package org.eclipse.jetty.servlet;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.EnumSet;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.eclipse.jetty.server.LocalConnector;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.toolchain.test.FS;
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
import org.eclipse.jetty.toolchain.test.OS;
import org.eclipse.jetty.toolchain.test.TestingDir;
import org.eclipse.jetty.util.IO;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;

/* loaded from: input_file:org/eclipse/jetty/servlet/DefaultServletTest.class */
public class DefaultServletTest {

    @Rule
    public TestingDir testdir = new TestingDir();
    private Server server;
    private LocalConnector connector;
    private ServletContextHandler context;

    /* loaded from: input_file:org/eclipse/jetty/servlet/DefaultServletTest$OutputFilter.class */
    public static class OutputFilter implements Filter {
        public void init(FilterConfig filterConfig) throws ServletException {
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
            servletResponse.getOutputStream().println("Extra Info");
            filterChain.doFilter(servletRequest, servletResponse);
        }

        public void destroy() {
        }
    }

    /* loaded from: input_file:org/eclipse/jetty/servlet/DefaultServletTest$WriterFilter.class */
    public static class WriterFilter implements Filter {
        public void init(FilterConfig filterConfig) throws ServletException {
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
            servletResponse.getWriter().println("Extra Info");
            filterChain.doFilter(servletRequest, servletResponse);
        }

        public void destroy() {
        }
    }

    @Before
    public void init() throws Exception {
        this.server = new Server();
        this.server.setSendServerVersion(false);
        this.connector = new LocalConnector(this.server);
        this.context = new ServletContextHandler();
        this.context.setContextPath("/context");
        this.context.setWelcomeFiles(new String[]{"index.html", "index.jsp", "index.htm"});
        this.server.setHandler(this.context);
        this.server.addConnector(this.connector);
        this.server.start();
    }

    @After
    public void destroy() throws Exception {
        this.server.stop();
        this.server.join();
    }

    @Test
    public void testListingWithSession() throws Exception {
        ServletHolder addServlet = this.context.addServlet(DefaultServlet.class, "/*");
        addServlet.setInitParameter("dirAllowed", "true");
        addServlet.setInitParameter("redirectWelcome", "false");
        addServlet.setInitParameter("gzip", "false");
        this.testdir.ensureEmpty();
        File file = this.testdir.getFile("docroot");
        Assert.assertTrue(file.mkdirs());
        Assert.assertTrue(new File(file, "one").mkdir());
        Assert.assertTrue(new File(file, "two").mkdir());
        Assert.assertTrue(new File(file, "three").mkdir());
        addServlet.setInitParameter("resourceBase", file.getAbsolutePath());
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("GET /context/;JSESSIONID=1234567890 HTTP/1.0\n\n");
        String responses = this.connector.getResponses(stringBuffer.toString());
        assertResponseContains("/one/;JSESSIONID=1234567890", responses);
        assertResponseContains("/two/;JSESSIONID=1234567890", responses);
        assertResponseContains("/three/;JSESSIONID=1234567890", responses);
        assertResponseNotContains("<script>", responses);
    }

    @Test
    public void testListingXSS() throws Exception {
        ServletHolder addServlet = this.context.addServlet(DefaultServlet.class, "/*");
        addServlet.setInitParameter("dirAllowed", "true");
        addServlet.setInitParameter("redirectWelcome", "false");
        addServlet.setInitParameter("gzip", "false");
        this.testdir.ensureEmpty();
        File file = this.testdir.getFile("docroot");
        FS.ensureDirExists(file);
        Assert.assertTrue(new File(file, "one").mkdir());
        Assert.assertTrue(new File(file, "two").mkdir());
        Assert.assertTrue(new File(file, "three").mkdir());
        if (!OS.IS_WINDOWS) {
            Assert.assertTrue("Creating dir 'f??r' (Might not work in Windows)", new File(file, "f??r").mkdir());
        }
        addServlet.setInitParameter("resourceBase", file.getAbsolutePath());
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("GET /context/;<script>window.alert(\"hi\");</script> HTTP/1.0\n");
        stringBuffer.append("\n");
        String responses = this.connector.getResponses(stringBuffer.toString());
        assertResponseContains("/one/", responses);
        assertResponseContains("/two/", responses);
        assertResponseContains("/three/", responses);
        if (!OS.IS_WINDOWS) {
            assertResponseContains("/f%3F%3Fr", responses);
        }
        assertResponseNotContains("<script>", responses);
    }

