package org.wso2.das.ui.integration.test;

import java.io.File;
import java.util.ArrayList;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.message.BasicNameValuePair;
import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.support.ui.ExpectedConditions;
import org.openqa.selenium.support.ui.WebDriverWait;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import org.wso2.carbon.analytics.api.AnalyticsDataAPI;
import org.wso2.carbon.analytics.api.CarbonAnalyticsAPI;
import org.wso2.carbon.analytics.stream.persistence.stub.dto.AnalyticsTable;
import org.wso2.carbon.analytics.stream.persistence.stub.dto.AnalyticsTableRecord;
import org.wso2.carbon.analytics.webservice.stub.beans.StreamDefAttributeBean;
import org.wso2.carbon.analytics.webservice.stub.beans.StreamDefinitionBean;
import org.wso2.carbon.automation.extensions.selenium.BrowserManager;
import org.wso2.carbon.databridge.commons.Event;
import org.wso2.das.integration.common.clients.AnalyticsWebServiceClient;
import org.wso2.das.integration.common.clients.DataPublisherClient;
import org.wso2.das.integration.common.clients.EventReceiverClient;
import org.wso2.das.integration.common.clients.EventStreamPersistenceClient;
import org.wso2.das.integration.common.utils.DASIntegrationUITest;
import org.wso2.das.integration.common.utils.Utils;

/* loaded from: input_file:org/wso2/das/ui/integration/test/ActivityDashboardUITestCase.class */
public class ActivityDashboardUITestCase extends DASIntegrationUITest {
    private static final String STREAM_NAME = "integration.ui.test.activity.stream";
    private static final String TABLE_NAME = "integration_ui_test_activity_stream";
    private static final String STREAM_VERSION = "1.0.0";
    AnalyticsDataAPI analyticsDataAPI;
    private EventStreamPersistenceClient persistenceClient;
    private DataPublisherClient dataPublisherClient;
    private AnalyticsWebServiceClient webServiceClient;
    private EventReceiverClient eventReceiverClient;
    private WebDriver driver;

    @BeforeMethod(alwaysRun = true)
    public void setUp() throws Exception {
        super.init();
        String sessionCookie = getSessionCookie();
        this.driver = BrowserManager.getWebDriver();
        this.persistenceClient = new EventStreamPersistenceClient(this.backendURL, sessionCookie);
        this.webServiceClient = new AnalyticsWebServiceClient(this.backendURL, sessionCookie);
        this.dataPublisherClient = new DataPublisherClient();
        this.eventReceiverClient = new EventReceiverClient(this.backendURL, sessionCookie);
        this.analyticsDataAPI = new CarbonAnalyticsAPI(new File(getClass().getClassLoader().getResource("dasconfig" + File.separator + "api" + File.separator + "analytics-data-config.xml").toURI()).getAbsolutePath());
        this.analyticsDataAPI.deleteTable(-1234, TABLE_NAME);
    }

