package io.quarkus.vertx.http.security;

import io.quarkus.security.test.utils.TestIdentityController;
import io.quarkus.security.test.utils.TestIdentityProvider;
import io.quarkus.test.QuarkusUnitTest;
import io.quarkus.test.common.http.TestHTTPResource;
import io.restassured.RestAssured;
import io.restassured.filter.cookie.CookieFilter;
import java.io.IOException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.function.Supplier;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.Consts;
import org.apache.http.client.CookieStore;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.cookie.Cookie;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

/* loaded from: input_file:io/quarkus/vertx/http/security/FormAuthCookiesTestCase.class */
public class FormAuthCookiesTestCase {
    private static final String APP_PROPS = "quarkus.http.auth.form.enabled=true\nquarkus.http.auth.form.login-page=login\nquarkus.http.auth.form.error-page=error\nquarkus.http.auth.form.landing-page=landing\nquarkus.http.auth.policy.r1.roles-allowed=admin\nquarkus.http.auth.permission.roles1.paths=/admin%E2%9D%A4\nquarkus.http.auth.permission.roles1.policy=r1\nquarkus.http.auth.form.timeout=PT2S\nquarkus.http.auth.form.new-cookie-interval=PT1S\nquarkus.http.auth.form.cookie-name=laitnederc-sukrauq\nquarkus.http.auth.session.encryption-key=CHANGEIT-CHANGEIT-CHANGEIT-CHANGEIT-CHANGEIT\n";

    @RegisterExtension
    static QuarkusUnitTest test = new QuarkusUnitTest().setArchiveProducer(new Supplier<JavaArchive>() { // from class: io.quarkus.vertx.http.security.FormAuthCookiesTestCase.1
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public JavaArchive get() {
            return ShrinkWrap.create(JavaArchive.class).addClasses(new Class[]{TestIdentityProvider.class, TestIdentityController.class, TestTrustedIdentityProvider.class, PathHandler.class}).addAsResource(new StringAsset(FormAuthCookiesTestCase.APP_PROPS), "application.properties");
        }
    });

    @TestHTTPResource
    URL url;

    @BeforeAll
    public static void setup() {
        TestIdentityController.resetRoles().add("admin", "admin", new String[]{"admin"});
    }

    @Test
    public void testFormBasedAuthSuccess() {
        RestAssured.enableLoggingOfRequestAndResponseIfValidationFails();
        CookieFilter cookieFilter = new CookieFilter();
        RestAssured.given().filter(cookieFilter).redirects().follow(false).when().get("/admin❤", new Object[0]).then().assertThat().statusCode(302).header("location", Matchers.containsString("/login")).cookie("quarkus-redirect-location", Matchers.containsString("/admin%E2%9D%A4"));
        RestAssured.given().filter(cookieFilter).redirects().follow(false).when().formParam("j_username", new Object[]{"admin"}).formParam("j_password", new Object[]{"admin"}).post("/j_security_check", new Object[0]).then().assertThat().statusCode(302).header("location", Matchers.containsString("/admin%E2%9D%A4")).cookie("laitnederc-sukrauq", Matchers.notNullValue());
        RestAssured.given().filter(cookieFilter).redirects().follow(false).when().get("/admin❤", new Object[0]).then().assertThat().statusCode(200).body(Matchers.equalTo("admin:/admin%E2%9D%A4"), new Matcher[0]);
    }

    private String getCredentialCookie(CookieStore cookieStore) {
        for (Cookie cookie : cookieStore.getCookies()) {
            if ("laitnederc-sukrauq".equals(cookie.getName())) {
                return cookie.getValue();
            }
        }
        return null;
    }

    private void doRegularGet(CloseableHttpClient closeableHttpClient, CookieStore cookieStore, String str) throws IOException {
        CloseableHttpResponse execute = closeableHttpClient.execute(new HttpGet(this.url.toString() + "/admin%E2%9D%A4"));
        try {
            Assertions.assertEquals(str, getCredentialCookie(cookieStore), "Session cookie WAS NOT eligible for renewal and should have remained the same.");
            Assertions.assertEquals(200, execute.getStatusLine().getStatusCode(), "HTTP 200 expected.");
            Assertions.assertEquals("admin:/admin%E2%9D%A4", EntityUtils.toString(execute.getEntity(), "UTF-8"), "Unexpected web page content.");
            if (execute != null) {
                execute.close();
            }
        } catch (Throwable th) {
            if (execute != null) {
                try {
                    execute.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void waitForPointInTime(long j) throws InterruptedException {
        long currentTimeMillis = j - System.currentTimeMillis();
        Assertions.assertTrue(currentTimeMillis > 0, "Having to wait for " + currentTimeMillis + " ms for another request is unexpected. The previous one took too long.");
        Thread.sleep(currentTimeMillis);
    }

