package org.kuali.rice.krad.util;

import java.util.UUID;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

/* loaded from: input_file:org/kuali/rice/krad/util/CsrfValidatorTest.class */
public class CsrfValidatorTest {
    private MockHttpServletRequest request = new MockHttpServletRequest();
    private MockHttpServletResponse response = new MockHttpServletResponse();

    @Test
    public void testValidateCsrf_NonUpdateHttpMethods() throws Exception {
        Assert.assertNull(CsrfValidator.getSessionToken(this.request));
        this.request.setMethod("GET");
        Assert.assertTrue(CsrfValidator.validateCsrf(this.request, this.response));
        String sessionToken = CsrfValidator.getSessionToken(this.request);
        Assert.assertNotNull(sessionToken);
        this.request.setMethod("OPTIONS");
        Assert.assertTrue(CsrfValidator.validateCsrf(this.request, this.response));
        Assert.assertEquals(sessionToken, CsrfValidator.getSessionToken(this.request));
        this.request.setMethod("HEAD");
        Assert.assertTrue(CsrfValidator.validateCsrf(this.request, this.response));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        mockHttpServletRequest.setMethod("GET");
        Assert.assertTrue(CsrfValidator.validateCsrf(mockHttpServletRequest, mockHttpServletResponse));
        Assert.assertNotEquals(CsrfValidator.getSessionToken(this.request), CsrfValidator.getSessionToken(mockHttpServletRequest));
    }

    @Test
    public void testValidateCsrf_Valid() {
        this.request.setMethod("GET");
        Assert.assertTrue(CsrfValidator.validateCsrf(this.request, this.response));
        String sessionToken = CsrfValidator.getSessionToken(this.request);
        this.request.setMethod("POST");
        this.request.setParameter("csrfToken", sessionToken);
        Assert.assertTrue(CsrfValidator.validateCsrf(this.request, this.response));
        Assert.assertEquals(sessionToken, CsrfValidator.getSessionToken(this.request));
    }

    @Test
    public void testValidateCsrf_Invalid_EmptySession() {
        this.request.setMethod("POST");
        Assert.assertFalse(CsrfValidator.validateCsrf(this.request, this.response));
        Assert.assertEquals(403L, this.response.getStatus());
        this.request = new MockHttpServletRequest();
        this.response = new MockHttpServletResponse();
        this.request.setMethod("POST");
        this.request.setParameter("csrfToken", UUID.randomUUID().toString());
        Assert.assertFalse(CsrfValidator.validateCsrf(this.request, this.response));
        Assert.assertEquals(403L, this.response.getStatus());
    }

    @Test
    public void testValidateCsrf_Invalid_TokenMismatch() {
        this.request.setMethod("GET");
        Assert.assertTrue(CsrfValidator.validateCsrf(this.request, this.response));
        this.request.setMethod("POST");
        Assert.assertFalse(CsrfValidator.validateCsrf(this.request, this.response));
        Assert.assertEquals(403L, this.response.getStatus());
        this.response = new MockHttpServletResponse();
        this.request.setParameter("csrfToken", UUID.randomUUID().toString());
        Assert.assertFalse(CsrfValidator.validateCsrf(this.request, this.response));
        Assert.assertEquals(403L, this.response.getStatus());
    }
}
