package com.zimbra.qa.unittest;

import com.zimbra.client.ZMailbox;
import com.zimbra.common.auth.ZAuthToken;
import com.zimbra.common.httpclient.HttpClientUtil;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.Element;
import com.zimbra.common.soap.SoapFaultException;
import com.zimbra.common.soap.SoapHttpTransport;
import com.zimbra.common.soap.SoapProtocol;
import com.zimbra.common.soap.SoapTransport;
import com.zimbra.common.soap.SoapUtil;
import com.zimbra.common.util.ZimbraHttpConnectionManager;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AuthToken;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.ZimbraAuthToken;
import com.zimbra.cs.ldap.LdapConstants;
import com.zimbra.cs.mailbox.MailItem;
import com.zimbra.cs.service.AuthProvider;
import com.zimbra.cs.servlet.util.CsrfUtil;
import com.zimbra.soap.JaxbUtil;
import com.zimbra.soap.account.message.AuthRequest;
import com.zimbra.soap.account.message.AuthResponse;
import com.zimbra.soap.account.message.EndSessionRequest;
import com.zimbra.soap.account.message.GetInfoRequest;
import com.zimbra.soap.admin.message.CreateAccountRequest;
import com.zimbra.soap.mail.message.SearchRequest;
import com.zimbra.soap.mail.message.SearchResponse;
import com.zimbra.soap.type.AccountBy;
import com.zimbra.soap.type.AccountSelector;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Date;
import java.util.Map;
import java.util.Random;
import org.apache.commons.httpclient.Cookie;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpState;
import org.apache.commons.httpclient.methods.GetMethod;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TestName;

/* loaded from: input_file:com/zimbra/qa/unittest/TestCookieReuse.class */
public class TestCookieReuse {

    @Rule
    public TestName testInfo = new TestName();
    private static final String NAME_PREFIX = TestUserServlet.class.getSimpleName();
    private static String USER_NAME;
    private static String UNAUTHORIZED_USER;
    private int currentSupportedAuthVersion;

    /* loaded from: input_file:com/zimbra/qa/unittest/TestCookieReuse$HttpCookieSoapTransport.class */
    private class HttpCookieSoapTransport extends SoapHttpTransport {
        public HttpCookieSoapTransport(String str) {
            super(str);
        }

        protected final Element generateSoapMessage(Element element, boolean z, boolean z2, String str, String str2, String str3) {
            SoapProtocol requestProtocol = getRequestProtocol();
            if (requestProtocol == SoapProtocol.SoapJS) {
                if (element instanceof Element.XMLElement) {
                    requestProtocol = SoapProtocol.Soap12;
                }
            } else if (element instanceof Element.JSONElement) {
                requestProtocol = SoapProtocol.SoapJS;
            }
            SoapProtocol responseProtocol = getResponseProtocol() == null ? requestProtocol : getResponseProtocol();
            String targetAcctId = str != null ? str : getTargetAcctId();
            String targetAcctName = targetAcctId == null ? getTargetAcctName() : null;
            Element element2 = null;
            if (generateContextHeader()) {
                element2 = SoapUtil.toCtxt(requestProtocol, (ZAuthToken) null, (String) null);
                if (z2) {
                    SoapUtil.disableNotificationOnCtxt(element2);
                } else {
                    SoapUtil.addSessionToCtxt(element2, getAuthToken() == null ? null : getSessionId(), getMaxNotifySeq());
                }
                SoapUtil.addTargetAccountToCtxt(element2, targetAcctId, targetAcctName);
                SoapUtil.addChangeTokenToCtxt(element2, str2, str3);
                SoapUtil.addUserAgentToCtxt(element2, getUserAgentName(), getUserAgentVersion());
                if (responseProtocol != requestProtocol) {
                    SoapUtil.addResponseProtocolToCtxt(element2, responseProtocol);
                }
            }
            return requestProtocol.soapEnvelope(element, element2);
        }
    }

