package org.apache.james.jmap;

import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import java.io.IOException;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.util.UUID;
import org.apache.james.GuiceJamesServer;
import org.apache.james.jmap.categories.BasicFeature;
import org.apache.james.jmap.methods.integration.SetVacationResponseTest;
import org.apache.james.jmap.model.ContinuationToken;
import org.apache.james.utils.DataProbeImpl;
import org.apache.james.utils.JmapGuiceProbe;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;

/* loaded from: input_file:org/apache/james/jmap/JMAPAuthenticationTest.class */
public abstract class JMAPAuthenticationTest {
    private static final ZonedDateTime oldDate = ZonedDateTime.parse("2011-12-03T10:15:30+01:00", DateTimeFormatter.ISO_OFFSET_DATE_TIME);
    private static final ZonedDateTime newDate = ZonedDateTime.parse("2011-12-03T10:16:30+01:00", DateTimeFormatter.ISO_OFFSET_DATE_TIME);
    private static final ZonedDateTime afterExpirationDate = ZonedDateTime.parse("2011-12-03T10:30:31+01:00", DateTimeFormatter.ISO_OFFSET_DATE_TIME);
    private UserCredentials userCredentials;
    private FixedDateZonedDateTimeProvider zonedDateTimeProvider;
    private GuiceJamesServer jmapServer;

    protected abstract GuiceJamesServer createJmapServer(FixedDateZonedDateTimeProvider fixedDateZonedDateTimeProvider) throws IOException;

    @Before
    public void setup() throws Throwable {
        this.zonedDateTimeProvider = new FixedDateZonedDateTimeProvider();
        this.zonedDateTimeProvider.setFixedDateTime(oldDate);
        this.jmapServer = createJmapServer(this.zonedDateTimeProvider);
        this.jmapServer.start();
        RestAssured.requestSpecification = TestingConstants.jmapRequestSpecBuilder.setPort(this.jmapServer.getProbe(JmapGuiceProbe.class).getJmapPort()).build();
        this.userCredentials = UserCredentials.builder().username("user@domain.tld").password(SetVacationResponseTest.PASSWORD).build();
        this.jmapServer.getProbe(DataProbeImpl.class).fluent().addDomain(TestingConstants.DOMAIN).addUser(this.userCredentials.getUsername(), this.userCredentials.getPassword());
    }

    @After
    public void teardown() {
        this.jmapServer.stop();
    }

    @Test
    public void mustReturnMalformedRequestWhenContentTypeIsMissing() {
        RestAssured.given().accept(ContentType.JSON).when().post("/authentication", new Object[0]).then().statusCode(400);
    }

    @Test
    public void mustReturnMalformedRequestWhenContentTypeIsNotJson() {
        RestAssured.given().contentType(ContentType.XML).accept(ContentType.JSON).when().post("/authentication", new Object[0]).then().statusCode(400);
    }

    @Test
    public void mustReturnMalformedRequestWhenAcceptIsMissing() {
        RestAssured.given().contentType(ContentType.JSON).when().post("/authentication", new Object[0]).then().statusCode(400);
    }

    @Test
    public void mustReturnMalformedRequestWhenAcceptIsNotJson() {
        RestAssured.given().contentType(ContentType.JSON).accept(ContentType.XML).when().post("/authentication", new Object[0]).then().statusCode(400);
    }

    @Test
    public void mustReturnMalformedRequestWhenCharsetIsNotUTF8() {
        RestAssured.given().contentType("application/json; charset=ISO-8859-1").accept(ContentType.JSON).when().post("/authentication", new Object[0]).then().statusCode(400);
    }

    @Test
    public void mustReturnMalformedRequestWhenBodyIsEmpty() {
        RestAssured.given().contentType(ContentType.JSON).accept(ContentType.JSON).when().post("/authentication", new Object[0]).then().statusCode(400);
    }

    @Test
    public void mustReturnMalformedRequestWhenBodyIsNotAcceptable() {
        RestAssured.given().contentType(ContentType.JSON).accept(ContentType.JSON).body("{\"badAttributeName\": \"value\"}").when().post("/authentication", new Object[0]).then().statusCode(400);
    }

