package io.quarkus.vertx.http.security;

import io.quarkus.test.QuarkusUnitTest;
import io.quarkus.test.common.http.TestHTTPResource;
import io.quarkus.vertx.http.runtime.security.QuarkusHttpUser;
import io.restassured.RestAssured;
import io.vertx.ext.web.Router;
import java.io.File;
import java.net.URL;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.event.Observes;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

/* loaded from: input_file:io/quarkus/vertx/http/security/MtlsRequiredTest.class */
public class MtlsRequiredTest {

    @TestHTTPResource(value = "/mtls", ssl = true)
    URL url;

    @TestHTTPResource(value = "/mtls", ssl = false)
    URL urlNoTls;

    @RegisterExtension
    static final QuarkusUnitTest config = new QuarkusUnitTest().setArchiveProducer(() -> {
        return ShrinkWrap.create(JavaArchive.class).addClasses(new Class[]{MyBean.class}).addAsResource(new File("src/test/resources/conf/mtls/mtls-jks.conf"), "application.properties").addAsResource(new File("src/test/resources/conf/mtls/server-keystore.jks"), "server-keystore.jks").addAsResource(new File("src/test/resources/conf/mtls/server-truststore.jks"), "server-truststore.jks");
    });

    @ApplicationScoped
    /* loaded from: input_file:io/quarkus/vertx/http/security/MtlsRequiredTest$MyBean.class */
    static class MyBean {
        MyBean() {
        }

        public void register(@Observes Router router) {
            router.get("/mtls").handler(routingContext -> {
                routingContext.response().end(((QuarkusHttpUser) QuarkusHttpUser.class.cast(routingContext.user())).getSecurityIdentity().getPrincipal().getName());
            });
        }
    }

    @Test
    public void testClientAuthentication() {
        RestAssured.given().keyStore(new File("src/test/resources/conf/mtls/client-keystore.jks"), "password").trustStore(new File("src/test/resources/conf/mtls/client-truststore.jks"), "password").get(this.url).then().statusCode(200).body(Matchers.is("CN=client,OU=cert,O=quarkus,L=city,ST=state,C=AU"), new Matcher[0]);
    }

    @Test
    public void testNoClientCert() {
        RestAssured.given().get(this.urlNoTls).then().statusCode(401);
    }
}
