package org.wso2.appserver.integration.tests.rest.test.poxsecurity;

import java.io.IOException;
import javax.xml.stream.XMLStreamException;
import javax.xml.xpath.XPathExpressionException;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import org.wso2.appserver.integration.common.utils.ASIntegrationTest;
import org.wso2.appserver.integration.tests.ASTestConstants;
import org.wso2.carbon.authenticator.stub.LoginAuthenticationExceptionException;
import org.wso2.carbon.automation.test.utils.http.client.HttpsResponse;
import org.wso2.carbon.automation.test.utils.http.client.HttpsURLConnectionClient;

/* loaded from: input_file:org/wso2/appserver/integration/tests/rest/test/poxsecurity/POXSecurityWithInvalidGroupTestCase.class */
public class POXSecurityWithInvalidGroupTestCase extends ASIntegrationTest {
    private static final String SERVICE_NAME = "StudentService";
    private static final String studentName = "automationStudent";

    @BeforeClass(alwaysRun = true)
    public void init() throws Exception {
        super.init();
        applySecurity("1", SERVICE_NAME, "admin");
    }

    @Test(groups = {"wso2.as"}, description = "POST request  by user belongs to unauthorized group")
    public void testAddNewStudent() throws IOException, LoginAuthenticationExceptionException, XMLStreamException, XPathExpressionException {
        boolean z = false;
        HttpsResponse httpsResponse = null;
        try {
            httpsResponse = HttpsURLConnectionClient.postWithBasicAuth(getSecuredServiceEndpoint(SERVICE_NAME) + "/students", "<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\n   <p:addStudent xmlns:p=\"http://axis2.apache.org\">\n      <!--0 to 1 occurrence-->\n      <ns:student xmlns:ns=\"http://axis2.apache.org\">\n         <!--0 to 1 occurrence-->\n         <xs:age xmlns:xs=\"http://axis2.apache.org\">100</xs:age>\n         <!--0 to 1 occurrence-->\n         <xs:name xmlns:xs=\"http://axis2.apache.org\">automationStudent</xs:name>\n         <!--0 or more occurrences-->\n         <xs:subjects xmlns:xs=\"http://axis2.apache.org\">testAutomation</xs:subjects>\n      </ns:student>\n   </p:addStudent>", "application/xml", ASTestConstants.POX_USER, ASTestConstants.POX_USER_PASSWORD);
        } catch (IOException e) {
            z = true;
        }
        Assert.assertTrue(z, "User belongs to invalid group was able to post to the resource");
        Assert.assertNull(httpsResponse, "Response should be null");
        boolean z2 = false;
        HttpsResponse httpsResponse2 = null;
        try {
            httpsResponse2 = HttpsURLConnectionClient.getWithBasicAuth(getSecuredServiceEndpoint(SERVICE_NAME) + "/student/" + studentName, (String) null, ASTestConstants.POX_USER, ASTestConstants.POX_USER_PASSWORD);
        } catch (IOException e2) {
            z2 = true;
        }
        Assert.assertTrue(z2, "User belongs to invalid group was able to get the resource");
        Assert.assertNull(httpsResponse2, "Response cannot be null");
    }

    @Test(groups = {"wso2.as"}, description = "PUT request by user belongs to unauthorized group", dependsOnMethods = {"testAddNewStudent"})
    public void testUpdateStudent() throws IOException, LoginAuthenticationExceptionException, XMLStreamException, XPathExpressionException {
        boolean z = false;
        HttpsResponse httpsResponse = null;
        try {
            httpsResponse = HttpsURLConnectionClient.putWithBasicAuth(getSecuredServiceEndpoint(SERVICE_NAME) + "/student/" + studentName, "<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\n<p:updateStudent xmlns:p=\"http://axis2.apache.org\">\n      <!--0 to 1 occurrence-->\n      <ns:student xmlns:ns=\"http://axis2.apache.org\">\n         <!--0 to 1 occurrence-->\n         <xs:age xmlns:xs=\"http://axis2.apache.org\">999</xs:age>\n         <!--0 to 1 occurrence-->\n         <xs:name xmlns:xs=\"http://axis2.apache.org\">automationStudent</xs:name>\n         <!--0 or more occurrences-->\n         <xs:subjects xmlns:xs=\"http://axis2.apache.org\">testAutomationUpdated</xs:subjects>\n      </ns:student>\n</p:updateStudent>", "application/xml", ASTestConstants.POX_USER, ASTestConstants.POX_USER_PASSWORD);
        } catch (IOException e) {
            z = true;
        }
        Assert.assertTrue(z, "User belongs to invalid group was able to update the resource");
        Assert.assertNull(httpsResponse, "Response should be null");
        boolean z2 = false;
        HttpsResponse httpsResponse2 = null;
        try {
            httpsResponse2 = HttpsURLConnectionClient.getWithBasicAuth(getSecuredServiceEndpoint(SERVICE_NAME) + "/student/" + studentName, (String) null, ASTestConstants.POX_USER, ASTestConstants.POX_USER_PASSWORD);
        } catch (IOException e2) {
            z2 = true;
        }
        Assert.assertTrue(z2, "User belongs to invalid group was able to get the resource");
        Assert.assertNull(httpsResponse2, "Response should be null");
    }

    @Test(groups = {"wso2.as"}, description = "DELETE request by user belongs to unauthorized group", dependsOnMethods = {"testUpdateStudent"})
    public void testDeleteStudent() throws IOException, LoginAuthenticationExceptionException, XMLStreamException, XPathExpressionException {
        boolean z = false;
        HttpsResponse httpsResponse = null;
        try {
            httpsResponse = HttpsURLConnectionClient.deleteWithBasicAuth(getSecuredServiceEndpoint(SERVICE_NAME) + "/student/" + studentName, (String) null, ASTestConstants.POX_USER, ASTestConstants.POX_USER_PASSWORD);
        } catch (IOException e) {
            z = true;
        }
        Assert.assertTrue(z, "User belongs to invalid group was able to delete the resource");
        Assert.assertNull(httpsResponse, "Response should be null");
    }

    @Test(groups = {"wso2.as"}, description = "GET resource after delete by user belongs to unauthorized group", dependsOnMethods = {"testDeleteStudent"})
    public void testGetResourceAfterDelete() throws IOException, LoginAuthenticationExceptionException, XMLStreamException, XPathExpressionException {
        boolean z = false;
        HttpsResponse httpsResponse = null;
        try {
            httpsResponse = HttpsURLConnectionClient.getWithBasicAuth(getSecuredServiceEndpoint(SERVICE_NAME) + "/student/" + studentName, (String) null, ASTestConstants.POX_USER, ASTestConstants.POX_USER_PASSWORD);
        } catch (IOException e) {
            z = true;
        }
        Assert.assertTrue(z, "User belongs to invalid group was able to get the resource");
        Assert.assertNull(httpsResponse, "Response should be null");
    }

    @AfterClass(alwaysRun = true)
    public void destroy() throws Exception {
        this.securityAdminServiceClient.disableSecurity(SERVICE_NAME);
        super.cleanup();
    }
}
