package org.kuali.rice.krad.service.impl;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.kuali.rice.core.api.config.property.ConfigurationService;
import org.kuali.rice.coreservice.framework.parameter.ParameterService;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.runners.MockitoJUnitRunner;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:org/kuali/rice/krad/service/impl/CsrfServiceImplTest.class */
public class CsrfServiceImplTest {

    @Mock
    private ConfigurationService configurationService;

    @Mock
    private ParameterService parameterService;

    @InjectMocks
    private CsrfServiceImpl csrfService;

    @Before
    public void setUp() {
        setExemptPathsConfig(null);
        setExemptPathsParam(null);
        setCsrfEnabledConfig(true);
        setCsrfEnabledParam(null);
    }

    @Test
    public void testIsExemptPath_NoExemptPaths() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURI("http://localhost/myurl");
        Assert.assertFalse(this.csrfService.isExemptPath(mockHttpServletRequest));
    }

    @Test
    public void testIsExemptPath_OneExemptPath_Config() {
        setExemptPathsConfig("myurl");
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURI("http://localhost/myurl");
        Assert.assertTrue(this.csrfService.isExemptPath(mockHttpServletRequest));
        mockHttpServletRequest.setRequestURI("http://localhost/myurl2");
        Assert.assertTrue(this.csrfService.isExemptPath(mockHttpServletRequest));
        mockHttpServletRequest.setRequestURI("http://localhost/myotherurl");
        Assert.assertFalse(this.csrfService.isExemptPath(mockHttpServletRequest));
    }

    @Test
    public void testIsExemptPath_MultipleExemptPaths_Config() {
        setExemptPathsConfig("one,two,http://localhost/three");
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURI("http://localhost/one");
        Assert.assertTrue(this.csrfService.isExemptPath(mockHttpServletRequest));
        mockHttpServletRequest.setRequestURI("http://localhost/two");
        Assert.assertTrue(this.csrfService.isExemptPath(mockHttpServletRequest));
        mockHttpServletRequest.setRequestURI("http://localhost/three");
        Assert.assertTrue(this.csrfService.isExemptPath(mockHttpServletRequest));
    }

    @Test
    public void testIsExemptPath_OneExemptPath_Param() {
        setExemptPathsParam("myurl");
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURI("http://localhost/myurl");
        Assert.assertTrue(this.csrfService.isExemptPath(mockHttpServletRequest));
        mockHttpServletRequest.setRequestURI("http://localhost/myurl2");
        Assert.assertTrue(this.csrfService.isExemptPath(mockHttpServletRequest));
        mockHttpServletRequest.setRequestURI("http://localhost/myotherurl");
        Assert.assertFalse(this.csrfService.isExemptPath(mockHttpServletRequest));
    }

    @Test
    public void testIsExemptPath_MultipleExemptPaths_Param() {
        setExemptPathsParam("one,two,http://localhost/three");
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURI("http://localhost/one");
        Assert.assertTrue(this.csrfService.isExemptPath(mockHttpServletRequest));
        mockHttpServletRequest.setRequestURI("http://localhost/two");
        Assert.assertTrue(this.csrfService.isExemptPath(mockHttpServletRequest));
        mockHttpServletRequest.setRequestURI("http://localhost/three");
        Assert.assertTrue(this.csrfService.isExemptPath(mockHttpServletRequest));
    }

    @Test
    public void testIsExemptPath_Param_Overrides_Config() {
        setExemptPathsConfig("two");
        setExemptPathsParam("one,http://localhost/three");
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURI("http://localhost/one");
        Assert.assertTrue(this.csrfService.isExemptPath(mockHttpServletRequest));
        mockHttpServletRequest.setRequestURI("http://localhost/three");
        Assert.assertTrue(this.csrfService.isExemptPath(mockHttpServletRequest));
        mockHttpServletRequest.setRequestURI("four");
        Assert.assertFalse(this.csrfService.isExemptPath(mockHttpServletRequest));
        mockHttpServletRequest.setRequestURI("http://localhost/two");
        Assert.assertFalse(this.csrfService.isExemptPath(mockHttpServletRequest));
    }

