package org.wso2.am.integration.tests.api.lifecycle;

import com.google.gson.Gson;
import io.swagger.parser.OpenAPIParser;
import io.swagger.v3.oas.models.Operation;
import io.swagger.v3.oas.models.PathItem;
import io.swagger.v3.oas.models.Paths;
import io.swagger.v3.parser.core.models.ParseOptions;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URL;
import java.rmi.RemoteException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.xml.xpath.XPathExpressionException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.apache.cxf.staxutils.PropertiesExpandingStreamReader;
import org.apache.cxf.transport.https.HttpsURLConnectionFactory;
import org.json.JSONException;
import org.json.JSONObject;
import org.springframework.http.HttpHeaders;
import org.springframework.util.backoff.FixedBackOff;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Factory;
import org.testng.annotations.Test;
import org.wso2.am.integration.clients.internal.api.dto.RevokedJWTDTO;
import org.wso2.am.integration.clients.publisher.api.ApiException;
import org.wso2.am.integration.clients.publisher.api.ApiResponse;
import org.wso2.am.integration.clients.publisher.api.v1.dto.APIDTO;
import org.wso2.am.integration.clients.publisher.api.v1.dto.APIKeyDTO;
import org.wso2.am.integration.clients.publisher.api.v1.dto.APIOperationsDTO;
import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO;
import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyDTO;
import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyGenerateRequestDTO;
import org.wso2.am.integration.test.utils.APIManagerIntegrationTestException;
import org.wso2.am.integration.test.utils.bean.APILifeCycleAction;
import org.wso2.am.integration.test.utils.bean.APIRequest;
import org.wso2.am.integration.test.utils.generic.APIMTestCaseUtils;
import org.wso2.am.integration.test.utils.http.HTTPSClientUtils;
import org.wso2.am.integration.test.utils.http.HttpRequestUtil;
import org.wso2.am.integration.test.utils.token.TokenUtils;
import org.wso2.am.integration.tests.restapi.RESTAPITestConstants;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.automation.engine.annotations.ExecutionEnvironment;
import org.wso2.carbon.automation.engine.annotations.SetEnvironment;
import org.wso2.carbon.automation.engine.context.TestUserMode;
import org.wso2.carbon.automation.test.utils.http.client.HttpResponse;
import org.wso2.carbon.integration.common.utils.exceptions.AutomationUtilException;
import org.wso2.carbon.um.ws.api.stub.ClaimValue;
import org.wso2.carbon.um.ws.api.stub.RemoteUserStoreManagerServiceUserStoreExceptionException;
import org.wso2.carbon.user.core.UserStoreException;

@SetEnvironment(executionEnvironments = {ExecutionEnvironment.STANDALONE})
/* loaded from: input_file:org/wso2/am/integration/tests/api/lifecycle/APISecurityTestCase.class */
public class APISecurityTestCase extends APIManagerLifecycleBaseTest {
    private String accessToken;
    private String apiEndPointUrl;
    private String applicationId;
    private String consumerKey;
    private String consumerSecret;
    private String apiId1;
    private String apiId2;
    private String apiId3;
    private String apiId4;
    private String apiId5;
    private String apiId6;
    private String apiId7;
    private final String mutualSSLOnlyAPIName = "mutualsslOnlyAPI";
    private final String mutualSSLWithOAuthAPI = "mutualSSLWithOAuthAPI";
    private final String mutualSSLandOauthMandatoryAPI = "mutualSSLandOAuthMandatoryAPI";
    private final String apiKeySecuredAPI = "apiKeySecuredAPI";
    private final String OauthDisabledAPI = "OauthDisabledAPI";
    private final String OauthEnabledAPI = "OauthEnabledAPI";
    private final String mutualSSLOnlyAPIContext = "mutualsslOnlyAPI";
    private final String mutualSSLWithOAuthAPIContext = "mutualSSLWithOAuthAPI";
    private final String mutualSSLandOAuthMandatoryAPIContext = "mutualSSLandOAuthMandatoryAPI";
    private final String OauthDisabledAPIContext = "OauthDisabledAPI";
    private final String OauthEnabledAPIContext = "OauthEnabledAPI";
    private final String apiKeySecuredAPIContext = "apiKeySecuredAPI";
    private final String basicAuthSecuredAPI = "BasicAuthSecuredAPI";
    private final String basicAuthSecuredAPIContext = "BasicAuthSecuredAPI";
    private final String API_END_POINT_METHOD = "/customers/123";
    private final String API_VERSION_1_0_0 = "1.0.0";
    private final String APPLICATION_NAME = "AccessibilityOfDeprecatedOldAPIAndPublishedCopyAPITestCase";
    private final String API_END_POINT_POSTFIX_URL = "jaxrs_basic/services/customers/customerservice/";
    private final String API_RESPONSE_DATA = "<id>123</id><name>John</name></Customer>";
    String[] users = {"apisecUser", "apisecUser2@wso2.com", "apisecUser2@abc.com"};
    String endUserPassword = "password@123";

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public static Object[][] userModeDataProvider() {
        return new Object[]{new Object[]{TestUserMode.SUPER_TENANT_ADMIN}, new Object[]{TestUserMode.TENANT_ADMIN}};
    }

    private void createUser() throws RemoteException, RemoteUserStoreManagerServiceUserStoreExceptionException, UserStoreException {
        for (String str : this.users) {
            this.remoteUserStoreManagerServiceClient.addUser(str, this.endUserPassword, new String[0], new ClaimValue[0], "default", false);
        }
    }

    @Factory(dataProvider = "userModeDataProvider")
    public APISecurityTestCase(TestUserMode testUserMode) {
        this.userMode = testUserMode;
    }

