package com.google.enterprise.connector.servlet;

import com.google.enterprise.connector.common.SecurityUtils;
import com.google.enterprise.connector.spi.XmlUtils;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.Method;
import java.net.URL;
import java.net.URLClassLoader;
import java.util.HashMap;
import java.util.Map;
import junit.framework.Assert;
import junit.framework.TestCase;

/* loaded from: input_file:com/google/enterprise/connector/servlet/ServletUtilTest.class */
public class ServletUtilTest extends TestCase {
    private static final String HIDE_KEY_ONE = "PasswordOne";
    private static final String HIDE_KEY_TWO = "a_password_two";
    private static final String HIDE_KEY_THREE = "imapasswordtoo";
    private static final String CLEAR_KEY_ONE = "NotAPwd";
    private static final String VALUE = "value";
    private static final String NAME = "name";
    private static final String TEXT = "text";
    private static final String TYPE = "type";
    private static final String INPUT = "input";
    private static final String CLOSE_ELEMENT = "/>";
    private static final String OPEN_ELEMENT = "<";
    private static final String PASSWORD = "password";
    private static final String TR_END = "</tr>\r\n";
    private static final String TD_END = "</td>\r\n";
    private static final String TD_START = "<td>";
    private static final String TR_START = "<tr>\r\n";
    private static final String DTD_DIRECTORY = "source/dtds/";

    public void testPrependCmPrefix() {
        onePrependTest("foo name=\"bar\" bar", "foo name=\"CM_bar\" bar");
        onePrependTest("name=\"bar\"", "name=\"CM_bar\"");
        onePrependTest("name=\"bar\" name=\"baz\"", "name=\"CM_bar\" name=\"CM_baz\"");
        onePrependTest("name='bar' name=\"baz\"", "name='CM_bar' name=\"CM_baz\"");
        onePrependTest("name = 'bar'   name   =  \"baz\"", "name = 'CM_bar'   name   =  \"CM_baz\"");
    }

    private void onePrependTest(String str, String str2) {
        String prependCmPrefix = ServletUtil.prependCmPrefix(str);
        Assert.assertEquals(str2, prependCmPrefix);
        Assert.assertEquals(str, ServletUtil.stripCmPrefix(prependCmPrefix));
    }

    public void testEmptyTextArea() throws Exception {
        addDtdToClassLoader();
        String filterSensitiveData = ServletUtil.filterSensitiveData("<tr><td>Sensitive input to force parsing</td><td><input name=\"Password\" type=\"password\" value=\"protected\"/></td></tr><tr><td>Sample text</td><td><textarea cols=\"50\" name=\"SampleText\" rows=\"5\"></textarea></td></tr>");
        assertNotNull("Form returned", filterSensitiveData);
        assertEquals("Form changed as expected", "<tr><td colspan=\"1\" rowspan=\"1\">Sensitive input to force parsing</td><td colspan=\"1\" rowspan=\"1\"><input name=\"Password\" type=\"password\" value=\"*********\"></td></tr><tr><td colspan=\"1\" rowspan=\"1\">Sample text</td><td colspan=\"1\" rowspan=\"1\"><textarea cols=\"50\" name=\"SampleText\" rows=\"5\"></textarea></td></tr>", filterSensitiveData);
    }

    public void testRemoveNestedMarkers() {
        assertEquals("Form with markers cleaned up", "<script language=\"JavaScript\" type=\"text/javascript\">  function foo() {    alert('foo');  }</script>", ServletUtil.removeNestedMarkers("<script language=\"JavaScript\" type=\"text/javascript\">//<![CDATA[  function foo() {    alert('foo');  }//]]></script>"));
        assertEquals("Form with similar markers cleaned up", "<script language=\"JavaScript\" type=\"text/javascript\">  function foo() {    alert('foo');  }</script>", ServletUtil.removeNestedMarkers("<script language=\"JavaScript\" type=\"text/javascript\"><![CDATA[  function foo() {    alert('foo');  }]]></script>"));
        assertEquals("Form without markers left alone", "<script language=\"JavaScript\" type=\"text/javascript\">function foo() {  alert('foo');}</script>", ServletUtil.removeNestedMarkers("<script language=\"JavaScript\" type=\"text/javascript\">function foo() {  alert('foo');}</script>"));
    }

