package com.sun.ts.tests.servlet.spec.security.metadatacomplete;

import com.sun.ts.tests.servlet.common.client.BaseUrlClient;
import java.util.Properties;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:com/sun/ts/tests/servlet/spec/security/metadatacomplete/Client.class */
public class Client extends BaseUrlClient {
    private static final String CLASS_TRACE_HEADER = "[Client]: ";
    private static final String USER_PRINCIPAL_SEARCH = "The user principal is: ";
    private String pageDeny = null;
    private String pageSec = null;
    private String pageGuest = null;
    private String pageUnprotected = null;
    private String pageServletBase = "/servlet_sec_metadatacomplete_web";
    private String pageServletDeny = this.pageServletBase + "/ServletDenyAll";
    private String pageServletSec = this.pageServletBase + "/ServletSecTest";
    private String pageServletGuest = this.pageServletBase + "/GuestPageTest";
    private String pageServletUnprotected = this.pageServletBase + "/UnProtectedTest";
    private String username = null;
    private String password = null;
    private String unauthUsername = null;
    private String unauthPassword = null;

    @Deployment(testable = false)
    public static WebArchive getTestArchive() throws Exception {
        return ShrinkWrap.create(WebArchive.class, "servlet_sec_metadatacomplete_web.war").addClasses(new Class[]{DenyAllServlet.class, GuestPageTestServlet.class, ServletSecTestServlet.class, UnProtectedTestServlet.class}).setWebXML(Client.class.getResource("servlet_sec_metadatacomplete_web.xml"));
    }

    @Override // com.sun.ts.tests.servlet.common.client.BaseUrlClient
    public void setup(String[] strArr, Properties properties) throws Exception {
        super.setup(strArr, properties);
        try {
            this.username = properties.getProperty("user");
            this.password = properties.getProperty("password");
            this.unauthUsername = properties.getProperty("authuser");
            this.unauthPassword = properties.getProperty("authpassword");
            this.pageSec = this.pageServletSec;
            this.pageDeny = this.pageServletDeny;
            this.pageGuest = this.pageServletGuest;
            this.pageUnprotected = this.pageServletUnprotected;
        } catch (Exception e) {
            logErr("Error: got exception: ", e);
        }
    }

    @Test
    public void test1() throws Exception {
        this.logger.trace("testing that we can NOT access: {}", this.pageDeny);
        TEST_PROPS.setProperty("testname", "SecAnnotations/Test1");
        TEST_PROPS.setProperty("request", getRequestLine("GET", this.pageDeny));
        TEST_PROPS.setProperty("status-code", "401");
        try {
            invoke();
        } catch (Exception e) {
            this.logger.trace("we tested for Status Code=401 but we could have a 403 code, so check for that.");
            TEST_PROPS.setProperty("testname", "SecAnnotations/Test1");
            TEST_PROPS.setProperty("request", getRequestLine("GET", this.pageDeny));
            TEST_PROPS.setProperty("status-code", "403");
            invoke();
        }
        this.logger.trace("test1 passed:  we were not allowed to perform GET on servlet: {}", this.pageDeny);
    }

    @Test
    public void test2() throws Exception {
        this.logger.trace("POST w/ user= {} should be allowed due to DD declaration", this.unauthUsername);
        TEST_PROPS.setProperty("testname", "SecAnnotations/Test2");
        TEST_PROPS.setProperty("request", getRequestLine("POST", this.pageGuest));
        TEST_PROPS.setProperty("basic_auth_user", this.unauthUsername);
        TEST_PROPS.setProperty("basic_auth_passwd", this.unauthPassword);
        TEST_PROPS.setProperty("status-code", "200");
        invoke();
        this.logger.trace("GET w/ user= {} should be allowed due to DD declaration", this.unauthUsername);
        TEST_PROPS.setProperty("search_string", "The user principal is: " + this.unauthUsername);
        TEST_PROPS.setProperty("testname", "SecAnnotations/Test2");
        TEST_PROPS.setProperty("request", getRequestLine("GET", this.pageGuest));
        TEST_PROPS.setProperty("basic_auth_user", this.unauthUsername);
        TEST_PROPS.setProperty("basic_auth_passwd", this.unauthPassword);
        TEST_PROPS.setProperty("status-code", "200");
        invoke();
        this.logger.trace("success - DD's role access was honored while the conflicting annotation was ignored.");
        this.logger.trace("test2 passed.");
    }

