package org.springframework.cloud.gateway.cors;

import java.util.Map;
import org.assertj.core.api.AbstractBooleanAssert;
import org.assertj.core.api.AbstractStringAssert;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.SpringBootConfiguration;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.cloud.gateway.route.RouteLocator;
import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder;
import org.springframework.cloud.gateway.test.BaseWebClientTests;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ActiveProfiles;

@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@DirtiesContext
@ActiveProfiles(profiles = {"cors-per-route-config"})
/* loaded from: input_file:org/springframework/cloud/gateway/cors/CorsPerRouteTests.class */
public class CorsPerRouteTests extends BaseWebClientTests {

    @EnableAutoConfiguration
    @SpringBootConfiguration
    @Import({BaseWebClientTests.DefaultTestConfig.class})
    /* loaded from: input_file:org/springframework/cloud/gateway/cors/CorsPerRouteTests$TestConfig.class */
    public static class TestConfig {

        @Value("${test.uri}")
        String uri;

        @Bean
        public RouteLocator testRouteLocator(RouteLocatorBuilder routeLocatorBuilder) {
            return routeLocatorBuilder.routes().route("cors_route_java_test", predicateSpec -> {
                return predicateSpec.host(new String[]{"*.javaconfhost.org"}).and().path(new String[]{"/route-test/**"}).filters(gatewayFilterSpec -> {
                    return gatewayFilterSpec.stripPrefix(1).prefixPath("/httpbin");
                }).metadata(Map.of("cors", Map.of("allowedOrigins", "another-domain.com", "allowedMethods", HttpMethod.GET.name(), "maxAge", 50))).uri(this.uri);
            }).build();
        }
    }

    @Test
    public void testPreFlightCorsRequest() {
        this.testClient.options().uri("/abc", new Object[0]).header("Origin", new String[]{"domain.com"}).header("Access-Control-Request-Method", new String[]{"GET"}).exchange().expectBody(Map.class).consumeWith(entityExchangeResult -> {
            Assertions.assertThat((Map) entityExchangeResult.getResponseBody()).isNull();
            Assertions.assertThat(entityExchangeResult.getStatus()).isEqualTo(HttpStatus.OK);
            HttpHeaders responseHeaders = entityExchangeResult.getResponseHeaders();
            ((AbstractStringAssert) Assertions.assertThat(responseHeaders.getAccessControlAllowOrigin()).as(missingHeader("Access-Control-Allow-Origin"), new Object[0])).isEqualTo("domain.com");
            Assertions.assertThat(responseHeaders.getAccessControlAllowMethods()).as(missingHeader("Access-Control-Allow-Methods"), new Object[0]).containsExactlyInAnyOrder(new HttpMethod[]{HttpMethod.GET, HttpMethod.POST});
            Assertions.assertThat(responseHeaders.getAccessControlMaxAge()).as(missingHeader("Access-Control-Max-Age"), new Object[0]).isEqualTo(30L);
            ((AbstractBooleanAssert) Assertions.assertThat(responseHeaders.getAccessControlAllowCredentials()).as(missingHeader("Access-Control-Allow-Credentials"), new Object[0])).isEqualTo(true);
        });
    }

    @Test
    public void testPreFlightCorsRequestJavaConfig() {
        this.testClient.options().uri("/route-test", new Object[0]).header("Origin", new String[]{"another-domain.com"}).header("Host", new String[]{"www.javaconfhost.org"}).header("Access-Control-Request-Method", new String[]{"GET"}).exchange().expectBody(Map.class).consumeWith(entityExchangeResult -> {
            Assertions.assertThat((Map) entityExchangeResult.getResponseBody()).isNull();
            Assertions.assertThat(entityExchangeResult.getStatus()).isEqualTo(HttpStatus.OK);
            HttpHeaders responseHeaders = entityExchangeResult.getResponseHeaders();
            ((AbstractStringAssert) Assertions.assertThat(responseHeaders.getAccessControlAllowOrigin()).as(missingHeader("Access-Control-Allow-Origin"), new Object[0])).isEqualTo("another-domain.com");
            Assertions.assertThat(responseHeaders.getAccessControlAllowMethods()).as(missingHeader("Access-Control-Allow-Methods"), new Object[0]).containsExactlyInAnyOrder(new HttpMethod[]{HttpMethod.GET});
            Assertions.assertThat(responseHeaders.getAccessControlMaxAge()).as(missingHeader("Access-Control-Max-Age"), new Object[0]).isEqualTo(50L);
        });
    }

    @Test
    public void testPreFlightForbiddenCorsRequest() {
        this.testClient.get().uri("/cors", new Object[0]).header("Origin", new String[]{"domain.com"}).header("Access-Control-Request-Method", new String[]{"GET"}).exchange().expectBody(Map.class).consumeWith(entityExchangeResult -> {
            Assertions.assertThat((Map) entityExchangeResult.getResponseBody()).isNull();
            Assertions.assertThat(entityExchangeResult.getStatus()).isEqualTo(HttpStatus.FORBIDDEN);
        });
    }

    @Test
    public void testCorsValidatedRequest() {
        this.testClient.get().uri("/cors/status/201", new Object[0]).header("Origin", new String[]{"https://test.com"}).exchange().expectBody(String.class).consumeWith(entityExchangeResult -> {
            Assertions.assertThat((String) entityExchangeResult.getResponseBody()).endsWith("201");
            Assertions.assertThat(entityExchangeResult.getStatus()).isEqualTo(HttpStatus.CREATED);
        });
    }

    private String missingHeader(String str) {
        return "Missing header value in response: " + str;
    }
}