    @BeforeClass(alwaysRun = true)
    public void initialize() throws APIManagerIntegrationTestException, IOException, ApiException, org.wso2.am.integration.clients.store.api.ApiException, XPathExpressionException, AutomationUtilException, InterruptedException, JSONException, RemoteUserStoreManagerServiceUserStoreExceptionException, UserStoreException {
        super.init(this.userMode);
        createUser();
        this.apiEndPointUrl = this.backEndServerUrl.getWebAppURLHttp() + "jaxrs_basic/services/customers/customerservice/";
        APIRequest aPIRequest = new APIRequest("mutualsslOnlyAPI", "mutualsslOnlyAPI", new URL(this.apiEndPointUrl));
        aPIRequest.setVersion("1.0.0");
        aPIRequest.setTiersCollection("Unlimited");
        aPIRequest.setTier("Unlimited");
        aPIRequest.setTags("testTag1, testTag2, testTag3");
        aPIRequest.setVisibility(APIDTO.VisibilityEnum.PUBLIC.getValue());
        aPIRequest.setProvider(this.user.getUserName());
        APIOperationsDTO aPIOperationsDTO = new APIOperationsDTO();
        aPIOperationsDTO.setVerb("GET");
        aPIOperationsDTO.setTarget("/customers/{id}");
        aPIOperationsDTO.setAuthType("Application & Application User");
        aPIOperationsDTO.setThrottlingPolicy("Unlimited");
        ArrayList arrayList = new ArrayList();
        arrayList.add(aPIOperationsDTO);
        aPIRequest.setOperationsDTOS(arrayList);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add("mutualssl");
        arrayList2.add("mutualssl_mandatory");
        aPIRequest.setSecurityScheme(arrayList2);
        aPIRequest.setDefault_version("true");
        aPIRequest.setHttps_checked(HttpsURLConnectionFactory.HTTPS_URL_PROTOCOL_ID);
        aPIRequest.setHttp_checked((String) null);
        aPIRequest.setDefault_version_checked("true");
        this.apiId1 = this.restAPIPublisher.addAPI(aPIRequest).getData();
        this.restAPIPublisher.uploadCertificate(new File(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "example.crt"), "example", this.apiId1, "Unlimited");
        APIRequest aPIRequest2 = new APIRequest("mutualSSLWithOAuthAPI", "mutualSSLWithOAuthAPI", new URL(this.apiEndPointUrl));
        aPIRequest2.setVersion("1.0.0");
        aPIRequest2.setProvider(this.user.getUserName());
        aPIRequest2.setTiersCollection("Unlimited");
        aPIRequest2.setTier("Unlimited");
        aPIRequest2.setTags("testTag1, testTag2, testTag3");
        aPIRequest2.setVisibility(APIDTO.VisibilityEnum.PUBLIC.getValue());
        aPIRequest2.setOperationsDTOS(arrayList);
        aPIRequest2.setDefault_version("true");
        aPIRequest2.setHttps_checked(HttpsURLConnectionFactory.HTTPS_URL_PROTOCOL_ID);
        aPIRequest2.setHttp_checked((String) null);
        aPIRequest2.setDefault_version_checked("true");
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add("mutualssl");
        arrayList3.add("oauth2");
        arrayList3.add("api_key");
        arrayList3.add("oauth_basic_auth_api_key_mandatory");
        aPIRequest2.setSecurityScheme(arrayList3);
        this.apiId2 = this.restAPIPublisher.addAPI(aPIRequest2).getData();
        this.restAPIPublisher.uploadCertificate(new File(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "example.crt"), "abcde", this.apiId2, "Unlimited");
        APIRequest aPIRequest3 = new APIRequest("mutualSSLandOAuthMandatoryAPI", "mutualSSLandOAuthMandatoryAPI", new URL(this.apiEndPointUrl));
        aPIRequest3.setVersion("1.0.0");
        aPIRequest3.setTiersCollection("Unlimited");
        aPIRequest3.setTier("Unlimited");
        aPIRequest3.setTags("testTag1, testTag2, testTag3");
        aPIRequest3.setVisibility(APIDTO.VisibilityEnum.PUBLIC.getValue());
        aPIRequest3.setOperationsDTOS(arrayList);
        aPIRequest3.setProvider(this.user.getUserName());
        ArrayList arrayList4 = new ArrayList();
        arrayList4.add("mutualssl");
        arrayList4.add("oauth2");
        arrayList4.add("api_key");
        arrayList4.add("mutualssl_mandatory");
        arrayList4.add("oauth_basic_auth_api_key_mandatory");
        aPIRequest3.setSecurityScheme(arrayList4);
        aPIRequest3.setDefault_version("true");
        aPIRequest3.setHttps_checked(HttpsURLConnectionFactory.HTTPS_URL_PROTOCOL_ID);
        aPIRequest3.setHttp_checked((String) null);
        aPIRequest3.setDefault_version_checked("true");
        this.apiId3 = this.restAPIPublisher.addAPI(aPIRequest3).getData();
        this.restAPIPublisher.uploadCertificate(new File(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "example.crt"), "abcdef", this.apiId3, "Unlimited");
        APIRequest aPIRequest4 = new APIRequest("apiKeySecuredAPI", "apiKeySecuredAPI", new URL(this.apiEndPointUrl));
        aPIRequest4.setVersion("1.0.0");
        aPIRequest4.setTiersCollection("Unlimited");
        aPIRequest4.setTier("Unlimited");
        aPIRequest4.setTags("testTag1, testTag2, testTag3");
        aPIRequest4.setVisibility(APIDTO.VisibilityEnum.PUBLIC.getValue());
        aPIRequest4.setOperationsDTOS(arrayList);
        aPIRequest4.setDefault_version("true");
        aPIRequest4.setHttps_checked(HttpsURLConnectionFactory.HTTPS_URL_PROTOCOL_ID);
        aPIRequest4.setHttp_checked((String) null);
        aPIRequest4.setProvider(this.user.getUserName());
        aPIRequest4.setDefault_version_checked("true");
        ArrayList arrayList5 = new ArrayList();
        arrayList5.add("api_key");
        arrayList5.add("oauth_basic_auth_api_key_mandatory");
        aPIRequest4.setSecurityScheme(arrayList5);
        aPIRequest4.setSandbox(this.apiEndPointUrl);
        this.apiId4 = this.restAPIPublisher.addAPI(aPIRequest4).getData();
        APIRequest aPIRequest5 = new APIRequest("BasicAuthSecuredAPI", "BasicAuthSecuredAPI", new URL(this.apiEndPointUrl));
        aPIRequest5.setVersion("1.0.0");
        aPIRequest5.setTiersCollection("Unlimited");
        aPIRequest5.setTier("Unlimited");
        aPIRequest5.setTags("testTag1, testTag2, testTag3");
        aPIRequest5.setVisibility(APIDTO.VisibilityEnum.PUBLIC.getValue());
        aPIRequest5.setOperationsDTOS(arrayList);
        aPIRequest5.setProvider(this.user.getUserName());
        ArrayList arrayList6 = new ArrayList();
        arrayList6.add("basic_auth");
        arrayList6.add("oauth_basic_auth_api_key_mandatory");
        aPIRequest5.setSecurityScheme(arrayList6);
        aPIRequest5.setDefault_version("true");
        aPIRequest5.setHttps_checked(HttpsURLConnectionFactory.HTTPS_URL_PROTOCOL_ID);
        aPIRequest5.setHttp_checked((String) null);
        this.apiId5 = this.restAPIPublisher.addAPI(aPIRequest5).getData();
        createAPIRevisionAndDeployUsingRest(this.apiId5, this.restAPIPublisher);
        this.restAPIPublisher.changeAPILifeCycleStatusToPublish(this.apiId5, false);
        waitForAPIDeploymentSync(aPIRequest5.getProvider(), aPIRequest5.getName(), aPIRequest5.getVersion(), "\"isApiExists\":true");
        APIRequest aPIRequest6 = new APIRequest("OauthDisabledAPI", "OauthDisabledAPI", new URL(this.apiEndPointUrl));
        APIOperationsDTO aPIOperationsDTO2 = new APIOperationsDTO();
        aPIOperationsDTO2.setVerb("GET");
        aPIOperationsDTO2.setTarget("/customers/{id}");
        aPIOperationsDTO2.setAuthType("None");
        aPIOperationsDTO2.setThrottlingPolicy("Unlimited");
        APIOperationsDTO aPIOperationsDTO3 = new APIOperationsDTO();
        aPIOperationsDTO3.setVerb("POST");
        aPIOperationsDTO3.setTarget("/customers/{id}");
        aPIOperationsDTO3.setAuthType("None");
        aPIOperationsDTO3.setThrottlingPolicy("Unlimited");
        ArrayList arrayList7 = new ArrayList();
        arrayList7.add(aPIOperationsDTO2);
        arrayList7.add(aPIOperationsDTO3);
        aPIRequest6.setVersion("1.0.0");
        aPIRequest6.setTiersCollection("Unlimited");
        aPIRequest6.setTier("Unlimited");
        aPIRequest6.setTags("testTag1, testTag2, testTag3");
        aPIRequest6.setVisibility(APIDTO.VisibilityEnum.PUBLIC.getValue());
        aPIRequest6.setOperationsDTOS(arrayList7);
        aPIRequest6.setProvider(this.user.getUserName());
        ArrayList arrayList8 = new ArrayList();
        arrayList8.add("oauth2");
        aPIRequest6.setSecurityScheme(arrayList8);
        aPIRequest6.setDefault_version("true");
        aPIRequest6.setHttps_checked(HttpsURLConnectionFactory.HTTPS_URL_PROTOCOL_ID);
        aPIRequest6.setHttp_checked((String) null);
        aPIRequest6.setDefault_version_checked("true");
        this.apiId6 = this.restAPIPublisher.addAPI(aPIRequest6).getData();
        createAPIRevisionAndDeployUsingRest(this.apiId6, this.restAPIPublisher);
        this.restAPIPublisher.changeAPILifeCycleStatusToPublish(this.apiId6, false);
        waitForAPIDeploymentSync(aPIRequest6.getProvider(), aPIRequest6.getName(), aPIRequest6.getVersion(), "\"isApiExists\":true");
        APIRequest aPIRequest7 = new APIRequest("OauthEnabledAPI", "OauthEnabledAPI", new URL(this.apiEndPointUrl));
        aPIRequest7.setVersion("1.0.0");
        aPIRequest7.setTiersCollection("Unlimited");
        aPIRequest7.setTier("Unlimited");
        aPIRequest7.setTags("testTag1, testTag2, testTag3");
        aPIRequest7.setVisibility(APIDTO.VisibilityEnum.PUBLIC.getValue());
        aPIRequest7.setProvider(this.user.getUserName());
        aPIRequest7.setOperationsDTOS(arrayList);
        aPIRequest7.setSecurityScheme(arrayList5);
        aPIRequest7.setDefault_version("true");
        aPIRequest7.setHttps_checked(HttpsURLConnectionFactory.HTTPS_URL_PROTOCOL_ID);
        aPIRequest7.setHttp_checked((String) null);
        aPIRequest7.setDefault_version_checked("true");
        this.apiId7 = this.restAPIPublisher.addAPI(aPIRequest7).getData();
    }