    @Test
    public void mustReturnJsonResponse() throws Exception {
        RestAssured.given().contentType(ContentType.JSON).accept(ContentType.JSON).body("{\"username\": \"" + this.userCredentials.getUsername() + "\", \"clientName\": \"Mozilla Thunderbird\", \"clientVersion\": \"42.0\", \"deviceName\": \"Joe Blogg’s iPhone\"}").when().post("/authentication", new Object[0]).then().statusCode(200).contentType(ContentType.JSON);
    }

    @Test
    public void methodShouldContainPasswordWhenValidResquest() throws Exception {
        RestAssured.given().contentType(ContentType.JSON).accept(ContentType.JSON).body("{\"username\": \"" + this.userCredentials.getUsername() + "\", \"clientName\": \"Mozilla Thunderbird\", \"clientVersion\": \"42.0\", \"deviceName\": \"Joe Blogg’s iPhone\"}").when().post("/authentication", new Object[0]).then().statusCode(200).body("methods", Matchers.hasItem(this.userCredentials.getPassword()), new Object[0]);
    }

    @Test
    @Category({BasicFeature.class})
    public void mustReturnContinuationTokenWhenValidResquest() throws Exception {
        RestAssured.given().contentType(ContentType.JSON).accept(ContentType.JSON).body("{\"username\": \"" + this.userCredentials.getUsername() + "\", \"clientName\": \"Mozilla Thunderbird\", \"clientVersion\": \"42.0\", \"deviceName\": \"Joe Blogg’s iPhone\"}").when().post("/authentication", new Object[0]).then().statusCode(200).body("continuationToken", Matchers.isA(String.class), new Object[0]);
    }

    @Test
    @Category({BasicFeature.class})
    public void mustReturnAuthenticationFailedWhenBadPassword() throws Exception {
        RestAssured.given().contentType(ContentType.JSON).accept(ContentType.JSON).body("{\"token\": \"" + fromGoodContinuationTokenRequest() + "\", \"method\": \"password\", \"password\": \"badpassword\"}").when().post("/authentication", new Object[0]).then().statusCode(401);
    }

    @Test
    public void mustReturnAuthenticationFailedWhenContinuationTokenIsRejectedByTheContinuationTokenManager() throws Exception {
        RestAssured.given().contentType(ContentType.JSON).accept(ContentType.JSON).body("{\"token\": \"" + new ContinuationToken(this.userCredentials.getUsername(), newDate, "badSignature").serialize() + "\", \"method\": \"password\", \"password\": \"" + this.userCredentials.getPassword() + "\"}").when().post("/authentication", new Object[0]).then().statusCode(401);
    }

    @Test
    public void mustReturnRestartAuthenticationWhenContinuationTokenIsExpired() throws Exception {
        String fromGoodContinuationTokenRequest = fromGoodContinuationTokenRequest();
        this.zonedDateTimeProvider.setFixedDateTime(afterExpirationDate);
        RestAssured.given().contentType(ContentType.JSON).accept(ContentType.JSON).body("{\"token\": \"" + fromGoodContinuationTokenRequest + "\", \"method\": \"password\", \"password\": \"" + this.userCredentials.getPassword() + "\"}").when().post("/authentication", new Object[0]).then().statusCode(403);
    }

    @Test
    public void mustReturnAuthenticationFailedWhenUsersRepositoryException() throws Exception {
        RestAssured.given().contentType(ContentType.JSON).accept(ContentType.JSON).body("{\"token\": \"" + fromGoodContinuationTokenRequest() + "\", \"method\": \"password\", \"password\": \"wrong password\"}").when().post("/authentication", new Object[0]).then().statusCode(401);
    }

    @Test
    public void mustReturnCreatedWhenGoodPassword() throws Exception {
        String fromGoodContinuationTokenRequest = fromGoodContinuationTokenRequest();
        this.zonedDateTimeProvider.setFixedDateTime(newDate);
        RestAssured.given().contentType(ContentType.JSON).accept(ContentType.JSON).body("{\"token\": \"" + fromGoodContinuationTokenRequest + "\", \"method\": \"password\", \"password\": \"" + this.userCredentials.getPassword() + "\"}").when().post("/authentication", new Object[0]).then().statusCode(201);
    }

