package info.magnolia.cms.filters;

import com.mockrunner.mock.web.MockHttpServletRequest;
import com.mockrunner.mock.web.MockHttpServletResponse;
import info.magnolia.cms.beans.config.MIMEMapping;
import info.magnolia.cms.core.AggregationState;
import info.magnolia.context.MgnlContext;
import info.magnolia.jcr.util.PropertiesImportExport;
import info.magnolia.test.ComponentsTestUtil;
import info.magnolia.test.RepositoryTestCase;
import info.magnolia.test.mock.MockWebContext;
import java.io.IOException;
import java.io.StringWriter;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.EnhancedPatternLayout;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.apache.log4j.WriterAppender;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:info/magnolia/cms/filters/ContentTypeFilterTest.class */
public class ContentTypeFilterTest extends RepositoryTestCase {
    private ContentTypeFilter filter;
    private HttpServletRequest request;
    private HttpServletResponse response;
    private Level originalLogLevel;
    private Session session;

    /* loaded from: input_file:info/magnolia/cms/filters/ContentTypeFilterTest$ContentTypeChangingFilterChain.class */
    public static class ContentTypeChangingFilterChain implements FilterChain {
        final String mimeType;

        public ContentTypeChangingFilterChain(String str) {
            this.mimeType = str;
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            servletResponse.setContentType(this.mimeType);
        }
    }

    @Override // info.magnolia.test.RepositoryTestCase, info.magnolia.test.MgnlTestCase
    @Before
    public void setUp() throws Exception {
        super.setUp();
        ComponentsTestUtil.setImplementation(WebContainerResources.class, WebContainerResourcesImpl.class);
        this.filter = new ContentTypeFilter();
        this.request = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        this.response = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        this.session = MgnlContext.getJCRSession("config");
        new PropertiesImportExport().createNodes(this.session.getRootNode(), IOUtils.toInputStream("/server/MIMEMapping/foo\n/server/MIMEMapping/foo.@type=mgnl:contentNode\n/server/MIMEMapping/foo.mime-type=mime/foo\n/server/MIMEMapping/bar\n/server/MIMEMapping/bar.@type=mgnl:contentNode\n/server/MIMEMapping/bar.mime-type=mime/bar\n/server/MIMEMapping/html\n/server/MIMEMapping/html.extension=html\n/server/MIMEMapping/html.mime-type=text/html"));
        this.session.save();
        MIMEMapping.init();
        this.originalLogLevel = Logger.getRootLogger().getLevel();
    }

    @Override // info.magnolia.test.RepositoryTestCase, info.magnolia.test.MgnlTestCase
    @After
    public void tearDown() throws Exception {
        this.session.removeItem("/server/MIMEMapping");
        MIMEMapping.reload();
        super.tearDown();
        Logger.getRootLogger().setLevel(this.originalLogLevel);
    }

    @Test
    public void testFilterWithEmptyDefaultExtension() {
        this.filter.setupContentTypeAndCharacterEncoding("", this.request, this.response);
        ((HttpServletResponse) Mockito.verify(this.response)).setCharacterEncoding("UTF-8");
    }

    @Test
    public void testFilterRestrictedToKnownExtensionsOnlyWithKnownRequestExtension() throws IOException, ServletException {
        this.filter.setRegisteredExtensionsOnly(true);
        HttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURI("/magnoliaAuthor/some/path.foo");
        MockWebContext mockWebContext = (MockWebContext) MgnlContext.getWebContext();
        mockWebContext.setContextPath("/magnoliaAuthor");
        mockWebContext.setRequest(mockHttpServletRequest);
        mockWebContext.setResponse(this.response);
        this.filter.doFilter(mockHttpServletRequest, this.response, (FilterChain) Mockito.mock(FilterChain.class));
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.never())).sendError(400, String.format("Unsupported extension=%1$s.", "foo"));
        ((HttpServletResponse) Mockito.verify(this.response)).setCharacterEncoding("UTF-8");
    }

    @Test
    public void testFilterRestrictedToKnownExtensionsOnlyWithUnknownRequestExtension() throws IOException, ServletException {
        this.filter.setRegisteredExtensionsOnly(true);
        HttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURI("/magnoliaAuthor/some/path.blabla");
        MockWebContext mockWebContext = (MockWebContext) MgnlContext.getWebContext();
        mockWebContext.setContextPath("/magnoliaAuthor");
        mockWebContext.setRequest(mockHttpServletRequest);
        mockWebContext.setResponse(this.response);
        this.filter.doFilter(mockHttpServletRequest, this.response, (FilterChain) Mockito.mock(FilterChain.class));
        ((HttpServletResponse) Mockito.verify(this.response)).sendError(400, String.format("Unsupported extension=%1$s.", "blabla"));
    }