    @Test
    public void testListingProperUrlEncoding() throws Exception {
        ServletHolder addServlet = this.context.addServlet(DefaultServlet.class, "/*");
        addServlet.setInitParameter("dirAllowed", "true");
        addServlet.setInitParameter("redirectWelcome", "false");
        addServlet.setInitParameter("gzip", "false");
        this.testdir.ensureEmpty();
        File file = this.testdir.getFile("docroot");
        Assert.assertTrue(file.mkdirs());
        File file2 = new File(file, "dir;");
        Assert.assertTrue(file2.mkdirs());
        Assert.assertTrue(new File(file2, "four").mkdir());
        Assert.assertTrue(new File(file2, "five").mkdir());
        Assert.assertTrue(new File(file2, "six").mkdir());
        addServlet.setInitParameter("resourceBase", file.getAbsolutePath());
        assertResponseContains("HTTP/1.1 404 Not Found", this.connector.getResponses("GET /context/dir;/ HTTP/1.0\r\n\r\n"));
        String responses = this.connector.getResponses("GET /context/dir%3B/ HTTP/1.0\r\n\r\n");
        assertResponseNotContains("%253B", responses);
        assertResponseContains("/dir%3B/", responses);
        assertResponseContains("/dir%3B/four/", responses);
        assertResponseContains("/dir%3B/five/", responses);
        assertResponseContains("/dir%3B/six/", responses);
    }

    @Test
    public void testListingContextBreakout() throws Exception {
        ServletHolder addServlet = this.context.addServlet(DefaultServlet.class, "/");
        addServlet.setInitParameter("dirAllowed", "true");
        addServlet.setInitParameter("redirectWelcome", "false");
        addServlet.setInitParameter("gzip", "false");
        addServlet.setInitParameter("aliases", "true");
        this.testdir.ensureEmpty();
        File file = this.testdir.getFile("docroot");
        Assert.assertTrue(file.mkdirs());
        createFile(new File(file, "index.html"), "<h1>Hello Index</h1>");
        File file2 = new File(file, "dir?");
        if (!OS.IS_WINDOWS) {
            FS.ensureDirExists(file2);
        }
        Assert.assertTrue(new File(file, "dir;").mkdirs());
        File file3 = this.testdir.getFile("sekret");
        Assert.assertTrue(file3.mkdirs());
        createFile(new File(file3, "pass"), "Sssh, you shouldn't be seeing this");
        addServlet.setInitParameter("resourceBase", file.getAbsolutePath());
        assertResponseContains("<h1>Hello Index</h1>", this.connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"));
        String responses = this.connector.getResponses("GET /context/dir?/ HTTP/1.0\r\n\r\n");
        assertResponseContains("404", responses);
        if (OS.IS_WINDOWS) {
            assertResponseContains("404", responses);
        } else {
            assertResponseContains("Directory: /context/dir?/<", this.connector.getResponses("GET /context/dir%3F/ HTTP/1.0\r\n\r\n"));
        }
        assertResponseContains("Hello Index", this.connector.getResponses("GET /context/index.html HTTP/1.0\r\n\r\n"));
        assertResponseContains("Hello Index", this.connector.getResponses("GET /context/dir%3F/../index.html HTTP/1.0\r\n\r\n"));
        assertResponseNotContains("Directory: ", this.connector.getResponses("GET /context/dir%3F/../../ HTTP/1.0\r\n\r\n"));
        assertResponseNotContains("Sssh", this.connector.getResponses("GET /context/dir%3F/../../sekret/pass HTTP/1.0\r\n\r\n"));
        assertResponseNotContains("Directory: ", this.connector.getResponses("GET /context/dir?/../../ HTTP/1.0\r\n\r\n"));
        assertResponseNotContains("Sssh", this.connector.getResponses("GET /context/dir?/../../sekret/pass HTTP/1.0\r\n\r\n"));
        assertResponseContains("<h1>Hello Index</h1>", this.connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"));
        assertResponseContains("404", this.connector.getResponses("GET /context/dir;/ HTTP/1.0\r\n\r\n"));
        assertResponseContains("Directory: /context/dir;/<", this.connector.getResponses("GET /context/dir%3B/ HTTP/1.0\r\n\r\n"));
        assertResponseContains("Hello Index", this.connector.getResponses("GET /context/index.html HTTP/1.0\r\n\r\n"));
        assertResponseContains("Hello Index", this.connector.getResponses("GET /context/dir%3B/../index.html HTTP/1.0\r\n\r\n"));
        assertResponseNotContains("Directory: ", this.connector.getResponses("GET /context/dir%3B/../../ HTTP/1.0\r\n\r\n"));
        assertResponseNotContains("Sssh", this.connector.getResponses("GET /context/dir%3B/../../sekret/pass HTTP/1.0\r\n\r\n"));
        assertResponseNotContains("Directory: ", this.connector.getResponses("GET /context/dir;/../../ HTTP/1.0\r\n\r\n"));
        assertResponseNotContains("Sssh", this.connector.getResponses("GET /context/dir;/../../sekret/pass HTTP/1.0\r\n\r\n"));
    }

