package org.wso2.appserver.integration.tests.rest.test.poxsecurity;

import java.io.IOException;
import javax.xml.stream.XMLStreamException;
import javax.xml.xpath.XPathExpressionException;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import org.wso2.appserver.integration.common.utils.ASIntegrationTest;
import org.wso2.carbon.authenticator.stub.LoginAuthenticationExceptionException;
import org.wso2.carbon.automation.test.utils.http.client.HttpsResponse;
import org.wso2.carbon.automation.test.utils.http.client.HttpsURLConnectionClient;

/* loaded from: input_file:org/wso2/appserver/integration/tests/rest/test/poxsecurity/POXSecurityByInvalidUser.class */
public class POXSecurityByInvalidUser extends ASIntegrationTest {
    private static String USER_GROUP = "everyone";
    private static final String SERVICE_NAME = "StudentService";
    private static final String studentName = "automationStudent";
    private String userName;
    private String password;

    @BeforeClass(alwaysRun = true, enabled = false)
    public void init() throws Exception {
        super.init();
        applySecurity("1", SERVICE_NAME, null);
        this.userName = this.asServer.getSuperTenant().getTenantAdmin().getUserName();
        this.password = this.asServer.getSuperTenant().getTenantAdmin().getPassword();
    }

    @Test(groups = {"wso2.as"}, description = "POST request by invalid user", expectedExceptions = {IOException.class}, enabled = false)
    public void testAddNewStudent() throws IOException, LoginAuthenticationExceptionException, XMLStreamException, XPathExpressionException {
        HttpsResponse postWithBasicAuth = HttpsURLConnectionClient.postWithBasicAuth(getSecuredServiceEndpoint(SERVICE_NAME) + "/students", "<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\n   <p:addStudent xmlns:p=\"http://axis2.apache.org\">\n      <!--0 to 1 occurrence-->\n      <ns:student xmlns:ns=\"http://axis2.apache.org\">\n         <!--0 to 1 occurrence-->\n         <xs:age xmlns:xs=\"http://axis2.apache.org\">100</xs:age>\n         <!--0 to 1 occurrence-->\n         <xs:name xmlns:xs=\"http://axis2.apache.org\">automationStudent</xs:name>\n         <!--0 or more occurrences-->\n         <xs:subjects xmlns:xs=\"http://axis2.apache.org\">testAutomation</xs:subjects>\n      </ns:student>\n   </p:addStudent>", "application/xml", "InvalidUser", "InvalidPassword");
        Assert.assertEquals(postWithBasicAuth.getResponseCode(), 202, "Expected response code doesn't found");
        Assert.assertTrue(!postWithBasicAuth.getData().contains(studentName), "response doesn't contain the expected output");
        Assert.assertTrue(HttpsURLConnectionClient.getWithBasicAuth(getSecuredServiceEndpoint(SERVICE_NAME) + "/student/" + studentName, (String) null, this.userName, this.password).getData().contains("<ns:getStudentResponse xmlns:ns=\"http://axis2.apache.org\"><ns:return><ns:age>100</ns:age><ns:name>automationStudent</ns:name><ns:subjects>testAutomation</ns:subjects></ns:return></ns:getStudentResponse>"));
    }

    @Test(groups = {"wso2.as"}, description = "PUT request  by invalid user", dependsOnMethods = {"testAddNewStudent"}, expectedExceptions = {IOException.class}, enabled = false)
    public void testUpdateStudent() throws IOException, LoginAuthenticationExceptionException, XMLStreamException, XPathExpressionException {
        HttpsResponse putWithBasicAuth = HttpsURLConnectionClient.putWithBasicAuth(getSecuredServiceEndpoint(SERVICE_NAME) + "/student/" + studentName, "<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\n<p:updateStudent xmlns:p=\"http://axis2.apache.org\">\n      <!--0 to 1 occurrence-->\n      <ns:student xmlns:ns=\"http://axis2.apache.org\">\n         <!--0 to 1 occurrence-->\n         <xs:age xmlns:xs=\"http://axis2.apache.org\">999</xs:age>\n         <!--0 to 1 occurrence-->\n         <xs:name xmlns:xs=\"http://axis2.apache.org\">automationStudent</xs:name>\n         <!--0 or more occurrences-->\n         <xs:subjects xmlns:xs=\"http://axis2.apache.org\">testAutomationUpdated</xs:subjects>\n      </ns:student>\n</p:updateStudent>", "application/xml", "invalidUser", "invalidPassword");
        Assert.assertEquals(putWithBasicAuth.getResponseCode(), 202, "Expected response code doesn't found");
        Assert.assertTrue(!putWithBasicAuth.getData().contains(studentName), "response doesn't contain the expected output");
        Assert.assertTrue(HttpsURLConnectionClient.getWithBasicAuth(getSecuredServiceEndpoint(SERVICE_NAME) + "/student/" + studentName, (String) null, this.userName, this.password).getData().contains("<ns:getStudentResponse xmlns:ns=\"http://axis2.apache.org\"><ns:return><ns:age>999</ns:age><ns:name>automationStudent</ns:name><ns:subjects>testAutomationUpdated</ns:subjects></ns:return></ns:getStudentResponse>"));
    }

    @Test(groups = {"wso2.as"}, description = "DELETE request  by invalid user", dependsOnMethods = {"testUpdateStudent"}, enabled = false)
    public void testDeleteStudent() throws IOException, LoginAuthenticationExceptionException, XMLStreamException, XPathExpressionException {
        boolean z = false;
        HttpsResponse httpsResponse = null;
        try {
            httpsResponse = HttpsURLConnectionClient.deleteWithBasicAuth(getSecuredServiceEndpoint(SERVICE_NAME) + "/student/" + studentName, (String) null, "InvalidUser", "InvalidPassword");
        } catch (IOException e) {
            z = true;
        }
        Assert.assertTrue(z, "Invalid user was able to get the resource");
        Assert.assertNull(httpsResponse, "Response should be null");
    }

    @Test(groups = {"wso2.as"}, description = "GET resource after delete  by invalid user", dependsOnMethods = {"testDeleteStudent"}, enabled = false)
    public void testGetResourceAfterDelete() throws IOException, LoginAuthenticationExceptionException, XMLStreamException, XPathExpressionException {
        boolean z = false;
        HttpsResponse httpsResponse = null;
        try {
            httpsResponse = HttpsURLConnectionClient.getWithBasicAuth(getSecuredServiceEndpoint(SERVICE_NAME) + "/student/" + studentName, (String) null, this.userName, this.password);
        } catch (IOException e) {
            z = true;
        }
        Assert.assertTrue(z, "User belongs to invalid group was able to get the resource");
        Assert.assertNull(httpsResponse, "Response should be null");
    }

    @AfterClass(alwaysRun = true, enabled = false)
    public void destroy() throws Exception {
        this.securityAdminServiceClient.disableSecurity(SERVICE_NAME);
        super.cleanup();
    }
}
