package org.apache.shindig.gadgets.oauth;

import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.crypto.BasicBlobCrypter;
import org.apache.shindig.common.crypto.BlobCrypter;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.http.HttpResponseBuilder;
import org.apache.shindig.gadgets.oauth.OAuthResponseParams;
import org.easymock.EasyMock;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/shindig/gadgets/oauth/OAuthResponseParamsTest.class */
public class OAuthResponseParamsTest {
    private static final String APP = "http://app/example.xml";
    private HttpRequest origRequest;
    private SecurityToken token;
    private BlobCrypter crypter;
    private OAuthResponseParams params;

    @Before
    public void setUp() {
        this.crypter = new BasicBlobCrypter("abcdefafadfaxxxx".getBytes());
        this.token = (SecurityToken) EasyMock.createMock(SecurityToken.class);
        this.origRequest = new HttpRequest(Uri.parse("http://originalrequest/"));
        EasyMock.expect(this.token.getAppUrl()).andStubReturn(APP);
        EasyMock.replay(new Object[]{this.token});
        this.params = new OAuthResponseParams(this.token, this.origRequest, this.crypter);
    }

    @Test
    public void testSetAndGet() {
        this.params.getNewClientState().setAccessToken("access");
        this.params.setAznUrl("aznurl");
        Assert.assertFalse(this.params.sendTraceToClient());
        this.params.setSendTraceToClient(true);
        Assert.assertTrue(this.params.sendTraceToClient());
        Assert.assertEquals("access", this.params.getNewClientState().getAccessToken());
        Assert.assertEquals("aznurl", this.params.getAznUrl());
    }

    @Test
    public void testAddParams() {
        this.params.getNewClientState().setAccessToken("access");
        this.params.setAznUrl("aznurl");
        this.params.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "whoa there cowboy");
        HttpResponseBuilder httpResponseBuilder = new HttpResponseBuilder();
        this.params.addToResponse(httpResponseBuilder);
        HttpResponse create = httpResponseBuilder.create();
        Assert.assertEquals("BAD_OAUTH_CONFIGURATION", create.getMetadata().get("oauthError"));
        checkStringContains("error text returned", (String) create.getMetadata().get("oauthErrorText"), "whoa there cowboy");
        Assert.assertEquals("aznurl", create.getMetadata().get("oauthApprovalUrl"));
        Assert.assertNotNull(create.getMetadata().get("oauthState"));
        Assert.assertTrue(((String) create.getMetadata().get("oauthState")).length() > 10);
    }

    @Test
    public void testSendTraceToClient() {
        this.params.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "whoa there cowboy");
        this.params.addRequestTrace((HttpRequest) null, (HttpResponse) null);
        this.params.addRequestTrace((HttpRequest) null, (HttpResponse) null);
        this.params.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "whoa there cowboy");
        HttpResponseBuilder httpResponseBuilder = new HttpResponseBuilder();
        this.params.addToResponse(httpResponseBuilder);
        Assert.assertEquals("whoa there cowboy", (String) httpResponseBuilder.create().getMetadata().get("oauthErrorText"));
        this.params.setSendTraceToClient(true);
        this.params.addToResponse(httpResponseBuilder);
        String str = (String) httpResponseBuilder.create().getMetadata().get("oauthErrorText");
        checkStringContains("includes error text", str, "whoa there cowboy");
        checkStringContains("Request 1 logged", str, "Sent request 1:\n\n");
        checkStringContains("Request 2 logged", str, "Sent request 2:\n\n");
    }

    @Test
    public void testAddEmptyParams() {
        HttpResponseBuilder httpResponseBuilder = new HttpResponseBuilder();
        this.params.addToResponse(httpResponseBuilder);
        Assert.assertTrue(httpResponseBuilder.create().getMetadata().isEmpty());
    }

    @Test
    public void testSawErrorResponse() {
        HttpRequest httpRequest = new HttpRequest(Uri.parse("http://www"));
        HttpResponse create = new HttpResponseBuilder().setHttpStatusCode(200).create();
        HttpResponse create2 = new HttpResponseBuilder().setHttpStatusCode(302).create();
        HttpResponse create3 = new HttpResponseBuilder().setHttpStatusCode(404).create();
        HttpResponse create4 = new HttpResponseBuilder().setHttpStatusCode(502).create();
        OAuthResponseParams oAuthResponseParams = new OAuthResponseParams(this.token, this.origRequest, this.crypter);
        Assert.assertFalse(oAuthResponseParams.sawErrorResponse());
        oAuthResponseParams.addRequestTrace(httpRequest, create);
        Assert.assertFalse(oAuthResponseParams.sawErrorResponse());
        oAuthResponseParams.addRequestTrace(httpRequest, create2);
        Assert.assertFalse(oAuthResponseParams.sawErrorResponse());
        oAuthResponseParams.addRequestTrace(httpRequest, (HttpResponse) null);
        Assert.assertTrue(oAuthResponseParams.sawErrorResponse());
        OAuthResponseParams oAuthResponseParams2 = new OAuthResponseParams(this.token, this.origRequest, this.crypter);
        oAuthResponseParams2.addRequestTrace(httpRequest, create3);
        Assert.assertTrue(oAuthResponseParams2.sawErrorResponse());
        OAuthResponseParams oAuthResponseParams3 = new OAuthResponseParams(this.token, this.origRequest, this.crypter);
        oAuthResponseParams3.addRequestTrace(httpRequest, create4);
        Assert.assertTrue(oAuthResponseParams3.sawErrorResponse());
        oAuthResponseParams3.addRequestTrace(httpRequest, create);
        Assert.assertTrue(oAuthResponseParams3.sawErrorResponse());
    }