    @Test
    public void testWelcome() throws Exception {
        this.testdir.ensureEmpty();
        File file = this.testdir.getFile("docroot");
        FS.ensureDirExists(file);
        File file2 = new File(file, "index.htm");
        File file3 = new File(file, "index.html");
        String absolutePath = file.getAbsolutePath();
        ServletHolder addServlet = this.context.addServlet(DefaultServlet.class, "/");
        addServlet.setInitParameter("dirAllowed", "false");
        addServlet.setInitParameter("redirectWelcome", "false");
        addServlet.setInitParameter("welcomeServlets", "false");
        addServlet.setInitParameter("gzip", "false");
        addServlet.setInitParameter("resourceBase", absolutePath);
        addServlet.setInitParameter("maxCacheSize", "1024000");
        addServlet.setInitParameter("maxCachedFileSize", "512000");
        addServlet.setInitParameter("maxCachedFiles", "100");
        this.context.addServlet(NoJspServlet.class, "*.jsp");
        assertResponseContains("403", this.connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"));
        createFile(file3, "<h1>Hello Index</h1>");
        assertResponseContains("<h1>Hello Index</h1>", this.connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"));
        createFile(file2, "<h1>Hello Inde</h1>");
        assertResponseContains("<h1>Hello Index</h1>", this.connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"));
        Assert.assertTrue(file3.delete());
        assertResponseContains("<h1>Hello Inde</h1>", this.connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"));
        Assert.assertTrue(file2.delete());
        assertResponseContains("403", this.connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"));
    }

    @Test
    public void testWelcomeServlet() throws Exception {
        this.testdir.ensureEmpty();
        File file = this.testdir.getFile("docroot");
        FS.ensureDirExists(file);
        File file2 = new File(file, "index.htm");
        File file3 = new File(file, "index.html");
        String absolutePath = file.getAbsolutePath();
        ServletHolder addServlet = this.context.addServlet(DefaultServlet.class, "/");
        addServlet.setInitParameter("dirAllowed", "false");
        addServlet.setInitParameter("redirectWelcome", "false");
        addServlet.setInitParameter("welcomeServlets", "true");
        addServlet.setInitParameter("gzip", "false");
        addServlet.setInitParameter("resourceBase", absolutePath);
        this.context.addServlet(NoJspServlet.class, "*.jsp");
        assertResponseContains("JSP support not configured", this.connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"));
        createFile(file3, "<h1>Hello Index</h1>");
        assertResponseContains("<h1>Hello Index</h1>", this.connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"));
        createFile(file2, "<h1>Hello Inde</h1>");
        assertResponseContains("<h1>Hello Index</h1>", this.connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"));
        if (OS.IS_WINDOWS) {
            return;
        }
        deleteFile(file3);
        assertResponseContains("<h1>Hello Inde</h1>", this.connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"));
        deleteFile(file2);
        assertResponseContains("JSP support not configured", this.connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"));
    }

