/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright (c) 1997-2016 Oracle and/or its affiliates. All rights reserved.
 *
 * The contents of this file are subject to the terms of either the GNU
 * General Public License Version 2 only ("GPL") or the Common Development
 * and Distribution License("CDDL") (collectively, the "License").  You
 * may not use this file except in compliance with the License.  You can
 * obtain a copy of the License at
 * https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
 * or packager/legal/LICENSE.txt.  See the License for the specific
 * language governing permissions and limitations under the License.
 *
 * When distributing the software, include this License Header Notice in each
 * file and include the License file at packager/legal/LICENSE.txt.
 *
 * GPL Classpath Exception:
 * Oracle designates this particular file as subject to the "Classpath"
 * exception as provided by Oracle in the GPL Version 2 section of the License
 * file that accompanied this code.
 *
 * Modifications:
 * If applicable, add the following below the License Header, with the fields
 * enclosed by brackets [] replaced by your own identifying information:
 * "Portions Copyright [year] [name of copyright owner]"
 *
 * Contributor(s):
 * If you wish your version of this file to be governed by only the CDDL or
 * only the GPL Version 2, indicate your decision by adding "[Contributor]
 * elects to include this software in this distribution under the [CDDL or GPL
 * Version 2] license."  If you don't indicate a single choice of license, a
 * recipient has the option to distribute your version of this file under
 * either the CDDL, the GPL Version 2 or to extend the choice of license to
 * its licensees as provided above.  However, if you add GPL Version 2 code
 * and therefore, elected the GPL Version 2 license, then the option applies
 * only if the new code is made subject to such option by the copyright
 * holder.
 */
package com.sun.faces.test.servlet30.client_encrypt_by_default_disabled;

import com.gargoylesoftware.htmlunit.WebClient;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
import com.gargoylesoftware.htmlunit.html.HtmlHiddenInput;
import com.gargoylesoftware.htmlunit.html.HtmlTextInput;
import static com.sun.faces.test.junit.JsfServerExclude.WEBLOGIC_12_2_1;
import com.sun.faces.test.junit.JsfTest;
import com.sun.faces.test.junit.JsfTestRunner;
import static com.sun.faces.test.junit.JsfVersion.JSF_2_3_0_M07;

import org.junit.*;
import static org.junit.Assert.*;
import org.junit.runner.RunWith;

/**
 * Verify a simple facelet page.
 * 
 */
@RunWith(JsfTestRunner.class)
public class ClientEncryptByDefaultDisabledIT {
    /**
     * Stores the web URL.
     */
    private String webUrl;
    /**
     * Stores the web client.
     */
    private WebClient webClient;

    /**
     * Setup before testing.
     * 
     * @throws Exception when a serious error occurs.
     */
    @BeforeClass
    public static void setUpClass() throws Exception {
    }

    /**
     * Cleanup after testing.
     * 
     * @throws Exception when a serious error occurs.
     */
    @AfterClass
    public static void tearDownClass() throws Exception {
    }

    /**
     * Setup before testing.
     */
    @Before
    public void setUp() {
        webUrl = System.getProperty("integration.url");
        webClient = new WebClient();
    }

    /**
     * Tear down after testing.
     */
    @After
    public void tearDown() {
        webClient.close();
    }

    /*
     * From: Jake Evans
     *  Here are the steps to reproduce the issue we're seeing.
     *
     * Steps to build payload:
     * 1. download ysoserial-0.0.3-all.jar
     * 2. create payload: java -jar ysoserial-0.0.3-all.jar CommonsCollections1 'touch /tmp/ClientStateSavingPasswordIneffective.txt' > payload.out
     * 3. gzip payload: gzip -f payload.out
     * 4. base64-encode payload: base64 -w 0 payload.out.gz > payload.out.b64
     */

