package org.wso2.carbon.esb.ui.test;

import java.io.File;
import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import org.wso2.carbon.automation.extensions.selenium.BrowserManager;
import org.wso2.carbon.integration.common.admin.client.LogViewerClient;
import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager;
import org.wso2.carbon.utils.CarbonUtils;
import org.wso2.esb.integration.common.utils.ESBIntegrationUITest;

/* loaded from: input_file:org/wso2/carbon/esb/ui/test/XssCsrfSkipPatternsTestCase.class */
public class XssCsrfSkipPatternsTestCase extends ESBIntegrationUITest {
    private WebDriver driver;
    private ServerConfigurationManager scm;
    private File carbonXML;
    private File catalinaXML;

    @BeforeClass(alwaysRun = true)
    public void setUp() throws Exception {
        super.init();
        changeESBConfiguration();
    }

    @Test(groups = {"wso2.is"}, description = "verify XSS prevention exist")
    public void testXSSPrevention() throws Exception {
        LogViewerClient logViewerClient = new LogViewerClient(this.contextUrls.getBackEndUrl(), getSessionCookie());
        this.driver = BrowserManager.getWebDriver();
        this.driver.get(getLoginURL());
        this.driver.findElement(By.id("txtUserName")).clear();
        this.driver.findElement(By.id("txtUserName")).sendKeys(new CharSequence[]{"admin"});
        this.driver.findElement(By.id("txtPassword")).clear();
        this.driver.findElement(By.id("txtPassword")).sendKeys(new CharSequence[]{"admin"});
        this.driver.findElement(By.cssSelector("input.button")).click();
        this.driver.findElement(By.cssSelector("#menu-panel-button3 > span")).click();
        this.driver.findElement(By.linkText("Add New Tenant")).click();
        this.driver.findElement(By.id("domain")).clear();
        this.driver.findElement(By.id("domain")).sendKeys(new CharSequence[]{"domain1.com"});
        this.driver.findElement(By.id("admin-firstname")).clear();
        this.driver.findElement(By.id("admin-firstname")).sendKeys(new CharSequence[]{"admin"});
        this.driver.findElement(By.id("admin-lastname")).clear();
        this.driver.findElement(By.id("admin-lastname")).sendKeys(new CharSequence[]{"admin"});
        this.driver.findElement(By.id("admin")).clear();
        this.driver.findElement(By.id("admin")).sendKeys(new CharSequence[]{"admin"});
        this.driver.findElement(By.id("admin-password")).clear();
        this.driver.findElement(By.id("admin-password")).sendKeys(new CharSequence[]{"Test#1234"});
        this.driver.findElement(By.id("admin-password-repeat")).clear();
        this.driver.findElement(By.id("admin-password-repeat")).sendKeys(new CharSequence[]{"Test#1234"});
        this.driver.findElement(By.id("admin-email")).clear();
        this.driver.findElement(By.id("admin-email")).sendKeys(new CharSequence[]{"admin@gmail.com"});
        this.driver.findElement(By.cssSelector("input.button")).click();
        this.driver.findElement(By.cssSelector("button[type=\"button\"]")).click();
        this.driver.findElement(By.linkText("Sign-out")).click();
        this.driver.findElement(By.id("txtUserName")).clear();
        this.driver.findElement(By.id("txtUserName")).sendKeys(new CharSequence[]{"admin@domain1.com"});
        this.driver.findElement(By.id("txtPassword")).clear();
        this.driver.findElement(By.id("txtPassword")).sendKeys(new CharSequence[]{"Test#1234"});
        this.driver.findElement(By.cssSelector("input.button")).click();
        this.driver.findElement(By.cssSelector("span")).click();
        this.driver.findElement(By.linkText("Templates")).click();
        this.driver.findElement(By.linkText("Add Sequence Template")).click();
        this.driver.findElement(By.linkText("switch to source view")).click();
        this.driver.switchTo().frame("frame_sequence_source");
        this.driver.findElement(By.id("textarea")).click();
        this.driver.findElement(By.id("textarea")).click();
        this.driver.findElement(By.id("textarea")).clear();
        this.driver.findElement(By.id("textarea")).sendKeys(new CharSequence[]{"<template xmlns=\"http://ws.apache.org/ns/synapse\" name=\"test7\">\n<sequence>\n<script language=\"js\"/>\n</sequence>\n </template>"});
        this.driver.switchTo().defaultContent();
        this.driver.findElement(By.cssSelector("input.button")).click();
        Assert.assertTrue(!logViewerClient.getAllRemoteSystemLogs()[0].getMessage().contains("Could not handle request"), "XSS attack prevention failed.");
    }

    private void changeESBConfiguration() throws Exception {
        String carbonHome = CarbonUtils.getCarbonHome();
        this.carbonXML = new File(carbonHome + File.separator + "conf" + File.separator + "carbon.xml");
        File file = new File(getESBResourceLocation() + File.separator + "XssCsrfSkipPatterns" + File.separator + "carbon-security.xml");
        this.catalinaXML = new File(carbonHome + File.separator + "conf" + File.separator + "tomcat" + File.separator + "catalina-server.xml");
        File file2 = new File(getESBResourceLocation() + File.separator + "XssCsrfSkipPatterns" + File.separator + "catalina-server-security.xml");
        this.scm = new ServerConfigurationManager(this.context);
        this.scm.applyConfigurationWithoutRestart(file, this.carbonXML, true);
        this.scm.applyConfigurationWithoutRestart(file2, this.catalinaXML, true);
        this.scm.restartGracefully();
        super.init();
    }

    private void resetESBConfiguration() throws Exception {
        String carbonHome = CarbonUtils.getCarbonHome();
        this.carbonXML = new File(carbonHome + File.separator + "conf" + File.separator + "carbon.xml");
        File file = new File(getESBResourceLocation() + File.separator + "XssCsrfSkipPatterns" + File.separator + "carbon-default.xml");
        this.catalinaXML = new File(carbonHome + File.separator + "conf" + File.separator + "tomcat" + File.separator + "catalina-server.xml");
        File file2 = new File(getESBResourceLocation() + File.separator + "XssCsrfSkipPatterns" + File.separator + "catalina-server-default.xml");
        this.scm = new ServerConfigurationManager(this.context);
        this.scm.applyConfigurationWithoutRestart(file, this.carbonXML, true);
        this.scm.applyConfigurationWithoutRestart(file2, this.catalinaXML, true);
        this.scm.restartGracefully();
    }

    @AfterClass(alwaysRun = true)
    public void tearDown() throws Exception {
        this.driver.quit();
        resetESBConfiguration();
    }
}