    @Test(description = "This test case tests the behaviour of internal Key token on Created API with authentication types")
    public void testCreateAndDeployRevisionWithInternalKeyTesting() throws JSONException, ApiException, XPathExpressionException, APIManagerIntegrationTestException, IOException, org.wso2.am.integration.clients.store.api.ApiException, InterruptedException {
        createAPIRevisionAndDeployUsingRest(this.apiId1, this.restAPIPublisher);
        APIDTO aPIByID = this.restAPIPublisher.getAPIByID(this.apiId1);
        waitForAPIDeploymentSync(aPIByID.getProvider(), aPIByID.getName(), aPIByID.getVersion(), "\"isApiExists\":true");
        ApiResponse generateInternalApiKey = this.restAPIPublisher.generateInternalApiKey(this.apiId1);
        Assert.assertEquals(generateInternalApiKey.getStatusCode(), 200);
        Assert.assertEquals(invokeApiWithInternalKey("mutualsslOnlyAPI", "1.0.0", "/customers/123", ((APIKeyDTO) generateInternalApiKey.getData()).getApikey()).getResponseCode(), 200);
        this.restAPIPublisher.changeAPILifeCycleStatus(this.apiId1, APILifeCycleAction.PUBLISH.getAction());
        createAPIRevisionAndDeployUsingRest(this.apiId2, this.restAPIPublisher);
        APIDTO aPIByID2 = this.restAPIPublisher.getAPIByID(this.apiId2);
        waitForAPIDeploymentSync(aPIByID2.getProvider(), aPIByID2.getName(), aPIByID2.getVersion(), "\"isApiExists\":true");
        ApiResponse generateInternalApiKey2 = this.restAPIPublisher.generateInternalApiKey(this.apiId2);
        Assert.assertEquals(invokeApiWithInternalKey("mutualSSLWithOAuthAPI", "1.0.0", "/customers/123", ((APIKeyDTO) generateInternalApiKey2.getData()).getApikey()).getResponseCode(), 200);
        Assert.assertEquals(invokeApiWithInternalKey("mutualSSLWithOAuthAPI", "1.0.0", "/customers/123", ((APIKeyDTO) generateInternalApiKey.getData()).getApikey()).getResponseCode(), 403);
        this.restAPIPublisher.changeAPILifeCycleStatus(this.apiId2, APILifeCycleAction.PUBLISH.getAction());
        Assert.assertEquals(invokeApiWithInternalKey("mutualSSLWithOAuthAPI", "1.0.0", "/customers/123", ((APIKeyDTO) generateInternalApiKey2.getData()).getApikey()).getResponseCode(), 200);
        createAPIRevisionAndDeployUsingRest(this.apiId3, this.restAPIPublisher);
        APIDTO aPIByID3 = this.restAPIPublisher.getAPIByID(this.apiId3);
        waitForAPIDeploymentSync(aPIByID3.getProvider(), aPIByID3.getName(), aPIByID3.getVersion(), "\"isApiExists\":true");
        Assert.assertEquals(invokeApiWithInternalKey("mutualSSLandOAuthMandatoryAPI", "1.0.0", "/customers/123", ((APIKeyDTO) this.restAPIPublisher.generateInternalApiKey(this.apiId3).getData()).getApikey()).getResponseCode(), 200);
        this.restAPIPublisher.changeAPILifeCycleStatus(this.apiId3, APILifeCycleAction.PUBLISH.getAction());
        createAPIRevisionAndDeployUsingRest(this.apiId4, this.restAPIPublisher);
        APIDTO aPIByID4 = this.restAPIPublisher.getAPIByID(this.apiId4);
        waitForAPIDeploymentSync(aPIByID4.getProvider(), aPIByID4.getName(), aPIByID4.getVersion(), "\"isApiExists\":true");
        Assert.assertEquals(invokeApiWithInternalKey("mutualSSLandOAuthMandatoryAPI", "1.0.0", "/customers/123", ((APIKeyDTO) this.restAPIPublisher.generateInternalApiKey(this.apiId3).getData()).getApikey()).getResponseCode(), 200);
        this.restAPIPublisher.changeAPILifeCycleStatus(this.apiId4, APILifeCycleAction.PUBLISH.getAction());
        this.applicationId = this.restAPIStore.createApplication("AccessibilityOfDeprecatedOldAPIAndPublishedCopyAPITestCase", "Test Application", "Unlimited", ApplicationDTO.TokenTypeEnum.JWT).getData();
        this.restAPIStore.subscribeToAPI(this.apiId3, this.applicationId, "Unlimited");
        this.restAPIStore.subscribeToAPI(this.apiId2, this.applicationId, "Unlimited");
        this.restAPIStore.subscribeToAPI(this.apiId4, this.applicationId, "Unlimited");
        ArrayList arrayList = new ArrayList();
        arrayList.add("password");
        arrayList.add("client_credentials");
        ApplicationKeyDTO generateKeys = this.restAPIStore.generateKeys(this.applicationId, "36000", "", ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION, (ArrayList) null, arrayList);
        this.accessToken = generateKeys.getToken().getAccessToken();
        this.consumerKey = generateKeys.getConsumerKey();
        this.consumerSecret = generateKeys.getConsumerSecret();
        Assert.assertEquals(invokeApiWithInternalKey("mutualsslOnlyAPI", "1.0.0", "/customers/123", ((APIKeyDTO) generateInternalApiKey.getData()).getApikey()).getResponseCode(), 200);
        Thread.sleep(120000L);
    }

