package org.apereo.cas.web;

import java.util.LinkedHashMap;
import java.util.Map;
import java.util.UUID;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan;
import org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionStrategy;
import org.apereo.cas.authentication.principal.WebApplicationServiceFactory;
import org.apereo.cas.config.CasCoreAuthenticationAutoConfiguration;
import org.apereo.cas.config.CasCoreAutoConfiguration;
import org.apereo.cas.config.CasCoreLogoutAutoConfiguration;
import org.apereo.cas.config.CasCoreNotificationsAutoConfiguration;
import org.apereo.cas.config.CasCoreScriptingAutoConfiguration;
import org.apereo.cas.config.CasCoreServicesAutoConfiguration;
import org.apereo.cas.config.CasCoreTicketsAutoConfiguration;
import org.apereo.cas.config.CasCoreUtilAutoConfiguration;
import org.apereo.cas.config.CasCoreWebAutoConfiguration;
import org.apereo.cas.services.CasRegisteredService;
import org.apereo.cas.services.DefaultRegisteredServiceProperty;
import org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer;
import org.apereo.cas.services.RegisteredServiceProperty;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter;
import org.apereo.cas.test.CasTestExtension;
import org.apereo.cas.util.spring.DirectObjectProvider;
import org.apereo.cas.web.support.DefaultArgumentExtractor;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.actuate.autoconfigure.endpoint.EndpointAutoConfiguration;
import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointAutoConfiguration;
import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties;
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.cloud.autoconfigure.RefreshAutoConfiguration;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockFilterConfig;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;

@Tag("RegisteredService")
@ExtendWith({CasTestExtension.class})
@SpringBootTest(classes = {RefreshAutoConfiguration.class, WebMvcAutoConfiguration.class, WebEndpointAutoConfiguration.class, EndpointAutoConfiguration.class, CasCoreUtilAutoConfiguration.class, CasCoreScriptingAutoConfiguration.class, CasCoreAuthenticationAutoConfiguration.class, CasCoreTicketsAutoConfiguration.class, CasCoreNotificationsAutoConfiguration.class, CasCoreServicesAutoConfiguration.class, CasCoreWebAutoConfiguration.class, CasCoreLogoutAutoConfiguration.class, CasCoreAutoConfiguration.class})
/* loaded from: input_file:org/apereo/cas/web/RegisteredServiceResponseHeadersEnforcementFilterTests.class */
class RegisteredServiceResponseHeadersEnforcementFilterTests {

    @Autowired
    @Qualifier("servicesManager")
    protected ServicesManager servicesManager;

    @Autowired
    private WebEndpointProperties webEndpointProperties;

    @Autowired
    private ConfigurableApplicationContext applicationContext;

    RegisteredServiceResponseHeadersEnforcementFilterTests() {
    }

    private RegisteredServiceResponseHeadersEnforcementFilter getFilterForProperty(String str, RegisteredServiceProperty.RegisteredServiceProperties registeredServiceProperties) {
        return getFilterForProperty(str, Pair.of(registeredServiceProperties, "true"));
    }

    private RegisteredServiceResponseHeadersEnforcementFilter getFilterForProperty(String str, Pair<RegisteredServiceProperty.RegisteredServiceProperties, String>... pairArr) {
        DefaultArgumentExtractor defaultArgumentExtractor = new DefaultArgumentExtractor(new WebApplicationServiceFactory());
        CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService(str, Map.of());
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (Pair<RegisteredServiceProperty.RegisteredServiceProperties, String> pair : pairArr) {
            DefaultRegisteredServiceProperty defaultRegisteredServiceProperty = new DefaultRegisteredServiceProperty();
            defaultRegisteredServiceProperty.addValue((String) pair.getValue());
            linkedHashMap.put(((RegisteredServiceProperty.RegisteredServiceProperties) pair.getKey()).getPropertyName(), defaultRegisteredServiceProperty);
        }
        registeredService.setProperties(linkedHashMap);
        this.servicesManager.save(registeredService);
        return new RegisteredServiceResponseHeadersEnforcementFilter(new DirectObjectProvider(this.servicesManager), new DirectObjectProvider(defaultArgumentExtractor), new DirectObjectProvider(new DefaultAuthenticationServiceSelectionPlan(new AuthenticationServiceSelectionStrategy[]{new DefaultAuthenticationServiceSelectionStrategy()})), new DirectObjectProvider(new RegisteredServiceAccessStrategyAuditableEnforcer(this.applicationContext)), this.webEndpointProperties);
    }

