package org.pac4j.core.authorization.authorizer;

import java.util.Date;
import java.util.List;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.pac4j.core.context.HttpConstants;
import org.pac4j.core.context.MockWebContext;
import org.pac4j.core.context.session.MockSessionStore;
import org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator;
import org.pac4j.core.util.TestsConstants;

/* loaded from: input_file:org/pac4j/core/authorization/authorizer/CsrfAuthorizerTests.class */
public final class CsrfAuthorizerTests implements TestsConstants {
    private CsrfAuthorizer authorizer;
    private long expirationDate;

    @Before
    public void setUp() {
        this.authorizer = new CsrfAuthorizer();
        this.authorizer.setCheckAllRequests(true);
        this.expirationDate = new Date().getTime() + (1000 * new DefaultCsrfTokenGenerator().getTtlInSeconds());
    }

    @Test
    public void testParameterOk() {
        MockWebContext addRequestParameter = MockWebContext.create().addRequestParameter("pac4jCsrfToken", TestsConstants.VALUE);
        MockSessionStore mockSessionStore = new MockSessionStore();
        mockSessionStore.set(addRequestParameter, "pac4jCsrfToken", TestsConstants.VALUE);
        mockSessionStore.set(addRequestParameter, "pac4jCsrfTokenExpirationDate", Long.valueOf(this.expirationDate));
        Assert.assertTrue(this.authorizer.isAuthorized(addRequestParameter, mockSessionStore, (List) null));
    }

    @Test
    public void testParameterOkPreviousToken() {
        MockWebContext addRequestParameter = MockWebContext.create().addRequestParameter("pac4jCsrfToken", TestsConstants.VALUE);
        MockSessionStore mockSessionStore = new MockSessionStore();
        mockSessionStore.set(addRequestParameter, "pac4jPreviousCsrfToken", TestsConstants.VALUE);
        mockSessionStore.set(addRequestParameter, "pac4jCsrfToken", TestsConstants.KEY);
        mockSessionStore.set(addRequestParameter, "pac4jCsrfTokenExpirationDate", Long.valueOf(this.expirationDate));
        Assert.assertTrue(this.authorizer.isAuthorized(addRequestParameter, mockSessionStore, (List) null));
        Assert.assertFalse(mockSessionStore.get(addRequestParameter, "pac4jPreviousCsrfToken").isPresent());
    }

    @Test
    public void testParameterNoExpirationDate() {
        MockWebContext addRequestParameter = MockWebContext.create().addRequestParameter("pac4jCsrfToken", TestsConstants.VALUE);
        MockSessionStore mockSessionStore = new MockSessionStore();
        mockSessionStore.set(addRequestParameter, "pac4jCsrfToken", TestsConstants.VALUE);
        Assert.assertFalse(this.authorizer.isAuthorized(addRequestParameter, mockSessionStore, (List) null));
    }

    @Test
    public void testParameterExpiredDate() {
        long time = new Date().getTime() - 1000;
        MockWebContext addRequestParameter = MockWebContext.create().addRequestParameter("pac4jCsrfToken", TestsConstants.VALUE);
        MockSessionStore mockSessionStore = new MockSessionStore();
        mockSessionStore.set(addRequestParameter, "pac4jCsrfToken", TestsConstants.VALUE);
        mockSessionStore.set(addRequestParameter, "pac4jCsrfTokenExpirationDate", Long.valueOf(time));
        Assert.assertFalse(this.authorizer.isAuthorized(addRequestParameter, mockSessionStore, (List) null));
    }

    @Test
    public void testParameterOkNewName() {
        MockWebContext addRequestParameter = MockWebContext.create().addRequestParameter(TestsConstants.NAME, TestsConstants.VALUE);
        MockSessionStore mockSessionStore = new MockSessionStore();
        mockSessionStore.set(addRequestParameter, "pac4jCsrfToken", TestsConstants.VALUE);
        mockSessionStore.set(addRequestParameter, "pac4jCsrfTokenExpirationDate", Long.valueOf(this.expirationDate));
        this.authorizer.setParameterName(TestsConstants.NAME);
        Assert.assertTrue(this.authorizer.isAuthorized(addRequestParameter, mockSessionStore, (List) null));
    }

