package org.owasp.esapi;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.ArrayList;
import javax.servlet.http.Cookie;
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
import org.owasp.esapi.errors.AuthenticationException;
import org.owasp.esapi.errors.ValidationException;
import org.owasp.esapi.http.TestHttpServletRequest;
import org.owasp.esapi.http.TestHttpServletResponse;
import org.owasp.esapi.http.TestHttpSession;

/* JADX WARN: Classes with same name are omitted:
  input_file:ESAPI/build/classes/org/owasp/esapi/HTTPUtilitiesTest.class
 */
/* loaded from: input_file:ESAPI/esapi_1.0.jar:org/owasp/esapi/HTTPUtilitiesTest.class */
public class HTTPUtilitiesTest extends TestCase {
    public static Test suite() {
        return new TestSuite(HTTPUtilitiesTest.class);
    }

    public HTTPUtilitiesTest(String str) {
        super(str);
    }

    protected void setUp() throws Exception {
    }

    protected void tearDown() throws Exception {
    }

    public void testAddCSRFToken() {
        System.out.println("addCSRFToken");
        assertTrue(HTTPUtilities.getInstance().addCSRFToken("/test1").contains("?"));
        assertTrue(HTTPUtilities.getInstance().addCSRFToken("/test1?one=two").contains("&"));
    }

    public void testChangeSessionIdentifier() throws ValidationException, IOException, AuthenticationException {
        System.out.println("changeSessionIdentifier");
        TestHttpServletRequest testHttpServletRequest = new TestHttpServletRequest();
        TestHttpSession testHttpSession = (TestHttpSession) testHttpServletRequest.getSession();
        Authenticator.getInstance().setCurrentHTTP(testHttpServletRequest, null);
        testHttpSession.setAttribute("one", "one");
        testHttpSession.setAttribute("two", "two");
        testHttpSession.setAttribute("three", "three");
        String id = testHttpSession.getId();
        TestHttpSession testHttpSession2 = (TestHttpSession) HTTPUtilities.getInstance().changeSessionIdentifier();
        assertTrue(!id.equals(testHttpSession2.getId()));
        assertEquals("one", (String) testHttpSession2.getAttribute("one"));
    }

    public void testGetFileUploads() throws IOException {
        System.out.println("getFileUploads");
        File resourceDirectory = SecurityConfiguration.getInstance().getResourceDirectory();
        byte[] bytesFromFile = getBytesFromFile(new File(resourceDirectory, "multipart.txt"));
        System.out.println("===========\n" + new String(bytesFromFile) + "\n===========");
        Authenticator.getInstance().setCurrentHTTP(new TestHttpServletRequest("/test", bytesFromFile), null);
        try {
            HTTPUtilities.getInstance().getSafeFileUploads(resourceDirectory, resourceDirectory);
        } catch (ValidationException e) {
            fail();
        }
    }

    private byte[] getBytesFromFile(File file) throws IOException {
        int read;
        FileInputStream fileInputStream = new FileInputStream(file);
        byte[] bArr = new byte[(int) file.length()];
        int i = 0;
        while (i < bArr.length && (read = fileInputStream.read(bArr, i, bArr.length - i)) >= 0) {
            i += read;
        }
        if (i < bArr.length) {
            throw new IOException("Could not completely read file " + file.getName());
        }
        fileInputStream.close();
        return bArr;
    }

    public void testIsValidHTTPRequest() {
        System.out.println("isValidHTTPRequest");
        TestHttpServletRequest testHttpServletRequest = new TestHttpServletRequest();
        testHttpServletRequest.addParameter("p1", "v1");
        testHttpServletRequest.addParameter("p2", "v3");
        testHttpServletRequest.addParameter("p3", "v2");
        testHttpServletRequest.addHeader("h1", "v1");
        testHttpServletRequest.addHeader("h2", "v1");
        testHttpServletRequest.addHeader("h3", "v1");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Cookie("c1", "v1"));
        arrayList.add(new Cookie("c2", "v2"));
        arrayList.add(new Cookie("c3", "v3"));
        testHttpServletRequest.setCookies(arrayList);
        assertTrue(Validator.getInstance().isValidHTTPRequest(testHttpServletRequest));
        testHttpServletRequest.addParameter("bad_name", "bad*value");
        testHttpServletRequest.addHeader("bad_name", "bad*value");
        arrayList.add(new Cookie("bad_name", "bad*value"));
        assertFalse(Validator.getInstance().isValidHTTPRequest(testHttpServletRequest));
    }