    private HttpResponse invokeApiWithInternalKey(String str, String str2, String str3, String str4) throws XPathExpressionException, IOException {
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "application/json");
        hashMap.put("Internal-Key", str4);
        return HttpRequestUtil.doGet(getAPIInvocationURLHttps(str, str2) + str3, hashMap);
    }

    @Test(description = "This test case tests the behaviour of APIs that are protected with mutual SSL and OAuth2 when the client certificate is not presented but OAuth2 token is presented.", dependsOnMethods = {"testCreateAndDeployRevisionWithInternalKeyTesting"})
    public void testCreateAndPublishAPIWithOAuth2() throws XPathExpressionException, IOException, JSONException {
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "application/json");
        hashMap.put("Authorization", "Bearer " + this.accessToken);
        Assert.assertEquals(new JSONObject(HttpRequestUtil.doGet(getAPIInvocationURLHttps("mutualsslOnlyAPI", "1.0.0") + "/customers/123", hashMap).getData()).getString("code"), "900901", "API invocation succeeded with the access token without need for mutual ssl");
        Assert.assertEquals(HttpRequestUtil.doGet(getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", hashMap).getResponseCode(), HTTP_RESPONSE_CODE_OK, "API invocation failed for a test case with valid access token when the API is protected with both mutual sso and oauth2");
    }

    @Test(description = "Testing the invocation with Basic Auth for Oauth2 Only API", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testInvocationWithBasicAuthForOauthOnlyAPINegative() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "text/xml");
        hashMap.put("Authorization", "Basic abcce");
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLandOAuthMandatoryAPI", "1.0.0") + "/customers/123", hashMap).getResponseCode(), 401);
    }

    @Test(description = "Testing the invocation with API Keys", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testInvocationWithApiKeys() throws Exception {
        org.wso2.am.integration.clients.store.api.v1.dto.APIKeyDTO generateAPIKeys = this.restAPIStore.generateAPIKeys(this.applicationId, ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION.toString(), -1, (String) null, (String) null);
        Assert.assertNotNull(generateAPIKeys, "API Key generation failed");
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "text/xml");
        hashMap.put("apikey", generateAPIKeys.getApikey());
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("apiKeySecuredAPI", "1.0.0") + "/customers/123", hashMap).getResponseCode(), 200);
    }

    @Test(description = "Testing the invocation with Basic Auth for APIKey Only API", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testInvocationWithBasicAuthFoAPIKeyNegative() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "text/xml");
        hashMap.put("Authorization", "Basic abcce");
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("apiKeySecuredAPI", "1.0.0") + "/customers/123", hashMap).getResponseCode(), 401);
    }

    @Test(description = "Invoke mutual SSL only API with not supported certificate", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testAPIInvocationWithMutualSSLOnlyAPINegative() throws IOException, XPathExpressionException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException {
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "text/xml");
        HttpResponse doMutulSSLGet = HTTPSClientUtils.doMutulSSLGet(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "test.jks", getAPIInvocationURLHttps("mutualsslOnlyAPI", "1.0.0") + "/customers/123", hashMap);
        HttpResponse doMutulSSLGet2 = HTTPSClientUtils.doMutulSSLGet(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "test.jks", getAPIInvocationURLHttps("mutualsslOnlyAPI") + "/customers/123", hashMap);
        Assert.assertEquals(doMutulSSLGet.getResponseCode(), 401);
        Assert.assertEquals(doMutulSSLGet2.getResponseCode(), 401);
    }

    @Test(description = "This method test to validate how application security mandatory and mutual ssl optional api behaviour in success scenario", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testAPIInvocationWithMutualSSLWithOauthMandatory() throws IOException, XPathExpressionException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException {
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "text/xml");
        hashMap.put("Authorization", "Bearer " + this.accessToken);
        HttpResponse doMutulSSLGet = HTTPSClientUtils.doMutulSSLGet(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "new-keystore.jks", getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", hashMap);
        HttpResponse doMutulSSLGet2 = HTTPSClientUtils.doMutulSSLGet(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "new-keystore.jks", getAPIInvocationURLHttps("mutualSSLWithOAuthAPI") + "/customers/123", hashMap);
        Assert.assertEquals(doMutulSSLGet.getResponseCode(), 200, "Mutual SSL Authentication has succeeded for a different certificate");
        Assert.assertEquals(doMutulSSLGet2.getResponseCode(), 200, "Mutual SSL Authentication has succeeded for a different certificate");
    }

