package io.quarkus.resteasy.reactive.server.test.security;

import io.quarkus.resteasy.reactive.server.test.security.inheritance.SubPaths;
import io.quarkus.security.Authenticated;
import io.quarkus.security.AuthenticationCompletionException;
import io.quarkus.security.AuthenticationFailedException;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.AuthenticationRequest;
import io.quarkus.security.identity.request.CertificateAuthenticationRequest;
import io.quarkus.vertx.http.runtime.security.ChallengeData;
import io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism;
import io.restassured.RestAssured;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import java.util.Collections;
import java.util.Optional;
import java.util.Set;
import java.util.function.Supplier;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/quarkus/resteasy/reactive/server/test/security/AbstractAuthFailureResponseBodyDevModeTest.class */
public abstract class AbstractAuthFailureResponseBodyDevModeTest {
    private static final String RESPONSE_BODY = "failure";

    /* loaded from: input_file:io/quarkus/resteasy/reactive/server/test/security/AbstractAuthFailureResponseBodyDevModeTest$AuthFailure.class */
    public enum AuthFailure {
        AUTH_FAILED_WITH_BODY(() -> {
            return new AuthenticationFailedException(AbstractAuthFailureResponseBodyDevModeTest.RESPONSE_BODY);
        }, true),
        AUTH_COMPLETION_WITH_BODY(() -> {
            return new AuthenticationCompletionException(AbstractAuthFailureResponseBodyDevModeTest.RESPONSE_BODY);
        }, true),
        AUTH_FAILED_WITHOUT_BODY(AuthenticationFailedException::new, false),
        AUTH_COMPLETION_WITHOUT_BODY(AuthenticationCompletionException::new, false);

        public final Supplier<Throwable> failureSupplier;
        private final boolean expectBody;

        AuthFailure(Supplier supplier, boolean z) {
            this.failureSupplier = supplier;
            this.expectBody = z;
        }
    }

    @ApplicationScoped
    /* loaded from: input_file:io/quarkus/resteasy/reactive/server/test/security/AbstractAuthFailureResponseBodyDevModeTest$FailingAuthenticator.class */
    public static class FailingAuthenticator implements HttpAuthenticationMechanism {
        public Uni<SecurityIdentity> authenticate(RoutingContext routingContext, IdentityProviderManager identityProviderManager) {
            return Uni.createFrom().failure(getFailureProducer(routingContext));
        }

        private static Supplier<Throwable> getFailureProducer(RoutingContext routingContext) {
            return getAuthFailure(routingContext).failureSupplier;
        }

        private static AuthFailure getAuthFailure(RoutingContext routingContext) {
            return AuthFailure.valueOf(routingContext.request().getHeader("auth-failure"));
        }

        public Set<Class<? extends AuthenticationRequest>> getCredentialTypes() {
            return Collections.singleton(CertificateAuthenticationRequest.class);
        }

        public Uni<ChallengeData> getChallenge(RoutingContext routingContext) {
            return Boolean.parseBoolean(routingContext.request().getHeader("challenge-data")) ? Uni.createFrom().item(new ChallengeData(302, (CharSequence) null, (String) null)) : Uni.createFrom().optional(Optional.empty());
        }
    }

    @Path("secured")
    @Authenticated
    /* loaded from: input_file:io/quarkus/resteasy/reactive/server/test/security/AbstractAuthFailureResponseBodyDevModeTest$SecuredResource.class */
    public static class SecuredResource {
        @GET
        public String ignored() {
            return "ignored";
        }
    }

    @Test
    public void testAuthenticationFailedExceptionBody() {
        assertExceptionBody(AuthFailure.AUTH_FAILED_WITHOUT_BODY, false);
        assertExceptionBody(AuthFailure.AUTH_FAILED_WITHOUT_BODY, true);
        assertExceptionBody(AuthFailure.AUTH_FAILED_WITH_BODY, false);
        assertExceptionBody(AuthFailure.AUTH_FAILED_WITH_BODY, true);
    }

    @Test
    public void testAuthenticationCompletionExceptionBody() {
        assertExceptionBody(AuthFailure.AUTH_COMPLETION_WITHOUT_BODY, false);
        assertExceptionBody(AuthFailure.AUTH_COMPLETION_WITH_BODY, false);
    }

    private static void assertExceptionBody(AuthFailure authFailure, boolean z) {
        int i = z ? 302 : 401;
        RestAssured.given().redirects().follow(false).header("auth-failure", authFailure.toString(), new Object[0]).header("challenge-data", Boolean.valueOf(z), new Object[0]).get(SubPaths.SECURED_SUB_RESOURCE_ENDPOINT_PATH, new Object[0]).then().statusCode(i).body(authFailure.expectBody && i == 401 ? Matchers.equalTo(RESPONSE_BODY) : Matchers.not(Matchers.containsString(RESPONSE_BODY)), new Matcher[0]);
    }
}