    @Test
    public void testWelcomeExactServlet() throws Exception {
        this.testdir.ensureEmpty();
        File file = this.testdir.getFile("docroot");
        FS.ensureDirExists(file);
        File file2 = new File(file, "index.htm");
        File file3 = new File(file, "index.html");
        String absolutePath = file.getAbsolutePath();
        ServletHolder addServlet = this.context.addServlet(DefaultServlet.class, "/");
        addServlet.setInitParameter("dirAllowed", "false");
        addServlet.setInitParameter("redirectWelcome", "false");
        addServlet.setInitParameter("welcomeServlets", "exact");
        addServlet.setInitParameter("gzip", "false");
        addServlet.setInitParameter("resourceBase", absolutePath);
        this.context.addServlet(this.context.addServlet(NoJspServlet.class, "*.jsp"), "/index.jsp");
        assertResponseContains("JSP support not configured", this.connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"));
        createFile(file3, "<h1>Hello Index</h1>");
        assertResponseContains("<h1>Hello Index</h1>", this.connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"));
        createFile(file2, "<h1>Hello Inde</h1>");
        assertResponseContains("<h1>Hello Index</h1>", this.connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"));
        if (OS.IS_WINDOWS) {
            return;
        }
        deleteFile(file3);
        assertResponseContains("<h1>Hello Inde</h1>", this.connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"));
        deleteFile(file2);
        assertResponseContains("JSP support not configured", this.connector.getResponses("GET /context/ HTTP/1.0\r\n\r\n"));
    }

    @Test
    public void testFiltered() throws Exception {
        this.testdir.ensureEmpty();
        File file = this.testdir.getFile("docroot");
        FS.ensureDirExists(file);
        createFile(new File(file, "data0.txt"), "Hello Text 0");
        String absolutePath = file.getAbsolutePath();
        ServletHolder addServlet = this.context.addServlet(DefaultServlet.class, "/");
        addServlet.setInitParameter("dirAllowed", "false");
        addServlet.setInitParameter("redirectWelcome", "false");
        addServlet.setInitParameter("welcomeServlets", "false");
        addServlet.setInitParameter("gzip", "false");
        addServlet.setInitParameter("resourceBase", absolutePath);
        String responses = this.connector.getResponses("GET /context/data0.txt HTTP/1.0\r\n\r\n");
        assertResponseContains("Content-Length: 12", responses);
        assertResponseNotContains("Extra Info", responses);
        this.context.addFilter(OutputFilter.class, "/*", EnumSet.of(DispatcherType.REQUEST));
        String responses2 = this.connector.getResponses("GET /context/data0.txt HTTP/1.0\r\n\r\n");
        assertResponseContains("Content-Length: 2", responses2);
        assertResponseContains("Extra Info", responses2);
        assertResponseNotContains("Content-Length: 12", responses2);
        this.context.getServletHandler().setFilterMappings(new FilterMapping[0]);
        this.context.getServletHandler().setFilters(new FilterHolder[0]);
        this.context.addFilter(WriterFilter.class, "/*", EnumSet.of(DispatcherType.REQUEST));
        String responses3 = this.connector.getResponses("GET /context/data0.txt HTTP/1.0\r\n\r\n");
        assertResponseContains("Content-Length: 2", responses3);
        assertResponseContains("Extra Info", responses3);
        assertResponseNotContains("Content-Length: 12", responses3);
    }

    private void createFile(File file, String str) throws IOException {
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = new FileOutputStream(file);
            fileOutputStream.write(str.getBytes("UTF-8"));
            fileOutputStream.flush();
            IO.close(fileOutputStream);
        } catch (Throwable th) {
            IO.close(fileOutputStream);
            throw th;
        }
    }

    private void assertResponseNotContains(String str, String str2) {
        Assert.assertThat(str2, Matchers.not(Matchers.containsString(str)));
    }

    private int assertResponseContains(String str, String str2) {
        Assert.assertThat(str2, Matchers.containsString(str));
        return str2.indexOf(str);
    }

    private void deleteFile(File file) throws IOException {
        if (!OS.IS_WINDOWS) {
            Assert.assertTrue("Deleting: " + file.getName(), file.delete());
            return;
        }
        if (file.delete()) {
            return;
        }
        File targetFile = MavenTestingUtils.getTargetFile(".deleted");
        FS.ensureDirExists(targetFile);
        if (file.renameTo(File.createTempFile(file.getName(), "deleted", targetFile))) {
            return;
        }
        System.err.println("WARNING: unable to move file out of the way: " + file.getName());
    }
}
