package org.geoserver.security.web.csp;

import java.io.Serializable;
import java.net.MalformedURLException;
import java.util.List;
import java.util.Locale;
import org.apache.wicket.Component;
import org.apache.wicket.MarkupContainer;
import org.apache.wicket.ajax.markup.html.AjaxLink;
import org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink;
import org.apache.wicket.markup.html.form.Button;
import org.apache.wicket.markup.html.form.SubmitLink;
import org.geoserver.data.test.SystemTestData;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.csp.CSPConfiguration;
import org.geoserver.security.csp.CSPDefaultConfiguration;
import org.geoserver.security.csp.CSPHeaderDAO;
import org.geoserver.security.csp.CSPPolicy;
import org.geoserver.security.csp.CSPRule;
import org.geoserver.security.web.GeoserverTablePanelTestPage;
import org.geoserver.web.GeoServerWicketTestSupport;
import org.geoserver.web.wicket.Icon;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/geoserver/security/web/csp/CSPConfigurationPageTest.class */
public class CSPConfigurationPageTest extends GeoServerWicketTestSupport {
    private static final CSPConfiguration DEFAULT_CONFIG = CSPDefaultConfiguration.newInstance();
    private CSPConfiguration expectedConfig = null;

    @BeforeClass
    public static void setLanguage() {
        Locale.setDefault(Locale.ENGLISH);
    }

    protected void setUpTestData(SystemTestData systemTestData) {
    }

    @Before
    public void startConfigurationPage() throws Exception {
        getDao().setConfig(defaultConfig());
        login();
        tester.startPage(CSPConfigurationPage.class);
        this.expectedConfig = defaultConfig();
        assertConfigPage(this.expectedConfig, 0);
    }

    @Test
    public void testAddPolicyMissingName() throws Exception {
        tester.clickLink("form:policies:add");
        assertPolicyPage(new CSPPolicy(), 0);
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("save");
        tester.assertErrorMessages(new Serializable[]{"Field 'Name' is required."});
    }

    @Test
    public void testAddPolicyDuplicateName() throws Exception {
        String name = ((CSPPolicy) this.expectedConfig.getPolicies().get(0)).getName();
        tester.clickLink("form:policies:add");
        assertPolicyPage(new CSPPolicy(), 0);
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).setValue("name", name).submit("save");
        tester.assertErrorMessages(new Serializable[]{"Another policy with the same name already exists: '" + name + "'"});
    }

    @Test
    public void testAddRuleMissingName() throws Exception {
        tester.clickLink("form:policies:add");
        assertPolicyPage(new CSPPolicy(), 0);
        tester.clickLink("form:rules:add");
        assertRulePage(new CSPRule());
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("save");
        tester.assertErrorMessages(new Serializable[]{"Field 'Name' is required."});
    }

    @Test
    public void testAddRuleDuplicateName() throws Exception {
        CSPPolicy cSPPolicy = (CSPPolicy) this.expectedConfig.getPolicies().get(0);
        String name = ((CSPRule) cSPPolicy.getRules().get(0)).getName();
        tester.clickLink("form:policies:table:listContainer:items:1:itemProperties:3:component:link");
        assertPolicyPage(cSPPolicy, 0);
        tester.clickLink("form:rules:add");
        assertRulePage(new CSPRule());
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).setValue("name", name).submit("save");
        tester.assertErrorMessages(new Serializable[]{"Another rule with the same name already exists: '" + name + "'"});
    }

    @Test
    public void testEditConfigFieldsAndSave() throws Exception {
        this.expectedConfig.setEnabled(false);
        this.expectedConfig.setInjectProxyBase(true);
        this.expectedConfig.setRemoteResources("http://geoserver.org");
        this.expectedConfig.setFrameAncestors("'self' http://geoserver.org");
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).setValue("enabled", this.expectedConfig.isEnabled()).setValue("injectProxyBase", this.expectedConfig.isInjectProxyBase()).setValue("remoteResources", this.expectedConfig.getRemoteResources()).setValue("frameAncestors", this.expectedConfig.getFrameAncestors()).submit("save");
        tester.assertNoErrorMessage();
        assertConfig(this.expectedConfig);
    }

    @Test
    public void testEditConfigFieldsAndCancel() throws Exception {
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).setValue("enabled", false).setValue("injectProxyBase", true).setValue("remoteResources", "http://geoserver.org").setValue("frameAncestors", "'self' http://geoserver.org").submit("cancel");
        tester.assertNoErrorMessage();
        assertConfig(this.expectedConfig);
    }