    @Test
    @Category({BasicFeature.class})
    public void mustSendJsonContainingAccessTokenAndEndpointsWhenGoodPassword() throws Exception {
        String fromGoodContinuationTokenRequest = fromGoodContinuationTokenRequest();
        this.zonedDateTimeProvider.setFixedDateTime(newDate);
        RestAssured.given().contentType(ContentType.JSON).accept(ContentType.JSON).body("{\"token\": \"" + fromGoodContinuationTokenRequest + "\", \"method\": \"password\", \"password\": \"" + this.userCredentials.getPassword() + "\"}").when().post("/authentication", new Object[0]).then().body("accessToken", Matchers.isA(String.class), new Object[0]).body("api", Matchers.equalTo("/jmap"), new Object[0]).body("eventSource", Matchers.both(Matchers.isA(String.class)).and(Matchers.notNullValue()), new Object[0]).body("upload", Matchers.equalTo("/upload"), new Object[0]).body("download", Matchers.equalTo("/download"), new Object[0]);
    }

    @Test
    public void getMustReturnUnauthorizedWithoutAuthorizationHeader() throws Exception {
        RestAssured.given().when().get("/authentication", new Object[0]).then().statusCode(401);
    }

    @Test
    public void getMustReturnUnauthorizedWithoutAValidAuthorizationHeader() throws Exception {
        RestAssured.given().header("Authorization", UUID.randomUUID(), new Object[0]).when().get("/authentication", new Object[0]).then().statusCode(401);
    }

    @Test
    @Category({BasicFeature.class})
    public void getMustReturnEndpointsWhenValidAuthorizationHeader() throws Exception {
        RestAssured.given().header("Authorization", fromGoodAccessTokenRequest(fromGoodContinuationTokenRequest()), new Object[0]).when().get("/authentication", new Object[0]).then().statusCode(200).body("api", Matchers.equalTo("/jmap"), new Object[0]).body("eventSource", Matchers.both(Matchers.isA(String.class)).and(Matchers.notNullValue()), new Object[0]).body("upload", Matchers.equalTo("/upload"), new Object[0]).body("download", Matchers.equalTo("/download"), new Object[0]);
    }

    @Test
    @Category({BasicFeature.class})
    public void getMustReturnEndpointsWhenValidJwtAuthorizationHeader() throws Exception {
        RestAssured.given().header("Authorization", "Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0.T04BTkLXkJj24coSZkK13RfG25lpvmSl2MJ7N10KpBk9_-95EGYZdog-BDAn3PJzqVw52z-Bwjh4VOj1-j7cURu0cT4jXehhUrlCxS4n7QHZDN_bsEYGu7KzjWTpTsUiHe-rN7izXVFxDGG1TGwlmBCBnPW-EFCf9ylUsJi0r2BKNdaaPRfMIrHptH1zJBkkUziWpBN1RNLjmvlAUf49t1Tbv21ZqYM5Ht2vrhJWczFbuC-TD-8zJkXhjTmA1GVgomIX5dx1cH-dZX1wANNmshUJGHgepWlPU-5VIYxPEhb219RMLJIELMY2qNOR8Q31ydinyqzXvCSzVJOf6T60-w", new Object[0]).when().get("/authentication", new Object[0]).then().statusCode(200);
    }

    @Test
    public void getMustReturnEndpointsWhenValidUnkwnonUserJwtAuthorizationHeader() throws Exception {
        RestAssured.given().header("Authorization", "Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMzM3IiwibmFtZSI6Ik5ldyBVc2VyIn0.ci8U04EOWKpi_yfaKs8fnCBcu1mWs8fvf-t9SDP2kkvDDfD-ya4sEGn4ueCp2dA2ndefZfVu_IfvdlVtxqzSf0tQ-dFKrIe-OtSKhI2otjWctLtk9AG7jpWkXoDgr5IOVmsqg37Zxc2bgkLkC5FJqV6oCp51TNQTH6zZbXIUeuGFbHj2-iJeX8sACKTQB0llwc6TFm7GYUF03rv4DfJjqpKd0g8RdnlevSOjV-gGzvKEItugtexS5pgOZ2GYcvqEUDb9EnQR7Qe2EzPAX_FCJfGhlv7bDQlTgOHHAjqw2lD4-zeAznw-3wlYLSzhi4ivvPjT-y2T5wnnhzeeYOpYOQ", new Object[0]).when().get("/authentication", new Object[0]).then().statusCode(200);
    }