    @Test(groups = {"wso2.das"}, description = "Verifying XSS Vulnerability in Activity Dashboard")
    public void testXSSVulnerability() throws Exception {
        boolean z = false;
        Utils.addStreamAndPersistence(this.webServiceClient, this.persistenceClient, getStreamDefinition(), getAnalyticsTableDefinition());
        this.eventReceiverClient.addOrUpdateEventReceiver("activity_receiver", getResourceContent(ActivityDashboardUITestCase.class, "eventreceivers" + File.separator + "activity_receiver.xml"));
        Thread.sleep(10000L);
        this.dataPublisherClient.publish(STREAM_NAME, STREAM_VERSION, new Event((String) null, System.currentTimeMillis(), new Object[0], new Object[]{"activity_1"}, new Object[]{"<script>document.getElementById('workArea').id='vulnerable';</script>"}));
        Utils.checkAndWaitForTableSize(this.webServiceClient, TABLE_NAME, 1);
        this.driver.get(getLoginURL());
        this.driver.findElement(By.id("txtUserName")).clear();
        this.driver.findElement(By.id("txtUserName")).sendKeys(new CharSequence[]{this.dasServer.getContextTenant().getContextUser().getUserName()});
        this.driver.findElement(By.id("txtPassword")).clear();
        this.driver.findElement(By.id("txtPassword")).sendKeys(new CharSequence[]{this.dasServer.getContextTenant().getContextUser().getPassword()});
        this.driver.findElement(By.cssSelector("input.button")).click();
        this.driver.findElement(By.id("menu-panel-button4")).click();
        String str = this.backendURL.split("/services/")[0] + "/carbon/activitydashboard/index.jsp?";
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("region", "region1"));
        arrayList.add(new BasicNameValuePair("item", "activity_dashboard"));
        this.driver.get(str + URLEncodedUtils.format(arrayList, "UTF-8"));
        WebDriverWait webDriverWait = new WebDriverWait(this.driver, 5L);
        try {
            this.driver.findElement(By.cssSelector("#workArea > div.sectionSub > div.buttonRow > input:nth-child(1)")).click();
            Thread.sleep(3000L);
            this.driver.findElement(By.cssSelector("#workArea > div.sectionSeperator > a")).click();
            Thread.sleep(3000L);
            this.driver.findElement(By.cssSelector("#records_activity_1 > table > tbody > tr > td > i > a")).click();
            Thread.sleep(5000L);
            webDriverWait.until(ExpectedConditions.presenceOfElementLocated(By.id("vulnerable")));
            z = true;
        } catch (Exception e) {
        }
        Assert.assertFalse(z);
        this.driver.close();
    }

    @AfterClass(alwaysRun = true)
    public void tearDown() throws Exception {
        this.driver.quit();
    }

    private StreamDefinitionBean getStreamDefinition() {
        StreamDefinitionBean streamDefinitionBean = new StreamDefinitionBean();
        streamDefinitionBean.setName(STREAM_NAME);
        streamDefinitionBean.setVersion(STREAM_VERSION);
        StreamDefAttributeBean streamDefAttributeBean = new StreamDefAttributeBean();
        streamDefAttributeBean.setName("activity_id");
        streamDefAttributeBean.setType("STRING");
        streamDefinitionBean.setCorrelationData(new StreamDefAttributeBean[]{streamDefAttributeBean});
        StreamDefAttributeBean streamDefAttributeBean2 = new StreamDefAttributeBean();
        streamDefAttributeBean2.setName("data");
        streamDefAttributeBean2.setType("STRING");
        streamDefinitionBean.setPayloadData(new StreamDefAttributeBean[]{streamDefAttributeBean2});
        return streamDefinitionBean;
    }

    private AnalyticsTable getAnalyticsTableDefinition() {
        AnalyticsTable analyticsTable = new AnalyticsTable();
        analyticsTable.setPersist(true);
        analyticsTable.setMergeSchema(false);
        analyticsTable.setTableName(STREAM_NAME);
        analyticsTable.setStreamVersion(STREAM_VERSION);
        AnalyticsTableRecord analyticsTableRecord = new AnalyticsTableRecord();
        analyticsTableRecord.setColumnName("correlation_activity_id");
        analyticsTableRecord.setColumnType("STRING");
        analyticsTableRecord.setPersist(true);
        analyticsTableRecord.setIndexed(true);
        analyticsTableRecord.setFacet(true);
        analyticsTableRecord.setPrimaryKey(false);
        analyticsTableRecord.setScoreParam(false);
        AnalyticsTableRecord analyticsTableRecord2 = new AnalyticsTableRecord();
        analyticsTableRecord2.setColumnName("data");
        analyticsTableRecord2.setColumnType("STRING");
        analyticsTableRecord2.setPersist(true);
        analyticsTableRecord2.setIndexed(true);
        analyticsTableRecord2.setFacet(false);
        analyticsTableRecord2.setPrimaryKey(false);
        analyticsTableRecord2.setScoreParam(false);
        analyticsTable.setAnalyticsTableRecords(new AnalyticsTableRecord[]{analyticsTableRecord, analyticsTableRecord2});
        return analyticsTable;
    }
}
