package org.apache.hadoop.security.http;

import java.io.IOException;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.5.200-eep-921-v202312190455-tests.jar:org/apache/hadoop/security/http/TestCrossOriginFilter.class */
public class TestCrossOriginFilter {

    /* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.5.200-eep-921-v202312190455-tests.jar:org/apache/hadoop/security/http/TestCrossOriginFilter$FilterConfigTest.class */
    private static class FilterConfigTest implements FilterConfig {
        final Map<String, String> map;

        FilterConfigTest(Map<String, String> map) {
            this.map = map;
        }

        @Override // javax.servlet.FilterConfig
        public String getFilterName() {
            return "test-filter";
        }

        @Override // javax.servlet.FilterConfig
        public String getInitParameter(String str) {
            return this.map.get(str);
        }

        @Override // javax.servlet.FilterConfig
        public Enumeration<String> getInitParameterNames() {
            return Collections.enumeration(this.map.keySet());
        }

        @Override // javax.servlet.FilterConfig
        public ServletContext getServletContext() {
            return null;
        }
    }

    @Test
    public void testSameOrigin() throws ServletException, IOException {
        HashMap hashMap = new HashMap();
        hashMap.put(CrossOriginFilter.ALLOWED_ORIGINS, "");
        FilterConfigTest filterConfigTest = new FilterConfigTest(hashMap);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getHeader("Origin")).thenReturn((Object) null);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        CrossOriginFilter crossOriginFilter = new CrossOriginFilter();
        crossOriginFilter.init(filterConfigTest);
        crossOriginFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
        Mockito.verifyZeroInteractions(new Object[]{httpServletResponse});
        ((FilterChain) Mockito.verify(filterChain)).doFilter(httpServletRequest, httpServletResponse);
    }

    @Test
    public void testAllowAllOrigins() throws ServletException, IOException {
        HashMap hashMap = new HashMap();
        hashMap.put(CrossOriginFilter.ALLOWED_ORIGINS, "*");
        FilterConfigTest filterConfigTest = new FilterConfigTest(hashMap);
        CrossOriginFilter crossOriginFilter = new CrossOriginFilter();
        crossOriginFilter.init(filterConfigTest);
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("example.com"));
    }

    @Test
    public void testEncodeHeaders() {
        Assert.assertEquals("Valid origin encoding should match exactly", "http://localhost:12345", CrossOriginFilter.encodeHeader("http://localhost:12345"));
        Assert.assertEquals("Http response split origin should be protected against", "http://localhost:12345", CrossOriginFilter.encodeHeader("http://localhost:12345 \nSecondHeader: value"));
        Assert.assertEquals("Valid origin list encoding should match exactly", "http://foo.example.com:12345 http://bar.example.com:12345", CrossOriginFilter.encodeHeader("http://foo.example.com:12345 http://bar.example.com:12345"));
    }

    @Test
    public void testPatternMatchingOrigins() throws ServletException, IOException {
        HashMap hashMap = new HashMap();
        hashMap.put(CrossOriginFilter.ALLOWED_ORIGINS, "*.example.com");
        FilterConfigTest filterConfigTest = new FilterConfigTest(hashMap);
        CrossOriginFilter crossOriginFilter = new CrossOriginFilter();
        crossOriginFilter.init(filterConfigTest);
        Assert.assertFalse(crossOriginFilter.areOriginsAllowed("example.com"));
        Assert.assertFalse(crossOriginFilter.areOriginsAllowed("foo:example.com"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("foo.example.com"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("foo.bar.example.com"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("foo.example.com foo.nomatch.com"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("foo.nomatch.com foo.example.com"));
        Assert.assertFalse(crossOriginFilter.areOriginsAllowed("foo.nomatch1.com foo.nomatch2.com"));
    }