    public void testIssue204() {
        assertEquals("Form with just end markers left alone", "decode( FNGETXMLPARAMS(xml_file, 'CONTENT'), ']]>' , FNGETXMLPARAMS(xml_file, 'SUMMARY'), FNGETXMLPARAMS(xml_file, 'CONTENT') ) as CONTENT;", ServletUtil.removeNestedMarkers("decode( FNGETXMLPARAMS(xml_file, 'CONTENT'), ']]>' , FNGETXMLPARAMS(xml_file, 'SUMMARY'), FNGETXMLPARAMS(xml_file, 'CONTENT') ) as CONTENT;"));
        assertEquals("Form with end marker before begin marker", "<script language=\"JavaScript\" type=\"text/javascript\">]]>  function foo() {    alert('foo');  }<![CDATA[</script>", ServletUtil.removeNestedMarkers("<script language=\"JavaScript\" type=\"text/javascript\">]]>  function foo() {    alert('foo');  }<![CDATA[</script>"));
        assertEquals("Form with nested markers", "<script language=\"JavaScript\" type=\"text/javascript\">  function foo() {    alert('foo');  }</script>", ServletUtil.removeNestedMarkers("<script language=\"JavaScript\" type=\"text/javascript\"><![CDATA[<![CDATA[  function foo() {    alert('foo');  }]]>]]></script>"));
        assertEquals("Form with repeating markers", "<script language=\"JavaScript\" type=\"text/javascript\">  function foo() {    alert('foo');  }  function foo() {    alert('foo');  }</script>", ServletUtil.removeNestedMarkers("<script language=\"JavaScript\" type=\"text/javascript\"><![CDATA[  function foo() {    alert('foo');  }]]><![CDATA[  function foo() {    alert('foo');  }]]></script>"));
        assertEquals("Form with unbalanced markers", "<script language=\"JavaScript\" type=\"text/javascript\">  function foo() {    alert('foo');  }<![CDATA[  function foo() {    alert('foo');  }</script>", ServletUtil.removeNestedMarkers("<script language=\"JavaScript\" type=\"text/javascript\"><![CDATA[  function foo() {    alert('foo');  }]]><![CDATA[  function foo() {    alert('foo');  }</script>"));
    }

    public void testEscapeEndMarkers() {
        assertEquals("Contains end markers", "<script language=\"JavaScript\" type=\"text/javascript\"><![CDATA[  function foo() {    alert('foo');  }]]&gt;</script>", ServletUtil.escapeEndMarkers("<script language=\"JavaScript\" type=\"text/javascript\"><![CDATA[  function foo() {    alert('foo');  }]]></script>"));
    }

    public void testObfuscateForm() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put(HIDE_KEY_ONE, "protected");
        hashMap.put(HIDE_KEY_TWO, "protected");
        hashMap.put(HIDE_KEY_THREE, "protected");
        hashMap.put(CLEAR_KEY_ONE, "clear");
        String makeConfigForm = makeConfigForm(hashMap);
        addDtdToClassLoader();
        String filterSensitiveData = ServletUtil.filterSensitiveData(makeConfigForm);
        assertNotNull("Form returned", filterSensitiveData);
        assertTrue("Form does not contain protected values", filterSensitiveData.indexOf("protected") == -1);
        assertTrue("Form still contains clear values", filterSensitiveData.indexOf("clear") != -1);
        assertNull("Null form returned when form invalid", ServletUtil.filterSensitiveData(makeConfigForm.substring(1)));
    }

    public void testObfuscateEvilForm() throws Exception {
        assertTrue("name is still considered sensitive", SecurityUtils.isKeySensitive("doPasswordCheck"));
        String str = "<tr>\n<td>Password Check</td>\n<td><input type=\"radio\" name=\"doPasswordCheck\" id=\"doPasswordCheck-true\" value=\"true\"/>\n<label for=\"doPasswordCheck-true\">True</label><br/>\n<input type=\"radio\" name=\"doPasswordCheck\" id=\"doPasswordCheck-false\" value=\"false\" checked=\"checked\"/>\n<label for=\"doPasswordCheck-false\">False</label><br/>\n</td>\n</tr>";
        addDtdToClassLoader();
        String filterSensitiveData = ServletUtil.filterSensitiveData(str);
        assertNotNull("Form returned", filterSensitiveData);
        assertEquals("Form not changed", str, filterSensitiveData);
    }