    @Test(description = "Test with no application security header with valid cert", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testAPIInvocationWithMutualSSLWithOauthMandatoryNegative1() throws IOException, XPathExpressionException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "text/xml");
        Assert.assertEquals(HTTPSClientUtils.doMutulSSLGet(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "new-keystore.jks", getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", hashMap).getResponseCode(), 401, "Mutual authentication success for oauth mandatory scenario");
    }

    @Test(description = "This method test to validate how application security mandatory and mutual ssl optional api behaviour in success scenario", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testAPIInvocationWithMutualSSLWithOauthMandatoryNegative2() throws IOException, XPathExpressionException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "text/xml");
        hashMap.put("Authorization", "Bearer " + this.accessToken);
        HttpResponse doMutulSSLGet = HTTPSClientUtils.doMutulSSLGet(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "test.jks", getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", hashMap);
        HttpResponse doMutulSSLGet2 = HTTPSClientUtils.doMutulSSLGet(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "test.jks", getAPIInvocationURLHttps("mutualSSLWithOAuthAPI") + "/customers/123", hashMap);
        Assert.assertEquals(doMutulSSLGet.getResponseCode(), 200, "Mutual authentication success for oauth mandatory scenario");
        Assert.assertEquals(doMutulSSLGet2.getResponseCode(), 200, "Mutual authentication success for oauth mandatory scenario");
    }

    @Test(description = "This method test to validate how application security mandatory and mutual ssl optional api behaviour in success scenario", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testAPIInvocationWithMutualSSLWithOauthMandatoryNegative3() throws IOException, XPathExpressionException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "text/xml");
        hashMap.put("Authorization", "Bearer " + UUID.randomUUID().toString());
        HttpResponse doMutulSSLGet = HTTPSClientUtils.doMutulSSLGet(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "new-keystore.jks", getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", hashMap);
        HttpResponse doMutulSSLGet2 = HTTPSClientUtils.doMutulSSLGet(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "new-keystore.jks", getAPIInvocationURLHttps("mutualSSLWithOAuthAPI") + "/customers/123", hashMap);
        Assert.assertEquals(doMutulSSLGet.getResponseCode(), 401, "Mutual authentication success for oauth mandatory scenario");
        Assert.assertEquals(doMutulSSLGet2.getResponseCode(), 401, "Mutual authentication success for oauth mandatory scenario");
    }

    @Test(description = "API invocation with mutual ssl and oauth mandatory", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testAPIInvocationWithMutualSSLMandatory() throws IOException, XPathExpressionException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException {
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "text/xml");
        hashMap.put("Authorization", "Bearer " + this.accessToken);
        HttpResponse doMutulSSLGet = HTTPSClientUtils.doMutulSSLGet(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "new-keystore.jks", getAPIInvocationURLHttps("mutualSSLandOAuthMandatoryAPI", "1.0.0") + "/customers/123", hashMap);
        HttpResponse doMutulSSLGet2 = HTTPSClientUtils.doMutulSSLGet(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "new-keystore.jks", getAPIInvocationURLHttps("mutualSSLandOAuthMandatoryAPI") + "/customers/123", hashMap);
        Assert.assertEquals(doMutulSSLGet.getResponseCode(), 200, "Mutual SSL Authentication has not succeed");
        Assert.assertEquals(doMutulSSLGet2.getResponseCode(), 200, "Mutual SSL Authentication has not succeed");
    }

    @Test(description = "API invocation with mutual ssl and oauth mandatory", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testAPIInvocationWithMutualSSLMandatoryNeagative1() throws IOException, XPathExpressionException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException {
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "text/xml");
        HttpResponse doMutulSSLGet = HTTPSClientUtils.doMutulSSLGet(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "new-keystore.jks", getAPIInvocationURLHttps("mutualSSLandOAuthMandatoryAPI", "1.0.0") + "/customers/123", hashMap);
        HttpResponse doMutulSSLGet2 = HTTPSClientUtils.doMutulSSLGet(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "new-keystore.jks", getAPIInvocationURLHttps("mutualSSLandOAuthMandatoryAPI") + "/customers/123", hashMap);
        Assert.assertEquals(doMutulSSLGet.getResponseCode(), 401, "Mutual SSL Authentication has succeeded for a different certificate");
        Assert.assertEquals(doMutulSSLGet2.getResponseCode(), 401, "Mutual SSL Authentication has succeeded for a different certificate");
    }

    @Test(description = "API invocation with mutual ssl and oauth mandatory", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testAPIInvocationWithMutualSSLMandatoryNegative2() throws IOException, XPathExpressionException {
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "text/xml");
        hashMap.put("Authorization", "Bearer " + this.accessToken);
        HttpResponse doGet = HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLandOAuthMandatoryAPI", "1.0.0") + "/customers/123", hashMap);
        HttpResponse doGet2 = HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLandOAuthMandatoryAPI") + "/customers/123", hashMap);
        Assert.assertEquals(doGet.getResponseCode(), 401, "Mutual SSL Authentication has succeeded for a different certificate");
        Assert.assertEquals(doGet2.getResponseCode(), 401, "Mutual SSL Authentication has succeeded for a different certificate");
    }

    @Test(description = "API invocation with mutual ssl and oauth mandatory", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testAPIInvocationWithMutualSSLHeader() throws IOException, XPathExpressionException {
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "text/xml");
        hashMap.put("Authorization", "Bearer " + this.accessToken);
        hashMap.put("X-WSO2-CLIENT-CERTIFICATE", generateBase64EncodedCertificate());
        HttpResponse doGet = HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLandOAuthMandatoryAPI", "1.0.0") + "/customers/123", hashMap);
        HttpResponse doGet2 = HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLandOAuthMandatoryAPI") + "/customers/123", hashMap);
        Assert.assertEquals(doGet.getResponseCode(), 401, "Mutual SSL Authentication has succeeded for a different certificate");
        Assert.assertEquals(doGet2.getResponseCode(), 401, "Mutual SSL Authentication has succeeded for a different certificate");
    }