    @Test
    public void testEditPolicyFieldsAndSave() throws Exception {
        CSPPolicy cSPPolicy = (CSPPolicy) this.expectedConfig.getPolicies().get(0);
        tester.clickLink("form:policies:table:listContainer:items:1:itemProperties:3:component:link");
        assertPolicyPage(cSPPolicy, 0);
        cSPPolicy.setDescription("foo");
        cSPPolicy.setEnabled(false);
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).setValue("description", cSPPolicy.getDescription()).setValue("enabled", cSPPolicy.isEnabled()).submit("save");
        assertConfigPage(this.expectedConfig, this.expectedConfig.getPolicies().size());
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("save");
        tester.assertNoErrorMessage();
        assertConfig(this.expectedConfig);
    }

    @Test
    public void testEditPolicyFieldsAndCancel() throws Exception {
        CSPPolicy cSPPolicy = (CSPPolicy) this.expectedConfig.getPolicies().get(0);
        tester.clickLink("form:policies:table:listContainer:items:1:itemProperties:3:component:link");
        assertPolicyPage(cSPPolicy, 0);
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).setValue("description", "foo").setValue("enabled", false).submit("cancel");
        assertConfigPage(this.expectedConfig, this.expectedConfig.getPolicies().size());
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("save");
        tester.assertNoErrorMessage();
        assertConfig(this.expectedConfig);
    }

    @Test
    public void testEditRuleFieldsAndSave() throws Exception {
        CSPPolicy cSPPolicy = (CSPPolicy) this.expectedConfig.getPolicies().get(0);
        CSPRule cSPRule = (CSPRule) cSPPolicy.getRules().get(0);
        tester.clickLink("form:policies:table:listContainer:items:1:itemProperties:3:component:link");
        assertPolicyPage(cSPPolicy, 0);
        tester.clickLink("form:rules:table:listContainer:items:1:itemProperties:3:component:link");
        assertRulePage(cSPRule);
        cSPRule.setDescription("foo");
        cSPRule.setEnabled(false);
        cSPRule.setFilter("PATH(^.*$)");
        cSPRule.setDirectives("NONE");
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).setValue("description", cSPRule.getDescription()).setValue("enabled", cSPRule.isEnabled()).setValue("filter", cSPRule.getFilter()).setValue("directives", cSPRule.getDirectives()).submit("save");
        assertPolicyPage(cSPPolicy, cSPPolicy.getRules().size());
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("save");
        assertConfigPage(this.expectedConfig, this.expectedConfig.getPolicies().size());
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("save");
        tester.assertNoErrorMessage();
        assertConfig(this.expectedConfig);
    }

    @Test
    public void testEditRuleFieldsAndCancel() throws Exception {
        CSPPolicy cSPPolicy = (CSPPolicy) this.expectedConfig.getPolicies().get(0);
        CSPRule cSPRule = (CSPRule) cSPPolicy.getRules().get(0);
        tester.clickLink("form:policies:table:listContainer:items:1:itemProperties:3:component:link");
        assertPolicyPage(cSPPolicy, 0);
        tester.clickLink("form:rules:table:listContainer:items:1:itemProperties:3:component:link");
        assertRulePage(cSPRule);
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).setValue("description", "foo").setValue("enabled", false).setValue("filter", "").setValue("directives", "NONE").submit("cancel");
        assertPolicyPage(cSPPolicy, cSPPolicy.getRules().size());
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("save");
        assertConfigPage(this.expectedConfig, this.expectedConfig.getPolicies().size());
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("save");
        tester.assertNoErrorMessage();
        assertConfig(this.expectedConfig);
    }

    @Test
    public void testMovePolicyDown() throws Exception {
        tester.clickLink("form:policies:table:listContainer:items:1:itemProperties:1:component:down:link");
        this.expectedConfig.getPolicies().add((CSPPolicy) this.expectedConfig.getPolicies().remove(0));
        assertConfigPage(this.expectedConfig, this.expectedConfig.getPolicies().size());
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("save");
        tester.assertNoErrorMessage();
        assertConfig(this.expectedConfig);
    }

    @Test
    public void testMovePolicyUp() throws Exception {
        tester.clickLink("form:policies:table:listContainer:items:2:itemProperties:1:component:up:link");
        this.expectedConfig.getPolicies().add((CSPPolicy) this.expectedConfig.getPolicies().remove(0));
        assertConfigPage(this.expectedConfig, this.expectedConfig.getPolicies().size());
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("save");
        tester.assertNoErrorMessage();
        assertConfig(this.expectedConfig);
    }