    public static final String touchTmpClientStateSavingPasswordIneffectiveTxt = 
"H4sIAAAAAAAAAKVYXWgcRRyfXD4uSVObD422NvZsg21ps4lNWzSxSJImzdLLJeQu0bYP6dzdJLfpfmV29j5aGu2DClVBUB+EioJCEVpR+uaDUkSFQkULKogPRR9EsD5IwY8H9T9zu3ub5C57wSXM7ezM/Oc//9/v/zG5cgfV2xR1nIou4iyWVKwvSJPJRZJig698+fRbrdZeNYRQ3kQINVoU9acMTbJsXZrHKWJJ2DRVJYWZYuhSnGFGJrCOFwiVNVPtTlBCYkaa3J3/6OOrfcc+aeFycn2IPxG+W96RAjJNQyc6k2bkWYXkpg2DocbFOSUNf315awkto1DuoFi4q/zCDNNUaRyaMYNqqClDVNXgr+7ix2FpDdobsHjSZqbNEiRf2v7A/5bQ70oYEBL2BUg4RrGZUVKyBnZE4RzOEllbcEUcFiL2BIiQdVeHBtsiNGas1GB/wPIRQ9Ownh62GTN01GDZSU1hrohDQsQjASImiGUJ/QmlBrUezdt8NX9CZd4aTHi83pZliqRK9Bhx37unqGESygrHScFCztMODKPonhKTR3Vb8w+aDDVjxqiStBmoCLwXc22mqNIQpbgQVSyWv3Cr640v8Ju1qEZGdZZylgj61+fqeAuLKpxeOMC4oaYJjQNs9MSNa0devXRzIoRCUdSUUrFlxbBGGGoXvtbLNeyNgzL6wmAUNVuwJi1kMNRZnKEYvXFCFawqZ3FSJYN508xS1FbSeRxbmQls1oe/v/5p5+mva1FoDDWrBk6P4RQzqIyaWIYSKwNK5U2B4H1ggm6//jmSBC+WRmamp0djiblZefSpuenJyYQzm7fbvZWRcisnJ6YmY3ytfDTuzBQ/HZwqwmg1zO+SeQD40MYAnqJKFgzjh5Lv0MrQvSU4ExnMhiiJE+ZtXyu2r3W0yorPZQ7G2x1crZ6gsFSRdo46myjRAf/jCpPTwLXxxER0bngoLo8s8wn7wCNVI4VVAixqLcEYFd+W/2w7fanvr19rUYOMGjMAbQqiZxSFU4atM1rgEjqBKODYRLcg5FrOl0bOJBv8zek3WCmqmMzphbMYKKQXu3nzX3gYQrzXz1CI6OJNNPmSktiCA1gu14QvyTojENrbf3z73T8uvPBYiHtHfRarNsm7hxHzYraWJPT5K693bXrt9otu8qj3ZGfBlNw4m3sXIEEwYL+0aJlieAtDLUUDEpoomATIXpc1lDQqPUDjFVoNG4ZKsH4zQp/95tLfv4FWJ12tTOTLIqX4UhMYgZr4S1sFEvF2m583qynfLKY3M1TP9z7gSyXOp35fbnA+HWReqPeCNnNDrzPnECuFU0G37nU03OO5bJjoKQa2XE31CplsRuY+GkTzJpMSE4CS0/zDMG+OsCIJXJFcjDe4s2TpDWSCpupPWcfJ4PUcAricakwqehp4ZlUJ6aILKUUPufUOUaVZLnQ0D0e3uPfxGuf6jWt3fhjt/KBFJJ4HiudfO/XiM7ePXm7sPhES0zq8aaUZ7zx3Mf77yVtPCHfJ9aCtu87NcBYIXxoGgkuaoiuarZ33u1qxUDNNEVIPV12aBKErjAlWJPrcTLwctlyIh22sBBjaALjhleCGBCKhMuAKRIRqZzaKH/9ZKm9NnF/HmuLMvCl4p5wSks8GHqsekKhQYM3ITm0XZP8ifXmE5DFB0khaWlDmHSDa/MJFlejpOF1JxbpgV6uck9eWlYH6qzhJVEiG3OiRotU3gvZLG0L7pZVo96Hta9C2vW71gMf95qkp7sFQr99GAJOSxlBnSROEZYx0yZ1n3RG4Wt3vXK0UQ1pRzL3/VdOV+Hd3ZDdDhny7UbTDF3hWS+eRp5le+/bUk13ZYuTZ6oWU1XNx+93u4Z+WWMiBx8rtRNvWGMg5CTlfzLerL4ROkXr11uzPv3SdO+ZqXMtW3+OgRMgzaYz3Roodhh4OLPVYWVCqdLjweg7nXGWCCNsK1TLYqmQ1AGDnOgBEFUYoVl/eev6fU+yzuhZH0uXcgyhs2SnQwlp7JKHxe3znYmL6sOToDXGR6B0Pb/efpngL81iZqM4om6t1N9DBYgWV8ATSX92lLtD7hUCGoHpVDToQoSQ9GJkHNvTMY01RCwOR3TGSi4yAbJsWIvFUBkq4pGGc2b0/AqxU5p3ZQsxAxEiqypJNBiOcTT1pkjKo+H8DjMAdS1V0sh4BqtS5Ga5IuaOEYUUVphYAfQ6Vw7xBZx2MilWZO7KJr4jbQC9aELYcqnHg6/Dr4uzv4Tcr8PsPK+niC3URAAA=";

    @JsfTest(value = JSF_2_3_0_M07, excludes = {WEBLOGIC_12_2_1})
    @Test
    public void testClientStateEncrypted() throws Exception {
        HtmlPage page = webClient.getPage(webUrl);

        WebClient client = page.getWebClient();
        webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);


	HtmlHiddenInput stateField = (HtmlHiddenInput) page.getHtmlElementById("j_id_id6:javax.faces.ViewState:0");
	stateField.setValueAttribute(touchTmpClientStateSavingPasswordIneffectiveTxt);
	HtmlTextInput textField = (HtmlTextInput) page.getHtmlElementById("userNo");
	textField.setValueAttribute("5");

	HtmlSubmitInput button = (HtmlSubmitInput) page.getHtmlElementById("submit");

	page = (HtmlPage) button.click();

        assertTrue(-1 != page.asText().indexOf("ClassNotFoundException"));
    }
}