    @Test(description = "Testing the invocation with API Keys having IP restriction", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testInvocationWithApiKeysWithIPCondition() throws Exception {
        org.wso2.am.integration.clients.store.api.v1.dto.APIKeyDTO generateAPIKeys = this.restAPIStore.generateAPIKeys(this.applicationId, ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION.toString(), -1, "152.23.5.6, 192.168.1.2/24, 2001:c00::/23", (String) null);
        Assert.assertNotNull(generateAPIKeys, "API Key generation failed");
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", createRequestHeadersForAPIKey(generateAPIKeys.getApikey(), "152.23.5.6", null)).getResponseCode(), 200);
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", createRequestHeadersForAPIKey(generateAPIKeys.getApikey(), "192.168.1.6", null)).getResponseCode(), 200);
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", createRequestHeadersForAPIKey(generateAPIKeys.getApikey(), "192.168.5.6", null)).getResponseCode(), 403);
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", createRequestHeadersForAPIKey(generateAPIKeys.getApikey(), "2001:c00:0:0:0:0:c:4", null)).getResponseCode(), 200);
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", createRequestHeadersForAPIKey(generateAPIKeys.getApikey(), "2061:c00:0:0:0:0:0:0", null)).getResponseCode(), 403);
    }

    @Test(description = "Testing the invocation with API Keys having Http Referer restriction", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testInvocationWithApiKeysWithRefererCondition() throws Exception {
        org.wso2.am.integration.clients.store.api.v1.dto.APIKeyDTO generateAPIKeys = this.restAPIStore.generateAPIKeys(this.applicationId, ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION.toString(), -1, (String) null, "www.abc.com/path, sub.cds.com/*, *.gef.com/*");
        Assert.assertNotNull(generateAPIKeys, "API Key generation failed");
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", createRequestHeadersForAPIKey(generateAPIKeys.getApikey(), null, "www.abc.com/path")).getResponseCode(), 200);
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", createRequestHeadersForAPIKey(generateAPIKeys.getApikey(), null, "www.abc.com/path2")).getResponseCode(), 403);
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", createRequestHeadersForAPIKey(generateAPIKeys.getApikey(), null, "sub.cds.com/path1/path2")).getResponseCode(), 200);
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", createRequestHeadersForAPIKey(generateAPIKeys.getApikey(), null, "example.gef.com/path1")).getResponseCode(), 200);
    }

    @Test(description = "Testing the invocation of API Secured only with API Keys", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testInvocationWithApiKeysOnly() throws Exception {
        org.wso2.am.integration.clients.store.api.v1.dto.APIKeyDTO generateAPIKeys = this.restAPIStore.generateAPIKeys(this.applicationId, ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION.toString(), -1, (String) null, (String) null);
        Assert.assertNotNull(generateAPIKeys, "API Key generation failed");
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("apiKeySecuredAPI", "1.0.0") + "/customers/123", createRequestHeadersForAPIKey(generateAPIKeys.getApikey(), null, null)).getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched when invoke api with production endpoint");
        Assert.assertNotNull(this.restAPIStore.generateAPIKeys(this.applicationId, ApplicationKeyGenerateRequestDTO.KeyTypeEnum.SANDBOX.toString(), -1, (String) null, (String) null), "API Key generation failed");
        HttpResponse doGet = HTTPSClientUtils.doGet(getAPIInvocationURLHttps("apiKeySecuredAPI", "1.0.0") + "/customers/123", createRequestHeadersForAPIKey(generateAPIKeys.getApikey(), null, null));
        Assert.assertEquals(doGet.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Response code mismatched when invoke api with sandbox endpoint");
        Assert.assertTrue(doGet.getData().contains("<id>123</id><name>John</name></Customer>"), "Response data mismatched when invoke with sandbox endpoint Response Data:" + doGet.getData() + ". Expected Response Data: <id>123</id><name>John</name></Customer>");
    }

    private Map<String, String> createRequestHeadersForAPIKey(String str, String str2, String str3) {
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "text/xml");
        hashMap.put("apikey", str);
        if (str2 != null) {
            hashMap.put("X-Forwarded-For", str2);
        }
        if (str3 != null) {
            hashMap.put(HttpHeaders.REFERER, str3);
        }
        return hashMap;
    }

    @Test(description = "Testing the invocation with Revoked API Keys", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testInvocationWithRevokedApiKeys() throws Exception {
        HttpResponse doGet;
        boolean z;
        org.wso2.am.integration.clients.store.api.v1.dto.APIKeyDTO generateAPIKeys = this.restAPIStore.generateAPIKeys(this.applicationId, ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION.toString(), -1, (String) null, (String) null);
        Assert.assertNotNull(generateAPIKeys, "API Key generation failed");
        this.restAPIStore.revokeAPIKey(this.applicationId, generateAPIKeys.getApikey());
        HashMap hashMap = new HashMap();
        hashMap.put("apikey", generateAPIKeys.getApikey());
        hashMap.put("accept", "text/xml");
        int i = 1;
        do {
            Thread.sleep(1000L);
            doGet = HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", hashMap);
            int responseCode = doGet.getResponseCode();
            if (responseCode == HTTP_RESPONSE_CODE_UNAUTHORIZED) {
                z = false;
            } else {
                if (responseCode != HTTP_RESPONSE_CODE_OK) {
                    throw new APIManagerIntegrationTestException("Unexpected response received when invoking the API. Response received :" + doGet.getData() + ":" + doGet.getResponseMessage());
                }
                z = true;
            }
            i++;
            if (!z) {
                break;
            }
        } while (i < 25);
        Assert.assertFalse(z, "API Key revocation failed. API invocation response code is expected to be : " + HTTP_RESPONSE_CODE_UNAUTHORIZED + ", but got " + doGet.getResponseCode());
    }

    @Test(description = "Testing the invocation with Revoked API Keys", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testInvokeApiKeyAsJWTNegative() throws Exception {
        Assert.assertNotNull(this.restAPIStore.generateAPIKeys(this.applicationId, ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION.toString(), -1, (String) null, (String) null), "API Key generation failed");
        HashMap hashMap = new HashMap();
        hashMap.put("apikey", this.accessToken);
        hashMap.put("accept", "text/xml");
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", hashMap).getResponseCode(), 401);
    }

    @Test(description = "Testing the invocation with Revoked API Keys", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testInvokeJWTAsAPIKeyNegative() throws Exception {
        JSONObject jSONObject = new JSONObject(this.restAPIStore.generateUserAccessKey(this.consumerKey, this.consumerSecret, APIMTestCaseUtils.getPayloadForPasswordGrant(this.user.getUserName(), this.user.getPassword()), new URL(this.keyManagerHTTPSURL + "oauth2/token")).getData());
        HashMap hashMap = new HashMap();
        hashMap.put("apikey", jSONObject.getString(RESTAPITestConstants.ACCESS_TOKEN_TEXT));
        hashMap.put("accept", "text/xml");
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", hashMap).getResponseCode(), 401);
    }

