package no.nav.apiapp.rest;

import java.lang.reflect.Field;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.FilterChain;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import no.nav.apiapp.rest.NavCorsFilter;
import no.nav.common.utils.Pair;
import no.nav.sbl.util.FunctionalUtils;
import no.nav.sbl.util.fn.UnsafeRunnable;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;

/* loaded from: input_file:no/nav/apiapp/rest/NavCorsFilterTest.class */
class NavCorsFilterTest {
    NavCorsFilterTest() {
    }

    @Test
    public void validOrigin() {
        assertInvalidOrigin("origin", null);
        assertInvalidOrigin("", null);
        assertInvalidOrigin(null, null, null);
        assertInvalidOrigin("abcd.nav.no", new String[0]);
        assertInvalidOrigin("evil.com", ".nav.no");
        assertInvalidOrigin("evil.com", "", null);
        assertInvalidOrigin("abcd.nav.no", ".nav.noo");
        assertValidOrigin("abcd.nav.no", ".nav.no");
        assertValidOrigin("abcd.nav.no", ".nav.no");
        assertValidOrigin("abcd.nav.no", ".oera.no", ".nav.no");
        assertValidOrigin("abcd.nav.no", ".oera.no", "", null, ".nav.no");
    }

    @Test
    public void hentKommaseparertListe() {
        System.clearProperty("cors.allowed.origins");
        Assertions.assertThat(createCorsOrigin().value).isEmpty();
        System.setProperty("cors.allowed.origins", "");
        Assertions.assertThat(createCorsOrigin().value).isEmpty();
        System.setProperty("cors.allowed.origins", ".nav.no,.oera.no");
        Assertions.assertThat(createCorsOrigin().value).containsExactlyInAnyOrder(new String[]{".nav.no", ".oera.no"});
        System.setProperty("cors.allowed.origins", " .nav.no, .oera.no ");
        Assertions.assertThat(createCorsOrigin().value).containsExactlyInAnyOrder(new String[]{".nav.no", ".oera.no"});
    }

    @Test
    public void krevSubdomene() {
        System.setProperty("cors.allowed.origins", "ikke.subdomene.no");
        Assertions.assertThatThrownBy(NavCorsFilterTest::createCorsOrigin).isInstanceOf(IllegalArgumentException.class);
    }

    @Test
    public void leggerPaCorsHeadersHvisOriginMatcher() {
        HttpServletRequest requestMock = getRequestMock("GET", "www.localhost.no");
        HttpServletResponse responseMock = getResponseMock();
        FilterChain filterChainMock = getFilterChainMock();
        withCorsSettings(corsSettings(Pair.of("cors.allowed.origins", ".localhost.no")), () -> {
            new NavCorsFilter().doFilter(requestMock, responseMock, filterChainMock);
            ((HttpServletResponse) Mockito.verify(responseMock)).setHeader((String) Mockito.eq("Access-Control-Allow-Origin"), (String) Mockito.eq("www.localhost.no"));
            ((HttpServletResponse) Mockito.verify(responseMock)).setHeader((String) Mockito.eq("Access-Control-Allow-Methods"), (String) Mockito.eq(String.join(", ", NavCorsFilter.DEFAULT_ALLOWED_METHODS)));
            ((HttpServletResponse) Mockito.verify(responseMock)).setHeader((String) Mockito.eq("Access-Control-Allow-Credentials"), (String) Mockito.eq("true"));
            ((HttpServletResponse) Mockito.verify(responseMock)).setHeader((String) Mockito.eq("Access-Control-Max-Age"), (String) Mockito.eq("3600"));
            ((HttpServletResponse) Mockito.verify(responseMock)).setHeader((String) Mockito.eq("Access-Control-Allow-Headers"), (String) Mockito.eq(String.join(", ", NavCorsFilter.DEFAULT_ALLOWED_HEADERS)));
        });
    }

    @Test
    public void tarHensynTilDeUlikeMiljoVariablene() {
        HttpServletRequest requestMock = getRequestMock("GET", "www.nav.no");
        HttpServletResponse responseMock = getResponseMock();
        FilterChain filterChainMock = getFilterChainMock();
        withCorsSettings(corsSettings(Pair.of("cors.allowed.origins", ".localhost.no, .nav.no"), Pair.of("cors.allowed.methods", "PUT"), Pair.of("cors.allowed.headers", "Content-Type, Accept"), Pair.of("cors.allow.credentials", "false"), Pair.of("cors.maxage", "60")), () -> {
            new NavCorsFilter().doFilter(requestMock, responseMock, filterChainMock);
            ((HttpServletResponse) Mockito.verify(responseMock)).setHeader((String) Mockito.eq("Access-Control-Allow-Origin"), (String) Mockito.eq("www.nav.no"));
            ((HttpServletResponse) Mockito.verify(responseMock)).setHeader((String) Mockito.eq("Access-Control-Allow-Methods"), (String) Mockito.eq("PUT"));
            ((HttpServletResponse) Mockito.verify(responseMock)).setHeader((String) Mockito.eq("Access-Control-Allow-Credentials"), (String) Mockito.eq("false"));
            ((HttpServletResponse) Mockito.verify(responseMock)).setHeader((String) Mockito.eq("Access-Control-Max-Age"), (String) Mockito.eq("60"));
            ((HttpServletResponse) Mockito.verify(responseMock)).setHeader((String) Mockito.eq("Access-Control-Allow-Headers"), (String) Mockito.eq("Content-Type, Accept"));
        });
    }

