package org.geoserver.config.util;

import org.easymock.Capture;
import org.geoserver.config.util.SecureXStream;
import org.geoserver.util.PropertyRule;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.hamcrest.core.AllOf;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.function.ThrowingRunnable;
import org.junit.rules.TestName;

/* loaded from: input_file:org/geoserver/config/util/SecureXStreamTest.class */
public class SecureXStreamTest {

    @Rule
    public PropertyRule whitelistProperty = PropertyRule.system("GEOSERVER_XSTREAM_WHITELIST");

    @Test
    public void testPropertyCanAllow() throws Exception {
        this.whitelistProperty.setValue("org.easymock.**");
        final SecureXStream secureXStream = new SecureXStream();
        MatcherAssert.assertThat(secureXStream.fromXML("<" + Capture.class.getCanonicalName() + " />"), Matchers.instanceOf(Capture.class));
        Assert.assertThrows(SecureXStream.ForbiddenClassExceptionEx.class, new ThrowingRunnable() { // from class: org.geoserver.config.util.SecureXStreamTest.1
            public void run() throws Throwable {
                secureXStream.fromXML("<" + AllOf.class.getCanonicalName() + " />");
            }
        });
    }

    @Test
    public void testPropertyCanAllowMultiple() throws Exception {
        this.whitelistProperty.setValue("org.easymock.**; org.junit.**");
        final SecureXStream secureXStream = new SecureXStream();
        MatcherAssert.assertThat(secureXStream.fromXML("<" + Capture.class.getCanonicalName() + " />"), Matchers.instanceOf(Capture.class));
        MatcherAssert.assertThat(secureXStream.fromXML("<" + TestName.class.getCanonicalName() + " />"), Matchers.instanceOf(TestName.class));
        Assert.assertThrows(SecureXStream.ForbiddenClassExceptionEx.class, new ThrowingRunnable() { // from class: org.geoserver.config.util.SecureXStreamTest.2
            public void run() throws Throwable {
                secureXStream.fromXML("<" + AllOf.class.getCanonicalName() + " />");
            }
        });
    }

    @Test
    public void testErrorMessage() throws Exception {
        try {
            new SecureXStream().fromXML("<" + Capture.class.getCanonicalName() + " />");
        } catch (SecureXStream.ForbiddenClassExceptionEx e) {
            Assert.assertEquals("Unauthorized class found, see logs for more details on how to handle it: org.easymock.Capture", e.getMessage());
        }
    }
}
