package com.zimbra.qa.unittest.prov.soap;

import com.zimbra.common.soap.Element;
import com.zimbra.common.soap.SoapFaultException;
import com.zimbra.common.soap.SoapProtocol;
import com.zimbra.common.soap.SoapTransport;
import com.zimbra.common.soap.ZimbraNamespace;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.soap.JaxbUtil;
import com.zimbra.soap.account.message.CreateSignatureRequest;
import com.zimbra.soap.account.type.Signature;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:com/zimbra/qa/unittest/prov/soap/TestBatchRequest.class */
public class TestBatchRequest extends SoapTest {
    private static SoapProvTestUtil provUtil;
    private static Provisioning prov;
    private static Domain domain;

    @BeforeClass
    public static void init() throws Exception {
        provUtil = new SoapProvTestUtil();
        prov = provUtil.getProv();
        domain = provUtil.createDomain(baseDomainName());
    }

    @AfterClass
    public static void cleanup() throws Exception {
        Cleanup.deleteAll(baseDomainName());
    }

    @Test
    public void batchReqWithoutCsrfToken() throws Exception {
        Account createAccount = provUtil.createAccount(genAcctNameLocalPart(), domain);
        SoapTransport authUser = authUser(createAccount.getName(), Boolean.TRUE.booleanValue(), Boolean.FALSE.booleanValue());
        Element.XMLElement xMLElement = new Element.XMLElement(ZimbraNamespace.E_BATCH_REQUEST);
        xMLElement.addElement(JaxbUtil.jaxbToElement(new CreateSignatureRequest(new Signature("test_id", "testSig", "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;", "text/html")), SoapProtocol.Soap12.getFactory()));
        try {
            authUser.invoke(xMLElement, false, false, (String) null);
        } catch (SoapFaultException e) {
            Assert.assertNotNull(e);
            junit.framework.Assert.assertEquals(true, e.getCode().contains("AUTH_REQUIRED"));
        }
    }

    @Test
    public void batchReqWithCsrfToken() throws Exception {
        Account createAccount = provUtil.createAccount(genAcctNameLocalPart(), domain);
        SoapTransport authUser = authUser(createAccount.getName(), Boolean.TRUE.booleanValue(), Boolean.TRUE.booleanValue());
        Element.XMLElement xMLElement = new Element.XMLElement(ZimbraNamespace.E_BATCH_REQUEST);
        xMLElement.addElement(JaxbUtil.jaxbToElement(new CreateSignatureRequest(new Signature((String) null, "testSig", "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;", "text/html")), SoapProtocol.Soap12.getFactory()));
        try {
            Assert.assertNotNull(authUser.invoke(xMLElement, false, false, (String) null).getElement("CreateSignatureResponse").getElement("signature").getAttribute("id"));
        } catch (SoapFaultException e) {
            Assert.assertNull(e);
        }
    }
}
