package org.wso2.am.integration.tests.api.lifecycle;

import com.ibm.wsdl.Constants;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.util.HashMap;
import javax.xml.xpath.XPathExpressionException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.json.JSONException;
import org.json.JSONObject;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import org.wso2.am.integration.test.utils.APIManagerIntegrationTestException;
import org.wso2.am.integration.test.utils.bean.APICreationRequestBean;
import org.wso2.am.integration.test.utils.bean.ClientCertificateCreationBean;
import org.wso2.am.integration.test.utils.clients.APIPublisherRestClient;
import org.wso2.am.integration.test.utils.clients.APIStoreRestClient;
import org.wso2.am.integration.test.utils.http.HTTPSClientUtils;
import org.wso2.carbon.apimgt.api.model.APIIdentifier;
import org.wso2.carbon.automation.engine.annotations.ExecutionEnvironment;
import org.wso2.carbon.automation.engine.annotations.SetEnvironment;
import org.wso2.carbon.automation.test.utils.http.client.HttpRequestUtil;
import org.wso2.carbon.automation.test.utils.http.client.HttpResponse;
import org.wso2.carbon.integration.common.utils.exceptions.AutomationUtilException;
import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager;

@SetEnvironment(executionEnvironments = {ExecutionEnvironment.STANDALONE})
/* loaded from: input_file:org/wso2/am/integration/tests/api/lifecycle/APISecurityTestCase.class */
public class APISecurityTestCase extends APIManagerLifecycleBaseTest {
    private final String API_CONTEXT = "mutualsslAPI";
    private final String API_CONTEXT_2 = "mutualsslAPI2";
    private final String API_END_POINT_METHOD = "/customers/123";
    private final String API_VERSION_1_0_0 = "1.0.0";
    private final String APPLICATION_NAME = "AccessibilityOfDeprecatedOldAPIAndPublishedCopyAPITestCase";
    private APIIdentifier apiIdentifier1;
    private APIIdentifier apiIdentifier2;
    private APIPublisherRestClient apiPublisherClientUser1;
    private APIStoreRestClient apiStoreClientUser1;
    private ServerConfigurationManager serverConfigurationManager;
    private String accessToken;

    @BeforeClass(alwaysRun = true)
    public void initialize() throws APIManagerIntegrationTestException, XPathExpressionException, IOException, AutomationUtilException {
        super.init();
        startServerWithConfigChanges();
        this.apiPublisherClientUser1 = new APIPublisherRestClient(getPublisherURLHttp());
        this.apiStoreClientUser1 = new APIStoreRestClient(getStoreURLHttp());
        publishAPI("mutualsslAPI", "mutualsslAPI", "", "example.crt");
        publishAPI("mutualsslAPI2", "mutualsslAPI2", "oauth2", "abcde.crt");
        this.apiIdentifier1 = new APIIdentifier(this.user.getUserName(), "mutualsslAPI", "1.0.0");
        this.apiIdentifier2 = new APIIdentifier(this.user.getUserName(), "mutualsslAPI2", "1.0.0");
        this.apiStoreClientUser1.login(this.user.getUserName(), this.user.getPassword());
        this.apiStoreClientUser1.addApplication("AccessibilityOfDeprecatedOldAPIAndPublishedCopyAPITestCase", "Unlimited", "", "");
        subscribeToAPI(this.apiIdentifier2, "AccessibilityOfDeprecatedOldAPIAndPublishedCopyAPITestCase", this.apiStoreClientUser1);
        this.accessToken = generateApplicationKeys(this.apiStoreClientUser1, "AccessibilityOfDeprecatedOldAPIAndPublishedCopyAPITestCase").getAccessToken();
    }

    @Test(description = "This test case tests the behaviour of APIs that are protected with mutual SSL and OAuth2 when the client certificate is not presented but OAuth2 token is presented.")
    public void testCreateAndPublishAPIWithOAuth2() throws XPathExpressionException, IOException, JSONException {
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "application/json");
        hashMap.put("Authorization", "Bearer " + this.accessToken);
        Assert.assertEquals(new JSONObject(HttpRequestUtil.doGet(getAPIInvocationURLHttp("mutualsslAPI", "1.0.0") + "/customers/123", hashMap).getData()).getJSONObject(Constants.ELEM_FAULT).getInt("code"), 900911, "API invocation succeeded with the access token without need for mutual ssl");
        Assert.assertEquals(HttpRequestUtil.doGet(getAPIInvocationURLHttp("mutualsslAPI2", "1.0.0") + "/customers/123", hashMap).getResponseCode(), HTTP_RESPONSE_CODE_OK, "API invocation failed for a test case with valid access token when the API is protected with both mutual sso and oauth2");
    }

