package ca.nrc.cadc.vosi;

import ca.nrc.cadc.auth.AuthMethod;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.RunnableAction;
import ca.nrc.cadc.net.AuthChallenge;
import ca.nrc.cadc.net.HttpGet;
import ca.nrc.cadc.net.HttpPost;
import ca.nrc.cadc.net.NetrcFile;
import ca.nrc.cadc.reg.Capabilities;
import ca.nrc.cadc.reg.CapabilitiesReader;
import ca.nrc.cadc.reg.Capability;
import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.RegistryClient;
import ca.nrc.cadc.util.Log4jInit;
import ca.nrc.cadc.xml.XmlUtil;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.PasswordAuthentication;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.TreeMap;
import javax.security.auth.Subject;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.jdom2.Namespace;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:ca/nrc/cadc/vosi/CapabilitiesTest.class */
public class CapabilitiesTest {
    private static final Logger log = Logger.getLogger(CapabilitiesTest.class);
    private final URI resourceID;
    private final URL capURL;
    private Subject subject;

    public CapabilitiesTest(URL url) {
        this.subject = AuthenticationUtil.getAnonSubject();
        this.capURL = url;
        this.resourceID = null;
    }

    public CapabilitiesTest(URI uri) {
        this.subject = AuthenticationUtil.getAnonSubject();
        this.resourceID = uri;
        this.capURL = null;
    }

    protected void setSubject(Subject subject) {
        this.subject = subject;
    }

    public static Capabilities getCapabilitiesFromServer(Subject subject, URL url) throws IOException, URISyntaxException {
        log.info("get capabilties: " + url);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        HttpGet httpGet = new HttpGet(url, byteArrayOutputStream);
        httpGet.setFollowRedirects(true);
        Subject.doAs(subject, (PrivilegedAction) new RunnableAction(httpGet));
        log.info("getCapabilitiesFromServer: " + httpGet.getResponseCode() + " " + httpGet.getThrowable());
        Assert.assertEquals(200L, httpGet.getResponseCode());
        CapabilitiesReader capabilitiesReader = new CapabilitiesReader();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
        try {
            Capabilities read = capabilitiesReader.read(byteArrayInputStream);
            if (byteArrayInputStream != null) {
                try {
                    byteArrayInputStream.close();
                } catch (Throwable th) {
                    log.warn("failed to close " + url, th);
                }
            }
            return read;
        } catch (Throwable th2) {
            if (byteArrayInputStream != null) {
                try {
                    byteArrayInputStream.close();
                } catch (Throwable th3) {
                    log.warn("failed to close " + url, th3);
                }
            }
            throw th2;
        }
    }

    protected void validateContent(Capabilities capabilities) throws Exception {
    }

    protected URL getCapURL() {
        URL url = this.capURL;
        if (url == null && this.resourceID != null) {
            url = new RegistryClient().getServiceURL(this.resourceID, Standards.VOSI_CAPABILITIES, AuthMethod.ANON);
        }
        Assert.assertNotNull(url);
        log.info("capabilities URL=" + url);
        return url;
    }

    @Test
    public void testValidateCapabilities() {
        try {
            Capabilities capabilitiesFromServer = getCapabilitiesFromServer(this.subject, getCapURL());
            Assert.assertNotNull(capabilitiesFromServer);
            Assert.assertTrue("Incorrect number of capabilities (expected > 1)", capabilitiesFromServer.getCapabilities().size() > 1);
            Capability findCapability = capabilitiesFromServer.findCapability(Standards.VOSI_CAPABILITIES);
            Assert.assertNotNull(findCapability);
            Assert.assertNotNull(findCapability.findInterface(Standards.SECURITY_METHOD_ANON));
            validateContent(capabilitiesFromServer);
        } catch (Exception e) {
            log.error("unexpected exception", e);
            Assert.fail("unexpected exception: " + e);
        }
    }

    @Test
    public void testValidateCapabilitiesNamespaces() {
        new RegistryClient();
        try {
            URL capURL = getCapURL();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            HttpGet httpGet = new HttpGet(capURL, byteArrayOutputStream);
            httpGet.setFollowRedirects(true);
            Subject.doAs(this.subject, (PrivilegedAction) new RunnableAction(httpGet));
            log.info("getCapabilitiesFromServer: " + httpGet.getResponseCode() + " " + httpGet.getThrowable());
            Assert.assertEquals(200L, httpGet.getResponseCode());
            for (Namespace namespace : XmlUtil.buildDocument(byteArrayOutputStream.toString("UTF-8")).getRootElement().getAdditionalNamespaces()) {
                if (namespace.getURI().startsWith("http://www.ivoa.net/xml/VODataService/")) {
                    Assert.assertEquals("Expected VODataService namespace prefix vs, found " + namespace.getPrefix(), "vs", namespace.getPrefix());
                }
                if (namespace.getURI().startsWith("http://www.ivoa.net/xml/VOResource/")) {
                    Assert.assertEquals("Expected VOResource namespace prefix vr, found " + namespace.getPrefix(), "vr", namespace.getPrefix());
                }
            }
        } catch (Exception e) {
            log.error("unexpected exception", e);
            Assert.fail("unexpected exception: " + e);
        }
    }

    @Test
    public void testTokenAuth() throws Exception {
        URL serviceURL = new RegistryClient().getServiceURL(this.resourceID, Standards.VOSI_CAPABILITIES, AuthMethod.ANON);
        HttpGet httpGet = new HttpGet(serviceURL, false);
        httpGet.setHeadOnly(true);
        httpGet.prepare();
        URL url = null;
        List responseHeaderValues = httpGet.getResponseHeaderValues("www-authenticate");
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(responseHeaderValues);
        arrayList.remove("ivoa_x509");
        if (arrayList.isEmpty()) {
            log.warn("no www-authenticate challenges, assuming intentional");
            return;
        }
        Iterator it = arrayList.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String str = (String) it.next();
            log.info(str);
            AuthChallenge authChallenge = new AuthChallenge(str);
            log.info(authChallenge);
            if ("ivoa_bearer".equals(authChallenge.getName()) && Standards.SECURITY_METHOD_PASSWORD.toASCIIString().equals(authChallenge.getParamValue("standard_id"))) {
                url = new URL(authChallenge.getParamValue("access_url"));
                break;
            }
        }
        if (url == null) {
            throw new RuntimeException("no www-authenticate ivoa_bearer " + Standards.SECURITY_METHOD_PASSWORD.toASCIIString() + " challenge");
        }
        log.info("loginURL: " + url);
        PasswordAuthentication credentials = new NetrcFile().getCredentials(url.getHost(), true);
        if (credentials == null) {
            throw new RuntimeException("no credentials in .netrc file for host " + url.getHost());
        }
        TreeMap treeMap = new TreeMap();
        treeMap.put("username", credentials.getUserName());
        treeMap.put("password", credentials.getPassword());
        HttpPost httpPost = new HttpPost(url, treeMap, true);
        httpPost.prepare();
        String responseHeader = httpPost.getResponseHeader("x-vo-bearer");
        Assert.assertNotNull("successful login", responseHeader);
        new HttpGet(serviceURL, false);
        httpGet.setHeadOnly(true);
        httpGet.setRequestProperty("authorization", "bearer " + responseHeader);
        httpGet.prepare();
        String responseHeader2 = httpGet.getResponseHeader("x-vo-authenticated");
        log.info("authenticated as: " + responseHeader2);
        Assert.assertNotNull("successful authenticated call", responseHeader2);
    }

    static {
        Log4jInit.setLevel("ca.nrc.cadc.vosi", Level.INFO);
    }
}