    @Before
    public void setUp() throws Exception {
        this.currentSupportedAuthVersion = Provisioning.getInstance().getLocalServer().getLowestSupportedAuthVersion();
        String str = NAME_PREFIX + "-" + this.testInfo.getMethodName().toLowerCase() + "-";
        USER_NAME = str + "user1";
        UNAUTHORIZED_USER = AccountTestUtil.getAddress(str + "unauthorized");
        cleanUp();
        TestUtil.createAccount(USER_NAME);
        TestUtil.addMessage(TestUtil.getZMailbox(USER_NAME), NAME_PREFIX);
    }

    @After
    public void tearDown() throws Exception {
        cleanUp();
        Provisioning.getInstance().getLocalServer().setLowestSupportedAuthVersion(this.currentSupportedAuthVersion);
    }

    private void cleanUp() throws Exception {
        TestUtil.deleteAccountIfExists(USER_NAME);
        TestUtil.deleteAccountIfExists(UNAUTHORIZED_USER);
    }

    public static void main(String[] strArr) throws Exception {
        TestUtil.cliSetup();
        TestUtil.runTest(TestCookieReuse.class);
    }

    @Test
    public void testValidCookie() throws ServiceException, IOException {
        ZMailbox zMailbox = TestUtil.getZMailbox(USER_NAME);
        URI restURI = zMailbox.getRestURI("Inbox?fmt=rss");
        int executeMethod = HttpClientUtil.executeMethod(zMailbox.getHttpClient(restURI), new GetMethod(restURI.toString()));
        Assert.assertEquals("This request should succeed. Getting status code " + executeMethod, 200L, executeMethod);
    }

    @Test
    public void testValidSessionCookieReuse() throws ServiceException, IOException {
        ZMailbox zMailbox = TestUtil.getZMailbox(USER_NAME);
        URI restURI = zMailbox.getRestURI("Inbox?fmt=rss");
        HttpClient httpClient = zMailbox.getHttpClient(restURI);
        HttpClient newHttpClient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
        Cookie[] cookies = httpClient.getState().getCookies();
        HttpState httpState = new HttpState();
        for (Cookie cookie : cookies) {
            httpState.addCookie(new Cookie(restURI.getHost(), cookie.getName(), cookie.getValue(), "/", (Date) null, false));
        }
        newHttpClient.setState(httpState);
        int executeMethod = HttpClientUtil.executeMethod(newHttpClient, new GetMethod(restURI.toString()));
        Assert.assertEquals("This request should succeed. Getting status code " + executeMethod, 200L, executeMethod);
    }

    @Test
    public void testAutoEndSession() throws ServiceException, IOException {
        TestUtil.setAccountAttr(USER_NAME, "zimbraForceClearCookies", LdapConstants.LDAP_TRUE);
        ZMailbox zMailbox = TestUtil.getZMailbox(USER_NAME);
        URI restURI = zMailbox.getRestURI("Inbox?fmt=rss");
        HttpClient httpClient = zMailbox.getHttpClient(restURI);
        HttpClient newHttpClient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
        Cookie[] cookies = httpClient.getState().getCookies();
        HttpState httpState = new HttpState();
        for (Cookie cookie : cookies) {
            httpState.addCookie(new Cookie(restURI.getHost(), cookie.getName(), cookie.getValue(), "/", (Date) null, false));
        }
        newHttpClient.setState(httpState);
        TestUtil.getAccount(USER_NAME).setForceClearCookies(true);
        zMailbox.invokeJaxb(new EndSessionRequest());
        int executeMethod = HttpClientUtil.executeMethod(newHttpClient, new GetMethod(restURI.toString()));
        Assert.assertEquals("This request should not succeed. Getting status code " + executeMethod, 401L, executeMethod);
    }