    @Test(description = "Testing the invocation with Revoked API Keys", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testInvokeInternalKeyAsAPIKeyNegative() throws Exception {
        ApiResponse generateInternalApiKey = this.restAPIPublisher.generateInternalApiKey(this.apiId2);
        Assert.assertEquals(generateInternalApiKey.getStatusCode(), 200);
        HashMap hashMap = new HashMap();
        hashMap.put("apikey", ((APIKeyDTO) generateInternalApiKey.getData()).getApikey());
        hashMap.put("accept", "text/xml");
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", hashMap).getResponseCode(), 401);
    }

    @Test(description = "Testing the invocation with Revoked API Keys", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testInvokeInternalKeyAsJWTNegative() throws Exception {
        ApiResponse generateInternalApiKey = this.restAPIPublisher.generateInternalApiKey(this.apiId2);
        Assert.assertEquals(generateInternalApiKey.getStatusCode(), 200);
        HashMap hashMap = new HashMap();
        hashMap.put("Authorization", "Bearer " + ((APIKeyDTO) generateInternalApiKey.getData()).getApikey());
        hashMap.put("accept", "text/xml");
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", hashMap).getResponseCode(), 401);
    }

    @Test(description = "Testing the invocation with Revoked API Keys", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testInvokeJWTasInternalKeyNegative() throws Exception {
        Assert.assertEquals(invokeApiWithInternalKey("mutualSSLWithOAuthAPI", "1.0.0", "/customers/123", this.accessToken).getResponseCode(), 401);
    }

    @Test(description = "Testing the invocation with Revoked API Keys", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testInvokeAPIKeyAsInternalKeyNegative() throws Exception {
        Assert.assertEquals(invokeApiWithInternalKey("mutualSSLWithOAuthAPI", "1.0.0", "/customers/123", this.restAPIStore.generateAPIKeys(this.applicationId, ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION.toString(), -1, (String) null, (String) null).getApikey()).getResponseCode(), 401);
    }

    @Test(description = "Testing the invocation with Revoked API Keys", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testInvokeInternalKeyForBasicAuthOnlyAPI() throws Exception {
        ApiResponse generateInternalApiKey = this.restAPIPublisher.generateInternalApiKey(this.apiId5);
        Assert.assertEquals(generateInternalApiKey.getStatusCode(), 200);
        Assert.assertEquals(invokeApiWithInternalKey("BasicAuthSecuredAPI", "1.0.0", "/customers/123", ((APIKeyDTO) generateInternalApiKey.getData()).getApikey()).getResponseCode(), 200);
    }

    @Test(description = "Testing the invocation with BasicAuth", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testInvokeBasicAuth() throws Exception {
        String str = this.users[0];
        HashMap hashMap = new HashMap();
        hashMap.put("Authorization", "Basic " + Base64.encodeBase64String(str.concat(PropertiesExpandingStreamReader.DELIMITER).concat(this.user.getUserDomain()).concat(":").concat("randomPassword1").getBytes()));
        Assert.assertEquals(HttpRequestUtil.doGet(getAPIInvocationURLHttps("BasicAuthSecuredAPI", "1.0.0") + "/customers/123", hashMap).getResponseCode(), 401);
        for (String str2 : this.users) {
            HashMap hashMap2 = new HashMap();
            hashMap2.put("Authorization", "Basic " + Base64.encodeBase64String(str2.concat(PropertiesExpandingStreamReader.DELIMITER).concat(this.user.getUserDomain()).concat(":").concat(this.endUserPassword).getBytes()));
            Assert.assertEquals(HttpRequestUtil.doGet(getAPIInvocationURLHttps("BasicAuthSecuredAPI", "1.0.0") + "/customers/123", hashMap2).getResponseCode(), 200);
        }
        HashMap hashMap3 = new HashMap();
        hashMap3.put("Authorization", "Basic " + Base64.encodeBase64String(str.concat(PropertiesExpandingStreamReader.DELIMITER).concat(this.user.getUserDomain()).concat(":").concat("randomPassword1").getBytes()));
        Assert.assertEquals(HttpRequestUtil.doGet(getAPIInvocationURLHttps("BasicAuthSecuredAPI", "1.0.0") + "/customers/123", hashMap3).getResponseCode(), 401);
    }

    @Test(description = "Testing the invocation with BasicAuth Invalid user ", dependsOnMethods = {"testInvokeBasicAuth"})
    public void testInvokeBasicAuthInvalidCredentials2() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("Authorization", "Basic " + Base64.encodeBase64String("random@".concat(this.user.getUserDomain()).concat(":").concat("randomPassword").getBytes()));
        Assert.assertEquals(HttpRequestUtil.doGet(getAPIInvocationURLHttps("BasicAuthSecuredAPI", "1.0.0") + "/customers/123", hashMap).getResponseCode(), 401);
    }

    @Test(description = "Testing the invocation with Oauth Token for BasicAuth api", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testInvokeBearerTokenForBasicNegative() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "application/json");
        hashMap.put("Authorization", "Bearer " + this.accessToken);
        Assert.assertEquals(HttpRequestUtil.doGet(getAPIInvocationURLHttps("BasicAuthSecuredAPI", "1.0.0") + "/customers/123", hashMap).getResponseCode(), 401);
    }

    @Test(description = "Testing the invocation with APIkey Token for BasicAuth api", dependsOnMethods = {"testCreateAndPublishAPIWithOAuth2"})
    public void testInvokeAPIKeyForBasicOauthAPINegative() throws Exception {
        org.wso2.am.integration.clients.store.api.v1.dto.APIKeyDTO generateAPIKeys = this.restAPIStore.generateAPIKeys(this.applicationId, ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION.toString(), -1, (String) null, (String) null);
        Assert.assertNotNull(generateAPIKeys, "API Key generation failed");
        HashMap hashMap = new HashMap();
        hashMap.put("apikey", generateAPIKeys.getApikey());
        hashMap.put("accept", "text/xml");
        Assert.assertEquals(HTTPSClientUtils.doGet(getAPIInvocationURLHttps("BasicAuthSecuredAPI", "1.0.0") + "/customers/123", hashMap).getResponseCode(), 401);
    }