    public void testKillAllCookies() {
        System.out.println("killAllCookies");
        TestHttpServletRequest testHttpServletRequest = new TestHttpServletRequest();
        TestHttpServletResponse testHttpServletResponse = new TestHttpServletResponse();
        Authenticator.getInstance().setCurrentHTTP(testHttpServletRequest, testHttpServletResponse);
        assertTrue(testHttpServletResponse.getCookies().isEmpty());
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Cookie("test1", "1"));
        arrayList.add(new Cookie("test2", "2"));
        arrayList.add(new Cookie("test3", "3"));
        testHttpServletRequest.setCookies(arrayList);
        HTTPUtilities.getInstance().killAllCookies();
        assertTrue(testHttpServletResponse.getHeaderNames().size() == 3);
    }

    public void testKillCookie() {
        System.out.println("killCookie");
        TestHttpServletRequest testHttpServletRequest = new TestHttpServletRequest();
        TestHttpServletResponse testHttpServletResponse = new TestHttpServletResponse();
        Authenticator.getInstance().setCurrentHTTP(testHttpServletRequest, testHttpServletResponse);
        assertTrue(testHttpServletResponse.getCookies().isEmpty());
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Cookie("test1", "1"));
        arrayList.add(new Cookie("test2", "2"));
        arrayList.add(new Cookie("test3", "3"));
        testHttpServletRequest.setCookies(arrayList);
        HTTPUtilities.getInstance().killCookie("test1");
        assertTrue(testHttpServletResponse.getHeaderNames().size() == 1);
    }

    public void testSendSafeRedirect() throws ValidationException, IOException {
        System.out.println("sendSafeRedirect");
        new TestHttpServletResponse();
        try {
            HTTPUtilities.getInstance().sendSafeRedirect("/test1/abcdefg");
            HTTPUtilities.getInstance().sendSafeRedirect("/test2/1234567");
        } catch (ValidationException e) {
            fail();
        }
        try {
            HTTPUtilities.getInstance().sendSafeRedirect("/ridiculous");
            fail();
        } catch (ValidationException e2) {
        }
    }

    public void testSetCookie() {
        System.out.println("setCookie");
        TestHttpServletResponse testHttpServletResponse = new TestHttpServletResponse();
        Authenticator.getInstance().setCurrentHTTP(null, testHttpServletResponse);
        assertTrue(testHttpServletResponse.getCookies().isEmpty());
        HTTPUtilities.getInstance().addSafeCookie("test1", "test1", 10000, "test", "/");
        HTTPUtilities.getInstance().addSafeCookie("test2", "test2", 10000, "test", "/");
        assertTrue(testHttpServletResponse.getHeaderNames().size() == 2);
    }

    public void testSetNoCacheHeaders() {
        System.out.println("setNoCacheHeaders");
        TestHttpServletResponse testHttpServletResponse = new TestHttpServletResponse();
        Authenticator.getInstance().setCurrentHTTP(null, testHttpServletResponse);
        assertTrue(testHttpServletResponse.getHeaderNames().isEmpty());
        testHttpServletResponse.addHeader("test1", "1");
        testHttpServletResponse.addHeader("test2", "2");
        testHttpServletResponse.addHeader("test3", "3");
        assertFalse(testHttpServletResponse.getHeaderNames().isEmpty());
        HTTPUtilities.getInstance().setNoCacheHeaders();
        assertTrue(testHttpServletResponse.containsHeader("Cache-Control"));
        assertTrue(testHttpServletResponse.containsHeader("Expires"));
    }
}
