package org.apache.hadoop.security.http;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.5.1-eep-912-tests.jar:org/apache/hadoop/security/http/TestRestCsrfPreventionFilter.class */
public class TestRestCsrfPreventionFilter {
    private static final String NON_BROWSER = "java";
    private static final String BROWSER_AGENT = "Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)";
    private static final String EXPECTED_MESSAGE = "Missing Required Header for CSRF Vulnerability Protection";
    private static final String X_CUSTOM_HEADER = "X-CUSTOM_HEADER";

    @Test
    public void testNoHeaderDefaultConfigBadRequest() throws ServletException, IOException {
        FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn((Object) null);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn((Object) null);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getHeader("X-XSRF-HEADER")).thenReturn((Object) null);
        Mockito.when(httpServletRequest.getHeader("User-Agent")).thenReturn(BROWSER_AGENT);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        RestCsrfPreventionFilter restCsrfPreventionFilter = new RestCsrfPreventionFilter();
        restCsrfPreventionFilter.init(filterConfig);
        restCsrfPreventionFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
        ((HttpServletResponse) Mockito.verify(httpServletResponse, Mockito.atLeastOnce())).sendError(400, EXPECTED_MESSAGE);
        Mockito.verifyZeroInteractions(new Object[]{filterChain});
    }

    @Test
    public void testNoHeaderCustomAgentConfigBadRequest() throws ServletException, IOException {
        FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn((Object) null);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn((Object) null);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.BROWSER_USER_AGENT_PARAM)).thenReturn("^Mozilla.*,^Opera.*,curl");
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getHeader("X-XSRF-HEADER")).thenReturn((Object) null);
        Mockito.when(httpServletRequest.getHeader("User-Agent")).thenReturn("curl");
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        RestCsrfPreventionFilter restCsrfPreventionFilter = new RestCsrfPreventionFilter();
        restCsrfPreventionFilter.init(filterConfig);
        restCsrfPreventionFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
        ((HttpServletResponse) Mockito.verify(httpServletResponse, Mockito.atLeastOnce())).sendError(400, EXPECTED_MESSAGE);
        Mockito.verifyZeroInteractions(new Object[]{filterChain});
    }

    @Test
    public void testNoHeaderDefaultConfigNonBrowserGoodRequest() throws ServletException, IOException {
        FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn((Object) null);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn((Object) null);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getHeader("X-XSRF-HEADER")).thenReturn((Object) null);
        Mockito.when(httpServletRequest.getHeader("User-Agent")).thenReturn("java");
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        RestCsrfPreventionFilter restCsrfPreventionFilter = new RestCsrfPreventionFilter();
        restCsrfPreventionFilter.init(filterConfig);
        restCsrfPreventionFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
        ((FilterChain) Mockito.verify(filterChain)).doFilter(httpServletRequest, httpServletResponse);
    }

    @Test
    public void testHeaderPresentDefaultConfigGoodRequest() throws ServletException, IOException {
        FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn((Object) null);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn((Object) null);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getHeader("X-XSRF-HEADER")).thenReturn("valueUnimportant");
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        RestCsrfPreventionFilter restCsrfPreventionFilter = new RestCsrfPreventionFilter();
        restCsrfPreventionFilter.init(filterConfig);
        restCsrfPreventionFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
        ((FilterChain) Mockito.verify(filterChain)).doFilter(httpServletRequest, httpServletResponse);
    }

    @Test
    public void testHeaderPresentCustomHeaderConfigGoodRequest() throws ServletException, IOException {
        FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(X_CUSTOM_HEADER);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn((Object) null);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getHeader(X_CUSTOM_HEADER)).thenReturn("valueUnimportant");
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        RestCsrfPreventionFilter restCsrfPreventionFilter = new RestCsrfPreventionFilter();
        restCsrfPreventionFilter.init(filterConfig);
        restCsrfPreventionFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
        ((FilterChain) Mockito.verify(filterChain)).doFilter(httpServletRequest, httpServletResponse);
    }

    @Test
    public void testMissingHeaderWithCustomHeaderConfigBadRequest() throws ServletException, IOException {
        FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn(X_CUSTOM_HEADER);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn((Object) null);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getHeader("User-Agent")).thenReturn(BROWSER_AGENT);
        Mockito.when(httpServletRequest.getHeader("X-XSRF-HEADER")).thenReturn((Object) null);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        RestCsrfPreventionFilter restCsrfPreventionFilter = new RestCsrfPreventionFilter();
        restCsrfPreventionFilter.init(filterConfig);
        restCsrfPreventionFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
        Mockito.verifyZeroInteractions(new Object[]{filterChain});
    }

    @Test
    public void testMissingHeaderNoMethodsToIgnoreConfigBadRequest() throws ServletException, IOException {
        FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn((Object) null);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn("");
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getHeader("User-Agent")).thenReturn(BROWSER_AGENT);
        Mockito.when(httpServletRequest.getHeader("X-XSRF-HEADER")).thenReturn((Object) null);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        RestCsrfPreventionFilter restCsrfPreventionFilter = new RestCsrfPreventionFilter();
        restCsrfPreventionFilter.init(filterConfig);
        restCsrfPreventionFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
        Mockito.verifyZeroInteractions(new Object[]{filterChain});
    }

    @Test
    public void testMissingHeaderIgnoreGETMethodConfigGoodRequest() throws ServletException, IOException {
        FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn((Object) null);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn("GET");
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getHeader("User-Agent")).thenReturn(BROWSER_AGENT);
        Mockito.when(httpServletRequest.getHeader("X-XSRF-HEADER")).thenReturn((Object) null);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("GET");
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        RestCsrfPreventionFilter restCsrfPreventionFilter = new RestCsrfPreventionFilter();
        restCsrfPreventionFilter.init(filterConfig);
        restCsrfPreventionFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
        ((FilterChain) Mockito.verify(filterChain)).doFilter(httpServletRequest, httpServletResponse);
    }

    @Test
    public void testMissingHeaderMultipleIgnoreMethodsConfigGoodRequest() throws ServletException, IOException {
        FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn((Object) null);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn("GET,OPTIONS");
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getHeader("User-Agent")).thenReturn(BROWSER_AGENT);
        Mockito.when(httpServletRequest.getHeader("X-XSRF-HEADER")).thenReturn((Object) null);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("OPTIONS");
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        RestCsrfPreventionFilter restCsrfPreventionFilter = new RestCsrfPreventionFilter();
        restCsrfPreventionFilter.init(filterConfig);
        restCsrfPreventionFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
        ((FilterChain) Mockito.verify(filterChain)).doFilter(httpServletRequest, httpServletResponse);
    }

    @Test
    public void testMissingHeaderMultipleIgnoreMethodsConfigBadRequest() throws ServletException, IOException {
        FilterConfig filterConfig = (FilterConfig) Mockito.mock(FilterConfig.class);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)).thenReturn((Object) null);
        Mockito.when(filterConfig.getInitParameter(RestCsrfPreventionFilter.CUSTOM_METHODS_TO_IGNORE_PARAM)).thenReturn("GET,OPTIONS");
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getHeader("User-Agent")).thenReturn(BROWSER_AGENT);
        Mockito.when(httpServletRequest.getHeader("X-XSRF-HEADER")).thenReturn((Object) null);
        Mockito.when(httpServletRequest.getMethod()).thenReturn("PUT");
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        RestCsrfPreventionFilter restCsrfPreventionFilter = new RestCsrfPreventionFilter();
        restCsrfPreventionFilter.init(filterConfig);
        restCsrfPreventionFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
        Mockito.verifyZeroInteractions(new Object[]{filterChain});
    }
}
