package io.gravitee.am.gateway.handler.common.vertx.web.handler;

import io.gravitee.am.gateway.handler.common.vertx.RxWebTestBase;
import io.gravitee.am.gateway.handler.common.vertx.web.handler.impl.CSRFHandlerImpl;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.http.impl.CookieImpl;
import io.vertx.rxjava3.core.http.Cookie;
import io.vertx.rxjava3.ext.web.Session;
import io.vertx.rxjava3.ext.web.handler.CSRFHandler;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicReference;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:io/gravitee/am/gateway/handler/common/vertx/web/handler/CSRFHandlerTest.class */
public class CSRFHandlerTest extends RxWebTestBase {
    private final String CSRF_SECRET = "s3cR3ts3cR3ts3cR3ts3cR3ts3cR3ts3";
    private final String CSRF_COOKIE = "x-csrf-cookie";
    private final String CSRF_HEADER = "x-csrf-header";
    private final int CSRF_TIMEOUT = 5000;

    @Override // io.gravitee.am.gateway.handler.common.vertx.RxWebTestBase, io.gravitee.am.gateway.handler.common.vertx.RxVertxTestBase
    public void setUp() throws Exception {
        super.setUp();
        CSRFHandlerImpl cSRFHandlerImpl = new CSRFHandlerImpl(this.vertx.getDelegate(), "s3cR3ts3cR3ts3cR3ts3cR3ts3cR3ts3", 5000L);
        cSRFHandlerImpl.setCookieName("x-csrf-cookie");
        cSRFHandlerImpl.setHeaderName("x-csrf-header");
        this.router.route("/login").handler(CSRFHandler.newInstance(cSRFHandlerImpl)).handler(routingContext -> {
            if (routingContext.session().isDestroyed()) {
                routingContext.response().setStatusCode(401).end();
            } else {
                routingContext.response().setStatusCode(200).end();
            }
        }).failureHandler(new ErrorHandler());
    }

    @Test
    public void shouldKeep_CSRFToken_if_not_expired() throws Exception {
        Session newInstance = Session.newInstance((io.vertx.ext.web.Session) Mockito.mock(io.vertx.ext.web.Session.class));
        this.router.route().order(-1).handler(routingContext -> {
            routingContext.setSession(newInstance);
            routingContext.next();
        });
        AtomicReference atomicReference = new AtomicReference();
        testRequest(HttpMethod.GET, "/login", httpClientRequest -> {
        }, httpClientResponse -> {
            Optional findFirst = httpClientResponse.cookies().stream().filter(str -> {
                return str.startsWith("x-csrf-cookie");
            }).findFirst();
            assertTrue(findFirst.isPresent());
            atomicReference.set((String) findFirst.get());
        }, 200, "OK", null);
        this.router.route().order(-1).handler(routingContext2 -> {
            Mockito.when(newInstance.id()).thenReturn("sid");
            Mockito.when(newInstance.get("x-csrf-header")).thenReturn("sid/" + extractCookieValue((String) atomicReference.get()));
            routingContext2.setSession(newInstance);
            CookieImpl cookieImpl = new CookieImpl("x-csrf-cookie", extractCookieValue((String) atomicReference.get()));
            cookieImpl.setPath("/");
            routingContext2.addCookie(Cookie.newInstance(cookieImpl));
            routingContext2.next();
        });
        testRequest(HttpMethod.GET, "/login", httpClientRequest2 -> {
        }, httpClientResponse2 -> {
            Optional findFirst = httpClientResponse2.cookies().stream().filter(str -> {
                return str.startsWith("x-csrf-cookie");
            }).findFirst();
            assertTrue(findFirst.isPresent());
            assertTrue(((String) findFirst.get()).equals(atomicReference.get()));
        }, 200, "OK", null);
    }