    @Test
    void verifyActuatorPathIgnored() throws Throwable {
        RegisteredServiceResponseHeadersEnforcementFilter filterForProperty = getFilterForProperty(UUID.randomUUID().toString(), RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_CACHE_CONTROL);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURI(this.webEndpointProperties.getBasePath());
        mockHttpServletRequest.addParameter("service", UUID.randomUUID().toString());
        filterForProperty.init(new MockFilterConfig(new MockServletContext()));
        Assertions.assertDoesNotThrow(() -> {
            filterForProperty.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        });
        Assertions.assertEquals(200, mockHttpServletResponse.getStatus());
    }

    @Test
    void verifyServiceUnauthorized() throws Throwable {
        RegisteredServiceResponseHeadersEnforcementFilter filterForProperty = getFilterForProperty(UUID.randomUUID().toString(), RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_CACHE_CONTROL);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("service", UUID.randomUUID().toString());
        filterForProperty.init(new MockFilterConfig(new MockServletContext()));
        Assertions.assertDoesNotThrow(() -> {
            filterForProperty.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        });
        Assertions.assertEquals(403, mockHttpServletResponse.getStatus());
    }

    @Test
    void verifyCacheControl() throws Throwable {
        String uuid = UUID.randomUUID().toString();
        RegisteredServiceResponseHeadersEnforcementFilter filterForProperty = getFilterForProperty(uuid, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_CACHE_CONTROL);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("service", uuid);
        MockFilterConfig mockFilterConfig = new MockFilterConfig(new MockServletContext());
        mockFilterConfig.addInitParameter("cacheControlStaticResources", "css|js|png|txt|jpg|ico|jpeg|bmp|gif");
        filterForProperty.init(mockFilterConfig);
        filterForProperty.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        Assertions.assertNotNull(mockHttpServletResponse.getHeader("Cache-Control"));
    }

    @Test
    void verifyCacheControlDisabled() throws Throwable {
        String uuid = UUID.randomUUID().toString();
        RegisteredServiceResponseHeadersEnforcementFilter filterForProperty = getFilterForProperty(uuid, Pair.of(RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_CACHE_CONTROL, "false"));
        filterForProperty.setEnableCacheControl(true);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("service", uuid);
        filterForProperty.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        Assertions.assertNull(mockHttpServletResponse.getHeader("Cache-Control"));
    }

    @Test
    void verifyContentSecurityPolicy() throws Throwable {
        String uuid = UUID.randomUUID().toString();
        RegisteredServiceResponseHeadersEnforcementFilter filterForProperty = getFilterForProperty(uuid, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_CONTENT_SECURITY_POLICY);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("service", uuid);
        mockHttpServletRequest.setRequestURI("/cas/login");
        filterForProperty.setContentSecurityPolicy("sample-policy");
        filterForProperty.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        Assertions.assertNotNull(mockHttpServletResponse.getHeader("Content-Security-Policy"));
    }

    @Test
    void verifyContentSecurityPolicyDisabled() throws Throwable {
        String uuid = UUID.randomUUID().toString();
        RegisteredServiceResponseHeadersEnforcementFilter filterForProperty = getFilterForProperty(uuid, Pair.of(RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_CONTENT_SECURITY_POLICY, "false"));
        filterForProperty.setContentSecurityPolicy((String) null);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("service", uuid);
        mockHttpServletRequest.setRequestURI("/cas/login");
        filterForProperty.setContentSecurityPolicy("sample-policy");
        filterForProperty.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        Assertions.assertNull(mockHttpServletResponse.getHeader("Content-Security-Policy"));
    }

    @Test
    void verifyStrictTransport() throws Throwable {
        String uuid = UUID.randomUUID().toString();
        RegisteredServiceResponseHeadersEnforcementFilter filterForProperty = getFilterForProperty(uuid, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_STRICT_TRANSPORT_SECURITY);
        filterForProperty.setStrictTransportSecurityHeader("max-age=1");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("service", uuid);
        mockHttpServletRequest.setSecure(true);
        filterForProperty.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        Assertions.assertEquals("max-age=1", mockHttpServletResponse.getHeader("Strict-Transport-Security"));
    }

    @Test
    void verifyStrictTransportDisabled() throws Throwable {
        String uuid = UUID.randomUUID().toString();
        RegisteredServiceResponseHeadersEnforcementFilter filterForProperty = getFilterForProperty(uuid, Pair.of(RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_STRICT_TRANSPORT_SECURITY, "false"));
        filterForProperty.setEnableStrictTransportSecurity(true);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("service", uuid);
        mockHttpServletRequest.setSecure(true);
        filterForProperty.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        Assertions.assertNull(mockHttpServletResponse.getHeader("Strict-Transport-Security"));
    }