    @Test
    public void testHeaderOk() {
        MockWebContext addRequestHeader = MockWebContext.create().addRequestHeader("pac4jCsrfToken", TestsConstants.VALUE);
        MockSessionStore mockSessionStore = new MockSessionStore();
        mockSessionStore.set(addRequestHeader, "pac4jCsrfToken", TestsConstants.VALUE);
        mockSessionStore.set(addRequestHeader, "pac4jCsrfTokenExpirationDate", Long.valueOf(this.expirationDate));
        Assert.assertTrue(this.authorizer.isAuthorized(addRequestHeader, mockSessionStore, (List) null));
    }

    @Test
    public void testHeaderOkNewName() {
        MockWebContext addRequestHeader = MockWebContext.create().addRequestHeader(TestsConstants.NAME, TestsConstants.VALUE);
        MockSessionStore mockSessionStore = new MockSessionStore();
        mockSessionStore.set(addRequestHeader, "pac4jCsrfToken", TestsConstants.VALUE);
        mockSessionStore.set(addRequestHeader, "pac4jCsrfTokenExpirationDate", Long.valueOf(this.expirationDate));
        this.authorizer.setHeaderName(TestsConstants.NAME);
        Assert.assertTrue(this.authorizer.isAuthorized(addRequestHeader, mockSessionStore, (List) null));
    }

    @Test
    public void testNoToken() {
        MockWebContext create = MockWebContext.create();
        MockSessionStore mockSessionStore = new MockSessionStore();
        mockSessionStore.set(create, "pac4jCsrfToken", TestsConstants.VALUE);
        mockSessionStore.set(create, "pac4jCsrfTokenExpirationDate", Long.valueOf(this.expirationDate));
        Assert.assertFalse(this.authorizer.isAuthorized(create, mockSessionStore, (List) null));
    }

    @Test
    public void testNoTokenCheckAll() {
        MockWebContext create = MockWebContext.create();
        MockSessionStore mockSessionStore = new MockSessionStore();
        mockSessionStore.set(create, "pac4jCsrfToken", TestsConstants.VALUE);
        mockSessionStore.set(create, "pac4jCsrfTokenExpirationDate", Long.valueOf(this.expirationDate));
        this.authorizer.setCheckAllRequests(false);
        Assert.assertTrue(this.authorizer.isAuthorized(create, mockSessionStore, (List) null));
    }

    @Test
    public void testNoTokenRequest() {
        internalTestNoTokenRequest(HttpConstants.HTTP_METHOD.POST);
        internalTestNoTokenRequest(HttpConstants.HTTP_METHOD.PUT);
        internalTestNoTokenRequest(HttpConstants.HTTP_METHOD.PATCH);
        internalTestNoTokenRequest(HttpConstants.HTTP_METHOD.DELETE);
    }

    private void internalTestNoTokenRequest(HttpConstants.HTTP_METHOD http_method) {
        MockWebContext create = MockWebContext.create();
        MockSessionStore mockSessionStore = new MockSessionStore();
        mockSessionStore.set(create, "pac4jCsrfToken", TestsConstants.VALUE);
        mockSessionStore.set(create, "pac4jCsrfTokenExpirationDate", Long.valueOf(this.expirationDate));
        create.setRequestMethod(http_method.name());
        Assert.assertFalse(this.authorizer.isAuthorized(create, mockSessionStore, (List) null));
    }

    @Test
    public void testHeaderOkButNoTokenInSession() {
        MockWebContext addRequestHeader = MockWebContext.create().addRequestHeader("pac4jCsrfToken", TestsConstants.VALUE);
        MockSessionStore mockSessionStore = new MockSessionStore();
        mockSessionStore.set(addRequestHeader, "pac4jCsrfTokenExpirationDate", Long.valueOf(this.expirationDate));
        Assert.assertFalse(this.authorizer.isAuthorized(addRequestHeader, mockSessionStore, (List) null));
    }
}
