package com.openexchange.ajax.session;

import com.openexchange.ajax.LoginServlet;
import com.openexchange.ajax.framework.AJAXClient;
import com.openexchange.ajax.framework.AJAXSession;
import com.openexchange.ajax.framework.AbstractAJAXSession;
import com.openexchange.ajax.session.actions.EmptyHttpAuthRequest;
import com.openexchange.ajax.session.actions.HttpAuthRequest;
import com.openexchange.ajax.session.actions.HttpAuthResponse;
import com.openexchange.ajax.session.actions.StoreRequest;
import com.openexchange.configuration.AJAXConfig;
import com.openexchange.dav.StatusCodes;
import com.openexchange.java.Autoboxing;
import com.openexchange.java.Strings;
import java.util.List;
import org.apache.http.cookie.Cookie;
import org.apache.http.impl.cookie.BasicClientCookie;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;

/* loaded from: input_file:com/openexchange/ajax/session/Bug34928Test.class */
public class Bug34928Test extends AbstractAJAXSession {
    private AJAXClient client;
    private String login;
    private String password;

    public Bug34928Test(String str) {
        super(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.openexchange.ajax.framework.AbstractAJAXSession
    public void setUp() throws Exception {
        AJAXConfig.init();
        this.login = AJAXConfig.getProperty(AJAXConfig.Property.LOGIN) + "@" + AJAXConfig.getProperty(AJAXConfig.Property.CONTEXTNAME);
        this.password = AJAXConfig.getProperty(AJAXConfig.Property.PASSWORD);
        this.client = new AJAXClient(new AJAXSession(), true);
        this.client.getSession().getHttpClient().getParams().setBooleanParameter("http.protocol.handle-redirects", false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.openexchange.ajax.framework.AbstractAJAXSession
    public void tearDown() throws Exception {
        if (null != this.client && false == Strings.isEmpty(this.client.getSession().getId())) {
            this.client.logout();
        }
        super.tearDown();
    }

    public void testAutoHttpAuthLogin() throws Exception {
        String firstHttpAuthLogin = firstHttpAuthLogin(true);
        this.client.getSession().setId(null);
        HttpAuthResponse httpAuthResponse = (HttpAuthResponse) this.client.execute(new EmptyHttpAuthRequest(false, false, false));
        Assert.assertThat("Second authentication with cookies failed. Session " + firstHttpAuthLogin, Autoboxing.I(httpAuthResponse.getStatusCode()), CoreMatchers.equalTo(Autoboxing.I(302)));
        String extractSessionID = extractSessionID(httpAuthResponse);
        assertNotNull("No session ID", extractSessionID);
        assertEquals("Different session IDs", firstHttpAuthLogin, extractSessionID);
        this.client.getSession().setId(firstHttpAuthLogin);
    }

    public void testAutoHttpLoginWithWrongSecretCookie() throws Exception {
        String firstHttpAuthLogin = firstHttpAuthLogin(true);
        this.client.getSession().setId(null);
        BasicClientCookie findCookie = findCookie(LoginServlet.SECRET_PREFIX);
        String value = findCookie.getValue();
        findCookie.setValue("wrongsecret");
        assertEquals("Wrong response code", StatusCodes.SC_UNAUTHORIZED, ((HttpAuthResponse) this.client.execute(new EmptyHttpAuthRequest(false, false, false))).getStatusCode());
        this.client.getSession().setId(firstHttpAuthLogin);
        findCookie.setValue(value);
    }

    public void testAutoHttpLoginWithWrongSessionCookie() throws Exception {
        String firstHttpAuthLogin = firstHttpAuthLogin(true);
        this.client.getSession().setId(null);
        BasicClientCookie findCookie = findCookie(LoginServlet.SESSION_PREFIX);
        String value = findCookie.getValue();
        findCookie.setValue("wrongsecret");
        assertEquals("Wrong response code", StatusCodes.SC_UNAUTHORIZED, ((HttpAuthResponse) this.client.execute(new EmptyHttpAuthRequest(false, false, false))).getStatusCode());
        this.client.getSession().setId(firstHttpAuthLogin);
        findCookie.setValue(value);
    }

    public void testAutoHttpLoginWithoutStore() throws Exception {
        String firstHttpAuthLogin = firstHttpAuthLogin(false);
        this.client.getSession().setId(null);
        assertEquals("Wrong response code", StatusCodes.SC_UNAUTHORIZED, ((HttpAuthResponse) this.client.execute(new EmptyHttpAuthRequest(false, false, false))).getStatusCode());
        this.client.getSession().setId(firstHttpAuthLogin);
    }

    private String firstHttpAuthLogin(boolean z) throws Exception {
        String extractSessionID = extractSessionID((HttpAuthResponse) this.client.execute(new HttpAuthRequest(this.login, this.password)));
        this.client.getSession().setId(extractSessionID);
        if (z) {
            this.client.execute(new StoreRequest(extractSessionID));
        }
        return extractSessionID;
    }

    private BasicClientCookie findCookie(String str) {
        List<Cookie> cookies = this.client.getSession().getHttpClient().getCookieStore().getCookies();
        for (int i = 0; i < cookies.size(); i++) {
            if (cookies.get(i).getName().startsWith(str)) {
                return (BasicClientCookie) cookies.get(i);
            }
        }
        fail("No cookie with prefix \"" + str + "\" found");
        return null;
    }

    private static String extractSessionID(HttpAuthResponse httpAuthResponse) {
        String location = httpAuthResponse.getLocation();
        assertNotNull("Location is missing in response", location);
        int indexOf = location.indexOf("session=");
        assertTrue("No session ID", 0 <= indexOf);
        return location.substring(indexOf + 8, location.indexOf(38, indexOf + 8));
    }
}
