package jakarta.mvc.tck.tests.security.csrf.header;

import com.gargoylesoftware.htmlunit.HttpMethod;
import com.gargoylesoftware.htmlunit.WebClient;
import com.gargoylesoftware.htmlunit.WebRequest;
import com.gargoylesoftware.htmlunit.WebResponse;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
import com.gargoylesoftware.htmlunit.util.NameValuePair;
import jakarta.mvc.tck.Sections;
import jakarta.mvc.tck.util.Archives;
import jakarta.mvc.tck.util.MvcMatchers;
import java.io.IOException;
import java.net.URL;
import java.util.Collections;
import org.hamcrest.CoreMatchers;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.jboss.test.audit.annotations.SpecAssertion;
import org.jboss.test.audit.annotations.SpecAssertions;
import org.jboss.test.audit.annotations.SpecVersion;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;

@SpecVersion(spec = "mvc", version = "1.0")
@RunWith(Arquillian.class)
/* loaded from: input_file:jakarta/mvc/tck/tests/security/csrf/header/CsrfCustomHeaderTest.class */
public class CsrfCustomHeaderTest {

    @ArquillianResource
    private URL baseUrl;
    private WebClient webClient;

    @Deployment(testable = false)
    public static WebArchive createDeployment() {
        return Archives.getMvcArchive(CsrfCustomHeaderApplication.class).addClass(CsrfHeaderController.class).addView("csrf/header/form.jsp").addView("csrf/header/success.jsp").build();
    }

    @Before
    public void before() {
        this.webClient = new WebClient();
        this.webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
        this.webClient.getOptions().setRedirectEnabled(false);
    }

    @Test
    @SpecAssertions({@SpecAssertion(section = Sections.SECURITY_CSRF, id = "csrf-verify"), @SpecAssertion(section = Sections.SECURITY_CSRF, id = "csrf-custom-header-name")})
    public void submitValidCustomTokenViaHeader() throws IOException {
        HtmlPage page = this.webClient.getPage(this.baseUrl.toString() + "mvc/csrf/header/form");
        Assert.assertThat(Integer.valueOf(page.getWebResponse().getStatusCode()), CoreMatchers.equalTo(200));
        String responseHeaderValue = page.getWebResponse().getResponseHeaderValue("X-CSRF-Custom-Header-Name");
        Assert.assertThat(responseHeaderValue, MvcMatchers.isNotBlank());
        WebRequest webRequest = new WebRequest(new URL(this.baseUrl.toString() + "mvc/csrf/header/process"));
        webRequest.setHttpMethod(HttpMethod.POST);
        webRequest.setAdditionalHeader("X-CSRF-Custom-Header-Name", responseHeaderValue);
        webRequest.setRequestParameters(Collections.singletonList(new NameValuePair("name", "Charlie")));
        WebResponse loadWebResponse = this.webClient.loadWebResponse(webRequest);
        Assert.assertThat(Integer.valueOf(loadWebResponse.getStatusCode()), CoreMatchers.equalTo(200));
        Assert.assertThat(loadWebResponse.getContentAsString(), CoreMatchers.containsString("Hi Charlie!"));
    }

    @Test
    @SpecAssertions({@SpecAssertion(section = Sections.SECURITY_CSRF, id = "csrf-verify"), @SpecAssertion(section = Sections.SECURITY_CSRF, id = "csrf-custom-header-name")})
    public void submitInvalidCustomTokenViaHeader() throws IOException {
        Assert.assertThat(Integer.valueOf(this.webClient.getPage(this.baseUrl.toString() + "mvc/csrf/header/form").getWebResponse().getStatusCode()), CoreMatchers.equalTo(200));
        WebRequest webRequest = new WebRequest(new URL(this.baseUrl.toString() + "mvc/csrf/header/process"));
        webRequest.setHttpMethod(HttpMethod.POST);
        webRequest.setAdditionalHeader("X-CSRF-Custom-Header-Name", "INVALID-TOKEN");
        webRequest.setRequestParameters(Collections.singletonList(new NameValuePair("name", "David")));
        Assert.assertThat(Integer.valueOf(this.webClient.loadWebResponse(webRequest).getStatusCode()), CoreMatchers.equalTo(403));
    }
}