    @Test
    public void testRemovePolicy() throws Exception {
        tester.clickLink("form:policies:table:listContainer:items:1:itemProperties:5:component:link");
        this.expectedConfig.getPolicies().remove(0);
        assertConfigPage(this.expectedConfig, this.expectedConfig.getPolicies().size() + 1);
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("save");
        tester.assertNoErrorMessage();
        assertConfig(this.expectedConfig);
    }

    @Test
    public void testMoveRuleDown() throws Exception {
        CSPPolicy cSPPolicy = (CSPPolicy) this.expectedConfig.getPolicies().get(0);
        tester.clickLink("form:policies:table:listContainer:items:1:itemProperties:3:component:link");
        assertPolicyPage(cSPPolicy, 0);
        tester.clickLink("form:rules:table:listContainer:items:1:itemProperties:1:component:down:link");
        cSPPolicy.getRules().add(0, (CSPRule) cSPPolicy.getRules().remove(1));
        assertPolicyPage(cSPPolicy, cSPPolicy.getRules().size());
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("save");
        assertConfigPage(this.expectedConfig, this.expectedConfig.getPolicies().size());
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("save");
        tester.assertNoErrorMessage();
        assertConfig(this.expectedConfig);
    }

    @Test
    public void testMoveRuleUp() throws Exception {
        CSPPolicy cSPPolicy = (CSPPolicy) this.expectedConfig.getPolicies().get(0);
        tester.clickLink("form:policies:table:listContainer:items:1:itemProperties:3:component:link");
        assertPolicyPage(cSPPolicy, 0);
        tester.clickLink("form:rules:table:listContainer:items:2:itemProperties:1:component:up:link");
        cSPPolicy.getRules().add(0, (CSPRule) cSPPolicy.getRules().remove(1));
        assertPolicyPage(cSPPolicy, cSPPolicy.getRules().size());
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("save");
        assertConfigPage(this.expectedConfig, this.expectedConfig.getPolicies().size());
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("save");
        tester.assertNoErrorMessage();
        assertConfig(this.expectedConfig);
    }

    @Test
    public void testRemoveRule() throws Exception {
        CSPPolicy cSPPolicy = (CSPPolicy) this.expectedConfig.getPolicies().get(0);
        tester.clickLink("form:policies:table:listContainer:items:1:itemProperties:3:component:link");
        assertPolicyPage(cSPPolicy, 0);
        tester.clickLink("form:rules:table:listContainer:items:1:itemProperties:7:component:link");
        cSPPolicy.getRules().remove(0);
        assertPolicyPage(cSPPolicy, cSPPolicy.getRules().size() + 1);
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("save");
        assertConfigPage(this.expectedConfig, this.expectedConfig.getPolicies().size());
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("save");
        tester.assertNoErrorMessage();
        assertConfig(this.expectedConfig);
    }

    @Test
    public void testTestEmptyURL() throws Exception {
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).submit("testLink");
        tester.assertNoErrorMessage();
        tester.assertModelValue("form:testResult", "Enter URL");
    }

    @Test
    public void testTestBlankURL() throws Exception {
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).setValue("testUrl", "     ").submit("testLink");
        tester.assertNoErrorMessage();
        tester.assertModelValue("form:testResult", "Enter URL");
    }

    @Test
    public void testTestInvalidURL() throws Exception {
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).setValue("testUrl", "~!@#$").submit("testLink");
        List messages = tester.getMessages(400);
        Assert.assertEquals(1L, messages.size());
        MatcherAssert.assertThat((Serializable) messages.get(0), Matchers.instanceOf(MalformedURLException.class));
        tester.assertModelValue("form:testResult", "ERROR");
    }

    @Test
    public void testTestValidURL() throws Exception {
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).setValue("testUrl", "http://localhost/geoserver/wms&request=GetCapabilities").submit("testLink");
        tester.assertNoErrorMessage();
        tester.assertModelValue("form:testResult", "base-uri 'self'; form-action 'self'; default-src 'none'; child-src 'self'; connect-src 'self'; font-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self';, frame-ancestors 'self';");
    }