    @Test
    public void testIsEnabled_Default() {
        Assert.assertTrue(this.csrfService.isEnabled());
    }

    @Test
    public void testIsEnabled_Config() {
        setCsrfEnabledConfig(false);
        Assert.assertFalse(this.csrfService.isEnabled());
        setCsrfEnabledConfig(true);
        Assert.assertTrue(this.csrfService.isEnabled());
    }

    @Test
    public void testIsEnabled_Param() {
        setCsrfEnabledParam(false);
        Assert.assertFalse(this.csrfService.isEnabled());
        setCsrfEnabledParam(true);
        Assert.assertTrue(this.csrfService.isEnabled());
    }

    @Test
    public void testIsEnabled_Param_Overrides_Config() {
        setCsrfEnabledConfig(true);
        setCsrfEnabledParam(false);
        Assert.assertFalse(this.csrfService.isEnabled());
    }

    @Test(expected = IllegalArgumentException.class)
    public void testValidateCsrfIfNecessary_NullRequest() {
        this.csrfService.validateCsrfIfNecessary((HttpServletRequest) null, new MockHttpServletResponse());
    }

    @Test(expected = IllegalArgumentException.class)
    public void testValidateCsrfIfNecessary_NullResponse() {
        this.csrfService.validateCsrfIfNecessary(new MockHttpServletRequest(), (HttpServletResponse) null);
    }

    @Test
    public void testValidateCsrfIfNecessary() {
        setCsrfEnabledConfig(false);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Assert.assertTrue(this.csrfService.validateCsrfIfNecessary(mockHttpServletRequest, mockHttpServletResponse));
        setCsrfEnabledConfig(true);
        Assert.assertFalse(this.csrfService.validateCsrfIfNecessary(mockHttpServletRequest, mockHttpServletResponse));
        MockHttpServletRequest mockHttpServletRequest2 = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        setExemptPathsConfig("a");
        mockHttpServletRequest2.setRequestURI("http://a");
        Assert.assertTrue(this.csrfService.validateCsrfIfNecessary(mockHttpServletRequest2, mockHttpServletResponse2));
        MockHttpServletRequest mockHttpServletRequest3 = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        mockHttpServletRequest3.setRequestURI("http://b");
        Assert.assertFalse(this.csrfService.validateCsrfIfNecessary(mockHttpServletRequest3, mockHttpServletResponse3));
        Assert.assertEquals(403L, mockHttpServletResponse3.getStatus());
    }

    @Test
    public void testGetSessionToken() {
        setCsrfEnabledConfig(true);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setMethod("GET");
        this.csrfService.validateCsrfIfNecessary(mockHttpServletRequest, new MockHttpServletResponse());
        Assert.assertNotNull(this.csrfService.getSessionToken(mockHttpServletRequest));
    }

    private void setCsrfEnabledParam(Boolean bool) {
        Mockito.when(this.parameterService.getParameterValueAsBoolean("KR-SYS", "All", "CSRF_ENABLED_IND")).thenReturn(bool);
    }

    private void setCsrfEnabledConfig(boolean z) {
        Mockito.when(Boolean.valueOf(this.configurationService.getPropertyValueAsBoolean("csrf.enabled", true))).thenReturn(Boolean.valueOf(z));
    }

    private void setExemptPathsParam(String str) {
        Mockito.when(this.parameterService.getParameterValueAsFilteredString("KR-SYS", "All", "CSRF_EXEMPT_PATHS")).thenReturn(str);
    }

    private void setExemptPathsConfig(String str) {
        Mockito.when(this.configurationService.getPropertyValueAsString("csrf.exempt.paths")).thenReturn(str);
    }
}
