package org.wso2.appserver.integration.tests.rest.test.poxsecurity;

import java.io.IOException;
import javax.xml.stream.XMLStreamException;
import javax.xml.xpath.XPathExpressionException;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import org.wso2.appserver.integration.common.utils.ASIntegrationTest;
import org.wso2.appserver.integration.tests.ASTestConstants;
import org.wso2.carbon.authenticator.stub.LoginAuthenticationExceptionException;
import org.wso2.carbon.automation.engine.context.TestUserMode;
import org.wso2.carbon.automation.test.utils.http.client.HttpsResponse;
import org.wso2.carbon.automation.test.utils.http.client.HttpsURLConnectionClient;

/* loaded from: input_file:org/wso2/appserver/integration/tests/rest/test/poxsecurity/POXSecurityVerifyGetMethod.class */
public class POXSecurityVerifyGetMethod extends ASIntegrationTest {
    private static final String SERVICE_NAME = "SimpleStockQuoteService";

    @BeforeClass(alwaysRun = true)
    public void init() throws Exception {
        super.init();
        applySecurity("1", SERVICE_NAME, "admin");
    }

    @Test(groups = {"wso2.as"}, description = "test pox security with super tenant credentials")
    public void testGetQuote() throws IOException, LoginAuthenticationExceptionException, XMLStreamException, XPathExpressionException {
        HttpsResponse withBasicAuth = HttpsURLConnectionClient.getWithBasicAuth(getSecuredServiceEndpoint(SERVICE_NAME) + "/getSimpleQuote", "symbol=IBM", this.asServer.getSuperTenant().getTenantAdmin().getUserName(), this.asServer.getSuperTenant().getTenantAdmin().getPassword());
        Assert.assertTrue(withBasicAuth.getData().contains("IBM Company"), "getQuote doesn't return expected values");
        Assert.assertTrue(withBasicAuth.getData().contains("IBM"), "getQuote doesn't return expected values");
    }

    @Test(groups = {"wso2.as"}, description = "test pox security with user credentials", dependsOnMethods = {"testGetQuote"})
    public void testGetQuoteByUser() throws Exception {
        super.init(TestUserMode.SUPER_TENANT_USER);
        applySecurity("1", SERVICE_NAME, "admin");
        HttpsResponse withBasicAuth = HttpsURLConnectionClient.getWithBasicAuth(getSecuredServiceEndpoint(SERVICE_NAME) + "/getSimpleQuote", "symbol=IBM", this.asServer.getSuperTenant().getTenantUser("userKey1").getUserName(), this.asServer.getSuperTenant().getTenantUser("userKey1").getPassword());
        Assert.assertTrue(withBasicAuth.getData().contains("IBM Company"), "getQuote doesn't return expected values");
        Assert.assertTrue(withBasicAuth.getData().contains("IBM"), "getQuote doesn't return expected values");
    }

    @Test(groups = {"wso2.as"}, description = "test pox security with invalid user credentials", dependsOnMethods = {"testGetQuoteByUser"})
    public void testGetQuoteWithInvalidCredentials() throws Exception {
        boolean z = false;
        HttpsResponse httpsResponse = null;
        try {
            httpsResponse = HttpsURLConnectionClient.getWithBasicAuth(getSecuredServiceEndpoint(SERVICE_NAME) + "/getSimpleQuote", "symbol=IBM", "invalidUserName", "InvalidPassword");
        } catch (IOException e) {
            z = true;
        }
        Assert.assertTrue(z, "Invalid user was able to get the resource");
        Assert.assertNull(httpsResponse, "Response cannot be null");
    }

    @Test(groups = {"wso2.as"}, description = "test pox security with invalid user group", dependsOnMethods = {"testGetQuoteWithInvalidCredentials"})
    public void testGetQuoteWithInvalidGroup() throws Exception {
        String str = getSecuredServiceEndpoint(SERVICE_NAME) + "/getSimpleQuote";
        applySecurity("1", SERVICE_NAME, "admin");
        HttpsResponse httpsResponse = null;
        boolean z = false;
        try {
            httpsResponse = HttpsURLConnectionClient.getWithBasicAuth(str, "symbol=IBM", ASTestConstants.POX_USER, ASTestConstants.POX_USER_PASSWORD);
            if (httpsResponse != null) {
                if (httpsResponse.getResponseCode() == 401) {
                    z = true;
                }
            }
        } catch (IOException e) {
            z = true;
        }
        Assert.assertTrue(z, "User belongs to invalid group was able to get the resource");
        Assert.assertNull(httpsResponse, "Response cannot be null");
    }

    @AfterClass(alwaysRun = true)
    public void destroy() throws Exception {
        this.securityAdminServiceClient.disableSecurity(SERVICE_NAME);
        super.cleanup();
    }
}
