package com.github.mjeanroy.restassert.core.data;

import com.github.mjeanroy.restassert.core.data.ContentSecurityPolicy;
import com.github.mjeanroy.restassert.core.internal.exceptions.InvalidHeaderValue;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;

/* loaded from: input_file:com/github/mjeanroy/restassert/core/data/ContentSecurityPolicyParserTest.class */
public class ContentSecurityPolicyParserTest {

    @Rule
    public ExpectedException thrown = ExpectedException.none();
    private ContentSecurityPolicyParser parser;

    @Before
    public void setUp() {
        this.parser = ContentSecurityPolicy.parser();
    }

    @Test
    public void it_should_parse_default_src() {
        Assertions.assertThat(this.parser.parse("default-src 'unsafe-inline' 'unsafe-eval' 'self';").getDirectives()).hasSize(1).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'unsafe-inline'", "'unsafe-eval'", "'self'"))});
    }

    @Test
    public void it_should_parse_with_sandbox() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; sandbox allow-scripts allow-forms").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.SANDBOX, sources((ContentSecurityPolicy.Source) ContentSecurityPolicy.Sandbox.ALLOW_SCRIPTS, ContentSecurityPolicy.Sandbox.ALLOW_FORMS))});
    }

    @Test
    public void it_should_parse_with_script_src() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; script-src 'unsafe-eval' 'unsafe-inline'").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.SCRIPT_SRC, sources("'unsafe-eval'", "'unsafe-inline'"))});
    }

    @Test
    public void it_should_parse_with_styles_src() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; style-src 'unsafe-inline' 'nonce-12345=='").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.STYLE_SRC, sources("'unsafe-inline'", "'nonce-12345=='"))});
    }

    @Test
    public void it_should_parse_with_connect_src() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; connect-src domain.com 'unsafe-inline'").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.CONNECT_SRC, sources("domain.com", "'unsafe-inline'"))});
    }

    @Test
    public void it_should_parse_font_src() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; font-src http://domain.com 'unsafe-inline'").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.FONT_SRC, sources("http://domain.com", "'unsafe-inline'"))});
    }

    @Test
    public void it_should_parse_with_img_src() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; img-src http://domain.com 'unsafe-inline'").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.IMG_SRC, sources("http://domain.com", "'unsafe-inline'"))});
    }

    @Test
    public void it_should_parse_with_media_src() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; media-src http://domain.com 'unsafe-inline'").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.MEDIA_SRC, sources("http://domain.com", "'unsafe-inline'"))});
    }

    @Test
    public void it_should_parse_with_object_src() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; object-src http://domain.com 'unsafe-inline'").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.OBJECT_SRC, sources("http://domain.com", "'unsafe-inline'"))});
    }

    @Test
    public void it_should_parse_with_child_src() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; child-src http://domain.com 'unsafe-inline'").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.CHILD_SRC, sources("http://domain.com", "'unsafe-inline'"))});
    }

    @Test
    public void it_should_parse_with_form_action_src() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; form-action http://domain.com 'unsafe-inline'").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.FORM_ACTION, sources("http://domain.com", "'unsafe-inline'"))});
    }

    @Test
    public void it_should_check_if_csp_match_header_with_plugin_types() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; plugin-types application/xml application/json").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.PLUGIN_TYPES, sources("application/xml", "application/json"))});
    }

    @Test
    public void it_should_parse_with_frame_ancestors() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; frame-ancestors http://domain.com").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.FRAME_ANCESTORS, sources("http://domain.com", new String[0]))});
    }

    @Test
    public void it_should_parse_with_report_uri() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; report-uri http://domain.com").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.REPORT_URI, sources("http://domain.com", new String[0]))});
    }

    @Test
    public void it_should_check_if_csp_match_header_with_base_uri() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; base-uri http://domain.com").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.BASE_URI, sources("http://domain.com", new String[0]))});
    }

    @Test
    public void it_should_parse_with_block_all_mixed_content() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; block-all-mixed-content;").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.BLOCK_ALL_MIXED_CONTENT, sources())});
    }

    @Test
    public void it_should_parse_frame_src() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; frame-src https://example.com/;").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.FRAME_SRC, sources("https://example.com/", new String[0]))});
    }

    @Test
    public void it_should_parse_manifest_src() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; manifest-src https://example.com/;").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.MANIFEST_SRC, sources("https://example.com/", new String[0]))});
    }

    @Test
    public void it_should_parse_prefetch_src() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; prefetch-src https://example.com/;").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.PREFETCH_SRC, sources("https://example.com/", new String[0]))});
    }

    @Test
    public void it_should_parse_worker_src() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; worker-src https://example.com/;").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.WORKER_SRC, sources("https://example.com/", new String[0]))});
    }

    @Test
    public void it_should_parse_disown_opener() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; disown-opener").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.DISOWN_OPENER, sources())});
    }

    @Test
    public void it_should_parse_with_navigate_to() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; navigate-to http://domain.com 'unsafe-inline'").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.NAVIGATE_TO, sources("http://domain.com", "'unsafe-inline'"))});
    }

    @Test
    public void it_should_parse_upgrade_insecure_request() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; upgrade-insecure-request").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.UPGRADE_INSECURE_REQUEST, sources())});
    }

    @Test
    public void it_should_parse_require_sri_for() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; require-sri-for script style").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.REQUIRE_SRI_FOR, sources((ContentSecurityPolicy.Source) ContentSecurityPolicy.RequireSriFor.SCRIPT, ContentSecurityPolicy.RequireSriFor.STYLE))});
    }

    @Test
    public void it_should_parse_report_to() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; report-to #test-group").getDirectives()).hasSize(2).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0])), Assertions.entry(ContentSecurityPolicy.SourceDirective.REPORT_TO, sources("#test-group", new String[0]))});
    }

    @Test
    public void it_should_ignore_duplicated_directives() {
        Assertions.assertThat(this.parser.parse("default-src 'none'; default-src 'unsafe-inline';").getDirectives()).hasSize(1).containsOnly(new Map.Entry[]{Assertions.entry(ContentSecurityPolicy.SourceDirective.DEFAULT_SRC, sources("'none'", new String[0]))});
    }

    @Test
    public void it_should_fail_if_directive_name_is_not_found() {
        this.thrown.expect(IllegalArgumentException.class);
        this.thrown.expectMessage("Cannot parse Content-Security-Policy value since directive foo seems not valid");
        this.parser.parse("default-src 'none'; foo http://domain.com");
    }

    @Test
    public void it_should_fail_if_directive_does_not_have_name() {
        this.thrown.expect(InvalidHeaderValue.class);
        this.thrown.expectMessage("Content-Security-Policy value 'default-src 'none'; ;' is not a valid one.");
        this.parser.parse("default-src 'none'; ;");
    }

    private static Set<ContentSecurityPolicy.Source> sources() {
        return Collections.emptySet();
    }

    private static Set<ContentSecurityPolicy.Source> sources(String str, String... strArr) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.add(new ContentSecurityPolicy.SourceValue(str));
        for (String str2 : strArr) {
            linkedHashSet.add(new ContentSecurityPolicy.SourceValue(str2));
        }
        return linkedHashSet;
    }

    private static Set<ContentSecurityPolicy.Source> sources(ContentSecurityPolicy.Source source, ContentSecurityPolicy.Source... sourceArr) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.add(source);
        Collections.addAll(linkedHashSet, sourceArr);
        return linkedHashSet;
    }
}