    @Test
    public void testTestDisabled() throws Exception {
        tester.newFormTester(GeoserverTablePanelTestPage.FORM).setValue("enabled", false).setValue("testUrl", "http://localhost/geoserver/wms&request=GetCapabilities").submit("testLink");
        tester.assertNoErrorMessage();
        tester.assertModelValue("form:testResult", "NONE");
    }

    private static void assertConfigPage(CSPConfiguration cSPConfiguration, int i) {
        assertConfigPage(cSPConfiguration.isEnabled(), cSPConfiguration.isReportOnly(), cSPConfiguration.isAllowOverride(), cSPConfiguration.isInjectProxyBase(), cSPConfiguration.getRemoteResources(), cSPConfiguration.getFrameAncestors(), cSPConfiguration.getPolicies(), i);
    }

    private static void assertConfigPage(boolean z, boolean z2, boolean z3, boolean z4, String str, String str2, List<CSPPolicy> list, int i) {
        tester.assertRenderedPage(CSPConfigurationPage.class);
        tester.assertNoErrorMessage();
        tester.assertModelValue("form:enabled", Boolean.valueOf(z));
        tester.assertModelValue("form:reportOnly", Boolean.valueOf(z2));
        tester.assertModelValue("form:allowOverride", Boolean.valueOf(z3));
        tester.assertModelValue("form:injectProxyBase", Boolean.valueOf(z4));
        tester.assertModelValue("form:remoteResources", str);
        tester.assertModelValue("form:frameAncestors", str2);
        tester.assertComponent("form:policies", CSPPolicyPanel.class);
        tester.assertComponent("form:policies:add", AjaxLink.class);
        MatcherAssert.assertThat(tester.getComponentFromLastRenderedPage("form:policies:table:listContainer:items"), Matchers.instanceOf(MarkupContainer.class));
        Assert.assertEquals(list.size(), r0.size());
        for (int i2 = 1; i2 <= list.size(); i2++) {
            CSPPolicy cSPPolicy = list.get(i2 - 1);
            String str3 = "form:policies:table:listContainer:items:" + (i2 + i) + ":itemProperties:";
            tester.assertLabel(str3 + "0:component", Integer.toString(i2));
            if (cSPPolicy.isEnabled()) {
                MatcherAssert.assertThat(tester.getComponentFromLastRenderedPage(str3 + "2:component"), Matchers.instanceOf(Icon.class));
            } else {
                tester.assertLabel(str3 + "2:component", "");
            }
            tester.assertLabel(str3 + "3:component:link:label", cSPPolicy.getName());
            tester.assertModelValue(str3 + "4:component", cSPPolicy.getDescription());
        }
        tester.assertModelValue("form:testUrl", "");
        tester.assertComponent("form:testLink", AjaxSubmitLink.class);
        tester.assertModelValue("form:testResult", "");
        tester.assertComponent("form:save", SubmitLink.class);
        tester.assertComponent("form:apply", Button.class);
        tester.assertComponent("form:cancel", Button.class);
    }

    private static void assertPolicyPage(CSPPolicy cSPPolicy, int i) {
        assertPolicyPage(cSPPolicy.getName(), cSPPolicy.getDescription(), cSPPolicy.isEnabled(), cSPPolicy.getRules(), i);
    }

    private static void assertPolicyPage(String str, String str2, boolean z, List<CSPRule> list, int i) {
        tester.assertRenderedPage(CSPPolicyPage.class);
        tester.assertNoErrorMessage();
        tester.assertModelValue("form:name", str);
        if (str == null) {
            tester.assertEnabled("form:name");
        } else {
            tester.assertDisabled("form:name");
        }
        tester.assertModelValue("form:description", str2);
        tester.assertModelValue("form:enabled", Boolean.valueOf(z));
        tester.assertComponent("form:rules", CSPRulePanel.class);
        tester.assertComponent("form:rules:add", AjaxLink.class);
        MatcherAssert.assertThat(tester.getComponentFromLastRenderedPage("form:rules:table:listContainer:items"), Matchers.instanceOf(MarkupContainer.class));
        Assert.assertEquals(list.size(), r0.size());
        for (int i2 = 1; i2 <= list.size(); i2++) {
            CSPRule cSPRule = list.get(i2 - 1);
            String str3 = "form:rules:table:listContainer:items:" + (i2 + i) + ":itemProperties:";
            tester.assertLabel(str3 + "0:component", Integer.toString(i2));
            if (cSPRule.isEnabled()) {
                MatcherAssert.assertThat(tester.getComponentFromLastRenderedPage(str3 + "2:component"), Matchers.instanceOf(Icon.class));
            } else {
                tester.assertLabel(str3 + "2:component", "");
            }
            tester.assertLabel(str3 + "3:component:link:label", cSPRule.getName());
            Component componentFromLastRenderedPage = tester.getComponentFromLastRenderedPage(str3 + "4:component");
            MatcherAssert.assertThat(componentFromLastRenderedPage, Matchers.instanceOf(Icon.class));
            Assert.assertEquals(cSPRule.getDescription(), tester.getTagById(componentFromLastRenderedPage.getMarkupId()).getChild("img").getAttribute("title"));
            tester.assertModelValue(str3 + "5:component", cSPRule.getFilter());
            tester.assertModelValue(str3 + "6:component", cSPRule.getDirectives());
        }
        tester.assertComponent("form:save", SubmitLink.class);
        tester.assertComponent("form:cancel", Button.class);
    }

