package org.sonar.server.platform.web;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.Test;
import org.mockito.Matchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/sonar/server/platform/web/SecurityServletFilterTest.class */
public class SecurityServletFilterTest {
    SecurityServletFilter underTest = new SecurityServletFilter();
    HttpServletResponse response = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
    FilterChain chain = (FilterChain) Mockito.mock(FilterChain.class);

    @Test
    public void allow_GET_method() throws IOException, ServletException {
        assertThatMethodIsAllowed("GET");
    }

    @Test
    public void allow_HEAD_method() throws IOException, ServletException {
        assertThatMethodIsAllowed("HEAD");
    }

    @Test
    public void allow_PUT_method() throws IOException, ServletException {
        assertThatMethodIsAllowed("PUT");
    }

    @Test
    public void allow_POST_method() throws IOException, ServletException {
        assertThatMethodIsAllowed("POST");
    }

    private void assertThatMethodIsAllowed(String str) throws IOException, ServletException {
        HttpServletRequest newRequest = newRequest(str);
        this.underTest.doFilter(newRequest, this.response, this.chain);
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.never())).setStatus(405);
        ((FilterChain) Mockito.verify(this.chain)).doFilter(newRequest, this.response);
    }

    @Test
    public void deny_OPTIONS_method() throws IOException, ServletException {
        assertThatMethodIsDenied("OPTIONS");
    }

    @Test
    public void deny_TRACE_method() throws IOException, ServletException {
        assertThatMethodIsDenied("TRACE");
    }

    private void assertThatMethodIsDenied(String str) throws IOException, ServletException {
        this.underTest.doFilter(newRequest(str), this.response, this.chain);
        ((HttpServletResponse) Mockito.verify(this.response)).setStatus(405);
    }

    @Test
    public void set_secured_headers() throws ServletException, IOException {
        this.underTest.init((FilterConfig) Mockito.mock(FilterConfig.class));
        this.underTest.doFilter(newRequest("GET"), this.response, this.chain);
        ((HttpServletResponse) Mockito.verify(this.response, Mockito.times(3))).addHeader(Matchers.startsWith("X-"), Matchers.anyString());
        this.underTest.destroy();
    }

    private HttpServletRequest newRequest(String str) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        Mockito.when(httpServletRequest.getMethod()).thenReturn(str);
        return httpServletRequest;
    }
}
