package org.apache.nifi.web.security.csrf;

import java.util.Collections;
import java.util.UUID;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.nifi.web.security.http.SecurityCookieName;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentCaptor;
import org.mockito.ArgumentMatchers;
import org.mockito.Captor;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.security.web.csrf.CsrfToken;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:org/apache/nifi/web/security/csrf/StandardCookieCsrfTokenRepositoryTest.class */
public class StandardCookieCsrfTokenRepositoryTest {
    private static final int MAX_AGE_SESSION = -1;
    private static final int MAX_AGE_EXPIRED = 0;
    private static final String ROOT_PATH = "/";
    private static final String CONTEXT_PATH = "/context-path";
    private static final String COOKIE_CONTEXT_PATH = "/context-path/";
    private static final String HTTPS = "https";
    private static final String HOST = "localhost";
    private static final String PORT = "443";
    private static final String EMPTY = "";

    @Mock
    private HttpServletRequest request;

    @Mock
    private HttpServletResponse response;

    @Captor
    private ArgumentCaptor<Cookie> cookieArgumentCaptor;
    private StandardCookieCsrfTokenRepository repository;

    @BeforeEach
    public void setRepository() {
        this.repository = new StandardCookieCsrfTokenRepository(Collections.emptyList());
    }

    @Test
    public void testGenerateToken() {
        CsrfToken generateToken = this.repository.generateToken(this.request);
        Assertions.assertNotNull(generateToken);
        Assertions.assertNotNull(generateToken.getToken());
    }

    @Test
    public void testGenerateTokenCookieFound() {
        String uuid = UUID.randomUUID().toString();
        Mockito.when(this.request.getCookies()).thenReturn(new Cookie[]{new Cookie(SecurityCookieName.REQUEST_TOKEN.getName(), uuid)});
        CsrfToken generateToken = this.repository.generateToken(this.request);
        Assertions.assertNotNull(generateToken);
        Assertions.assertEquals(uuid, generateToken.getToken());
    }

    @Test
    public void testLoadToken() {
        String uuid = UUID.randomUUID().toString();
        Mockito.when(this.request.getCookies()).thenReturn(new Cookie[]{new Cookie(SecurityCookieName.REQUEST_TOKEN.getName(), uuid)});
        CsrfToken loadToken = this.repository.loadToken(this.request);
        Assertions.assertNotNull(loadToken);
        Assertions.assertEquals(uuid, loadToken.getToken());
    }

    @Test
    public void testSaveToken() {
        CsrfToken generateToken = this.repository.generateToken(this.request);
        this.repository.saveToken(generateToken, this.request, this.response);
        ((HttpServletResponse) Mockito.verify(this.response)).addCookie((Cookie) this.cookieArgumentCaptor.capture());
        Cookie cookie = (Cookie) this.cookieArgumentCaptor.getValue();
        assertCookieEquals(generateToken, cookie);
        Assertions.assertEquals(ROOT_PATH, cookie.getPath());
    }

    @Test
    public void testSaveTokenNullCsrfToken() {
        this.repository.saveToken((CsrfToken) null, this.request, this.response);
        ((HttpServletResponse) Mockito.verify(this.response)).addCookie((Cookie) this.cookieArgumentCaptor.capture());
        Cookie cookie = (Cookie) this.cookieArgumentCaptor.getValue();
        Assertions.assertEquals(ROOT_PATH, cookie.getPath());
        Assertions.assertEquals(EMPTY, cookie.getValue());
        Assertions.assertEquals(MAX_AGE_EXPIRED, cookie.getMaxAge());
        Assertions.assertTrue(cookie.getSecure());
        Assertions.assertFalse(cookie.isHttpOnly());
        Assertions.assertNull(cookie.getDomain());
    }

    @Test
    public void testSaveTokenProxyContextPath() {
        this.repository = new StandardCookieCsrfTokenRepository(Collections.singletonList(CONTEXT_PATH));
        CsrfToken generateToken = this.repository.generateToken(this.request);
        Mockito.when(this.request.getHeader((String) ArgumentMatchers.eq("X-ProxyScheme"))).thenReturn(HTTPS);
        Mockito.when(this.request.getHeader((String) ArgumentMatchers.eq("X-ProxyHost"))).thenReturn(HOST);
        Mockito.when(this.request.getHeader((String) ArgumentMatchers.eq("X-ProxyPort"))).thenReturn(PORT);
        Mockito.when(this.request.getHeader((String) ArgumentMatchers.eq("X-ProxyContextPath"))).thenReturn(CONTEXT_PATH);
        this.repository.saveToken(generateToken, this.request, this.response);
        ((HttpServletResponse) Mockito.verify(this.response)).addCookie((Cookie) this.cookieArgumentCaptor.capture());
        Cookie cookie = (Cookie) this.cookieArgumentCaptor.getValue();
        assertCookieEquals(generateToken, cookie);
        Assertions.assertEquals(COOKIE_CONTEXT_PATH, cookie.getPath());
    }

    private void assertCookieEquals(CsrfToken csrfToken, Cookie cookie) {
        Assertions.assertEquals(csrfToken.getToken(), cookie.getValue());
        Assertions.assertEquals(MAX_AGE_SESSION, cookie.getMaxAge());
        Assertions.assertTrue(cookie.getSecure());
        Assertions.assertFalse(cookie.isHttpOnly());
        Assertions.assertNull(cookie.getDomain());
    }
}