    private static void assertRulePage(CSPRule cSPRule) {
        assertRulePage(cSPRule.getName(), cSPRule.getDescription(), cSPRule.isEnabled(), cSPRule.getFilter(), cSPRule.getDirectives());
    }

    private static void assertRulePage(String str, String str2, boolean z, String str3, String str4) {
        tester.assertRenderedPage(CSPRulePage.class);
        tester.assertNoErrorMessage();
        tester.assertModelValue("form:name", str);
        if (str == null) {
            tester.assertEnabled("form:name");
        } else {
            tester.assertDisabled("form:name");
        }
        tester.assertModelValue("form:description", str2);
        tester.assertModelValue("form:enabled", Boolean.valueOf(z));
        tester.assertModelValue("form:filter", str3);
        tester.assertModelValue("form:directives", str4);
        tester.assertComponent("form:save", SubmitLink.class);
        tester.assertComponent("form:cancel", Button.class);
    }

    private static void assertConfig(CSPConfiguration cSPConfiguration) throws Exception {
        assertConfig(cSPConfiguration.isEnabled(), cSPConfiguration.isInjectProxyBase(), cSPConfiguration.getRemoteResources(), cSPConfiguration.getFrameAncestors(), cSPConfiguration.getPolicies());
    }

    private static void assertConfig(boolean z, boolean z2, String str, String str2, List<CSPPolicy> list) throws Exception {
        CSPConfiguration config = getConfig();
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(config.isEnabled()));
        Assert.assertEquals(Boolean.valueOf(z2), Boolean.valueOf(config.isInjectProxyBase()));
        Assert.assertEquals(str, config.getRemoteResources());
        Assert.assertEquals(str2, config.getFrameAncestors());
        Assert.assertEquals(list.size(), config.getPolicies().size());
        for (int i = 0; i < list.size(); i++) {
            assertPolicy(list.get(i), (CSPPolicy) config.getPolicies().get(i));
        }
    }

    private static void assertPolicy(CSPPolicy cSPPolicy, CSPPolicy cSPPolicy2) {
        assertPolicy(cSPPolicy2, cSPPolicy.getName(), cSPPolicy.getDescription(), cSPPolicy.isEnabled(), cSPPolicy.getRules());
    }

    private static void assertPolicy(CSPPolicy cSPPolicy, String str, String str2, boolean z, List<CSPRule> list) {
        Assert.assertEquals(str, cSPPolicy.getName());
        Assert.assertEquals(str2, cSPPolicy.getDescription());
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(cSPPolicy.isEnabled()));
        Assert.assertEquals(list.size(), cSPPolicy.getRules().size());
        for (int i = 0; i < list.size(); i++) {
            assertRule(list.get(i), (CSPRule) cSPPolicy.getRules().get(i));
        }
    }

    private static void assertRule(CSPRule cSPRule, CSPRule cSPRule2) {
        assertRule(cSPRule2, cSPRule.getName(), cSPRule.getDescription(), cSPRule.isEnabled(), cSPRule.getFilter(), cSPRule.getDirectives());
    }

    private static void assertRule(CSPRule cSPRule, String str, String str2, boolean z, String str3, String str4) {
        Assert.assertEquals(str, cSPRule.getName());
        Assert.assertEquals(str2, cSPRule.getDescription());
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(cSPRule.isEnabled()));
        Assert.assertEquals(str3, cSPRule.getFilter());
        Assert.assertEquals(str4, cSPRule.getDirectives());
    }

    private static CSPConfiguration defaultConfig() {
        return new CSPConfiguration(DEFAULT_CONFIG);
    }

    private static CSPConfiguration getConfig() throws Exception {
        CSPHeaderDAO dao = getDao();
        dao.reset();
        return dao.getConfig();
    }

    private static CSPHeaderDAO getDao() {
        return (CSPHeaderDAO) GeoServerExtensions.bean(CSPHeaderDAO.class);
    }
}
