package org.apache.hadoop.hbase.rest;

import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.rest.client.Client;
import org.apache.hadoop.hbase.rest.client.Cluster;
import org.apache.hadoop.hbase.rest.client.Response;
import org.apache.hadoop.hbase.testclassification.MediumTests;
import org.apache.hadoop.hbase.testclassification.RestTests;
import org.hamcrest.CoreMatchers;
import org.hamcrest.core.Is;
import org.hamcrest.core.IsEqual;
import org.junit.After;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({RestTests.class, MediumTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/rest/TestSecurityHeadersFilter.class */
public class TestSecurityHeadersFilter {

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestSecurityHeadersFilter.class);
    private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
    private static final HBaseRESTTestingUtility REST_TEST_UTIL = new HBaseRESTTestingUtility();
    private static Client client;

    @After
    public void tearDown() throws Exception {
        REST_TEST_UTIL.shutdownServletContainer();
        TEST_UTIL.shutdownMiniCluster();
    }

    @Test
    public void testDefaultValues() throws Exception {
        TEST_UTIL.startMiniCluster();
        REST_TEST_UTIL.startServletContainer(TEST_UTIL.getConfiguration());
        client = new Client(new Cluster().add("localhost", REST_TEST_UTIL.getServletPort()));
        Response response = client.get("/version/cluster");
        Assert.assertThat(Integer.valueOf(response.getCode()), IsEqual.equalTo(200));
        Assert.assertThat("Header 'X-Content-Type-Options' is missing from Rest response", response.getHeader("X-Content-Type-Options"), Is.is(CoreMatchers.not((String) null)));
        Assert.assertThat("Header 'X-Content-Type-Options' has invalid default value", response.getHeader("X-Content-Type-Options"), IsEqual.equalTo("nosniff"));
        Assert.assertThat("Header 'X-XSS-Protection' is missing from Rest response", response.getHeader("X-XSS-Protection"), Is.is(CoreMatchers.not((String) null)));
        Assert.assertThat("Header 'X-XSS-Protection' has invalid default value", response.getHeader("X-XSS-Protection"), IsEqual.equalTo("1; mode=block"));
        Assert.assertThat("Header 'Strict-Transport-Security' should be missing from Rest response,but it's present", response.getHeader("Strict-Transport-Security"), Is.is((String) null));
        Assert.assertThat("Header 'Content-Security-Policy' should be missing from Rest response,but it's present", response.getHeader("Content-Security-Policy"), Is.is((String) null));
    }

    @Test
    public void testHstsAndCspSettings() throws Exception {
        TEST_UTIL.getConfiguration().set("hbase.http.filter.hsts.value", "max-age=63072000;includeSubDomains;preload");
        TEST_UTIL.getConfiguration().set("hbase.http.filter.csp.value", "default-src https: data: 'unsafe-inline' 'unsafe-eval'");
        TEST_UTIL.startMiniCluster();
        REST_TEST_UTIL.startServletContainer(TEST_UTIL.getConfiguration());
        client = new Client(new Cluster().add("localhost", REST_TEST_UTIL.getServletPort()));
        Response response = client.get("/version/cluster");
        Assert.assertThat(Integer.valueOf(response.getCode()), IsEqual.equalTo(200));
        Assert.assertThat("Header 'Strict-Transport-Security' is missing from Rest response", response.getHeader("Strict-Transport-Security"), Is.is(CoreMatchers.not((String) null)));
        Assert.assertThat("Header 'Strict-Transport-Security' has invalid value", response.getHeader("Strict-Transport-Security"), IsEqual.equalTo("max-age=63072000;includeSubDomains;preload"));
        Assert.assertThat("Header 'Content-Security-Policy' is missing from Rest response", response.getHeader("Content-Security-Policy"), Is.is(CoreMatchers.not((String) null)));
        Assert.assertThat("Header 'Content-Security-Policy' has invalid value", response.getHeader("Content-Security-Policy"), IsEqual.equalTo("default-src https: data: 'unsafe-inline' 'unsafe-eval'"));
    }
}
