package com.zimbra.qa.unittest.prov.soap;

import com.zimbra.common.soap.SoapFaultException;
import com.zimbra.common.soap.SoapProtocol;
import com.zimbra.common.soap.SoapTransport;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.ldap.LdapConstants;
import com.zimbra.soap.JaxbUtil;
import com.zimbra.soap.account.message.CreateSignatureRequest;
import com.zimbra.soap.account.type.Signature;
import java.util.HashMap;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:com/zimbra/qa/unittest/prov/soap/TestCsrfRequest.class */
public class TestCsrfRequest extends SoapTest {
    private static SoapProvTestUtil provUtil;
    private static Provisioning prov;
    private static Domain domain;

    @BeforeClass
    public static void init() throws Exception {
        provUtil = new SoapProvTestUtil();
        prov = provUtil.getProv();
        domain = provUtil.createDomain(baseDomainName());
    }

    @AfterClass
    public static void cleanup() throws Exception {
        Cleanup.deleteAll(baseDomainName());
    }

    @Test
    public void getCreateSigWithAuthAndCsrfDisabled() throws Exception {
        Account createAccount = provUtil.createAccount(genAcctNameLocalPart(), domain);
        try {
            Assert.assertNotNull(authUser(createAccount.getName(), Boolean.FALSE.booleanValue(), Boolean.FALSE.booleanValue()).invoke(JaxbUtil.jaxbToElement(new CreateSignatureRequest(new Signature((String) null, "testSig", "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;", "text/html")), SoapProtocol.Soap12.getFactory()), false, false, (String) null).getElement("signature").getAttribute("id"));
        } catch (SoapFaultException e) {
            e.printStackTrace();
            Assert.assertNull(e);
        }
    }

    @Test
    public void getCreateSigWithAuthAndCsrfEnabledNoCsrfToken() throws Exception {
        Account createAccount = provUtil.createAccount(genAcctNameLocalPart(), domain);
        try {
            authUser(createAccount.getName(), Boolean.TRUE.booleanValue(), Boolean.FALSE.booleanValue()).invoke(JaxbUtil.jaxbToElement(new CreateSignatureRequest(new Signature((String) null, "testSig", "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;", "text/html")), SoapProtocol.Soap12.getFactory()), false, false, (String) null);
        } catch (SoapFaultException e) {
            Assert.assertNotNull(e);
            junit.framework.Assert.assertEquals(true, e.getCode().contains("AUTH_REQUIRED"));
        }
    }

    @Test
    public void getCreateSigWithAuthAndCsrfEnabledAndCsrfToken() throws Exception {
        Account createAccount = provUtil.createAccount(genAcctNameLocalPart(), domain);
        try {
            Assert.assertNotNull(authUser(createAccount.getName(), Boolean.TRUE.booleanValue(), Boolean.TRUE.booleanValue()).invoke(JaxbUtil.jaxbToElement(new CreateSignatureRequest(new Signature((String) null, "testSig", "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;", "text/html")), SoapProtocol.Soap12.getFactory()), false, false, (String) null).getElement("signature").getAttribute("id"));
        } catch (SoapFaultException e) {
            Assert.assertNull(e);
        }
    }

    @Test
    public void getCreateSigWithAuthAndCsrfEnabledAndInvalidCsrfToken() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("zimbraCsrfTokenCheckEnabled", LdapConstants.LDAP_TRUE);
        prov.modifyAttrs(prov.getConfig(), hashMap, true);
        Account createAccount = provUtil.createAccount(genAcctNameLocalPart(), domain);
        SoapTransport authUser = authUser(createAccount.getName(), Boolean.TRUE.booleanValue(), Boolean.TRUE.booleanValue());
        authUser.setCsrfToken(authUser.getCsrfToken().substring(7));
        try {
            Assert.assertNull(authUser.invoke(JaxbUtil.jaxbToElement(new CreateSignatureRequest(new Signature((String) null, "testSig", "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;", "text/html")), SoapProtocol.Soap12.getFactory()), false, false, (String) null).getElement("signature").getAttribute("id"));
        } catch (SoapFaultException e) {
            Assert.assertNotNull(e);
            junit.framework.Assert.assertEquals(true, e.getCode().contains("AUTH_REQUIRED"));
        }
    }

    @Test
    public void getCreateSigWithCsrfFeatureDisbaledAndAuthTokenIsCsrfEnabled() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("zimbraCsrfTokenCheckEnabled", LdapConstants.LDAP_FALSE);
        prov.modifyAttrs(prov.getConfig(), hashMap, true);
        Account createAccount = provUtil.createAccount(genAcctNameLocalPart(), domain);
        try {
            Assert.assertNotNull(authUser(createAccount.getName(), Boolean.TRUE.booleanValue(), Boolean.FALSE.booleanValue()).invoke(JaxbUtil.jaxbToElement(new CreateSignatureRequest(new Signature((String) null, "testSig", "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;", "text/html")), SoapProtocol.Soap12.getFactory()), false, false, (String) null).getElement("signature").getAttribute("id"));
        } catch (SoapFaultException e) {
            e.printStackTrace();
            Assert.assertNull(e);
        }
    }
}