    @Test
    public void testFilterSetToCrosscheckMimeTypeWithWrongMimeType() throws IOException, ServletException {
        this.filter.setValidateContentType(true);
        HttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURI("/magnoliaAuthor/some/path.foo");
        MockWebContext mockWebContext = (MockWebContext) MgnlContext.getWebContext();
        mockWebContext.setContextPath("/magnoliaAuthor");
        mockWebContext.setRequest(mockHttpServletRequest);
        mockWebContext.setResponse(this.response);
        this.filter.doFilter(mockHttpServletRequest, this.response, new ContentTypeChangingFilterChain("mime/bar"));
        ((HttpServletResponse) Mockito.verify(this.response)).sendError(400, String.format("Invalid Content-Type for given extension=%1$s.", "mime/bar"));
    }

    @Test
    public void testFilterSetToNotCrosscheckMimeTypeWithWrongMimeType() throws IOException, ServletException {
        this.filter.setValidateContentType(false);
        HttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURI("/magnoliaAuthor/some/path.foo");
        MockWebContext mockWebContext = (MockWebContext) MgnlContext.getWebContext();
        mockWebContext.setContextPath("/magnoliaAuthor");
        mockWebContext.setRequest(mockHttpServletRequest);
        mockWebContext.setResponse(this.response);
        this.filter.doFilter(mockHttpServletRequest, this.response, new ContentTypeChangingFilterChain("mime/bar"));
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.never())).sendError(400, String.format("Invalid Content-Type for given extension=%1$s.", "mime/bar"));
    }

    @Test
    public void testHandlesRequestUriWithJSessionId() throws IOException, ServletException, RepositoryException {
        HttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURL("http://localhost:8080/magnoliaAuthor/some/path.foo;JSESSIONID=EE3DB6042B1B57AD55C2633428F44496");
        mockHttpServletRequest.setRequestURI("/magnoliaAuthor/some/path.foo;JSESSIONID=EE3DB6042B1B57AD55C2633428F44496");
        mockHttpServletRequest.setContextPath("/magnoliaAuthor");
        mockHttpServletRequest.setServletPath("");
        mockHttpServletRequest.setPathInfo("/some/path.foo");
        HttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockWebContext mockWebContext = (MockWebContext) MgnlContext.getWebContext();
        mockWebContext.setContextPath("/magnoliaAuthor");
        mockWebContext.setRequest(mockHttpServletRequest);
        mockWebContext.setResponse(mockHttpServletResponse);
        this.filter.doFilter(mockHttpServletRequest, mockHttpServletResponse, new FilterChain() { // from class: info.magnolia.cms.filters.ContentTypeFilterTest.1
            public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            }
        });
        AggregationState aggregationState = MgnlContext.getAggregationState();
        Assert.assertEquals("http://localhost:8080/magnoliaAuthor/some/path.foo;JSESSIONID=EE3DB6042B1B57AD55C2633428F44496", aggregationState.getOriginalBrowserURL());
        Assert.assertEquals("http://localhost:8080/magnoliaAuthor/some/path.foo;JSESSIONID=EE3DB6042B1B57AD55C2633428F44496", aggregationState.getOriginalURL());
        Assert.assertEquals("/some/path.foo", aggregationState.getOriginalBrowserURI());
        Assert.assertEquals("/some/path.foo", aggregationState.getOriginalURI());
        Assert.assertEquals("/some/path.foo", aggregationState.getCurrentURI());
        Assert.assertEquals("foo", aggregationState.getExtension());
    }

    @Test
    public void simpleURIisProperlyNormalizedAndDecoded() throws Exception {
        checkCurrentURI("/some/path.foo", "/some/path.foo");
    }

    @Test
    public void oneDotURIisProperlyNormalizedAndDecoded() throws Exception {
        checkCurrentURI("/some/./path.foo", "/some/path.foo");
    }

    @Test
    public void doubleDotURIisProperlyNormalizedAndDecoded() throws Exception {
        checkCurrentURI("/some/other/../path.foo", "/some/path.foo");
    }

    @Test
    public void URIwithSpacesIsProperlyNormalizedAndDecoded() throws Exception {
        checkCurrentURI("/some/path/file%20with%20spaces%20in%20name.foo", "/some/path/file with spaces in name.foo");
    }

    @Test
    public void URIwithPercentageIsProperlyNormalizedAndDecoded() throws Exception {
        checkCurrentURI("/some/path/file%25with%20spaces%20in%20name.foo", "/some/path/file%with spaces in name.foo");
    }

    @Test
    public void URIwithUtf8CharsIsProperlyNormalizedAndDecoded() throws Exception {
        checkCurrentURI("/some/path/%C5%BElu%C5%A5ou%C4%8Dk%C3%BD.foo", "/some/path/žluťoučký.foo");
    }

    @Test
    public void complexURIisProperlyNormalizedAndDecoded() throws Exception {
        checkCurrentURI("/some/./path/toBeRemoved/../%C5%BElu%C5%A5ou%C4%8Dk%C3%BD/file%20with%20spaces%20in%20name.foo", "/some/path/žluťoučký/file with spaces in name.foo");
    }