    @Test
    public void testForceEndSession() throws ServiceException, IOException {
        TestUtil.setAccountAttr(USER_NAME, "zimbraForceClearCookies", LdapConstants.LDAP_FALSE);
        ZMailbox zMailbox = TestUtil.getZMailbox(USER_NAME);
        URI restURI = zMailbox.getRestURI("Inbox?fmt=rss");
        HttpClient httpClient = zMailbox.getHttpClient(restURI);
        HttpClient newHttpClient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
        Cookie[] cookies = httpClient.getState().getCookies();
        HttpState httpState = new HttpState();
        for (Cookie cookie : cookies) {
            httpState.addCookie(new Cookie(restURI.getHost(), cookie.getName(), cookie.getValue(), "/", (Date) null, false));
        }
        newHttpClient.setState(httpState);
        TestUtil.getAccount(USER_NAME).setForceClearCookies(false);
        EndSessionRequest endSessionRequest = new EndSessionRequest();
        endSessionRequest.setLogOff(true);
        zMailbox.invokeJaxb(endSessionRequest);
        int executeMethod = HttpClientUtil.executeMethod(newHttpClient, new GetMethod(restURI.toString()));
        Assert.assertEquals("This request should not succeed. Getting status code " + executeMethod, 401L, executeMethod);
    }

    @Test
    public void testInvalidSearchRequest() throws ServiceException, IOException {
        TestUtil.setAccountAttr(USER_NAME, "zimbraForceClearCookies", LdapConstants.LDAP_FALSE);
        ZMailbox zMailbox = TestUtil.getZMailbox(USER_NAME);
        zMailbox.getHttpClient(zMailbox.getRestURI("Inbox?fmt=rss"));
        ZAuthToken authToken = zMailbox.getAuthToken();
        HttpCookieSoapTransport httpCookieSoapTransport = new HttpCookieSoapTransport(TestUtil.getSoapUrl());
        httpCookieSoapTransport.setAuthToken(authToken);
        SearchRequest searchRequest = new SearchRequest();
        searchRequest.setSearchTypes(MailItem.Type.MESSAGE.toString());
        searchRequest.setQuery("in:inbox");
        Assert.assertFalse("this search request should return some conversations", ((SearchResponse) JaxbUtil.elementToJaxb(httpCookieSoapTransport.invoke(JaxbUtil.jaxbToElement(searchRequest, SoapProtocol.SoapJS.getFactory())))).getSearchHits().isEmpty());
        TestUtil.getAccount(USER_NAME).setForceClearCookies(false);
        EndSessionRequest endSessionRequest = new EndSessionRequest();
        endSessionRequest.setLogOff(true);
        zMailbox.invokeJaxb(endSessionRequest);
        HttpCookieSoapTransport httpCookieSoapTransport2 = new HttpCookieSoapTransport(TestUtil.getSoapUrl());
        httpCookieSoapTransport2.setAuthToken(authToken);
        SearchRequest searchRequest2 = new SearchRequest();
        searchRequest2.setSearchTypes(MailItem.Type.MESSAGE.toString());
        searchRequest2.setQuery("in:inbox");
        try {
            Assert.assertTrue("this search request should fail", ((SearchResponse) JaxbUtil.elementToJaxb(httpCookieSoapTransport2.invoke(JaxbUtil.jaxbToElement(searchRequest2, SoapProtocol.SoapJS.getFactory())))).getSearchHits().isEmpty());
        } catch (SoapFaultException e) {
            Assert.assertEquals("Should be getting 'auth required' exception", "service.AUTH_EXPIRED", e.getCode());
        }
    }

    @Test
    public void testWebLogOut() throws ServiceException, IOException, URISyntaxException, InterruptedException {
        TestUtil.setAccountAttr(USER_NAME, "zimbraForceClearCookies", LdapConstants.LDAP_FALSE);
        ZMailbox zMailbox = TestUtil.getZMailbox(USER_NAME);
        URI restURI = zMailbox.getRestURI("Inbox?fmt=rss");
        HttpClient httpClient = zMailbox.getHttpClient(restURI);
        HttpClient newHttpClient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
        Cookie[] cookies = httpClient.getState().getCookies();
        HttpState httpState = new HttpState();
        for (Cookie cookie : cookies) {
            httpState.addCookie(new Cookie(restURI.getHost(), cookie.getName(), cookie.getValue(), "/", (Date) null, false));
        }
        newHttpClient.setState(httpState);
        TestUtil.getAccount(USER_NAME).setForceClearCookies(false);
        Object[] objArr = new Object[3];
        objArr[0] = restURI.getScheme();
        objArr[1] = restURI.getHost();
        objArr[2] = restURI.getPort() > 80 ? ":" + restURI.getPort() : "";
        int executeMethod = httpClient.executeMethod(new GetMethod(new URI(String.format("%s://%s%s/?loginOp=logout", objArr)).toString()));
        Assert.assertEquals("Log out request should succeed. Getting status code " + executeMethod, 200L, executeMethod);
        int executeMethod2 = HttpClientUtil.executeMethod(newHttpClient, new GetMethod(restURI.toString()));
        Assert.assertEquals("This request should not succeed. Getting status code " + executeMethod2, 401L, executeMethod2);
    }

