package org.geoserver.security.csp;

import javax.servlet.http.HttpServletResponse;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;

/* loaded from: input_file:org/geoserver/security/csp/CSPHttpResponseWrapperTest.class */
public class CSPHttpResponseWrapperTest {

    @Mock
    private HttpServletResponse response;
    private CSPHttpResponseWrapper wrapper;
    private CSPConfiguration config;
    private AutoCloseable closeable;

    @Before
    public void setUp() {
        this.closeable = MockitoAnnotations.openMocks(this);
        this.config = new CSPConfiguration();
        this.config.setReportOnly(false);
        this.wrapper = new CSPHttpResponseWrapper(this.response, this.config);
    }

    @After
    public void tearDown() throws Exception {
        this.closeable.close();
    }

    @Test
    public void testNotCSP() throws Exception {
        this.wrapper.setHeader("Content-Type", "text/plain");
        ((HttpServletResponse) Mockito.verify(this.response)).setHeader("Content-Type", "text/plain");
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.never())).getHeader("Content-Type");
    }

    @Test
    public void testCSPDisabledWithOverride() throws Exception {
        this.config.setEnabled(false);
        this.config.setAllowOverride(true);
        this.wrapper.setHeader("Content-Security-Policy", "base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.never())).getHeader("Content-Security-Policy");
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.never())).getHeader("Content-Security-Policy-Report-Only");
        ((HttpServletResponse) Mockito.verify(this.response)).setHeader("Content-Security-Policy", "base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
    }

    @Test
    public void testCSPDisabledWithoutOverride() throws Exception {
        this.config.setEnabled(false);
        this.wrapper.setHeader("Content-Security-Policy", "base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.never())).getHeader("Content-Security-Policy");
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.never())).getHeader("Content-Security-Policy-Report-Only");
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.never())).setHeader("Content-Security-Policy", "base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
    }

    @Test
    public void testCSPReportDisabledWithOverride() throws Exception {
        this.config.setEnabled(false);
        this.config.setAllowOverride(true);
        this.wrapper.setHeader("Content-Security-Policy-Report-Only", "base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.never())).getHeader("Content-Security-Policy");
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.never())).getHeader("Content-Security-Policy-Report-Only");
        ((HttpServletResponse) Mockito.verify(this.response)).setHeader("Content-Security-Policy-Report-Only", "base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
    }

    @Test
    public void testCSPReportDisabledWithoutOverride() throws Exception {
        this.config.setEnabled(false);
        this.wrapper.setHeader("Content-Security-Policy-Report-Only", "base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.never())).getHeader("Content-Security-Policy");
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.never())).getHeader("Content-Security-Policy-Report-Only");
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.never())).setHeader("Content-Security-Policy-Report-Only", "base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
    }

    @Test
    public void testCSPNotSet() throws Exception {
        this.wrapper.setHeader("Content-Security-Policy", "base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
        ((HttpServletResponse) Mockito.verify(this.response)).setHeader("Content-Security-Policy", "base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
    }

    @Test
    public void testCSPReportNotSet() throws Exception {
        this.config.setReportOnly(true);
        this.wrapper.setHeader("Content-Security-Policy-Report-Only", "base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
        ((HttpServletResponse) Mockito.verify(this.response)).setHeader("Content-Security-Policy-Report-Only", "base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
    }

    @Test
    public void testCSPWithoutMerge() throws Exception {
        Mockito.when(this.response.getHeader("Content-Security-Policy")).thenReturn("base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
        this.wrapper.setHeader("Content-Security-Policy", "base-uri 'none'; default-src 'none';, frame-ancestors 'none';");
        ((HttpServletResponse) Mockito.verify(this.response)).setHeader("Content-Security-Policy", "base-uri 'none'; default-src 'none';, frame-ancestors 'none';");
    }

    @Test
    public void testCSPReportWithoutMerge() throws Exception {
        this.config.setReportOnly(true);
        Mockito.when(this.response.getHeader("Content-Security-Policy-Report-Only")).thenReturn("base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
        this.wrapper.setHeader("Content-Security-Policy-Report-Only", "base-uri 'none'; default-src 'none';, frame-ancestors 'none';");
        ((HttpServletResponse) Mockito.verify(this.response)).setHeader("Content-Security-Policy-Report-Only", "base-uri 'none'; default-src 'none';, frame-ancestors 'none';");
    }

    @Test
    public void testCSPWithMerge() throws Exception {
        Mockito.when(this.response.getHeader("Content-Security-Policy")).thenReturn("base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
        this.wrapper.setHeader("Content-Security-Policy", "base-uri 'none'; form-action 'none'; default-src 'none';");
        ((HttpServletResponse) Mockito.verify(this.response)).setHeader("Content-Security-Policy", "base-uri 'none'; form-action 'none'; default-src 'none';, frame-ancestors 'self';");
    }

    @Test
    public void testCSPReportWithMerge() throws Exception {
        this.config.setReportOnly(true);
        Mockito.when(this.response.getHeader("Content-Security-Policy-Report-Only")).thenReturn("base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
        this.wrapper.setHeader("Content-Security-Policy-Report-Only", "base-uri 'none'; form-action 'none'; default-src 'none';");
        ((HttpServletResponse) Mockito.verify(this.response)).setHeader("Content-Security-Policy-Report-Only", "base-uri 'none'; form-action 'none'; default-src 'none';, frame-ancestors 'self';");
    }

    @Test
    public void testCSPOverride() throws Exception {
        this.config.setAllowOverride(true);
        Mockito.when(this.response.getHeader("Content-Security-Policy")).thenReturn("base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
        this.wrapper.setHeader("Content-Security-Policy", "base-uri 'none'; form-action 'none'; default-src 'none';");
        ((HttpServletResponse) Mockito.verify(this.response)).setHeader("Content-Security-Policy", "base-uri 'none'; form-action 'none'; default-src 'none';");
    }

    @Test
    public void testCSPReportOverride() throws Exception {
        this.config.setAllowOverride(true);
        this.config.setReportOnly(true);
        Mockito.when(this.response.getHeader("Content-Security-Policy-Report-Only")).thenReturn("base-uri 'self'; default-src 'self';, frame-ancestors 'self';");
        this.wrapper.setHeader("Content-Security-Policy-Report-Only", "base-uri 'none'; form-action 'none'; default-src 'none';");
        ((HttpServletResponse) Mockito.verify(this.response)).setHeader("Content-Security-Policy-Report-Only", "base-uri 'none'; form-action 'none'; default-src 'none';");
    }
}
