package io.quarkus.resteasy.reactive.server.test.security.authzpolicy;

import io.quarkus.security.test.utils.TestIdentityController;
import io.quarkus.security.test.utils.TestIdentityProvider;
import io.restassured.RestAssured;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/quarkus/resteasy/reactive/server/test/security/authzpolicy/AbstractAuthorizationPolicyTest.class */
public abstract class AbstractAuthorizationPolicyTest {
    protected static final Class<?>[] TEST_CLASSES = {TestIdentityProvider.class, TestIdentityController.class, ForbidAllButViewerAuthorizationPolicy.class, ForbidViewerClassLevelPolicyResource.class, ForbidViewerMethodLevelPolicyResource.class, NoAuthorizationPolicyResource.class, PermitUserAuthorizationPolicy.class, ClassRolesAllowedMethodAuthZPolicyResource.class, ClassAuthZPolicyMethodRolesAllowedResource.class, ViewerAugmentingPolicy.class, AuthorizationPolicyAndPathMatchingPoliciesResource.class};
    protected static final String APPLICATION_PROPERTIES = "quarkus.http.auth.policy.admin-role.roles-allowed=admin\nquarkus.http.auth.policy.viewer-role.roles-allowed=viewer\nquarkus.http.auth.permission.jax-rs1.paths=/no-authorization-policy/jax-rs-path-matching-http-perm\nquarkus.http.auth.permission.jax-rs1.policy=admin-role\nquarkus.http.auth.permission.jax-rs1.applies-to=JAXRS\nquarkus.http.auth.permission.standard1.paths=/no-authorization-policy/path-matching-http-perm\nquarkus.http.auth.permission.standard1.policy=admin-role\nquarkus.http.auth.permission.jax-rs2.paths=/authz-policy-and-path-matching-policies/jax-rs-path-matching-http-perm\nquarkus.http.auth.permission.jax-rs2.policy=viewer-role\nquarkus.http.auth.permission.jax-rs2.applies-to=JAXRS\nquarkus.http.auth.permission.standard2.paths=/authz-policy-and-path-matching-policies/path-matching-http-perm\nquarkus.http.auth.permission.standard2.policy=viewer-role\n";

    @BeforeAll
    public static void setupUsers() {
        TestIdentityController.resetRoles().add("admin", "admin", new String[]{"admin", "viewer"}).add("user", "user").add("viewer", "viewer", new String[]{"viewer"});
    }

    @Test
    public void testNoAuthorizationPolicy() {
        RestAssured.given().auth().preemptive().basic("viewer", "viewer").get("/no-authorization-policy/unsecured", new Object[0]).then().statusCode(200).body(Matchers.equalTo("viewer"), new Matcher[0]);
        RestAssured.given().auth().preemptive().basic("user", "user").get("/no-authorization-policy/jax-rs-path-matching-http-perm", new Object[0]).then().statusCode(403);
        RestAssured.given().auth().preemptive().basic("admin", "admin").get("/no-authorization-policy/jax-rs-path-matching-http-perm", new Object[0]).then().statusCode(200).body(Matchers.equalTo("admin"), new Matcher[0]);
        RestAssured.given().auth().preemptive().basic("user", "user").get("/no-authorization-policy/path-matching-http-perm", new Object[0]).then().statusCode(403);
        RestAssured.given().auth().preemptive().basic("admin", "admin").get("/no-authorization-policy/path-matching-http-perm", new Object[0]).then().statusCode(200).body(Matchers.equalTo("admin"), new Matcher[0]);
        RestAssured.given().auth().preemptive().basic("user", "user").get("/no-authorization-policy/roles-allowed-annotation", new Object[0]).then().statusCode(403);
        RestAssured.given().auth().preemptive().basic("admin", "admin").get("/no-authorization-policy/roles-allowed-annotation", new Object[0]).then().statusCode(200).body(Matchers.equalTo("admin"), new Matcher[0]);
    }

    @Test
    public void testMethodLevelAuthorizationPolicy() {
        RestAssured.given().auth().preemptive().basic("admin", "admin").get("/forbid-viewer-method-level-policy", new Object[0]).then().statusCode(403);
        RestAssured.given().auth().preemptive().basic("viewer", "viewer").get("/forbid-viewer-method-level-policy", new Object[0]).then().statusCode(200).body(Matchers.equalTo("viewer"), new Matcher[0]);
        RestAssured.given().auth().preemptive().basic("admin", "admin").get("/forbid-viewer-method-level-policy/unsecured", new Object[0]).then().statusCode(200).body(Matchers.equalTo("admin"), new Matcher[0]);
    }