    @Test
    public void test3() throws Exception {
        this.logger.trace("Attempting to POST as user= {} should be denied due to DD security.", this.username);
        TEST_PROPS.setProperty("testname", "SecurityAnno/Test3");
        TEST_PROPS.setProperty("request", getRequestLine("POST", this.pageSec));
        TEST_PROPS.setProperty("basic_auth_user", this.username);
        TEST_PROPS.setProperty("basic_auth_passwd", this.password);
        TEST_PROPS.setProperty("status-code", "401");
        try {
            invoke();
        } catch (Exception e) {
            TEST_PROPS.setProperty("testname", "SecurityAnno/Test3");
            TEST_PROPS.setProperty("request", getRequestLine("POST", this.pageSec));
            TEST_PROPS.setProperty("basic_auth_user", this.username);
            TEST_PROPS.setProperty("basic_auth_passwd", this.password);
            TEST_PROPS.setProperty("status-code", "403");
            invoke();
        }
        this.logger.trace("Attempting to GET as user= {} should be allowed due to DD security.", this.username);
        TEST_PROPS.setProperty("testname", "BasicSec/Test3");
        TEST_PROPS.setProperty("basic_auth_user", this.username);
        TEST_PROPS.setProperty("basic_auth_passwd", this.password);
        TEST_PROPS.setProperty("request", getRequestLine("GET", this.pageSec));
        TEST_PROPS.setProperty("status-code", "200");
        invoke();
        this.logger.trace("Class level annotation setting was overridden by DD.");
        this.logger.trace("test3 passed.");
    }

    @Test
    public void test4() throws Exception {
        TEST_PROPS.setProperty("request", getRequestLine("POST", this.pageSec));
        TEST_PROPS.setProperty("basic_auth_user", this.unauthUsername);
        TEST_PROPS.setProperty("basic_auth_passwd", this.unauthPassword);
        TEST_PROPS.setProperty("status-code", "200");
        invoke();
        this.logger.trace("Success - DD allowed POST by user={}", this.unauthUsername);
        this.logger.trace("test4 passed.");
    }

    @Test
    public void test5() throws Exception {
        this.logger.trace("GET w/ user= {} should be allowed access as DD leaves this servlet unprotected.", this.unauthUsername);
        TEST_PROPS.setProperty("testname", "BasicSec/Test5");
        TEST_PROPS.setProperty("basic_auth_user", this.username);
        TEST_PROPS.setProperty("basic_auth_passwd", this.password);
        TEST_PROPS.setProperty("request", getRequestLine("GET", this.pageUnprotected));
        TEST_PROPS.setProperty("status-code", "200");
        invoke();
        this.logger.trace("Class level PermitAll anno returned expected results");
        this.logger.trace("test5 passed.");
    }

    @Test
    public void test6() throws Exception {
        this.logger.trace("Sending request to resource where DD allows access to override any restricting annotation...");
        TEST_PROPS.setProperty("testname", "SecAnnotations/Test6");
        this.logger.trace("GET w/ user= {} should NOT be allowed due to DD declaration", this.username);
        TEST_PROPS.setProperty("testname", "SecAnnotations/Test6");
        TEST_PROPS.setProperty("request", getRequestLine("GET", this.pageGuest));
        TEST_PROPS.setProperty("basic_auth_user", this.username);
        TEST_PROPS.setProperty("basic_auth_passwd", this.password);
        TEST_PROPS.setProperty("status-code", "401");
        try {
            invoke();
        } catch (Exception e) {
            this.logger.trace("retrying: GET w/ user= {} should still NOT be allowed due to DD declaration", this.username);
            TEST_PROPS.setProperty("testname", "SecAnnotations/Test6");
            TEST_PROPS.setProperty("request", getRequestLine("GET", this.pageGuest));
            TEST_PROPS.setProperty("basic_auth_user", this.username);
            TEST_PROPS.setProperty("basic_auth_passwd", this.password);
            TEST_PROPS.setProperty("status-code", "403");
            invoke();
        }
        this.logger.trace("POST w/ user= {} should NOT be allowed due to DD declaration", this.username);
        TEST_PROPS.setProperty("testname", "SecAnnotations/Test6");
        TEST_PROPS.setProperty("request", getRequestLine("POST", this.pageGuest));
        TEST_PROPS.setProperty("basic_auth_user", this.username);
        TEST_PROPS.setProperty("basic_auth_passwd", this.password);
        TEST_PROPS.setProperty("status-code", "401");
        try {
            invoke();
        } catch (Exception e2) {
            this.logger.trace("retrying: POST w/ user= {} should still NOT be allowed due to DD declaration", this.username);
            TEST_PROPS.setProperty("testname", "SecAnnotations/Test6");
            TEST_PROPS.setProperty("request", getRequestLine("POST", this.pageGuest));
            TEST_PROPS.setProperty("basic_auth_user", this.username);
            TEST_PROPS.setProperty("basic_auth_passwd", this.password);
            TEST_PROPS.setProperty("status-code", "403");
            invoke();
        }
        this.logger.trace("Success - we were not allowed to POST or GET as role=Administrator (user=j2ee).");
        this.logger.trace("Test6 passed.");
    }

    private static String getRequestLine(String str, String str2) {
        return str + " " + str2 + " HTTP/1.1";
    }
}
