package io.quarkus.resteasy.reactive.server.test.security;

import io.quarkus.security.PermissionsAllowed;
import io.quarkus.security.test.utils.TestIdentityController;
import io.quarkus.security.test.utils.TestIdentityProvider;
import io.quarkus.test.QuarkusUnitTest;
import io.restassured.RestAssured;
import io.restassured.specification.RequestSpecification;
import jakarta.ws.rs.BeanParam;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import java.security.BasicPermission;
import java.security.Permission;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.jboss.resteasy.reactive.RestCookie;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

/* loaded from: input_file:io/quarkus/resteasy/reactive/server/test/security/PermissionsAllowedBeanParamTest.class */
public class PermissionsAllowedBeanParamTest {

    @RegisterExtension
    static QuarkusUnitTest runner = new QuarkusUnitTest().withApplicationRoot(javaArchive -> {
        javaArchive.addClasses(new Class[]{TestIdentityProvider.class, TestIdentityController.class, SimpleBeanParam.class, SimpleResource.class, SimpleBeanParamPermission.class, MyPermission.class, MyBeanParam.class, OtherBeanParamPermission.class, OtherBeanParam.class});
    });

    @Path("/simple")
    /* loaded from: input_file:io/quarkus/resteasy/reactive/server/test/security/PermissionsAllowedBeanParamTest$SimpleResource.class */
    public static class SimpleResource {
        @PermissionsAllowed(value = {"perm1"}, permission = SimpleBeanParamPermission.class, params = {"cookie", "beanParam.header", "beanParam.publicQuery", "beanParam.queryList", "beanParam.securityContext", "beanParam.uriInfo", "beanParam.privateQuery"})
        @POST
        @Path("/param")
        public String simpleBeanParam(@BeanParam SimpleBeanParam simpleBeanParam, String str, @RestCookie String str2) {
            return str;
        }

        @PermissionsAllowed(value = {"perm2"}, permission = MyPermission.class, params = {"beanParam.queryParam", "beanParam.headers.authorization"})
        @Path("/record-param")
        @GET
        public String recordBeanParam(@BeanParam MyBeanParam myBeanParam) {
            return "OK";
        }

        @PermissionsAllowed(value = {"say:hello"}, permission = OtherBeanParamPermission.class, params = {"otherBeanParam.securityContext.userPrincipal.name"})
        @Path("/autodetect-params")
        @GET
        public String autodetectedParams(String str, @BeanParam OtherBeanParam otherBeanParam) {
            return str;
        }
    }

    @BeforeAll
    public static void setupUsers() {
        BasicPermission basicPermission = new BasicPermission("say", "hello") { // from class: io.quarkus.resteasy.reactive.server.test.security.PermissionsAllowedBeanParamTest.1
            @Override // java.security.BasicPermission, java.security.Permission
            public boolean implies(Permission permission) {
                return getName().equals(permission.getName()) && getActions().equals(permission.getActions());
            }

            @Override // java.security.BasicPermission, java.security.Permission
            public String getActions() {
                return "hello";
            }
        };
        TestIdentityController.resetRoles().add("admin", "admin", new Permission[]{SimpleBeanParamPermission.EMPTY, MyPermission.EMPTY, basicPermission}).add("user", "user", new Permission[]{basicPermission});
    }

    @Test
    public void testSimpleBeanParam() {
        getSimpleBeanParamReq().post("/simple/param", new Object[0]).then().statusCode(401);
        getSimpleBeanParamReq().auth().preemptive().basic("user", "user").post("/simple/param", new Object[0]).then().statusCode(403);
        getSimpleBeanParamReq().auth().preemptive().basic("admin", "admin").post("/simple/param", new Object[0]).then().statusCode(200).body(Matchers.equalTo("OK"), new Matcher[0]);
    }

    @Test
    public void testRecordBeanParam() {
        RestAssured.given().auth().preemptive().basic("user", "user").queryParam("queryParam", new Object[]{"query1"}).get("/simple/record-param", new Object[0]).then().statusCode(403);
        RestAssured.given().auth().preemptive().basic("admin", "admin").queryParam("queryParam", new Object[]{"query1"}).get("/simple/record-param", new Object[0]).then().statusCode(200).body(Matchers.equalTo("OK"), new Matcher[0]);
        RestAssured.given().auth().preemptive().basic("admin", "admin").queryParam("queryParam", new Object[]{"wrong-query-param"}).get("/simple/record-param", new Object[0]).then().statusCode(403);
    }

    @Test
    public void testAutodetectedParams() {
        RestAssured.given().body("autodetected").auth().preemptive().basic("admin", "admin").header("CustomAuthorization", "customAuthorization", new Object[0]).queryParam("query", new Object[]{"myQueryParam"}).get("/simple/autodetect-params", new Object[0]).then().statusCode(200).body(Matchers.equalTo("autodetected"), new Matcher[0]);
        RestAssured.given().auth().preemptive().basic("admin", "admin").header("CustomAuthorization", "wrongAuthorization", new Object[0]).queryParam("query", new Object[]{"myQueryParam"}).get("/simple/autodetect-params", new Object[0]).then().statusCode(403);
        RestAssured.given().body("autodetected").auth().preemptive().basic("admin", "admin").header("CustomAuthorization", "customAuthorization", new Object[0]).queryParam("query", new Object[]{"wrongQueryParam"}).get("/simple/autodetect-params", new Object[0]).then().statusCode(403);
        RestAssured.given().body("autodetected").auth().preemptive().basic("user", "user").header("CustomAuthorization", "customAuthorization", new Object[0]).queryParam("query", new Object[]{"myQueryParam"}).get("/simple/autodetect-params", new Object[0]).then().statusCode(403);
    }

    private static RequestSpecification getSimpleBeanParamReq() {
        return RestAssured.with().header("header", "one-header", new Object[0]).queryParam("query", new Object[]{"one-query"}).queryParam("queryList", new Object[]{"one"}).queryParam("queryList", new Object[]{"two"}).queryParam("int", new Object[]{"666"}).cookie("cookie", "cookie", new Object[0]).body("OK");
    }
}