    @Test(description = "Testing the User Token Invocation and Password Reset", dependsOnMethods = {"testInvokeBasicAuth"})
    public void testInvokeJWTUserToken() throws XPathExpressionException, IOException, JSONException, APIManagerIntegrationTestException, RemoteUserStoreManagerServiceUserStoreExceptionException, ParseException, InterruptedException, org.wso2.am.integration.clients.internal.ApiException {
        String str = this.users[0];
        String string = new JSONObject(this.restAPIStore.generateUserAccessKey(this.consumerKey, this.consumerSecret, APIMTestCaseUtils.getPayloadForPasswordGrant(str.concat(PropertiesExpandingStreamReader.DELIMITER).concat(this.user.getUserDomain()), this.endUserPassword), new URL(this.keyManagerHTTPSURL + "oauth2/token")).getData()).getString(RESTAPITestConstants.ACCESS_TOKEN_TEXT);
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "application/json");
        hashMap.put("Authorization", "Bearer " + string);
        Assert.assertEquals(HttpRequestUtil.doGet(getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", hashMap).getResponseCode(), HTTP_RESPONSE_CODE_OK, "API invocation failed for a test case with valid access token when the API is protected with both mutual sso and oauth2");
        this.remoteUserStoreManagerServiceClient.updateUser(str, "changeme");
        verifyRevokedTokenAvailable(TokenUtils.getJtiOfJwtToken(string));
        Thread.sleep(10000L);
        Assert.assertEquals(HttpRequestUtil.doGet(getAPIInvocationURLHttps("mutualSSLWithOAuthAPI", "1.0.0") + "/customers/123", hashMap).getResponseCode(), HTTP_RESPONSE_CODE_UNAUTHORIZED, "API Invocation pass for Revoked Token");
    }

    @Test(description = "Testing the invocation with BasicAuth", dependsOnMethods = {"testInvokeJWTUserToken"})
    public void testInvokeBasicAuthAfterCredentialsInvalid() throws Exception {
        String str = this.users[0];
        HashMap hashMap = new HashMap();
        hashMap.put("Authorization", "Basic " + Base64.encodeBase64String(str.concat(PropertiesExpandingStreamReader.DELIMITER).concat(this.user.getUserDomain()).concat(":").concat(this.endUserPassword).getBytes()));
        Assert.assertEquals(HttpRequestUtil.doGet(getAPIInvocationURLHttps("BasicAuthSecuredAPI", "1.0.0") + "/customers/123", hashMap).getResponseCode(), 401);
        HashMap hashMap2 = new HashMap();
        hashMap2.put("Authorization", "Basic " + Base64.encodeBase64String(str.concat(PropertiesExpandingStreamReader.DELIMITER).concat(this.user.getUserDomain()).concat(":").concat("changeme").getBytes()));
        Assert.assertEquals(HttpRequestUtil.doGet(getAPIInvocationURLHttps("BasicAuthSecuredAPI", "1.0.0") + "/customers/123", hashMap2).getResponseCode(), 200);
    }

    @Test(description = "Validating the security of API resources", dependsOnMethods = {"testInvocationWithRevokedApiKeys"})
    public void testValidateSecurityOfResources() throws Exception {
        Iterator it = ((APIDTO) new Gson().fromJson(this.restAPIPublisher.getAPI(this.apiId6).getData(), APIDTO.class)).getOperations().iterator();
        while (it.hasNext()) {
            Assert.assertEquals(((APIOperationsDTO) it.next()).getAuthType(), "None", "Incorrect auth type");
        }
        Iterator<Object> it2 = validateResourceSecurity(this.restAPIPublisher.getSwaggerByID(this.apiId6)).iterator();
        while (it2.hasNext()) {
            Assert.assertEquals(it2.next(), "None", "Incorrect auth type");
        }
        HashMap hashMap = new HashMap();
        hashMap.put("accept", "text/xml");
        Assert.assertEquals(HttpRequestUtil.doGet(getAPIInvocationURLHttps("OauthDisabledAPI", "1.0.0") + "/customers/123", hashMap).getResponseCode(), 200);
        Iterator it3 = ((APIDTO) new Gson().fromJson(this.restAPIPublisher.getAPI(this.apiId7).getData(), APIDTO.class)).getOperations().iterator();
        while (it3.hasNext()) {
            Assert.assertEquals(((APIOperationsDTO) it3.next()).getAuthType(), "Application & Application User", "Incorrect auth type");
        }
        Iterator<Object> it4 = validateResourceSecurity(this.restAPIPublisher.getSwaggerByID(this.apiId7)).iterator();
        while (it4.hasNext()) {
            Assert.assertEquals(it4.next(), "Application & Application User", "Incorrect auth type");
        }
    }

    @AfterClass(alwaysRun = true)
    public void cleanUpArtifacts() throws Exception {
        this.restAPIStore.deleteApplication(this.applicationId);
        this.restAPIPublisher.deleteAPI(this.apiId1);
        this.restAPIPublisher.deleteAPI(this.apiId2);
        this.restAPIPublisher.deleteAPI(this.apiId3);
        this.restAPIPublisher.deleteAPI(this.apiId4);
        this.restAPIPublisher.deleteAPI(this.apiId5);
        this.restAPIPublisher.deleteAPI(this.apiId6);
        this.restAPIPublisher.deleteAPI(this.apiId7);
        removeUsers();
    }

    public String generateBase64EncodedCertificate() throws IOException {
        return Base64.encodeBase64URLSafeString(IOUtils.toString(new FileInputStream(getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl" + File.separator + "example.crt")).getBytes());
    }

    private void removeUsers() throws RemoteException, RemoteUserStoreManagerServiceUserStoreExceptionException {
        for (String str : this.users) {
            this.remoteUserStoreManagerServiceClient.removeUser(str);
        }
    }

    private void verifyRevokedTokenAvailable(String str) throws org.wso2.am.integration.clients.internal.ApiException, InterruptedException {
        int i = 0;
        RevokedJWTDTO revokedJWTDTO = null;
        do {
            Iterator it = this.restAPIInternal.retrieveRevokedList().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                RevokedJWTDTO revokedJWTDTO2 = (RevokedJWTDTO) it.next();
                if (str.equals(revokedJWTDTO2.getJwtSignature())) {
                    revokedJWTDTO = revokedJWTDTO2;
                    break;
                }
            }
            if (revokedJWTDTO != null) {
                break;
            }
            i++;
            Thread.sleep(FixedBackOff.DEFAULT_INTERVAL);
        } while (i < 20);
        Assert.assertNotNull(revokedJWTDTO, "Revoked Token didn't store in database");
    }

    private List<Object> validateResourceSecurity(String str) throws APIManagementException {
        Paths paths = new OpenAPIParser().readContents(str, (List) null, (ParseOptions) null).getOpenAPI().getPaths();
        ArrayList arrayList = new ArrayList();
        Iterator it = paths.keySet().iterator();
        while (it.hasNext()) {
            Iterator it2 = ((PathItem) paths.get((String) it.next())).readOperationsMap().entrySet().iterator();
            while (it2.hasNext()) {
                Map extensions = ((Operation) ((Map.Entry) it2.next()).getValue()).getExtensions();
                Assert.assertNotNull(extensions.get("x-auth-type"));
                arrayList.add(extensions.get("x-auth-type"));
            }
        }
        return arrayList;
    }
}
