package io.quarkus.resteasy.reactive.server.test.security;

import io.quarkus.security.test.utils.TestIdentityController;
import io.quarkus.security.test.utils.TestIdentityProvider;
import io.quarkus.test.QuarkusUnitTest;
import io.quarkus.test.common.http.TestHTTPResource;
import io.vertx.core.Future;
import io.vertx.core.Vertx;
import io.vertx.ext.web.client.HttpRequest;
import io.vertx.ext.web.client.HttpResponse;
import io.vertx.ext.web.client.WebClient;
import jakarta.inject.Inject;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import java.net.URL;
import java.time.Duration;
import java.util.Objects;
import org.awaitility.Awaitility;
import org.awaitility.core.ConditionFactory;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.extension.RegisterExtension;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ValueSource;

/* loaded from: input_file:io/quarkus/resteasy/reactive/server/test/security/JakartaRestResourceHttpPermissionTest.class */
public class JakartaRestResourceHttpPermissionTest {
    private static final String APP_PROPS = "quarkus.http.auth.permission.foo.paths=/api/foo,/api/foo/\nquarkus.http.auth.permission.foo.policy=authenticated\nquarkus.http.auth.permission.bar.paths=api/bar*\nquarkus.http.auth.permission.bar.policy=authenticated\nquarkus.http.auth.permission.baz-fum-pub.paths=/api/baz/fum\nquarkus.http.auth.permission.baz-fum-pub.policy=permit\nquarkus.http.auth.permission.baz-fum-deny.paths=/api/baz/fum/\nquarkus.http.auth.permission.baz-fum-deny.policy=authenticated\nquarkus.http.auth.permission.baz-fum.paths=/api/baz/fum*\nquarkus.http.auth.permission.baz-fum.policy=authenticated\nquarkus.http.auth.permission.root.paths=/\nquarkus.http.auth.permission.root.policy=authenticated\nquarkus.http.auth.permission.fragment.paths=/#stuff,/#stuff/\nquarkus.http.auth.permission.fragment.policy=authenticated\n";
    private static WebClient client;

    @Inject
    Vertx vertx;

    @TestHTTPResource
    URL url;
    private static final Duration REQUEST_TIMEOUT = Duration.ofSeconds(20);

    @RegisterExtension
    static QuarkusUnitTest runner = new QuarkusUnitTest().withApplicationRoot(javaArchive -> {
        javaArchive.addClasses(new Class[]{TestIdentityProvider.class, TestIdentityController.class, ApiResource.class, RootResource.class, PublicResource.class}).addAsResource(new StringAsset(APP_PROPS), "application.properties");
    });

    @Path("/api")
    /* loaded from: input_file:io/quarkus/resteasy/reactive/server/test/security/JakartaRestResourceHttpPermissionTest$ApiResource.class */
    public static class ApiResource {
        @GET
        @Path("/foo")
        public String foo() {
            return "foo";
        }

        @GET
        @Path("bar")
        public String bar() {
            return "bar";
        }

        @GET
        @Path("bar/irish")
        public String irishBar() {
            return "irish";
        }

        @GET
        @Path("baz/fum")
        public String bazFum() {
            return "fum";
        }
    }

    @Path("/")
    /* loaded from: input_file:io/quarkus/resteasy/reactive/server/test/security/JakartaRestResourceHttpPermissionTest$PublicResource.class */
    public static class PublicResource {
        @Path("one")
        @GET
        public String one() {
            return "one";
        }

        @Path("/two")
        @GET
        public String two() {
            return "two";
        }

        @Path("/three")
        @GET
        public String three() {
            return "three";
        }

        @Path("four")
        @GET
        public String four() {
            return "four";
        }

        @Path("four#stuff")
        @GET
        public String fourFragment() {
            return "four#stuff";
        }

        @Path("five")
        @GET
        public String five() {
            return "five";
        }
    }

    @Path("/")
    /* loaded from: input_file:io/quarkus/resteasy/reactive/server/test/security/JakartaRestResourceHttpPermissionTest$RootResource.class */
    public static class RootResource {
        @GET
        public String get() {
            return "root";
        }

        @Path("#stuff")
        @GET
        public String fragment() {
            return "#stuff";
        }
    }

    @BeforeAll
    public static void setup() {
        TestIdentityController.resetRoles().add("test", "test", new String[]{"test"});
    }

    @AfterAll
    public static void cleanup() {
        if (client != null) {
            client.close();
        }
    }

    private WebClient getClient() {
        if (client == null) {
            client = WebClient.create(this.vertx);
        }
        return client;
    }

    @ValueSource(strings = {"////api/foo", "/api/foo", "/api//foo", "/api//foo", "/api///foo", "/api/foo/", "/api/foo///", "/api/foo///.", "/api/foo/./", "////api/bar", "/api///bar", "/api//bar", "/api/bar", "/api/bar/", "/api/bar/irish", "/api/bar///irish", "/api/bar///irish/.", "/../api/bar///irish/.", "/api/baz/fum/", "/api//baz/fum//", "/api//baz/fum/."})
    @ParameterizedTest
    public void testEmptyPathSegments(String str) {
        assurePath(str, 401);
        assurePathAuthenticated(str, getLastNonEmptySegmentContent(str));
    }

    @ValueSource(strings = {"/", "///", "/?stuff", "/#stuff/", ""})
    @ParameterizedTest
    public void testRootPath(String str) {
        assurePath(str, 401);
        assurePathAuthenticated(str);
    }

    @ValueSource(strings = {"/one/", "///two", "/three?stuff", "/four#stuff", "/.////five"})
    @ParameterizedTest
    public void testNotSecuredPaths(String str) {
        assurePathAuthenticated(str);
    }

    private static String getLastNonEmptySegmentContent(String str) {
        while (true) {
            if (!str.endsWith("/") && !str.endsWith(".")) {
                return str.substring(str.lastIndexOf(47) + 1);
            }
            str = str.substring(0, str.length() - 1);
        }
    }

    private void assurePath(String str, int i) {
        assurePath(str, i, null, false);
    }

    private void assurePathAuthenticated(String str) {
        assurePath(str, 200, null, true);
    }

    private void assurePathAuthenticated(String str, String str2) {
        assurePath(str, 200, str2, true);
    }

    private void assurePath(String str, int i, String str2, boolean z) {
        HttpRequest httpRequest = getClient().get(this.url.getPort(), this.url.getHost(), str);
        if (z) {
            httpRequest.basicAuthentication("test", "test");
        }
        Future send = httpRequest.send();
        ConditionFactory atMost = Awaitility.await().atMost(REQUEST_TIMEOUT);
        Objects.requireNonNull(send);
        atMost.until(send::isComplete);
        Assertions.assertEquals(i, ((HttpResponse) send.result()).statusCode(), str);
        if (str2 != null) {
            Assertions.assertTrue(((HttpResponse) send.result()).bodyAsString().contains(str2), str);
        }
    }
}