    @Disabled("The logic in this test case relies too heavily on the current system time and can result in spurious failures on slow systems. See https://github.com/quarkusio/quarkus/issues/10106")
    @Test
    public void testCredentialCookieRotation() throws IOException, InterruptedException {
        BasicCookieStore basicCookieStore = new BasicCookieStore();
        CloseableHttpClient build = HttpClientBuilder.create().setDefaultCookieStore(basicCookieStore).setDefaultRequestConfig(RequestConfig.custom().setCookieSpec("standard").build()).build();
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("j_username", "admin"));
            arrayList.add(new BasicNameValuePair("j_password", "admin"));
            UrlEncodedFormEntity urlEncodedFormEntity = new UrlEncodedFormEntity(arrayList, Consts.UTF_8);
            HttpPost httpPost = new HttpPost(this.url.toString() + "/j_security_check");
            httpPost.setEntity(urlEncodedFormEntity);
            CloseableHttpResponse execute = build.execute(httpPost);
            try {
                Assertions.assertEquals(302, execute.getStatusLine().getStatusCode(), "Login should have been successful and return HTTP 302 redirect.");
                String credentialCookie = getCredentialCookie(basicCookieStore);
                Assertions.assertTrue(StringUtils.isNotBlank(credentialCookie), "Credential cookie value must not be blank.");
                if (execute != null) {
                    execute.close();
                }
                long currentTimeMillis = System.currentTimeMillis();
                waitForPointInTime(currentTimeMillis + 400);
                doRegularGet(build, basicCookieStore, credentialCookie);
                waitForPointInTime(currentTimeMillis + 700);
                doRegularGet(build, basicCookieStore, credentialCookie);
                waitForPointInTime(currentTimeMillis + 1300);
                CloseableHttpResponse execute2 = build.execute(new HttpGet(this.url.toString() + "/admin%E2%9D%A4"));
                try {
                    String credentialCookie2 = getCredentialCookie(basicCookieStore);
                    Assertions.assertNotEquals(credentialCookie, credentialCookie2, "Session cookie WAS eligible for renewal and should have been updated.");
                    Assertions.assertEquals(200, execute2.getStatusLine().getStatusCode(), "HTTP 200 expected.");
                    Assertions.assertEquals("admin:/admin%E2%9D%A4", EntityUtils.toString(execute2.getEntity(), "UTF-8"), "Unexpected web page content.");
                    if (execute2 != null) {
                        execute2.close();
                    }
                    long currentTimeMillis2 = System.currentTimeMillis();
                    waitForPointInTime(currentTimeMillis2 + 400);
                    doRegularGet(build, basicCookieStore, credentialCookie2);
                    waitForPointInTime(currentTimeMillis2 + 700);
                    doRegularGet(build, basicCookieStore, credentialCookie2);
                    waitForPointInTime(currentTimeMillis2 + 3600);
                    CloseableHttpResponse execute3 = build.execute(new HttpGet(this.url.toString() + "/admin%E2%9D%A4"));
                    try {
                        Assertions.assertEquals(200, execute3.getStatusLine().getStatusCode(), "HTTP 200 from login page expected.");
                        Assertions.assertEquals(":/login", EntityUtils.toString(execute3.getEntity(), "UTF-8"), "Login web page was expected. Quarkus should have enforced a new login.");
                        String str = null;
                        Iterator<Cookie> it = basicCookieStore.getCookies().iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            Cookie next = it.next();
                            if ("quarkus-redirect-location".equals(next.getName())) {
                                str = next.getValue();
                                break;
                            }
                        }
                        Assertions.assertTrue(StringUtils.isNotBlank(str) && str.contains("admin%E2%9D%A4"), "quarkus-redirect-location should have been set.");
                        if (execute3 != null) {
                            execute3.close();
                        }
                        HttpPost httpPost2 = new HttpPost(this.url.toString() + "/j_security_check");
                        httpPost2.setEntity(urlEncodedFormEntity);
                        execute = build.execute(httpPost2);
                        try {
                            Assertions.assertEquals(302, execute.getStatusLine().getStatusCode(), "Login should have been successful and return HTTP 302 redirect.");
                            String credentialCookie3 = getCredentialCookie(basicCookieStore);
                            Assertions.assertTrue(StringUtils.isNotBlank(credentialCookie3), "Credential cookie value must not be blank.");
                            Assertions.assertNotEquals(credentialCookie3, credentialCookie2, "New credential cookie must not be the same as the previous one.");
                            if (execute != null) {
                                execute.close();
                            }
                            if (build != null) {
                                build.close();
                            }
                        } finally {
                        }
                    } finally {
                    }
                } finally {
                    if (execute2 != null) {
                        try {
                            execute2.close();
                        } catch (Throwable th) {
                            th.addSuppressed(th);
                        }
                    }
                }
            } finally {
                if (execute != null) {
                    try {
                        execute.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            }
        } catch (Throwable th3) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }
}