    @Test
    public void leggerIkkePaHeadersOmOriginIkkeMatcher() {
        HttpServletRequest requestMock = getRequestMock("GET", "www.nav.no");
        HttpServletResponse responseMock = getResponseMock();
        FilterChain filterChainMock = getFilterChainMock();
        withCorsSettings(corsSettings(Pair.of("cors.allowed.origins", ".localhost.no")), () -> {
            new NavCorsFilter().doFilter(requestMock, responseMock, filterChainMock);
            ((HttpServletResponse) Mockito.verify(responseMock, Mockito.times(0))).setHeader(Mockito.anyString(), Mockito.anyString());
        });
    }

    private void assertValidOrigin(String str, String... strArr) {
        Assertions.assertThat(NavCorsFilter.validOrigin(str, Arrays.asList(strArr))).isTrue();
    }

    private void assertInvalidOrigin(String str, String... strArr) {
        Assertions.assertThat(NavCorsFilter.validOrigin(str, strArr != null ? Arrays.asList(strArr) : Collections.emptyList())).isFalse();
    }

    private static NavCorsFilter.CorsHeader createCorsOrigin() {
        return new NavCorsFilter.CorsHeader("Access-Control-Allow-Origin", "cors.allowed.origins", Collections.emptyList(), NavCorsFilter::validerAllowOrigin);
    }

    private static HttpServletRequest getRequestMock(String str, String str2) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn(str);
        Mockito.when(httpServletRequest.getHeader((String) Mockito.eq("Origin"))).thenReturn(str2);
        return httpServletRequest;
    }

    private static HttpServletResponse getResponseMock() {
        return (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
    }

    private static FilterChain getFilterChainMock() {
        FilterChain filterChain = (FilterChain) Mockito.mock(FilterChain.class);
        ((FilterChain) Mockito.doNothing().when(filterChain)).doFilter((ServletRequest) Mockito.any(), (ServletResponse) Mockito.any());
        return filterChain;
    }

    private static Map<String, String> corsSettings(Pair<String, String>... pairArr) {
        HashMap hashMap = new HashMap();
        Stream.of((Object[]) pairArr).forEach(pair -> {
            hashMap.put((String) pair.getFirst(), (String) pair.getSecond());
        });
        return hashMap;
    }

    private static void withCorsSettings(Map<String, String> map, UnsafeRunnable unsafeRunnable) {
        recreateCorsHeaders(map);
        unsafeRunnable.run();
        recreateCorsHeaders(Collections.emptyMap());
    }

    private static void recreateCorsHeaders(Map<String, String> map) {
        map.forEach(System::setProperty);
        List list = (List) Stream.of((Object[]) NavCorsFilter.class.getDeclaredFields()).filter(field -> {
            return field.getType().isAssignableFrom(NavCorsFilter.CorsHeader.class);
        }).collect(Collectors.toList());
        list.forEach(NavCorsFilterTest::recreateCorsHeader);
        Field declaredField = NavCorsFilter.class.getDeclaredField("CORS_HEADER_LIST");
        makeAccessible(declaredField);
        declaredField.set(null, (List) list.stream().map(FunctionalUtils.sneakyFunction(field2 -> {
            return (NavCorsFilter.CorsHeader) field2.get(null);
        })).collect(Collectors.toList()));
    }

    private static void recreateCorsHeader(Field field) {
        makeAccessible(field);
        NavCorsFilter.CorsHeader corsHeader = (NavCorsFilter.CorsHeader) field.get(null);
        field.set(null, corsHeader.getClass().getConstructor(String.class, String.class, List.class, Function.class).newInstance(corsHeader.header, corsHeader.environmentPropery, corsHeader.defaultValue, corsHeader.validator));
    }

    private static void makeAccessible(Field field) {
        field.setAccessible(true);
        Field declaredField = Field.class.getDeclaredField("modifiers");
        declaredField.setAccessible(true);
        declaredField.setInt(field, field.getModifiers() & (-17));
    }
}