    @Test
    public void shouldRegenerate_CSRFToken_if_expired() throws Exception {
        Session newInstance = Session.newInstance((io.vertx.ext.web.Session) Mockito.mock(io.vertx.ext.web.Session.class));
        this.router.route().order(-1).handler(routingContext -> {
            routingContext.setSession(newInstance);
            routingContext.next();
        });
        AtomicReference atomicReference = new AtomicReference();
        testRequest(HttpMethod.GET, "/login", httpClientRequest -> {
        }, httpClientResponse -> {
            Optional findFirst = httpClientResponse.cookies().stream().filter(str -> {
                return str.startsWith("x-csrf-cookie");
            }).findFirst();
            assertTrue(findFirst.isPresent());
            atomicReference.set((String) findFirst.get());
        }, 200, "OK", null);
        Thread.sleep(5000L);
        this.router.route().order(-1).handler(routingContext2 -> {
            Mockito.when(newInstance.id()).thenReturn("sid");
            Mockito.when(newInstance.get("x-csrf-header")).thenReturn("sid/" + extractCookieValue((String) atomicReference.get()));
            routingContext2.setSession(newInstance);
            CookieImpl cookieImpl = new CookieImpl("x-csrf-cookie", extractCookieValue((String) atomicReference.get()));
            cookieImpl.setPath("/");
            routingContext2.addCookie(Cookie.newInstance(cookieImpl));
            routingContext2.next();
        });
        testRequest(HttpMethod.GET, "/login", httpClientRequest2 -> {
        }, httpClientResponse2 -> {
            Optional findFirst = httpClientResponse2.cookies().stream().filter(str -> {
                return str.startsWith("x-csrf-cookie");
            }).findFirst();
            assertTrue(findFirst.isPresent());
            assertFalse(((String) findFirst.get()).equals(atomicReference.get()));
        }, 200, "OK", null);
    }

    @Test
    public void shouldAddErrorParams_CSRFToken_if_expired() throws Exception {
        Session newInstance = Session.newInstance((io.vertx.ext.web.Session) Mockito.mock(io.vertx.ext.web.Session.class));
        this.router.route().order(-1).handler(routingContext -> {
            routingContext.setSession(newInstance);
            routingContext.next();
        });
        AtomicReference atomicReference = new AtomicReference();
        testRequest(HttpMethod.GET, "/login", httpClientRequest -> {
        }, httpClientResponse -> {
            Optional findFirst = httpClientResponse.cookies().stream().filter(str -> {
                return str.startsWith("x-csrf-cookie");
            }).findFirst();
            assertTrue(findFirst.isPresent());
            atomicReference.set((String) findFirst.get());
        }, 200, "OK", null);
        Thread.sleep(5000L);
        this.router.route().order(-1).handler(routingContext2 -> {
            Mockito.when(newInstance.id()).thenReturn("sid");
            Mockito.when(newInstance.get("x-csrf-header")).thenReturn("sid/" + extractCookieValue((String) atomicReference.get()));
            routingContext2.setSession(newInstance);
            CookieImpl cookieImpl = new CookieImpl("x-csrf-cookie", extractCookieValue((String) atomicReference.get()));
            cookieImpl.setPath("/");
            routingContext2.addCookie(Cookie.newInstance(cookieImpl));
            routingContext2.next();
        });
        testRequest(HttpMethod.POST, "/login", httpClientRequest2 -> {
        }, httpClientResponse2 -> {
            assertTrue(httpClientResponse2.headers().get("Location").contains("error=session_expired"));
        }, 302, "Found", null);
    }

    private String extractCookieValue(String str) {
        return str.substring("x-csrf-cookie".length() + 1).split(";")[0];
    }

    @Test
    public void shouldGenerate_CSRFToken() throws Exception {
        this.router.route().order(-1).handler(routingContext -> {
            routingContext.setSession(Session.newInstance((io.vertx.ext.web.Session) Mockito.mock(io.vertx.ext.web.Session.class)));
            routingContext.next();
        });
        testRequest(HttpMethod.GET, "/login", httpClientRequest -> {
        }, httpClientResponse -> {
            assertTrue(httpClientResponse.cookies().stream().anyMatch(str -> {
                return str.startsWith("x-csrf-cookie");
            }));
        }, 200, "OK", null);
    }
}