    @Test
    public void testTokenRegistration() throws Exception {
        Assert.assertTrue("token should be registered", new ZimbraAuthToken(TestUtil.getAccount(USER_NAME)).isRegistered());
    }

    @Test
    public void testTokenDeregistration() throws Exception {
        ZimbraAuthToken zimbraAuthToken = new ZimbraAuthToken(TestUtil.getAccount(USER_NAME));
        Assert.assertTrue("token should be registered", zimbraAuthToken.isRegistered());
        zimbraAuthToken.deRegister();
        Assert.assertFalse("token should not be registered", zimbraAuthToken.isRegistered());
    }

    @Test
    public void testAdminTokenDeregistration() throws Exception {
        AuthToken adminAuthToken = AuthProvider.getAdminAuthToken();
        Assert.assertTrue("token should be registered", adminAuthToken.isRegistered());
        adminAuthToken.deRegister();
        Assert.assertFalse("token should not be registered", adminAuthToken.isRegistered());
    }

    @Test
    public void testTokenExpiredTokenDeregistration() throws Exception {
        Account account = TestUtil.getAccount(USER_NAME);
        ZimbraAuthToken zimbraAuthToken = new ZimbraAuthToken(account, System.currentTimeMillis() - 1000);
        ZimbraAuthToken zimbraAuthToken2 = new ZimbraAuthToken(account, System.currentTimeMillis() + 10000);
        Assert.assertFalse("First token should not be registered", zimbraAuthToken.isRegistered());
        Assert.assertTrue("Second token should be registered", zimbraAuthToken2.isRegistered());
    }

    @Test
    public void testOldClientSupport() throws Exception {
        ZimbraAuthToken zimbraAuthToken = new ZimbraAuthToken(TestUtil.getAccount(USER_NAME), System.currentTimeMillis() - 1000);
        Assert.assertTrue("token should be registered", zimbraAuthToken.isRegistered());
        zimbraAuthToken.deRegister();
        Assert.assertFalse("token should not be registered", zimbraAuthToken.isRegistered());
        Provisioning.getInstance().getLocalServer().setLowestSupportedAuthVersion(1);
        Assert.assertTrue("token should appear to be registered", zimbraAuthToken.isRegistered());
        Provisioning.getInstance().getLocalServer().setLowestSupportedAuthVersion(2);
        Assert.assertFalse("token should not be registered", zimbraAuthToken.isRegistered());
    }

    @Test
    public void testClearCookies() throws Exception {
        Account account = TestUtil.getAccount(USER_NAME);
        account.setForceClearCookies(true);
        ZimbraAuthToken zimbraAuthToken = new ZimbraAuthToken(account);
        Assert.assertTrue("token should be registered", zimbraAuthToken.isRegistered());
        zimbraAuthToken.deRegister();
        Assert.assertFalse("token should not be registered", zimbraAuthToken.isRegistered());
    }