    @Test
    public void getMustReturnBadCredentialsWhenInvalidJwtAuthorizationHeader() throws Exception {
        RestAssured.given().header("Authorization", "Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0.T04BTkLXkJj24coSZkK13RfG25lpvmSl2MJ7N10KpBk9_-95EGYZdog-BDAn3PJzqVw52z-Bwjh4VOj1-j7cURu0cT4jXehhUrlCxS4n7QHZEN_bsEYGu7KzjWTpTsUiHe-rN7izXVFxDGG1TGwlmBCBnPW-EFCf9ylUsJi0r2BKNdaaPRfMIrHptH1zJBkkUziWpBN1RNLjmvlAUf49t1Tbv21ZqYM5Ht2vrhJWczFbuC-TD-8zJkXhjTmA1GVgomIX5dx1cH-dZX1wANNmshUJGHgepWlPU-5VIYxPEhb219RMLJIELMY2qNOR8Q31ydinyqzXvCSzVJOf6T60-w", new Object[0]).when().get("/authentication", new Object[0]).then().statusCode(401);
    }

    @Test
    public void optionsRequestsShouldNeverRequireAuthentication() {
        RestAssured.given().when().options("/authentication", new Object[0]).then().statusCode(200);
    }

    @Test
    public void getMustReturnEndpointsWhenCorrectAuthentication() throws Exception {
        String fromGoodContinuationTokenRequest = fromGoodContinuationTokenRequest();
        this.zonedDateTimeProvider.setFixedDateTime(newDate);
        RestAssured.given().header("Authorization", fromGoodAccessTokenRequest(fromGoodContinuationTokenRequest), new Object[0]).when().get("/authentication", new Object[0]).then().statusCode(200).body("api", Matchers.isA(String.class), new Object[0]);
    }

    @Test
    public void deleteMustReturnUnauthenticatedWithoutAuthorizationHeader() throws Exception {
        RestAssured.given().when().delete("/authentication", new Object[0]).then().statusCode(401);
    }

    @Test
    public void deleteMustReturnUnauthenticatedWithoutAValidAuthroizationHeader() throws Exception {
        RestAssured.given().header("Authorization", UUID.randomUUID(), new Object[0]).when().delete("/authentication", new Object[0]).then().statusCode(401);
    }

    @Test
    public void deleteMustReturnOKNoContentOnValidAuthorizationToken() throws Exception {
        RestAssured.given().header("Authorization", fromGoodAccessTokenRequest(fromGoodContinuationTokenRequest()), new Object[0]).when().delete("/authentication", new Object[0]).then().statusCode(204);
    }

    @Test
    @Category({BasicFeature.class})
    public void deleteMustInvalidAuthorizationOnCorrectAuthorization() throws Exception {
        String fromGoodContinuationTokenRequest = fromGoodContinuationTokenRequest();
        this.zonedDateTimeProvider.setFixedDateTime(newDate);
        String fromGoodAccessTokenRequest = fromGoodAccessTokenRequest(fromGoodContinuationTokenRequest);
        goodDeleteAccessTokenRequest(fromGoodAccessTokenRequest);
        RestAssured.given().header("Authorization", fromGoodAccessTokenRequest, new Object[0]).when().get("/authentication", new Object[0]).then().statusCode(401);
    }

    private String fromGoodContinuationTokenRequest() {
        return RestAssured.with().contentType(ContentType.JSON).accept(ContentType.JSON).body("{\"username\": \"" + this.userCredentials.getUsername() + "\", \"clientName\": \"Mozilla Thunderbird\", \"clientVersion\": \"42.0\", \"deviceName\": \"Joe Blogg’s iPhone\"}").post("/authentication", new Object[0]).body().path("continuationToken", new String[0]).toString();
    }

    private String fromGoodAccessTokenRequest(String str) {
        return RestAssured.with().contentType(ContentType.JSON).accept(ContentType.JSON).body("{\"token\": \"" + str + "\", \"method\": \"password\", \"password\": \"" + this.userCredentials.getPassword() + "\"}").post("/authentication", new Object[0]).path("accessToken", new String[0]).toString();
    }

    private void goodDeleteAccessTokenRequest(String str) {
        RestAssured.with().header("Authorization", str, new Object[0]).delete("/authentication", new Object[0]);
    }
}
