package org.wso2.am.integration.tests.header;

import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import javax.xml.xpath.XPathExpressionException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.json.JSONException;
import org.springframework.http.HttpHeaders;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Factory;
import org.testng.annotations.Test;
import org.wso2.am.integration.clients.publisher.api.ApiException;
import org.wso2.am.integration.clients.publisher.api.v1.dto.APIOperationsDTO;
import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO;
import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyGenerateRequestDTO;
import org.wso2.am.integration.test.utils.APIManagerIntegrationTestException;
import org.wso2.am.integration.test.utils.bean.APILifeCycleAction;
import org.wso2.am.integration.test.utils.bean.APIRequest;
import org.wso2.am.integration.tests.api.lifecycle.APIManagerLifecycleBaseTest;
import org.wso2.carbon.automation.engine.annotations.ExecutionEnvironment;
import org.wso2.carbon.automation.engine.annotations.SetEnvironment;
import org.wso2.carbon.automation.engine.context.TestUserMode;
import org.wso2.carbon.automation.engine.context.beans.User;

@SetEnvironment(executionEnvironments = {ExecutionEnvironment.STANDALONE})
/* loaded from: input_file:org/wso2/am/integration/tests/header/CORSAccessControlAllowCredentialsHeaderTestCase.class */
public class CORSAccessControlAllowCredentialsHeaderTestCase extends APIManagerLifecycleBaseTest {
    private static final String API_NAME_2 = "CorsACACHeadersTestAPI_2";
    private static final String APPLICATION_NAME_2 = "CorsACACApp_2";
    private static final String API_CONTEXT_2 = "corsACACHeadersTestAPI_2";
    private static final String API_VERSION = "1.0.0";
    private static final String TAGS = "ACAC, cors, test";
    private static final String DESCRIPTION = "This is test API create by API manager integration test";
    private static final String ACCESS_CONTROL_ALLOW_ORIGIN_HEADER = "Access-Control-Allow-Origin";
    private static final String ACCESS_CONTROL_ALLOW_ORIGIN_HEADER_VALUE_LOCALHOST = "http://localhost";
    private static final String ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER = "Access-Control-Allow-Credentials";
    private String accessToken;
    private String apiId;
    private String applicationId;
    private final String API_END_POINT_POSTFIX_URL = "jaxrs_basic/services/customers/customerservice/";
    Log log = LogFactory.getLog(CORSAccessControlAllowCredentialsHeaderTestCase.class);

    @BeforeClass(alwaysRun = true)
    public void initialize() throws Exception {
        super.init(this.userMode);
    }

    @Test(groups = {"wso2.am"}, description = "Checking Access-Control-Allow-Credentials header in response when Access-Control-Allow-Origin is 'http://localhost'")
    public void CheckAccessControlAllowCredentialsHeadersWithSpecificOrigin() throws Exception {
        this.accessToken = createPublishAndSubscribeToApi(this.user, API_NAME_2, API_CONTEXT_2, API_VERSION, APPLICATION_NAME_2);
        waitForAPIDeploymentSync(this.user.getUserName(), API_NAME_2, API_VERSION, "\"isApiExists\":true");
        CloseableHttpClient build = HttpClientBuilder.create().build();
        HttpGet httpGet = new HttpGet(getAPIInvocationURLHttps(API_CONTEXT_2, API_VERSION) + "/customers/123");
        httpGet.addHeader(HttpHeaders.ORIGIN, ACCESS_CONTROL_ALLOW_ORIGIN_HEADER_VALUE_LOCALHOST);
        httpGet.addHeader("Authorization", "Bearer " + this.accessToken);
        HttpResponse execute = build.execute(httpGet);
        ArrayList arrayList = new ArrayList();
        arrayList.add(Integer.valueOf(HTTP_RESPONSE_CODE_OK));
        arrayList.add(Integer.valueOf(HTTP_RESPONSE_CODE_CREATED));
        Assert.assertTrue(arrayList.contains(Integer.valueOf(execute.getStatusLine().getStatusCode())), "Response code mismatch.");
        Header[] allHeaders = execute.getAllHeaders();
        this.log.info("Response Headers: CheckAccessControlAllowCredentialsHeadersWithAnyOrigin");
        for (Header header : allHeaders) {
            this.log.info(header.getName() + " : " + header.getValue());
        }
        Assert.assertNotNull(pickHeader(allHeaders, ACCESS_CONTROL_ALLOW_ORIGIN_HEADER), "Access-Control-Allow-Origin header is not available in the response.");
        Assert.assertNotNull(pickHeader(allHeaders, ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER), "Access-Control-Allow-Credentials header is not available in the response.");
    }

    private String createPublishAndSubscribeToApi(User user, String str, String str2, String str3, String str4) throws APIManagerIntegrationTestException, XPathExpressionException, MalformedURLException, ApiException, org.wso2.am.integration.clients.store.api.ApiException, JSONException {
        String userName = user.getUserName();
        APIRequest aPIRequest = new APIRequest(str, str2, new URL(this.backEndServerUrl.getWebAppURLHttps() + "jaxrs_basic/services/customers/customerservice/"), true);
        aPIRequest.setTags(TAGS);
        aPIRequest.setDescription(DESCRIPTION);
        aPIRequest.setTiersCollection("Unlimited");
        aPIRequest.setProvider(userName);
        APIOperationsDTO aPIOperationsDTO = new APIOperationsDTO();
        aPIOperationsDTO.setVerb("GET");
        aPIOperationsDTO.setTarget("/customers/{id}");
        aPIOperationsDTO.setAuthType("Application & Application User");
        aPIOperationsDTO.setThrottlingPolicy("Unlimited");
        ArrayList arrayList = new ArrayList();
        arrayList.add(aPIOperationsDTO);
        aPIRequest.setOperationsDTOS(arrayList);
        this.apiId = this.restAPIPublisher.addAPI(aPIRequest).getData();
        createAPIRevisionAndDeployUsingRest(this.apiId, this.restAPIPublisher);
        waitForAPIDeployment();
        this.restAPIPublisher.changeAPILifeCycleStatus(this.apiId, APILifeCycleAction.PUBLISH.getAction(), (String) null);
        this.applicationId = this.restAPIStore.createApplication(str4, "50PerMin", "Unlimited", ApplicationDTO.TokenTypeEnum.JWT).getData();
        this.restAPIStore.createSubscription(this.apiId, this.applicationId, "Unlimited");
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add("password");
        arrayList2.add("client_credentials");
        this.accessToken = this.restAPIStore.generateKeys(this.applicationId, "36000", "", ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION, (ArrayList) null, arrayList2).getToken().getAccessToken();
        return this.accessToken;
    }

    @AfterClass(alwaysRun = true)
    public void destroy() throws Exception {
        this.restAPIStore.deleteApplication(this.applicationId);
        undeployAndDeleteAPIRevisionsUsingRest(this.apiId, this.restAPIPublisher);
        this.restAPIPublisher.deleteAPI(this.apiId);
        super.cleanUp();
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public static Object[][] userModeDataProvider() {
        return new Object[]{new Object[]{TestUserMode.SUPER_TENANT_ADMIN}, new Object[]{TestUserMode.TENANT_ADMIN}};
    }

    @Factory(dataProvider = "userModeDataProvider")
    public CORSAccessControlAllowCredentialsHeaderTestCase(TestUserMode testUserMode) {
        this.userMode = testUserMode;
    }
}