    @Test
    void verifyXContentOptions() throws Throwable {
        String uuid = UUID.randomUUID().toString();
        RegisteredServiceResponseHeadersEnforcementFilter filterForProperty = getFilterForProperty(uuid, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_XCONTENT_OPTIONS);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("service", uuid);
        filterForProperty.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        Assertions.assertNotNull(mockHttpServletResponse.getHeader("X-Content-Type-Options"));
    }

    @Test
    void verifyXContentOptionsDisabled() throws Throwable {
        String uuid = UUID.randomUUID().toString();
        RegisteredServiceResponseHeadersEnforcementFilter filterForProperty = getFilterForProperty(uuid, Pair.of(RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_XCONTENT_OPTIONS, "false"));
        filterForProperty.setEnableXContentTypeOptions(true);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("service", uuid);
        filterForProperty.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        Assertions.assertNull(mockHttpServletResponse.getHeader("X-Content-Type-Options"));
    }

    @Test
    void verifyOptionForUnknownService() throws Throwable {
        RegisteredServiceResponseHeadersEnforcementFilter filterForProperty = getFilterForProperty(UUID.randomUUID().toString(), Pair.of(RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_XCONTENT_OPTIONS, "false"));
        filterForProperty.setEnableXContentTypeOptions(true);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("service", "unknown-123456");
        Assertions.assertDoesNotThrow(() -> {
            filterForProperty.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        });
        Assertions.assertEquals(403, mockHttpServletResponse.getStatus());
    }

    @Test
    void verifyXframeOptions() throws Throwable {
        String uuid = UUID.randomUUID().toString();
        RegisteredServiceResponseHeadersEnforcementFilter filterForProperty = getFilterForProperty(uuid, Pair.of(RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_XFRAME_OPTIONS, "true"), Pair.of(RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_XFRAME_OPTIONS, "sameorigin"));
        filterForProperty.setXframeOptions("some-other-value");
        filterForProperty.setEnableXFrameOptions(true);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setParameter("service", uuid);
        filterForProperty.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        Assertions.assertEquals("sameorigin", mockHttpServletResponse.getHeader("X-Frame-Options"));
        mockHttpServletRequest.setParameter("service", "service-something-else");
        Assertions.assertDoesNotThrow(() -> {
            filterForProperty.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        });
        Assertions.assertEquals(403, mockHttpServletResponse.getStatus());
    }

    @Test
    void verifyXframeOptionsDisabled() throws Throwable {
        String uuid = UUID.randomUUID().toString();
        RegisteredServiceResponseHeadersEnforcementFilter filterForProperty = getFilterForProperty(uuid, Pair.of(RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_XFRAME_OPTIONS, "false"));
        filterForProperty.setXframeOptions("some-other-value");
        filterForProperty.setEnableXFrameOptions(true);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setParameter("service", uuid);
        filterForProperty.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        Assertions.assertNull(mockHttpServletResponse.getHeader("X-Frame-Options"));
        mockHttpServletRequest.setParameter("service", "service-something-else");
        Assertions.assertDoesNotThrow(() -> {
            filterForProperty.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        });
        Assertions.assertEquals(403, mockHttpServletResponse.getStatus());
    }

    @Test
    void verifyXssProtection() throws Throwable {
        String uuid = UUID.randomUUID().toString();
        RegisteredServiceResponseHeadersEnforcementFilter filterForProperty = getFilterForProperty(uuid, RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_XSS_PROTECTION);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("service", uuid);
        filterForProperty.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        Assertions.assertNotNull(mockHttpServletResponse.getHeader("X-XSS-Protection"));
    }

    @Test
    void verifyXssProtectionDisabled() throws Throwable {
        String uuid = UUID.randomUUID().toString();
        RegisteredServiceResponseHeadersEnforcementFilter filterForProperty = getFilterForProperty(uuid, Pair.of(RegisteredServiceProperty.RegisteredServiceProperties.HTTP_HEADER_ENABLE_XSS_PROTECTION, "false"));
        filterForProperty.setEnableXSSProtection(true);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addParameter("service", uuid);
        filterForProperty.doFilter(mockHttpServletRequest, mockHttpServletResponse, new MockFilterChain());
        Assertions.assertNull(mockHttpServletResponse.getHeader("X-XSS-Protection"));
    }
}
