package org.wso2.am.integration.tests.rest;

import java.util.HashMap;
import java.util.Map;
import org.json.JSONObject;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Factory;
import org.testng.annotations.Test;
import org.wso2.am.integration.test.utils.base.APIMIntegrationBaseTest;
import org.wso2.am.integration.test.utils.clients.APIPublisherRestClient;
import org.wso2.am.integration.test.utils.clients.APIStoreRestClient;
import org.wso2.carbon.automation.engine.context.TestUserMode;
import org.wso2.carbon.automation.test.utils.http.client.HttpRequestUtil;
import org.wso2.carbon.automation.test.utils.http.client.HttpResponse;

/* loaded from: input_file:org/wso2/am/integration/tests/rest/DocAPIParameterTamperingTest.class */
public class DocAPIParameterTamperingTest extends APIMIntegrationBaseTest {
    private Map<String, String> requestHeaders = new HashMap();

    @Factory(dataProvider = "userModeDataProvider")
    public DocAPIParameterTamperingTest(TestUserMode testUserMode) {
        this.userMode = testUserMode;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public static Object[][] userModeDataProvider() {
        return new Object[]{new Object[]{TestUserMode.SUPER_TENANT_ADMIN}};
    }

    @BeforeClass(alwaysRun = true)
    public void setEnvironment() throws Exception {
        super.init(this.userMode);
        this.publisherURLHttp = getPublisherURLHttp();
        this.storeURLHttp = getStoreURLHttp();
        this.apiStore = new APIStoreRestClient(this.storeURLHttp);
        this.apiPublisher = new APIPublisherRestClient(this.publisherURLHttp);
    }

    @Test(groups = {"wso2.am"}, description = "Test whether the response expose the stack trace")
    public void testParameterTampaeredResponseOfDocAPI() throws Exception {
        String str = this.publisherURLHttp + "publisher/site/blocks/documentation/ajax/docs.jag?action=getInlineContent&=&apiName=%3Balert%281%29%27%22%3C%3E&version=1.0.0&docName=asd";
        this.requestHeaders.put("Cookie", (String) this.apiPublisher.login(this.user.getUserName(), this.user.getPassword()).getHeaders().get("Set-Cookie"));
        HttpResponse doGet = HttpRequestUtil.doGet(str, this.requestHeaders);
        JSONObject jSONObject = new JSONObject(doGet.getData());
        System.out.println(doGet.getData());
        Assert.assertFalse(doGet.getData().contains("Exception"), "Stack trace is exposed in the error");
        Assert.assertEquals(jSONObject.get("error"), true, "Error message is not properly returned");
    }
}
