package com.vaadin.tests.server;

import com.vaadin.server.MockServletConfig;
import com.vaadin.server.ServiceException;
import com.vaadin.server.VaadinService;
import com.vaadin.server.VaadinServlet;
import com.vaadin.server.VaadinServletRequest;
import com.vaadin.server.VaadinServletService;
import com.vaadin.server.VaadinSession;
import com.vaadin.server.communication.ServerRpcHandler;
import com.vaadin.tests.util.AlwaysLockedVaadinSession;
import com.vaadin.tests.util.MockDeploymentConfiguration;
import elemental.json.JsonException;
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import org.easymock.EasyMock;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:com/vaadin/tests/server/CsrfTokenMissingTest.class */
public class CsrfTokenMissingTest {
    private VaadinServlet mockServlet;
    private MockDeploymentConfiguration mockDeploymentConfiguration;
    private VaadinServletService mockService;
    private VaadinSession mockSession;
    private VaadinServletRequest vaadinRequest;
    private TokenType tokenType;
    private String invalidToken;
    private static Logger LOGGER = Logger.getLogger(CsrfTokenMissingTest.class.getName());

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/vaadin/tests/server/CsrfTokenMissingTest$TokenType.class */
    public enum TokenType {
        MISSING,
        INVALID,
        VALID
    }

    @Before
    public void initMockStuff() throws ServiceException, ServletException {
        this.mockServlet = new VaadinServlet();
        this.mockServlet.init(new MockServletConfig());
        this.mockDeploymentConfiguration = new MockDeploymentConfiguration();
        this.mockService = new VaadinServletService(this.mockServlet, this.mockDeploymentConfiguration);
        this.mockSession = new AlwaysLockedVaadinSession(this.mockService);
        this.vaadinRequest = new VaadinServletRequest((HttpServletRequest) EasyMock.createMock(HttpServletRequest.class), this.mockService);
    }

    public String getInvalidToken() {
        if (this.invalidToken == null) {
            this.invalidToken = UUID.randomUUID().toString().substring(1);
        }
        return this.invalidToken;
    }

    private String getValidToken() {
        return this.mockSession.getCsrfToken();
    }

    private String getPayload() {
        switch (this.tokenType) {
            case MISSING:
                return getPayload(null);
            case INVALID:
                return getPayload(getInvalidToken());
            case VALID:
                return getPayload(getValidToken());
            default:
                return null;
        }
    }

    private String getPayload(String str) {
        return "{" + (str != null ? "\"csrfToken\":\"" + str + "\", " : "") + "\"rpc\":[[\"0\",\"com.vaadin.shared.ui.ui.UIServerRpc\",\"resize\",[\"449\",\"1155\",\"1155\",\"449\"]],[\"4\",\"com.vaadin.shared.ui.button.ButtonServerRpc\",\"click\",[{\"clientY\":\"53\", \"clientX\":\"79\", \"shiftKey\":false, \"button\":\"LEFT\", \"ctrlKey\":false, \"type\":\"1\", \"metaKey\":false, \"altKey\":false, \"relativeY\":\"17\", \"relativeX\":\"61\"}]]], \"syncId\":1}";
    }

    private void initTest(boolean z, TokenType tokenType) {
        this.mockDeploymentConfiguration.setXsrfProtectionEnabled(z);
        this.tokenType = tokenType;
    }

    private ServerRpcHandler.RpcRequest createRequest() {
        try {
            return new ServerRpcHandler.RpcRequest(getPayload(), this.vaadinRequest);
        } catch (JsonException e) {
            LOGGER.log(Level.SEVERE, "", e);
            Assert.assertTrue(false);
            return null;
        }
    }

    private boolean isDefaultToken(ServerRpcHandler.RpcRequest rpcRequest) {
        return "init".equals(rpcRequest.getCsrfToken());
    }

    private boolean isInvalidToken(ServerRpcHandler.RpcRequest rpcRequest) {
        return getInvalidToken().equals(rpcRequest.getCsrfToken());
    }

    private boolean isValidToken(ServerRpcHandler.RpcRequest rpcRequest) {
        return getValidToken().equals(rpcRequest.getCsrfToken());
    }

    private boolean isRequestValid(ServerRpcHandler.RpcRequest rpcRequest) {
        return VaadinService.isCsrfTokenValid(this.mockSession, rpcRequest.getCsrfToken());
    }

    @Test
    public void securityOnAndNoToken() {
        initTest(true, TokenType.MISSING);
        ServerRpcHandler.RpcRequest createRequest = createRequest();
        Assert.assertTrue(isDefaultToken(createRequest));
        Assert.assertFalse(isRequestValid(createRequest));
    }

    @Test
    public void securityOffAndNoToken() {
        initTest(false, TokenType.MISSING);
        ServerRpcHandler.RpcRequest createRequest = createRequest();
        Assert.assertTrue(isDefaultToken(createRequest));
        Assert.assertTrue(isRequestValid(createRequest));
    }

    @Test
    public void securityOnAndInvalidToken() {
        initTest(true, TokenType.INVALID);
        ServerRpcHandler.RpcRequest createRequest = createRequest();
        Assert.assertTrue(isInvalidToken(createRequest));
        Assert.assertFalse(isRequestValid(createRequest));
    }

    @Test
    public void securityOffAndInvalidToken() {
        initTest(false, TokenType.INVALID);
        ServerRpcHandler.RpcRequest createRequest = createRequest();
        Assert.assertTrue(isInvalidToken(createRequest));
        Assert.assertTrue(isRequestValid(createRequest));
    }

    @Test
    public void securityOnAndValidToken() {
        initTest(true, TokenType.VALID);
        ServerRpcHandler.RpcRequest createRequest = createRequest();
        Assert.assertTrue(isValidToken(createRequest));
        Assert.assertTrue(isRequestValid(createRequest));
    }

    @Test
    public void securityOffAndValidToken() {
        initTest(false, TokenType.VALID);
        ServerRpcHandler.RpcRequest createRequest = createRequest();
        Assert.assertTrue(isValidToken(createRequest));
        Assert.assertTrue(isRequestValid(createRequest));
    }

    static {
        LOGGER.setLevel(Level.ALL);
    }
}
