package org.nuxeo.ecm.platform.web.requestcontroller.filter;

import java.util.Map;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.mutable.MutableObject;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
import org.nuxeo.runtime.test.runner.Deploy;

@Deploy({"org.nuxeo.ecm.platform.web.common.test:OSGI-INF/test-csrf-token-config.xml"})
/* loaded from: input_file:org/nuxeo/ecm/platform/web/requestcontroller/filter/TestNuxeoCorsCsrfFilterToken.class */
public class TestNuxeoCorsCsrfFilterToken extends TestNuxeoCorsCsrfFilter {
    protected static final String CSRF_TOKEN_ATTRIBUTE = "NuxeoCSRFToken";
    protected static final String CSRF_TOKEN_HEADER = "CSRF-Token";
    protected static final String CSRF_TOKEN_FETCH = "fetch";
    protected static final String CSRF_TOKEN_INVALID = "invalid";
    protected static final String CSRF_TOKEN_PARAM = "csrf-token";

    @Override // org.nuxeo.ecm.platform.web.requestcontroller.filter.TestNuxeoCorsCsrfFilter
    protected void maybeSetupToken() {
        mockSessionAttributes().put(CSRF_TOKEN_ATTRIBUTE, "realtoken");
        Mockito.when(this.request.getHeader((String) Matchers.eq(CSRF_TOKEN_HEADER))).thenReturn("realtoken");
    }

    @Test
    public void testCSRFTokenAcquire() throws Exception {
        mockRequestURI(this.request, "GET", "");
        Mockito.when(this.request.getHeader((String) Matchers.eq(CSRF_TOKEN_HEADER))).thenReturn(CSRF_TOKEN_FETCH);
        Map<String, Object> mockSessionAttributes = mockSessionAttributes();
        this.filter.doFilter(this.request, this.response, this.chain);
        Assert.assertFalse(this.chain.called);
        String str = (String) mockSessionAttributes.get(CSRF_TOKEN_ATTRIBUTE);
        Assert.assertNotNull(str);
        ((HttpServletResponse) Mockito.verify(this.response)).setStatus(Matchers.eq(200));
        ((HttpServletResponse) Mockito.verify(this.response)).setHeader(CSRF_TOKEN_HEADER, str);
    }

    @Test
    public void testCSRFTokenMissing() throws Exception {
        doTestCSRFTokenInvalid(null, null);
    }

    @Test
    public void testCSRFTokenMissingButExistsInSession() throws Exception {
        doTestCSRFTokenInvalid("realtoken", null);
    }

    @Test
    public void testCSRFTokenInvalid() throws Exception {
        doTestCSRFTokenInvalid(null, "badtoken");
    }

    @Test
    public void testCSRFTokenInvalidButExistsInSession() throws Exception {
        doTestCSRFTokenInvalid("realtoken", "badtoken");
    }

    protected void doTestCSRFTokenInvalid(String str, String str2) throws Exception {
        mockRequestURI(this.request, "POST", "/site/something");
        Mockito.when(this.request.getHeader((String) Matchers.eq(CSRF_TOKEN_HEADER))).thenReturn(str2);
        Map<String, Object> mockSessionAttributes = mockSessionAttributes();
        MutableObject mutableObject = new MutableObject();
        ((HttpServletResponse) Mockito.doAnswer(invocationOnMock -> {
            mutableObject.setValue(invocationOnMock);
            return null;
        }).when(this.response)).sendError(Matchers.anyInt(), Matchers.anyString());
        mockSessionAttributes.put(CSRF_TOKEN_ATTRIBUTE, str);
        this.filter.doFilter(this.request, this.response, this.chain);
        Assert.assertFalse(this.chain.called);
        if (str == null) {
            Assert.assertNull(mockSessionAttributes.get(CSRF_TOKEN_ATTRIBUTE));
        }
        Assert.assertNotNull(mutableObject.getValue());
        Object[] arguments = ((InvocationOnMock) mutableObject.getValue()).getArguments();
        Assert.assertEquals(403, arguments[0]);
        Assert.assertEquals("CSRF check failure", arguments[1]);
        ((HttpServletResponse) Mockito.verify(this.response)).setHeader(CSRF_TOKEN_HEADER, CSRF_TOKEN_INVALID);
    }

    @Test
    public void testCSRFTokenMissingOnAllowedEndpoint() throws Exception {
        mockRequestURI(this.request, "POST", "/mysaml/mylogin");
        Map<String, Object> mockSessionAttributes = mockSessionAttributes();
        this.filter.doFilter(this.request, this.response, this.chain);
        Assert.assertTrue(this.chain.called);
        Assert.assertNull(mockSessionAttributes.get(CSRF_TOKEN_ATTRIBUTE));
    }
}