    @Test(description = "This method tests the behaviour of APIs that are protected with mutual SSL and when the authentication is done using mutual SSL", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testAPIInvocationWithMutualSSL() throws IOException, XPathExpressionException, InterruptedException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException {
        Thread.sleep(60000L);
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "text/xml");
        HttpResponse doMutulSSLGet = HTTPSClientUtils.doMutulSSLGet(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "new-keystore.jks", getAPIInvocationURLHttps("mutualsslAPI", "1.0.0") + "/customers/123", hashMap);
        Assert.assertEquals(doMutulSSLGet.getResponseCode(), 200, "Mutual SSL Authentication has not succeeded");
        Assert.assertTrue(doMutulSSLGet.getData().contains("<id>123</id><name>John</name></Customer>"), "Expected payload did not match");
        Assert.assertEquals(HTTPSClientUtils.doMutulSSLGet(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "new-keystore.jks", getAPIInvocationURLHttps("mutualsslAPI2", "1.0.0") + "/customers/123", hashMap).getResponseCode(), 401, "Mutual SSL Authentication has succeeded for a different certificate");
        HttpResponse doMutulSSLGet2 = HTTPSClientUtils.doMutulSSLGet(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "test.jks", getAPIInvocationURLHttps("mutualsslAPI2", "1.0.0") + "/customers/123", hashMap);
        Assert.assertEquals(doMutulSSLGet2.getResponseCode(), 200, "Mutual SSL Authentication has not succeeded");
        Assert.assertTrue(doMutulSSLGet2.getData().contains("<id>123</id><name>John</name></Customer>"), "Expected payload did not match");
        hashMap.put("Authorization", "Bearer " + this.accessToken);
        HttpResponse doMutulSSLGet3 = HTTPSClientUtils.doMutulSSLGet(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "new-keystore.jks", getAPIInvocationURLHttps("mutualsslAPI2", "1.0.0") + "/customers/123", hashMap);
        Assert.assertEquals(doMutulSSLGet3.getResponseCode(), 200, "OAuth2 authentication was not checked in the event of mutual SSL failure");
        Assert.assertTrue(doMutulSSLGet3.getData().contains("<id>123</id><name>John</name></Customer>"), "Expected payload did not match");
    }

    @AfterClass(alwaysRun = true)
    public void cleanUpArtifacts() throws APIManagerIntegrationTestException, IOException, AutomationUtilException {
        this.apiStoreClientUser1.removeApplication("AccessibilityOfDeprecatedOldAPIAndPublishedCopyAPITestCase");
        deleteAPI(this.apiIdentifier1, this.apiPublisherClientUser1);
        deleteAPI(this.apiIdentifier2, this.apiPublisherClientUser1);
        this.serverConfigurationManager.restoreToLastConfiguration(true);
    }

    private void startServerWithConfigChanges() throws AutomationUtilException, XPathExpressionException, IOException {
        this.serverConfigurationManager = new ServerConfigurationManager(this.superTenantKeyManagerContext);
        this.serverConfigurationManager.applyConfigurationWithoutRestart(new File(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "api-manager.xml"));
        this.serverConfigurationManager.applyConfigurationWithoutRestart(new File(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "axis2.xml"), new File(CARBON_HOME + File.separator + "repository" + File.separator + "conf" + File.separator + "axis2" + File.separator + "axis2.xml"), true);
        this.serverConfigurationManager.restartGracefully();
    }

    private String getBase64EncodedCertificate(String str) throws IOException {
        FileInputStream fileInputStream = new FileInputStream(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + str);
        StringWriter stringWriter = new StringWriter();
        IOUtils.copy(fileInputStream, stringWriter, StandardCharsets.UTF_8);
        return new String(Base64.encodeBase64(stringWriter.toString().getBytes()));
    }

    private void publishAPI(String str, String str2, String str3, String str4) throws IOException, APIManagerIntegrationTestException {
        this.apiPublisherClientUser1.login(this.user.getUserName(), this.user.getPassword());
        String str5 = getGatewayURLHttp() + "jaxrs_basic/services/customers/customerservice/";
        String userName = this.user.getUserName();
        APICreationRequestBean aPICreationRequestBean = new APICreationRequestBean(str, str2, "1.0.0", userName, new URL(str5));
        aPICreationRequestBean.setMutualSSLChecked("mutualssl");
        aPICreationRequestBean.setOauth2Checked(str3);
        APIIdentifier aPIIdentifier = new APIIdentifier(userName, str, "1.0.0");
        this.apiPublisherClientUser1.addAPI(aPICreationRequestBean);
        this.apiPublisherClientUser1.uploadCertificate(new ClientCertificateCreationBean(str, userName, "1.0.0", getBase64EncodedCertificate(str4), "Unlimited", str));
        this.apiPublisherClientUser1.changeAPILifeCycleStatusToPublish(aPIIdentifier, false);
    }
}
