package io.quarkus.vertx.http.cors;

import io.quarkus.security.test.utils.TestIdentityController;
import io.quarkus.security.test.utils.TestIdentityProvider;
import io.quarkus.test.QuarkusUnitTest;
import io.quarkus.vertx.http.security.PathHandler;
import io.restassured.RestAssured;
import io.restassured.specification.RequestSpecification;
import java.util.function.Supplier;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

/* loaded from: input_file:io/quarkus/vertx/http/cors/CORSSecurityTestCase.class */
public class CORSSecurityTestCase {
    private static final String APP_PROPS = "quarkus.http.cors=true\nquarkus.http.cors.methods=GET, OPTIONS, POST\nquarkus.http.auth.basic=true\nquarkus.http.auth.policy.r1.roles-allowed=test\nquarkus.http.auth.permission.roles1.paths=/test\nquarkus.http.auth.permission.roles1.policy=r1\n";

    @RegisterExtension
    static QuarkusUnitTest test = new QuarkusUnitTest().setArchiveProducer(new Supplier<JavaArchive>() { // from class: io.quarkus.vertx.http.cors.CORSSecurityTestCase.1
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public JavaArchive get() {
            return ShrinkWrap.create(JavaArchive.class).addClasses(new Class[]{TestIdentityProvider.class, TestIdentityController.class, PathHandler.class}).addAsResource(new StringAsset(CORSSecurityTestCase.APP_PROPS), "application.properties");
        }
    });

    @BeforeAll
    public static void setup() {
        TestIdentityController.resetRoles().add("test", "test", new String[]{"test"}).add("user", "user", new String[]{"user"});
    }

    @DisplayName("Handles a preflight CORS request correctly")
    @Test
    public void corsPreflightTest() {
        RestAssured.given().header("Origin", "http://custom.origin.quarkus", new Object[0]).header("Access-Control-Request-Method", "GET,POST", new Object[0]).header("Access-Control-Request-Headers", "X-Custom", new Object[0]).when().options("/test", new Object[0]).then().statusCode(200).header("Access-Control-Allow-Origin", "http://custom.origin.quarkus").header("Access-Control-Allow-Methods", "GET,POST").header("Access-Control-Allow-Headers", "X-Custom");
        RestAssured.given().header("Origin", "http://custom.origin.quarkus", new Object[0]).header("Access-Control-Request-Method", "GET,POST", new Object[0]).header("Access-Control-Request-Headers", "X-Custom", new Object[0]).when().auth().basic("test", "test").options("/test", new Object[0]).then().statusCode(200).header("Access-Control-Allow-Origin", "http://custom.origin.quarkus").header("Access-Control-Allow-Methods", "GET,POST").header("Access-Control-Allow-Headers", "X-Custom");
        RestAssured.given().header("Origin", "http://custom.origin.quarkus", new Object[0]).header("Access-Control-Request-Method", "GET,POST", new Object[0]).header("Access-Control-Request-Headers", "X-Custom", new Object[0]).when().auth().basic("test", "wrongpassword").options("/test", new Object[0]).then().statusCode(200).header("Access-Control-Allow-Origin", "http://custom.origin.quarkus").header("Access-Control-Allow-Methods", "GET,POST").header("Access-Control-Allow-Headers", "X-Custom");
        RestAssured.given().header("Origin", "http://custom.origin.quarkus", new Object[0]).header("Access-Control-Request-Method", "GET,POST", new Object[0]).header("Access-Control-Request-Headers", "X-Custom", new Object[0]).when().auth().basic("user", "user").options("/test", new Object[0]).then().statusCode(200).header("Access-Control-Allow-Origin", "http://custom.origin.quarkus").header("Access-Control-Allow-Methods", "GET,POST").header("Access-Control-Allow-Headers", "X-Custom");
    }

    @DisplayName("Handles a direct CORS request correctly")
    @Test
    public void corsNoPreflightTest() {
        ((RequestSpecification) RestAssured.given().header("Origin", "http://custom.origin.quarkus", new Object[0]).header("Access-Control-Request-Method", "GET,POST", new Object[0]).header("Access-Control-Request-Headers", "X-Custom", new Object[0]).when().log().headers()).get("/test", new Object[0]).then().statusCode(401).header("Access-Control-Allow-Origin", "http://custom.origin.quarkus").header("Access-Control-Allow-Methods", "GET,POST").header("Access-Control-Allow-Headers", "X-Custom");
        ((RequestSpecification) RestAssured.given().header("Origin", "http://custom.origin.quarkus", new Object[0]).header("Access-Control-Request-Method", "GET,POST", new Object[0]).header("Access-Control-Request-Headers", "X-Custom", new Object[0]).when().auth().basic("test", "test").log().headers()).get("/test", new Object[0]).then().statusCode(200).header("Access-Control-Allow-Origin", "http://custom.origin.quarkus").header("Access-Control-Allow-Methods", "GET,POST").header("Access-Control-Allow-Headers", "X-Custom").body(Matchers.equalTo("test:/test"), new Matcher[0]);
        ((RequestSpecification) RestAssured.given().header("Origin", "http://custom.origin.quarkus", new Object[0]).header("Access-Control-Request-Method", "GET,POST", new Object[0]).header("Access-Control-Request-Headers", "X-Custom", new Object[0]).when().auth().basic("test", "wrongpassword").log().headers()).get("/test", new Object[0]).then().statusCode(401).header("Access-Control-Allow-Origin", "http://custom.origin.quarkus").header("Access-Control-Allow-Methods", "GET,POST").header("Access-Control-Allow-Headers", "X-Custom");
        ((RequestSpecification) RestAssured.given().header("Origin", "http://custom.origin.quarkus", new Object[0]).header("Access-Control-Request-Method", "GET,POST", new Object[0]).header("Access-Control-Request-Headers", "X-Custom", new Object[0]).when().auth().basic("user", "user").log().headers()).get("/test", new Object[0]).then().statusCode(403).header("Access-Control-Allow-Origin", "http://custom.origin.quarkus").header("Access-Control-Allow-Methods", "GET,POST").header("Access-Control-Allow-Headers", "X-Custom");
    }
}