    @Test
    public void testLoginClearAuthTokensException() throws Exception {
        Account account = TestUtil.getAccount(USER_NAME);
        ZimbraAuthToken zimbraAuthToken = new ZimbraAuthToken(account, System.currentTimeMillis() + 1000);
        Assert.assertFalse("token should not be expired yet", zimbraAuthToken.isExpired());
        Thread.sleep(2000L);
        Assert.assertTrue("token should have expired by now", zimbraAuthToken.isExpired());
        account.purgeAuthTokens();
        String authToken = ((AuthResponse) JaxbUtil.elementToJaxb(new SoapHttpTransport(TestUtil.getSoapUrl()).invoke(JaxbUtil.jaxbToElement(new AuthRequest(new AccountSelector(AccountBy.name, account.getName()), "test123"), SoapProtocol.SoapJS.getFactory())))).getAuthToken();
        Assert.assertNotNull("should have received a new authtoken", authToken);
        AuthToken authToken2 = ZimbraAuthToken.getAuthToken(authToken);
        Assert.assertTrue("new auth token should be registered", authToken2.isRegistered());
        Assert.assertFalse("new auth token should not be expired yet", authToken2.isExpired());
    }

    @Test
    public void testGetWithoutAdminCookie() throws Exception {
        int i = 7071;
        try {
            i = Provisioning.getInstance().getLocalServer().getIntAttr("zimbraAdminPort", 0);
        } catch (ServiceException e) {
            ZimbraLog.test.error("Unable to get admin SOAP port", e);
        }
        int executeMethod = HttpClientUtil.executeMethod(ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient(), new GetMethod("https://localhost:" + i + "/service/collectconfig/?host=" + Provisioning.getInstance().getLocalServer().getName()));
        Assert.assertEquals("This request should NOT succeed. Getting status code " + executeMethod, 401L, executeMethod);
    }

    @Test
    public void testReuseAdminCookieWithoutCsrf() throws Exception {
        AuthToken adminAuthToken = AuthProvider.getAdminAuthToken();
        adminAuthToken.setCsrfTokenEnabled(false);
        int i = 7071;
        try {
            i = Provisioning.getInstance().getLocalServer().getIntAttr("zimbraAdminPort", 0);
        } catch (ServiceException e) {
            ZimbraLog.test.error("Unable to get admin SOAP port", e);
        }
        String str = "https://localhost:" + i + "/service/collectconfig/?host=" + Provisioning.getInstance().getLocalServer().getName();
        HttpClient newHttpClient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
        HttpState httpState = new HttpState();
        adminAuthToken.encode(httpState, true, "localhost");
        newHttpClient.setState(httpState);
        int executeMethod = HttpClientUtil.executeMethod(newHttpClient, new GetMethod(str));
        Assert.assertEquals("This request should succeed. Getting status code " + executeMethod, 200L, executeMethod);
    }

    @Test
    public void testReuseUserCookieWithoutCsrf() throws Exception {
        AuthToken authToken = AuthProvider.getAuthToken(TestUtil.getAccount(USER_NAME));
        URI restURI = TestUtil.getZMailbox(USER_NAME).getRestURI("Inbox?fmt=rss&thief=false");
        authToken.setCsrfTokenEnabled(false);
        GetMethod getMethod = new GetMethod(restURI.toString());
        HttpClient newHttpClient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
        newHttpClient.setState(HttpClientUtil.newHttpState(new ZAuthToken(authToken.getEncoded()), restURI.getHost(), false));
        newHttpClient.getParams().setCookiePolicy("compatibility");
        int executeMethod = HttpClientUtil.executeMethod(newHttpClient, getMethod);
        Assert.assertEquals("This request should succeed. Getting status code " + executeMethod + " Response: " + getMethod.getResponseBodyAsString(), 200L, executeMethod);
    }

    @Test
    public void testReuseUserCookieWithCsrf() throws Exception {
        AuthToken authToken = AuthProvider.getAuthToken(TestUtil.getAccount(USER_NAME));
        URI restURI = TestUtil.getZMailbox(USER_NAME).getRestURI("Inbox?fmt=rss&thief=true");
        authToken.setCsrfTokenEnabled(true);
        GetMethod getMethod = new GetMethod(restURI.toString());
        HttpClient newHttpClient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
        newHttpClient.setState(HttpClientUtil.newHttpState(new ZAuthToken(authToken.getEncoded()), restURI.getHost(), false));
        newHttpClient.getParams().setCookiePolicy("compatibility");
        int executeMethod = HttpClientUtil.executeMethod(newHttpClient, getMethod);
        Assert.assertEquals("This request should succeed. Getting status code " + executeMethod + " Response: " + getMethod.getResponseBodyAsString(), 200L, executeMethod);
    }