    public void testObfuscateFormWithEntities() throws Exception {
        String str = "<tr><td colspan=\"1\" rowspan=\"1\">Sensitive input to force parsing</td><td colspan=\"1\" rowspan=\"1\"><input name=\"Password\" type=\"password\" value=\"*********\"></td></tr><tr><td colspan=\"1\" rowspan=\"1\">HTML and XML &amp; &lt;</td><td colspan=\"1\" rowspan=\"1\"><input name=\"HtmlAndXml\" type=\"text\" value=\"clear\"></td></tr><tr><td colspan=\"1\" rowspan=\"1\">Some&nbsp;of&nbsp;the&nbsp;other 252 &copy; &copy; &copy;</td><td colspan=\"1\" rowspan=\"1\"><input name=\"Other252\" type=\"text\" value=\"clear\"></td></tr><tr><td colspan=\"1\" rowspan=\"1\">Value has non-252 but needs to be preserved</td><td colspan=\"1\" rowspan=\"1\"><input name=\"ValueHas\" type=\"text\" value=\"clear1" + System.getProperty("line.separator") + "clear2" + System.getProperty("line.separator") + "clear3\"></td></tr><tr><td colspan=\"1\" rowspan=\"1\">Two words</td><td colspan=\"1\" rowspan=\"1\"><textarea cols=\"40\" name=\"url\" rows=\"5\">http://www.example.com/doc?a=b&amp;c=d</textarea></td></tr><tr><td colspan=\"1\" rowspan=\"1\">Two words</td><td colspan=\"1\" rowspan=\"1\"><textarea cols=\"40\" name=\"quote\" rows=\"5\">Is that a &dagger; I see before me?</textarea></td></tr>";
        addDtdToClassLoader();
        String filterSensitiveData = ServletUtil.filterSensitiveData("<tr><td>Sensitive input to force parsing</td><td><input name=\"Password\" type=\"password\" value=\"protected\"/></td></tr><tr><td>HTML and XML &amp; &lt;</td><td><input name=\"HtmlAndXml\" type=\"text\" value=\"clear\"/></td></tr><tr><td>Some&nbsp;of&#160;the&#xA0;other 252 &copy; &#169; &#xA9;</td><td><input name=\"Other252\" type=\"text\" value=\"clear\"/></td></tr><tr><td>Value has non-252 but needs to be preserved</td><td><input name=\"ValueHas\" type=\"text\" value=\"clear1&#10;clear2&#xA;clear3\"/></td></tr><tr><td>Two words</td><td><textarea rows='5' cols='40' name='url'>http://www.example.com/doc?a=b&amp;c=d</textarea></td></tr><tr><td>Two words</td><td><textarea rows='5' cols='40' name='quote'>Is that a &dagger; I see before me?</textarea></td></tr>");
        assertNotNull("Form returned", filterSensitiveData);
        assertEquals("Form changed as expected", str, filterSensitiveData);
    }

    public void testObfuscateFormWithScript() throws Exception {
        addDtdToClassLoader();
        String filterSensitiveData = ServletUtil.filterSensitiveData("<script language=\"JavaScript\" type=\"text/javascript\"><![CDATA[  function checkSelect() {    var opt = document.getElementById('Version');    if (opt == 'version1') {      alert('Version1 Selected');    } else {      alert('Version1 Not Selected');    }  }]]></script><tr><td>Sensitive input to force parsing</td><td><input name=\"Password\" type=\"password\" value=\"protected\"/></td></tr><tr><td><div style='float: left;'>Select Version</div></td><td><select id=\"SPType\" name=\"Version\" size=\"1\" onchange=\"checkSelect();\">  <option selected=\"\" value=\"version1\">Version 1</option>  <option value=\"version2\">Version 2</option></select></td></tr>");
        assertNotNull("Form returned", filterSensitiveData);
        assertEquals("Form changed as expected", "<script language=\"JavaScript\" type=\"text/javascript\" xml:space=\"preserve\">  function checkSelect() {    var opt = document.getElementById('Version');    if (opt == 'version1') {      alert('Version1 Selected');    } else {      alert('Version1 Not Selected');    }  }</script><tr><td colspan=\"1\" rowspan=\"1\">Sensitive input to force parsing</td><td colspan=\"1\" rowspan=\"1\"><input name=\"Password\" type=\"password\" value=\"*********\"></td></tr><tr><td colspan=\"1\" rowspan=\"1\"><div style=\"float: left;\">Select Version</div></td><td colspan=\"1\" rowspan=\"1\"><select id=\"SPType\" name=\"Version\" onchange=\"checkSelect();\" size=\"1\">  <option selected value=\"version1\">Version 1</option>  <option value=\"version2\">Version 2</option></select></td></tr>", filterSensitiveData);
    }