    @Test
    public void testException() {
        this.params.addRequestTrace(new HttpRequest(Uri.parse("http://www")), new HttpResponseBuilder().setHttpStatusCode(200).create());
        checkStringContains(this.params.oauthRequestException("error", "errorText").toString(), "[error,errorText]");
        this.params.addRequestTrace((HttpRequest) null, (HttpResponse) null);
        RuntimeException runtimeException = new RuntimeException();
        OAuthResponseParams.OAuthRequestException oauthRequestException = this.params.oauthRequestException(OAuthError.UNAUTHENTICATED, "errorText", runtimeException);
        checkStringContains(oauthRequestException.toString(), "[UNAUTHENTICATED,errorText]");
        Assert.assertEquals(runtimeException, oauthRequestException.getCause());
    }

    @Test
    public void testNullSafe() {
        this.params.addRequestTrace((HttpRequest) null, (HttpResponse) null);
        this.params.oauthRequestException("error", "errorText");
        this.params.logDetailedWarning("wow");
        this.params.logDetailedWarning("new runtime", new RuntimeException());
    }

    @Test
    public void testStripSensitiveFromResponse() {
        verifyStrip("oauth_token=dbce9de6d6da692b99b39cdcde60fd83&oauth_token_secret=60c1aabe0f6db96f2719956168c08d9d");
        String verifyStrip = verifyStrip("oauth_token=dbce9de6d6da692b99b39cdcde60fd83&oauth_token_secret=60c1aabe0f6db96f2719956168c08d9d&oauth_session_handle=ABCDEFGH");
        checkStringContains(verifyStrip, "oauth_token=dbce");
        checkStringContains(verifyStrip, "HTTP/1.1 200");
        checkStringContains(verifyStrip("oauth_token_secret=x"), "oauth_token_secret=REMOVED");
        checkStringContains(verifyStrip("foo&oauth_token_secret=!@#$%$^&(()&"), "foo&oauth_token_secret=REMOVED&");
    }

    private String verifyStrip(String str) {
        String filterSecrets = OAuthResponseParams.filterSecrets(new HttpResponseBuilder().setHttpStatusCode(200).setHeader("Date", "Date: Fri, 09 Jan 2009 00:35:08 GMT").setResponseString(str).create().toString());
        if (filterSecrets.contains("oauth_token_secret")) {
            checkStringContains("should remove secret", filterSecrets, "oauth_token_secret=REMOVED");
        }
        if (filterSecrets.contains("oauth_session_handle")) {
            checkStringContains("should remove handle", filterSecrets, "oauth_session_handle=REMOVED");
        }
        return filterSecrets;
    }

    @Test
    public void testStripSecretsFromRequestHeader() {
        HttpRequest httpRequest = new HttpRequest(Uri.parse("http://www.example.com/foo"));
        httpRequest.setHeader("Authorization", "OAuth opensocial_owner_id=\"owner\", opensocial_viewer_id=\"owner\", opensocial_app_id=\"app\", opensocial_app_url=\"http%3A%2F%2Fwww.example.com%2Fheader.xml\", oauth_version=\"1.0\", oauth_timestamp=\"1231461306\", oauth_consumer_key=\"consumer\", oauth_signature_method=\"HMAC-SHA1\", oauth_nonce=\"1231461308333563000\", oauth_session_handle=\"w0zAI1yN5ZRvmBX5kcVdra5%2BbZE%3D\"");
        checkStringContains(OAuthResponseParams.filterSecrets(httpRequest.toString()), "oauth_session_handle=REMOVED");
    }

    @Test
    public void testStripSecretsFromRequestUrl() {
        checkStringContains(OAuthResponseParams.filterSecrets(new HttpRequest(Uri.parse("http://www.example.com/access?param=foo&opensocial_owner_id=owner&opensocial_viewer_id=owner&opensocial_app_id=app&oauth_session_handle=http%3A%2F%2Fwww.example.com%2Fgadget.xml&oauth_version=1.0&oauth_timestamp=1231461132&oauth_consumer_key=consumer&oauth_signature_method=HMAC-SHA1&oauth_nonce=1231461160262578000&oauth_signature=HuFQ%2BRYTrRzcgsi3al6ld9Msvoo%3D")).toString()), "oauth_session_handle=REMOVED");
    }

    private void checkStringContains(String str, String str2) {
        if (str.contains(str2)) {
            return;
        }
        Assert.fail("expected [" + str2 + "], got + [" + str + ']');
    }

    private void checkStringContains(String str, String str2, String str3) {
        if (str2.contains(str3)) {
            return;
        }
        Assert.fail(str + ", expected [" + str3 + "], got + [" + str2 + ']');
    }
}