    @Test
    public void testClassLevelAuthorizationPolicy() {
        RestAssured.given().auth().preemptive().basic("admin", "admin").get("/forbid-viewer-class-level-policy", new Object[0]).then().statusCode(403);
        RestAssured.given().auth().preemptive().basic("viewer", "viewer").get("/forbid-viewer-class-level-policy", new Object[0]).then().statusCode(200).body(Matchers.equalTo("viewer"), new Matcher[0]);
    }

    @Test
    public void testAuthorizationPolicyOnMethodAndRolesAllowedOnClass() {
        RestAssured.given().auth().preemptive().basic("admin", "admin").get("/roles-allowed-class-authorization-policy-method", new Object[0]).then().statusCode(403);
        RestAssured.given().auth().preemptive().basic("user", "user").get("/roles-allowed-class-authorization-policy-method", new Object[0]).then().statusCode(200).body(Matchers.equalTo("user"), new Matcher[0]);
        RestAssured.given().auth().preemptive().basic("user", "user").get("/roles-allowed-class-authorization-policy-method/no-authz-policy", new Object[0]).then().statusCode(403);
        RestAssured.given().auth().preemptive().basic("admin", "admin").get("/roles-allowed-class-authorization-policy-method/no-authz-policy", new Object[0]).then().statusCode(200).body(Matchers.equalTo("admin"), new Matcher[0]);
    }

    @Test
    public void testAuthorizationPolicyOnClassRolesAllowedOnMethod() {
        RestAssured.given().auth().preemptive().basic("user", "user").get("/authorization-policy-class-roles-allowed-method", new Object[0]).then().statusCode(403);
        RestAssured.given().auth().preemptive().basic("admin", "admin").get("/authorization-policy-class-roles-allowed-method", new Object[0]).then().statusCode(200).body(Matchers.equalTo("admin"), new Matcher[0]);
        RestAssured.given().auth().preemptive().basic("admin", "admin").get("/authorization-policy-class-roles-allowed-method/no-roles-allowed", new Object[0]).then().statusCode(403);
        RestAssured.given().auth().preemptive().basic("user", "user").get("/authorization-policy-class-roles-allowed-method/no-roles-allowed", new Object[0]).then().statusCode(200).body(Matchers.equalTo("user"), new Matcher[0]);
    }

    @Test
    public void testCombinationOfAuthzPolicyAndPathConfigPolicies() {
        RestAssured.given().auth().preemptive().basic("admin", "admin").get("/authz-policy-and-path-matching-policies/jax-rs-path-matching-http-perm", new Object[0]).then().statusCode(200).body(Matchers.equalTo("true"), new Matcher[0]);
        RestAssured.given().auth().preemptive().basic("viewer", "viewer").get("/authz-policy-and-path-matching-policies/jax-rs-path-matching-http-perm", new Object[0]).then().statusCode(200).body(Matchers.equalTo("true"), new Matcher[0]);
        RestAssured.given().auth().preemptive().basic("user", "user").get("/authz-policy-and-path-matching-policies/jax-rs-path-matching-http-perm", new Object[0]).then().statusCode(403);
        RestAssured.given().auth().preemptive().basic("admin", "admin").get("/authz-policy-and-path-matching-policies/path-matching-http-perm", new Object[0]).then().statusCode(200).body(Matchers.equalTo("true"), new Matcher[0]);
        RestAssured.given().auth().preemptive().basic("viewer", "viewer").get("/authz-policy-and-path-matching-policies/path-matching-http-perm", new Object[0]).then().statusCode(200).body(Matchers.equalTo("true"), new Matcher[0]);
        RestAssured.given().auth().preemptive().basic("user", "user").get("/authz-policy-and-path-matching-policies/path-matching-http-perm", new Object[0]).then().statusCode(403);
        RestAssured.given().auth().preemptive().basic("admin", "admin").get("/authz-policy-and-path-matching-policies/roles-allowed-annotation", new Object[0]).then().statusCode(200).body(Matchers.equalTo("admin"), new Matcher[0]);
        RestAssured.given().auth().preemptive().basic("viewer", "viewer").get("/authz-policy-and-path-matching-policies/roles-allowed-annotation", new Object[0]).then().statusCode(403);
        RestAssured.given().auth().preemptive().basic("user", "user").get("/authz-policy-and-path-matching-policies/roles-allowed-annotation", new Object[0]).then().statusCode(403);
    }
}