    public void testObfuscateTools() {
        String obfuscateValue = ServletUtil.obfuscateValue("this is open");
        assertEquals("clear was not changed", "this is open", "this is open");
        assertEquals("string was obfuscated", "************", obfuscateValue);
        assertTrue("obfuscated string recognized", ServletUtil.isObfuscated(obfuscateValue));
        assertFalse(ServletUtil.isObfuscated("***n***"));
        assertFalse(ServletUtil.isObfuscated("***n"));
        assertFalse(ServletUtil.isObfuscated("n***"));
        assertEquals("************", ServletUtil.obfuscateValue("1234 56 7890"));
        assertEquals("************", ServletUtil.obfuscateValue("-+=< >^ ()[]"));
        assertEquals("************", ServletUtil.obfuscateValue("ABCD EF GHIJ"));
        assertEquals("************", ServletUtil.obfuscateValue("**** &@ !#$%"));
    }

    public void testReplaceSensitiveData() {
        HashMap hashMap = new HashMap();
        hashMap.put(HIDE_KEY_ONE, "clear value");
        hashMap.put(HIDE_KEY_TWO, "clear value");
        hashMap.put(HIDE_KEY_THREE, "clear value");
        hashMap.put(CLEAR_KEY_ONE, "clear value");
        HashMap hashMap2 = new HashMap();
        obfuscateValues(hashMap, hashMap2);
        assertEquals("***********", hashMap2.get(HIDE_KEY_ONE));
        assertEquals("***********", hashMap2.get(HIDE_KEY_TWO));
        assertEquals("***********", hashMap2.get(HIDE_KEY_THREE));
        assertEquals("clear value", hashMap2.get(CLEAR_KEY_ONE));
        ServletUtil.replaceSensitiveData(hashMap2, hashMap);
        assertEquals("clear value", hashMap2.get(HIDE_KEY_ONE));
        assertEquals("clear value", hashMap2.get(HIDE_KEY_TWO));
        assertEquals("clear value", hashMap2.get(HIDE_KEY_THREE));
        assertEquals("clear value", hashMap2.get(CLEAR_KEY_ONE));
        hashMap2.clear();
        obfuscateValues(hashMap, hashMap2);
        hashMap2.put(HIDE_KEY_ONE, "new nice value");
        hashMap2.put(HIDE_KEY_TWO, "******n******");
        hashMap2.put(HIDE_KEY_THREE, "***");
        ServletUtil.replaceSensitiveData(hashMap2, hashMap);
        assertEquals("new nice value", hashMap2.get(HIDE_KEY_ONE));
        assertEquals("******n******", hashMap2.get(HIDE_KEY_TWO));
        assertEquals("***", hashMap2.get(HIDE_KEY_THREE));
        assertEquals("clear value", hashMap2.get(CLEAR_KEY_ONE));
    }

    private String makeConfigForm(Map<String, String> map) {
        String value;
        StringBuilder sb = new StringBuilder(2048);
        for (Map.Entry<String, String> entry : map.entrySet()) {
            appendStartRow(sb, entry.getKey());
            sb.append(OPEN_ELEMENT);
            sb.append(INPUT);
            if (SecurityUtils.isKeySensitive(entry.getKey())) {
                appendAttribute(sb, TYPE, PASSWORD);
            } else {
                appendAttribute(sb, TYPE, TEXT);
            }
            appendAttribute(sb, NAME, entry.getKey());
            if (map != null && (value = entry.getValue()) != null) {
                appendAttribute(sb, VALUE, value);
            }
            appendEndRow(sb);
        }
        return sb.toString();
    }

    private void appendStartRow(StringBuilder sb, String str) {
        sb.append(TR_START);
        sb.append(TD_START);
        sb.append(str);
        sb.append(TD_END);
        sb.append(TD_START);
    }

    private void appendEndRow(StringBuilder sb) {
        sb.append(CLOSE_ELEMENT);
        sb.append(TD_END);
        sb.append(TR_END);
    }

    private void appendAttribute(StringBuilder sb, String str, String str2) {
        try {
            XmlUtils.xmlAppendAttr(str, str2, sb);
        } catch (IOException e) {
            fail("Unexpected exception: " + e.getMessage());
        }
    }

    private void obfuscateValues(Map<String, String> map, Map<String, String> map2) {
        for (Map.Entry<String, String> entry : map.entrySet()) {
            map2.put(entry.getKey(), SecurityUtils.isKeySensitive(entry.getKey()) ? ServletUtil.obfuscateValue(entry.getValue()) : entry.getValue());
        }
    }

    private void addDtdToClassLoader() throws Exception {
        URL url = new File(DTD_DIRECTORY).toURI().toURL();
        URLClassLoader uRLClassLoader = (URLClassLoader) ServletUtil.class.getClassLoader();
        Method declaredMethod = URLClassLoader.class.getDeclaredMethod("addURL", URL.class);
        declaredMethod.setAccessible(true);
        declaredMethod.invoke(uRLClassLoader, url);
    }
}
