void testPreventLoopIncorrectFormCredentials() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_username", "garbage"));
        arrayList.add(new NameValuePair("j_password", "garbage"));
        String str = HttpTest.HTTP_BASE_URL + "/j_security_check";
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new Header("Referer", str));
        arrayList2.add(new Header("User-Agent", "Mozilla/5.0 Sling Integration Test"));
        HttpMethod assertPostStatus = assertPostStatus(str, 403, arrayList, arrayList2, null);
        Assert.assertNotNull(assertPostStatus.getResponseHeader("X-Reason"));
        Assert.assertEquals("Username and Password do not match", assertPostStatus.getResponseHeader("X-Reason").getValue());
    }

    @Test
    public void testXRequestedWithIncorrectCredentials() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_username", "garbage"));
        arrayList.add(new NameValuePair("j_password", "garbage"));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new Header("X-Requested-With", "XMLHttpRequest"));
        arrayList2.add(new Header("User-Agent", "Mozilla/5.0 Sling Integration Test"));
        HttpMethod assertPostStatus = assertPostStatus(HttpTest.HTTP_BASE_URL + "/j_security_check", 403, arrayList, arrayList2, null);
        Assert.assertNotNull(assertPostStatus.getResponseHeader("X-Reason"));
        Assert.assertEquals("Username and Password do not match", assertPostStatus.getResponseHeader("X-Reason").getValue());
    }

    @Test
    public void testWithoutAcceptHeaderIncorrectCredentials() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_username", "garbage"));
        arrayList.add(new NameValuePair("j_password", "garbage"));
        this.H.assertPostStatus(HttpTest.HTTP_BASE_URL + "/j_security_check", 401, arrayList, (String) null);
    }

    @Test
    public void testWithNonHtmlAcceptHeaderIncorrectCredentials() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_username", "garbage"));
        arrayList.add(new NameValuePair("j_password", "garbage"));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new Header("User-Agent", "Mozilla/5.0 Sling Integration Test"));
        assertPostStatus(HttpTest.HTTP_BASE_URL + "/j_security_check", 302, arrayList, arrayList2, null);
    }

    protected HttpMethod assertPostStatus(String str, int i, List<NameValuePair> list, List<Header> list2, String str2) throws IOException {
        PostMethod postMethod = new PostMethod(str);
        postMethod.setFollowRedirects(false);
        if (list2 != null) {
            Iterator<Header> it = list2.iterator();
            while (it.hasNext()) {
                postMethod.addRequestHeader(it.next());
            }
        }
        if (list != null) {
            postMethod.setRequestBody((NameValuePair[]) list.toArray(new NameValuePair[0]));
        }
        int executeMethod = this.H.getHttpClient().executeMethod(postMethod);
        if (str2 == null) {
            Assert.assertEquals(i, executeMethod);
        } else {
            Assert.assertEquals(str2, i, executeMethod);
        }
        return postMethod;
    }

    private void assertXReason(HttpMethod httpMethod) throws IOException {
        Header responseHeader = httpMethod.getResponseHeader("X-Reason");
        Assert.assertNotNull(responseHeader);
        Assert.assertEquals(responseHeader.getValue(), httpMethod.getResponseBodyAsString().trim());
    }
}
