package io.quarkus.resteasy.reactive.server.test.security;

import io.quarkus.security.Authenticated;
import io.quarkus.security.UnauthorizedException;
import io.quarkus.security.identity.AuthenticationRequestContext;
import io.quarkus.security.identity.CurrentIdentityAssociation;
import io.quarkus.security.identity.IdentityProvider;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.TrustedAuthenticationRequest;
import io.quarkus.security.runtime.QuarkusPrincipal;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.quarkus.security.test.utils.TestIdentityController;
import io.quarkus.security.test.utils.TestIdentityProvider;
import io.quarkus.test.QuarkusUnitTest;
import io.quarkus.vertx.http.runtime.security.FormAuthenticationMechanism;
import io.restassured.RestAssured;
import io.restassured.filter.cookie.CookieFilter;
import io.restassured.matcher.RestAssuredMatchers;
import io.smallrye.mutiny.Uni;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.core.Response;
import java.net.URI;
import java.time.Duration;
import java.util.function.Supplier;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

/* loaded from: input_file:io/quarkus/resteasy/reactive/server/test/security/FormAuthRedirectTestCase.class */
public class FormAuthRedirectTestCase {

    @RegisterExtension
    static QuarkusUnitTest test = new QuarkusUnitTest().setArchiveProducer(new Supplier<JavaArchive>() { // from class: io.quarkus.resteasy.reactive.server.test.security.FormAuthRedirectTestCase.1
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public JavaArchive get() {
            return ShrinkWrap.create(JavaArchive.class).addClasses(new Class[]{TestIdentityProvider.class, TestIdentityController.class, FormAuthResource.class, TrustedIdentityProvider.class}).addAsResource(new StringAsset("quarkus.http.auth.form.enabled=true\nquarkus.http.auth.form.landing-page=/hello\nquarkus.http.auth.form.new-cookie-interval=PT1S\n"), "application.properties");
        }
    });

    @Path("/")
    /* loaded from: input_file:io/quarkus/resteasy/reactive/server/test/security/FormAuthRedirectTestCase$FormAuthResource.class */
    public static class FormAuthResource {
        private final CurrentIdentityAssociation identity;

        public FormAuthResource(CurrentIdentityAssociation currentIdentityAssociation) {
            this.identity = currentIdentityAssociation;
        }

        @GET
        @Path("hello")
        @Authenticated
        public String hello() {
            return "hello " + this.identity.getIdentity().getPrincipal().getName();
        }

        @GET
        @Path("logout")
        public Response logout() {
            if (this.identity.getIdentity().isAnonymous()) {
                throw new UnauthorizedException("Not authenticated");
            }
            FormAuthenticationMechanism.logout(this.identity.getIdentity());
            return Response.seeOther(URI.create("/")).build();
        }
    }

    @ApplicationScoped
    /* loaded from: input_file:io/quarkus/resteasy/reactive/server/test/security/FormAuthRedirectTestCase$TrustedIdentityProvider.class */
    public static class TrustedIdentityProvider implements IdentityProvider<TrustedAuthenticationRequest> {
        public Class<TrustedAuthenticationRequest> getRequestType() {
            return TrustedAuthenticationRequest.class;
        }

        public Uni<SecurityIdentity> authenticate(TrustedAuthenticationRequest trustedAuthenticationRequest, AuthenticationRequestContext authenticationRequestContext) {
            return "user".equals(trustedAuthenticationRequest.getPrincipal()) ? Uni.createFrom().item(QuarkusSecurityIdentity.builder().setPrincipal(new QuarkusPrincipal("user")).build()) : Uni.createFrom().nullItem();
        }
    }

    @BeforeAll
    public static void setup() {
        TestIdentityController.resetRoles().add("a d m i n", "a d m i n", new String[]{"a d m i n"}).add("user", "user");
    }

    @Test
    public void testFormAuthFailure() {
        RestAssured.enableLoggingOfRequestAndResponseIfValidationFails();
        RestAssured.given().filter(new CookieFilter()).redirects().follow(false).when().formParam("j_username", new Object[]{"a d m i n"}).formParam("j_password", new Object[]{"wrongpassword"}).post("/j_security_check", new Object[0]).then().assertThat().statusCode(302).header("location", Matchers.containsString("/error")).header("quarkus-credential", Matchers.nullValue());
    }

    @Test
    public void testFormAuthLoginLogout() throws InterruptedException {
        RestAssured.enableLoggingOfRequestAndResponseIfValidationFails();
        CookieFilter cookieFilter = new CookieFilter();
        Assertions.assertNull(RestAssured.given().filter(cookieFilter).redirects().follow(false).when().get("/hello", new Object[0]).then().assertThat().statusCode(302).header("location", Matchers.containsString("/login.html")).extract().cookie("quarkus-credential"));
        RestAssured.given().filter(cookieFilter).redirects().follow(false).when().formParam("j_username", new Object[]{"user"}).formParam("j_password", new Object[]{"user"}).post("/j_security_check", new Object[0]).then().assertThat().statusCode(302).header("location", Matchers.containsString("/hello")).cookie("quarkus-credential", RestAssuredMatchers.detailedCookie().value(Matchers.notNullValue()).sameSite("Strict").path("/"));
        RestAssured.given().filter(cookieFilter).redirects().follow(false).when().get("/hello", new Object[0]).then().assertThat().statusCode(200).body(Matchers.equalTo("hello user"), new Matcher[0]);
        Thread.sleep(Duration.ofSeconds(2L).toMillis());
        String cookie = RestAssured.given().filter(cookieFilter).redirects().follow(false).when().get("/logout", new Object[0]).then().assertThat().statusCode(303).header("location", Matchers.containsString("/")).extract().cookie("quarkus-credential");
        Assertions.assertTrue(cookie == null || cookie.isEmpty(), "Expected credentials cookie was removed, but actual value was " + cookie);
        String cookie2 = RestAssured.given().filter(cookieFilter).redirects().follow(false).when().get("/hello", new Object[0]).then().assertThat().statusCode(302).header("location", Matchers.containsString("/login.html")).extract().cookie("quarkus-credential");
        Assertions.assertTrue(cookie2 == null || cookie2.isEmpty());
    }
}