    @Test
    public void testRegexPatternMatchingOrigins() throws ServletException, IOException {
        HashMap hashMap = new HashMap();
        hashMap.put(CrossOriginFilter.ALLOWED_ORIGINS, "regex:.*[.]example[.]com");
        FilterConfigTest filterConfigTest = new FilterConfigTest(hashMap);
        CrossOriginFilter crossOriginFilter = new CrossOriginFilter();
        crossOriginFilter.init(filterConfigTest);
        Assert.assertFalse(crossOriginFilter.areOriginsAllowed("example.com"));
        Assert.assertFalse(crossOriginFilter.areOriginsAllowed("foo:example.com"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("foo.example.com"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("foo.bar.example.com"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("foo.example.com foo.nomatch.com"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("foo.nomatch.com foo.example.com"));
        Assert.assertFalse(crossOriginFilter.areOriginsAllowed("foo.nomatch1.com foo.nomatch2.com"));
    }

    @Test
    public void testComplexRegexPatternMatchingOrigins() throws ServletException, IOException {
        HashMap hashMap = new HashMap();
        hashMap.put(CrossOriginFilter.ALLOWED_ORIGINS, "regex:https?:\\/\\/sub1[.]example[.]com(:[0-9]+)?");
        FilterConfigTest filterConfigTest = new FilterConfigTest(hashMap);
        CrossOriginFilter crossOriginFilter = new CrossOriginFilter();
        crossOriginFilter.init(filterConfigTest);
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("http://sub1.example.com"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("https://sub1.example.com"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("http://sub1.example.com:1234"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("https://sub1.example.com:8080"));
        Assert.assertFalse(crossOriginFilter.areOriginsAllowed("foo.nomatch1.com foo.nomatch2.com"));
    }

    @Test
    public void testMixedRegexPatternMatchingOrigins() throws ServletException, IOException {
        HashMap hashMap = new HashMap();
        hashMap.put(CrossOriginFilter.ALLOWED_ORIGINS, "regex:https?:\\/\\/sub1[.]example[.]com(:[0-9]+)?, *.example2.com");
        FilterConfigTest filterConfigTest = new FilterConfigTest(hashMap);
        CrossOriginFilter crossOriginFilter = new CrossOriginFilter();
        crossOriginFilter.init(filterConfigTest);
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("http://sub1.example.com"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("https://sub1.example.com"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("http://sub1.example.com:1234"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("https://sub1.example.com:8080"));
        Assert.assertFalse(crossOriginFilter.areOriginsAllowed("example2.com"));
        Assert.assertFalse(crossOriginFilter.areOriginsAllowed("foo:example2.com"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("foo.example2.com"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("foo.bar.example2.com"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("foo.example2.com foo.nomatch.com"));
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("foo.nomatch.com foo.example2.com"));
        Assert.assertFalse(crossOriginFilter.areOriginsAllowed("foo.nomatch1.com foo.nomatch2.com"));
    }

    @Test
    public void testDisallowedOrigin() throws ServletException, IOException {
        HashMap hashMap = new HashMap();
        hashMap.put(CrossOriginFilter.ALLOWED_ORIGINS, "example.com");
        FilterConfigTest filterConfigTest = new FilterConfigTest(hashMap);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getHeader("Origin")).thenReturn("example.org");
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        CrossOriginFilter crossOriginFilter = new CrossOriginFilter();
        crossOriginFilter.init(filterConfigTest);
        crossOriginFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
        Mockito.verifyZeroInteractions(new Object[]{httpServletResponse});
        ((FilterChain) Mockito.verify(filterChain)).doFilter(httpServletRequest, httpServletResponse);
    }

    @Test
    public void testDisallowedMethod() throws ServletException, IOException {
        HashMap hashMap = new HashMap();
        hashMap.put(CrossOriginFilter.ALLOWED_ORIGINS, "example.com");
        FilterConfigTest filterConfigTest = new FilterConfigTest(hashMap);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getHeader("Origin")).thenReturn("example.com");
        Mockito.when(httpServletRequest.getHeader("Access-Control-Request-Method")).thenReturn("DISALLOWED_METHOD");
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        CrossOriginFilter crossOriginFilter = new CrossOriginFilter();
        crossOriginFilter.init(filterConfigTest);
        crossOriginFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
        Mockito.verifyZeroInteractions(new Object[]{httpServletResponse});
        ((FilterChain) Mockito.verify(filterChain)).doFilter(httpServletRequest, httpServletResponse);
    }