    @Test
    public void testReuseAdminCookieWithCsrf() throws Exception {
        AuthToken adminAuthToken = AuthProvider.getAdminAuthToken();
        adminAuthToken.setCsrfTokenEnabled(true);
        int i = 7071;
        try {
            i = Provisioning.getInstance().getLocalServer().getIntAttr("zimbraAdminPort", 0);
        } catch (ServiceException e) {
            ZimbraLog.test.error("Unable to get admin SOAP port", e);
        }
        String str = "https://localhost:" + i + "/service/collectconfig/?host=" + Provisioning.getInstance().getLocalServer().getName();
        HttpClient newHttpClient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
        HttpState httpState = new HttpState();
        adminAuthToken.encode(httpState, true, "localhost");
        newHttpClient.setState(httpState);
        int executeMethod = HttpClientUtil.executeMethod(newHttpClient, new GetMethod(str));
        Assert.assertEquals("This request should succeed. Getting status code " + executeMethod, 200L, executeMethod);
    }

    @Test
    public void testUnauthorizedAdminPostWithCsrf() throws Exception {
        AuthToken adminAuthToken = AuthProvider.getAdminAuthToken();
        adminAuthToken.setCsrfTokenEnabled(true);
        SoapTransport adminSoapTransport = TestUtil.getAdminSoapTransport();
        adminSoapTransport.setAuthToken(adminAuthToken.getEncoded());
        try {
            adminSoapTransport.invoke(JaxbUtil.jaxbToElement(new CreateAccountRequest(UNAUTHORIZED_USER, "test123", (Map) null)));
            Assert.fail("should have caught an exception");
        } catch (ServiceException e) {
            Assert.assertEquals("should be catching AUTH EXPIRED here", "service.AUTH_REQUIRED", e.getCode());
        }
    }

    @Test
    public void testForgedNonCSRFPost() throws Exception {
        AuthToken authToken = AuthProvider.getAuthToken(TestUtil.getAccount(USER_NAME));
        authToken.setCsrfTokenEnabled(false);
        CsrfUtil.generateCsrfToken(authToken.getAccountId(), authToken.getExpires(), new Random().nextInt() + 1, authToken);
        SoapHttpTransport soapHttpTransport = new SoapHttpTransport(TestUtil.getSoapUrl());
        soapHttpTransport.setAuthToken(authToken.getEncoded());
        try {
            soapHttpTransport.invoke(JaxbUtil.jaxbToElement(new GetInfoRequest()));
            Assert.fail("should have caught an exception");
        } catch (ServiceException e) {
            Assert.assertEquals("should be catching AUTH EXPIRED here", "service.AUTH_REQUIRED", e.getCode());
        }
    }

    @Test
    public void testForgedNonCSRFAdminPost() throws Exception {
        AuthToken adminAuthToken = AuthProvider.getAdminAuthToken();
        adminAuthToken.setCsrfTokenEnabled(false);
        CsrfUtil.generateCsrfToken(adminAuthToken.getAccountId(), adminAuthToken.getExpires(), new Random().nextInt() + 1, adminAuthToken);
        SoapTransport adminSoapTransport = TestUtil.getAdminSoapTransport();
        adminSoapTransport.setAuthToken(adminAuthToken.getEncoded());
        try {
            adminSoapTransport.invoke(JaxbUtil.jaxbToElement(new CreateAccountRequest(UNAUTHORIZED_USER, "test123", (Map) null)));
            Assert.fail("should have caught an exception");
        } catch (ServiceException e) {
            Assert.assertEquals("should be catching AUTH EXPIRED here", "service.AUTH_REQUIRED", e.getCode());
        }
    }
}
