package org.apache.nifi.web.security.csrf;

import jakarta.servlet.http.Cookie;
import java.util.UUID;
import org.apache.nifi.web.security.http.SecurityCookieName;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.web.csrf.CsrfToken;

/* loaded from: input_file:org/apache/nifi/web/security/csrf/StandardCookieCsrfTokenRepositoryTest.class */
public class StandardCookieCsrfTokenRepositoryTest {
    private static final String ALLOWED_CONTEXT_PATHS_PARAMETER = "allowedContextPaths";
    private static final int MAX_AGE_SESSION = -1;
    private static final int MAX_AGE_EXPIRED = 0;
    private static final String ROOT_PATH = "/";
    private static final String CONTEXT_PATH = "/context-path";
    private static final String HTTPS = "https";
    private static final String HOST = "localhost";
    private static final String PORT = "443";
    private static final String EMPTY = "";
    private static final String SET_COOKIE_HEADER = "Set-Cookie";
    private static final String SAME_SITE = "SameSite";
    private MockHttpServletRequest request;
    private MockHttpServletResponse response;
    private StandardCookieCsrfTokenRepository repository;

    @BeforeEach
    public void setRepository() {
        this.repository = new StandardCookieCsrfTokenRepository();
        this.request = new MockHttpServletRequest();
        this.response = new MockHttpServletResponse();
    }

    @Test
    public void testGenerateToken() {
        CsrfToken generateToken = this.repository.generateToken(this.request);
        Assertions.assertNotNull(generateToken);
        Assertions.assertNotNull(generateToken.getToken());
    }

    @Test
    public void testGenerateTokenCookieFound() {
        String uuid = UUID.randomUUID().toString();
        this.request.setCookies(new Cookie[]{new Cookie(SecurityCookieName.REQUEST_TOKEN.getName(), uuid)});
        CsrfToken generateToken = this.repository.generateToken(this.request);
        Assertions.assertNotNull(generateToken);
        Assertions.assertEquals(uuid, generateToken.getToken());
    }

    @Test
    public void testLoadToken() {
        String uuid = UUID.randomUUID().toString();
        this.request.setCookies(new Cookie[]{new Cookie(SecurityCookieName.REQUEST_TOKEN.getName(), uuid)});
        CsrfToken loadToken = this.repository.loadToken(this.request);
        Assertions.assertNotNull(loadToken);
        Assertions.assertEquals(uuid, loadToken.getToken());
    }

    @Test
    public void testSaveToken() {
        CsrfToken generateToken = this.repository.generateToken(this.request);
        this.repository.saveToken(generateToken, this.request, this.response);
        Cookie assertCookieFound = assertCookieFound();
        assertCookieEquals(generateToken.getToken(), MAX_AGE_SESSION, assertCookieFound, this.response.getHeader(SET_COOKIE_HEADER));
        Assertions.assertEquals(ROOT_PATH, assertCookieFound.getPath());
    }

    @Test
    public void testSaveTokenNullCsrfToken() {
        this.repository.saveToken((CsrfToken) null, this.request, this.response);
        assertCookieEquals(EMPTY, MAX_AGE_EXPIRED, assertCookieFound(), this.response.getHeader(SET_COOKIE_HEADER));
    }

    @Test
    public void testSaveTokenProxyContextPath() {
        this.repository = new StandardCookieCsrfTokenRepository();
        CsrfToken generateToken = this.repository.generateToken(this.request);
        this.request.addHeader("X-ProxyScheme", HTTPS);
        this.request.addHeader("X-ProxyHost", HOST);
        this.request.addHeader("X-ProxyPort", PORT);
        this.request.addHeader("X-ProxyContextPath", CONTEXT_PATH);
        this.request.getServletContext().setInitParameter(ALLOWED_CONTEXT_PATHS_PARAMETER, CONTEXT_PATH);
        this.repository.saveToken(generateToken, this.request, this.response);
        Cookie assertCookieFound = assertCookieFound();
        assertCookieEquals(generateToken.getToken(), MAX_AGE_SESSION, assertCookieFound, this.response.getHeader(SET_COOKIE_HEADER));
        Assertions.assertEquals(CONTEXT_PATH, assertCookieFound.getPath());
    }

    private Cookie assertCookieFound() {
        Cookie cookie = this.response.getCookie(SecurityCookieName.REQUEST_TOKEN.getName());
        Assertions.assertNotNull(cookie);
        return cookie;
    }

    private void assertCookieEquals(String str, int i, Cookie cookie, String str2) {
        Assertions.assertNotNull(str2);
        Assertions.assertEquals(str, cookie.getValue());
        Assertions.assertEquals(i, cookie.getMaxAge());
        Assertions.assertTrue(cookie.getSecure());
        Assertions.assertFalse(cookie.isHttpOnly());
        Assertions.assertEquals(HOST, cookie.getDomain());
        Assertions.assertTrue(str2.contains(SAME_SITE), "SameSite not found");
    }
}