    @Test
    public void testDisallowedHeader() throws ServletException, IOException {
        HashMap hashMap = new HashMap();
        hashMap.put(CrossOriginFilter.ALLOWED_ORIGINS, "example.com");
        FilterConfigTest filterConfigTest = new FilterConfigTest(hashMap);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getHeader("Origin")).thenReturn("example.com");
        Mockito.when(httpServletRequest.getHeader("Access-Control-Request-Method")).thenReturn("GET");
        Mockito.when(httpServletRequest.getHeader("Access-Control-Request-Headers")).thenReturn("Disallowed-Header");
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        CrossOriginFilter crossOriginFilter = new CrossOriginFilter();
        crossOriginFilter.init(filterConfigTest);
        crossOriginFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
        Mockito.verifyZeroInteractions(new Object[]{httpServletResponse});
        ((FilterChain) Mockito.verify(filterChain)).doFilter(httpServletRequest, httpServletResponse);
    }

    @Test
    public void testCrossOriginFilter() throws ServletException, IOException {
        HashMap hashMap = new HashMap();
        hashMap.put(CrossOriginFilter.ALLOWED_ORIGINS, "example.com");
        FilterConfigTest filterConfigTest = new FilterConfigTest(hashMap);
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getHeader("Origin")).thenReturn("example.com");
        Mockito.when(httpServletRequest.getHeader("Access-Control-Request-Method")).thenReturn("GET");
        Mockito.when(httpServletRequest.getHeader("Access-Control-Request-Headers")).thenReturn("X-Requested-With");
        HttpServletResponse httpServletResponse = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        CrossOriginFilter crossOriginFilter = new CrossOriginFilter();
        crossOriginFilter.init(filterConfigTest);
        crossOriginFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).setHeader("Access-Control-Allow-Origin", "example.com");
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).setHeader("Access-Control-Allow-Credentials", Boolean.TRUE.toString());
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).setHeader("Access-Control-Allow-Methods", crossOriginFilter.getAllowedMethodsHeader());
        ((HttpServletResponse) Mockito.verify(httpServletResponse)).setHeader("Access-Control-Allow-Headers", crossOriginFilter.getAllowedHeadersHeader());
        ((FilterChain) Mockito.verify(filterChain)).doFilter(httpServletRequest, httpServletResponse);
    }

    @Test
    public void testCrossOriginFilterAfterRestart() throws ServletException {
        HashMap hashMap = new HashMap();
        hashMap.put(CrossOriginFilter.ALLOWED_ORIGINS, "example.com");
        hashMap.put(CrossOriginFilter.ALLOWED_HEADERS, "X-Requested-With,Accept");
        hashMap.put(CrossOriginFilter.ALLOWED_METHODS, "GET,POST");
        FilterConfigTest filterConfigTest = new FilterConfigTest(hashMap);
        CrossOriginFilter crossOriginFilter = new CrossOriginFilter();
        crossOriginFilter.init(filterConfigTest);
        Assert.assertTrue("Allowed headers do not match", crossOriginFilter.getAllowedHeadersHeader().compareTo("X-Requested-With,Accept") == 0);
        Assert.assertTrue("Allowed methods do not match", crossOriginFilter.getAllowedMethodsHeader().compareTo("GET,POST") == 0);
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("example.com"));
        crossOriginFilter.destroy();
        hashMap.clear();
        hashMap.put(CrossOriginFilter.ALLOWED_ORIGINS, "newexample.com");
        hashMap.put(CrossOriginFilter.ALLOWED_HEADERS, "Content-Type,Origin");
        hashMap.put(CrossOriginFilter.ALLOWED_METHODS, "GET,HEAD");
        crossOriginFilter.init(new FilterConfigTest(hashMap));
        Assert.assertTrue("Allowed headers do not match", crossOriginFilter.getAllowedHeadersHeader().compareTo("Content-Type,Origin") == 0);
        Assert.assertTrue("Allowed methods do not match", crossOriginFilter.getAllowedMethodsHeader().compareTo("GET,HEAD") == 0);
        Assert.assertTrue(crossOriginFilter.areOriginsAllowed("newexample.com"));
        crossOriginFilter.destroy();
    }
}
