package org.apache.sling.launchpad.webapp.integrationtest.auth;

import java.io.IOException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.sling.commons.testing.integration.HttpTestBase;

/* loaded from: input_file:org/apache/sling/launchpad/webapp/integrationtest/auth/AuthenticationResponseCodeTest.class */
public class AuthenticationResponseCodeTest extends HttpTestBase {
    public void testValidatingCorrectFormCredentials() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_username", "admin"));
        arrayList.add(new NameValuePair("j_password", "admin"));
        arrayList.add(new NameValuePair("j_validate", "true"));
        assertTrue(assertPostStatus(new StringBuilder().append(HTTP_BASE_URL).append("/j_security_check").toString(), 200, arrayList, null).getResponseBodyAsString().length() == 0);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new NameValuePair("j_validate", "true"));
        assertTrue(assertPostStatus(new StringBuilder().append(HTTP_BASE_URL).append("/j_security_check").toString(), 200, arrayList2, null).getResponseBodyAsString().length() == 0);
    }

    public void testValidatingCorrectHttpBasicCredentials() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_validate", "true"));
        assertTrue(assertPostStatus(new StringBuilder().append(HTTP_BASE_URL).append("/j_security_check").toString(), 200, arrayList, null).getResponseBodyAsString().length() == 0);
        assertTrue(assertHttpStatus(new StringBuilder().append(HTTP_BASE_URL).append("/?j_validate=true").toString(), 200).getResponseBodyAsString().length() == 0);
    }

    public void testValidatingIncorrectCredentials() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_username", "garbage"));
        arrayList.add(new NameValuePair("j_password", "garbage"));
        arrayList.add(new NameValuePair("j_validate", "true"));
        assertNotNull(assertPostStatus(HTTP_BASE_URL + "/j_security_check", 403, arrayList, null).getResponseHeader("X-Reason"));
    }

    public void testValidatingIncorrectCookie() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_validate", "true"));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new Header("Cookie", "sling.formauth=garbage"));
        assertXReason(assertPostStatus(HTTP_BASE_URL + "/j_security_check", 403, arrayList, arrayList2, null));
    }

    public void testValidatingIncorrectHttpBasicCredentials() throws Exception {
        URL url = new URL(HTTP_BASE_URL);
        this.httpClient.getState().setCredentials(new AuthScope(url.getHost(), url.getPort(), AuthScope.ANY_REALM), new UsernamePasswordCredentials("garbage", "garbage"));
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_validate", "true"));
        assertXReason(assertPostStatus(HTTP_BASE_URL + "/j_security_check", 403, arrayList, null));
        assertXReason(assertHttpStatus(HTTP_BASE_URL + "/?j_validate=true", 403));
    }

    public void testPreventLoopIncorrectHttpBasicCredentials() throws Exception {
        URL url = new URL(HTTP_BASE_URL);
        this.httpClient.getState().setCredentials(new AuthScope(url.getHost(), url.getPort(), AuthScope.ANY_REALM), new UsernamePasswordCredentials("garbage", "garbage"));
        String str = HTTP_BASE_URL + "/junk?param1=1";
        GetMethod getMethod = new GetMethod(str);
        getMethod.setRequestHeader("Referer", str);
        getMethod.setRequestHeader("Accept", "text/*");
        assertEquals(401, this.httpClient.executeMethod(getMethod));
    }

    public void testXRequestedWithIncorrectCredentials() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_username", "garbage"));
        arrayList.add(new NameValuePair("j_password", "garbage"));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new Header("X-Requested-With", "XMLHttpRequest"));
        arrayList2.add(new Header("Accept", "text/html"));
        HttpMethod assertPostStatus = assertPostStatus(HTTP_BASE_URL + "/j_security_check", 403, arrayList, arrayList2, null);
        assertNotNull(assertPostStatus.getResponseHeader("X-Reason"));
        assertEquals("Username and Password do not match", assertPostStatus.getResponseHeader("X-Reason").getValue());
    }

    public void testWithAcceptHeaderIncorrectCredentials() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_username", "garbage"));
        arrayList.add(new NameValuePair("j_password", "garbage"));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new Header("Accept", "text/html"));
        String value = assertPostStatus(HTTP_BASE_URL + "/j_security_check", 302, arrayList, arrayList2, null).getResponseHeader("Location").getValue();
        assertNotNull(value);
        assertTrue(value.startsWith(HTTP_BASE_URL + "/system/sling/selector/login?"));
        assertTrue(value.contains("resource=%2F"));
        assertTrue(value.contains("j_reason=INVALID_CREDENTIALS"));
    }

    public void testWithoutAcceptHeaderIncorrectCredentials() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_username", "garbage"));
        arrayList.add(new NameValuePair("j_password", "garbage"));
        assertPostStatus(HTTP_BASE_URL + "/j_security_check", 401, arrayList, null);
    }

    public void testWithNonHtmlAcceptHeaderIncorrectCredentials() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameValuePair("j_username", "garbage"));
        arrayList.add(new NameValuePair("j_password", "garbage"));
        new ArrayList().add(new Header("Accept", "application/xml"));
        assertPostStatus(HTTP_BASE_URL + "/j_security_check", 401, arrayList, null);
    }

    protected HttpMethod assertPostStatus(String str, int i, List<NameValuePair> list, List<Header> list2, String str2) throws IOException {
        PostMethod postMethod = new PostMethod(str);
        postMethod.setFollowRedirects(false);
        if (list2 != null) {
            Iterator<Header> it = list2.iterator();
            while (it.hasNext()) {
                postMethod.addRequestHeader(it.next());
            }
        }
        if (list != null) {
            postMethod.setRequestBody((NameValuePair[]) list.toArray(new NameValuePair[0]));
        }
        int executeMethod = this.httpClient.executeMethod(postMethod);
        if (str2 == null) {
            assertEquals(i, executeMethod);
        } else {
            assertEquals(str2, i, executeMethod);
        }
        return postMethod;
    }

    private void assertXReason(HttpMethod httpMethod) throws IOException {
        Header responseHeader = httpMethod.getResponseHeader("X-Reason");
        assertNotNull(responseHeader);
        assertEquals(responseHeader.getValue(), httpMethod.getResponseBodyAsString().trim());
    }
}