    @Test
    public void testPercentSymbolInUrlDoesNotThrowExceptionAndReturnsError400() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURI(StringUtils.substringBefore("http://example.com/page.html?test=%", "?"));
        mockHttpServletRequest.setRequestURL("http://example.com/page.html?test=%");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.filter.doFilter(mockHttpServletRequest, mockHttpServletResponse, new FilterChain() { // from class: info.magnolia.cms.filters.ContentTypeFilterTest.2
            public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            }
        });
        Assert.assertThat("URL is malformed and we expect that error 400 Bad request is send back in response.", Integer.valueOf(mockHttpServletResponse.getErrorCode()), Matchers.equalTo(400));
    }

    @Test
    public void testSubstringAfterLastDotInCurrentUriIsXssEscapedIfSanitizeXssUriIsTrue() throws Exception {
        checkCurrentURI("/demo-project.html%22%3E%3Cimg%20src%3daonerror%3dalert(1)%3e", "/demo-project.html&quot;&gt;&lt;img src=aonerror=alert(1)&gt;");
    }

    @Test
    public void testSubstringAfterLastDotInCurrentUriIsNotXssEscapedIfSanitizeXssUriIsFalse() throws Exception {
        this.filter.setSanitizeXssUri(false);
        checkCurrentURI("/demo-project.html%22%3E%3Cimg%20src%3daonerror%3dalert(1)%3e", "/demo-project.html\"><img src=aonerror=alert(1)>");
    }

    @Test
    public void testCurrentUriIsNotXssEscapedIfDoesNotContainDotAndSanitizeXssUriIsTrue() throws Exception {
        checkCurrentURI("/demo-projecthtml%22%3E%3Cimg%20src%3daonerror%3dalert(1)%3e", "/demo-projecthtml\"><img src=aonerror=alert(1)>");
    }

    @Test
    public void testOnlySubstringAfterLastDotIsXssEscapedInCurrentUriIfSanitizeXssUriIsTrue() throws Exception {
        checkCurrentURI("/demo-project.html%22%3E%3Cimg%20src%3daonerror%3dalert(1)%3e.html%22%3E%3Cimg%20src%3daonerror%3dalert(1)%3e", "/demo-project.html\"><img src=aonerror=alert(1)>.html&quot;&gt;&lt;img src=aonerror=alert(1)&gt;");
    }

    @Test
    public void contentTypeIsNotSetIfAlreadySetDeeperInFilterChain() throws Exception {
        Mockito.when(this.request.getRequestURI()).thenReturn("/requestURI.foo");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        this.filter.doFilter(this.request, mockHttpServletResponse, new FilterChain() { // from class: info.magnolia.cms.filters.ContentTypeFilterTest.3
            public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
                servletResponse.setContentType("mime/deeperInFilterChain");
            }
        });
        Assert.assertEquals("mime/deeperInFilterChain", mockHttpServletResponse.getContentType());
    }

    @Test
    public void logWarningAndSetContentTypeIfContentTypeIsNotSet() throws Exception {
        StringWriter stringWriter = new StringWriter();
        EnhancedPatternLayout enhancedPatternLayout = new EnhancedPatternLayout("%r [%t] %p %c %x - %m%n");
        Logger.getRootLogger().setLevel(Level.INFO);
        Logger.getRootLogger().addAppender(new WriterAppender(enhancedPatternLayout, stringWriter));
        Mockito.when(this.request.getRequestURI()).thenReturn("requestURI");
        Mockito.when(this.request.getRequestURL()).thenReturn(new StringBuffer("requestURL"));
        Mockito.when(Boolean.valueOf(this.response.isCommitted())).thenReturn(false);
        this.filter.doFilter(this.request, this.response, (FilterChain) Mockito.mock(FilterChain.class));
        Assert.assertThat(stringWriter.toString(), Matchers.containsString("Content type for requestURL is not set."));
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.atLeast(1))).setContentType("text/html");
        Assert.assertThat(stringWriter.toString(), Matchers.containsString("Response is not committed yet. Setting content type: text/html."));
    }

    private void checkCurrentURI(String str, String str2) throws Exception {
        HttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setRequestURL("http://localhost:8080/magnoliaAuthor" + str + ";JSESSIONID=EE3DB6042B1B57AD55C2633428F44496");
        mockHttpServletRequest.setRequestURI("/magnoliaAuthor" + str + ";JSESSIONID=EE3DB6042B1B57AD55C2633428F44496");
        mockHttpServletRequest.setContextPath("/magnoliaAuthor");
        mockHttpServletRequest.setServletPath("");
        mockHttpServletRequest.setPathInfo(str);
        HttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MgnlContext.resetAggregationState();
        MockWebContext mockWebContext = (MockWebContext) MgnlContext.getWebContext();
        mockWebContext.setContextPath("/magnoliaAuthor");
        mockWebContext.setRequest(mockHttpServletRequest);
        mockWebContext.setResponse(mockHttpServletResponse);
        this.filter.doFilter(mockHttpServletRequest, mockHttpServletResponse, new FilterChain() { // from class: info.magnolia.cms.filters.ContentTypeFilterTest.4
            public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            }
        });
        Assert.assertEquals(str2, MgnlContext.getAggregationState().getCurrentURI());
    }
}
