package io.quarkus.resteasy.reactive.server.test.security;

import io.quarkus.security.AuthenticationFailedException;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.runtime.interceptor.check.RolesAllowedCheck;
import io.quarkus.security.spi.runtime.AuthenticationFailureEvent;
import io.quarkus.security.spi.runtime.AuthenticationSuccessEvent;
import io.quarkus.security.spi.runtime.AuthorizationFailureEvent;
import io.quarkus.security.spi.runtime.AuthorizationSuccessEvent;
import io.quarkus.security.spi.runtime.SecurityEvent;
import io.quarkus.security.test.utils.TestIdentityController;
import io.quarkus.security.test.utils.TestIdentityProvider;
import io.quarkus.vertx.http.runtime.HttpBuildTimeConfig;
import io.restassured.RestAssured;
import io.vertx.ext.web.RoutingContext;
import jakarta.enterprise.event.Observes;
import jakarta.enterprise.event.ObservesAsync;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import java.time.Duration;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.CopyOnWriteArrayList;
import org.awaitility.Awaitility;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/quarkus/resteasy/reactive/server/test/security/AbstractSecurityEventTest.class */
public abstract class AbstractSecurityEventTest {
    protected static final Class<?>[] TEST_CLASSES = {RolesAllowedResource.class, RolesAllowedBlockingResource.class, TestIdentityProvider.class, TestIdentityController.class, UnsecuredResource.class, UnsecuredSubResource.class, RolesAllowedService.class, RolesAllowedServiceResource.class, EventObserver.class, UnsecuredResourceInterface.class, UnsecuredParentResource.class};

    @Inject
    EventObserver observer;

    @Inject
    HttpBuildTimeConfig httpBuildTimeConfig;

    @Singleton
    /* loaded from: input_file:io/quarkus/resteasy/reactive/server/test/security/AbstractSecurityEventTest$EventObserver.class */
    public static class EventObserver {
        private final List<SecurityEvent> syncEvents = new CopyOnWriteArrayList();
        private final List<AuthorizationFailureEvent> asyncAuthZFailureEvents = new CopyOnWriteArrayList();
        private final List<AuthenticationFailureEvent> authNFailureEvents = new CopyOnWriteArrayList();

        void observe(@Observes SecurityEvent securityEvent) {
            this.syncEvents.add(securityEvent);
        }

        void observe(@Observes AuthenticationFailureEvent authenticationFailureEvent) {
            this.authNFailureEvents.add(authenticationFailureEvent);
        }

        void observe(@ObservesAsync AuthorizationFailureEvent authorizationFailureEvent) {
            this.asyncAuthZFailureEvents.add(authorizationFailureEvent);
        }
    }

    @BeforeEach
    public void clean() {
        this.observer.asyncAuthZFailureEvents.clear();
        this.observer.syncEvents.clear();
        this.observer.authNFailureEvents.clear();
    }

    @BeforeAll
    public static void setupUsers() {
        TestIdentityController.resetRoles().add("admin", "admin", new String[]{"admin"}).add("user", "user", new String[]{"user"});
    }

    private boolean isProactiveAuth() {
        return this.httpBuildTimeConfig.auth.proactive;
    }

    @Test
    public void testAuthenticationEvent() {
        RestAssured.given().auth().preemptive().basic("unknown", "unknown").get("/unsecured/authenticated", new Object[0]).then().statusCode(401);
        Assertions.assertEquals(1, this.observer.authNFailureEvents.size());
        AuthenticationFailureEvent authenticationFailureEvent = this.observer.authNFailureEvents.get(0);
        Assertions.assertNull(authenticationFailureEvent.getSecurityIdentity());
        Assertions.assertTrue(authenticationFailureEvent.getAuthenticationFailure() instanceof AuthenticationFailedException);
        Assertions.assertNotNull(authenticationFailureEvent.getEventProperties().get(RoutingContext.class.getName()));
    }

    @Test
    public void testRolesAllowed() {
        RestAssured.get("/roles", new Object[0]).then().statusCode(401);
        assertSyncObserved(1);
        assertAsyncAuthZFailureObserved(1);
        SecurityIdentity securityIdentity = this.observer.syncEvents.get(0).getSecurityIdentity();
        Assertions.assertNotNull(securityIdentity);
        Assertions.assertTrue(securityIdentity.isAnonymous());
        RestAssured.given().auth().preemptive().basic("user", "user").get("/roles/admin", new Object[0]).then().statusCode(403);
        assertSyncObserved(3);
        AuthenticationSuccessEvent authenticationSuccessEvent = this.observer.syncEvents.get(1);
        SecurityIdentity securityIdentity2 = authenticationSuccessEvent.getSecurityIdentity();
        Assertions.assertNotNull(securityIdentity2);
        Assertions.assertEquals("user", securityIdentity2.getPrincipal().getName());
        RoutingContext routingContext = (RoutingContext) authenticationSuccessEvent.getEventProperties().get(RoutingContext.class.getName());
        Assertions.assertNotNull(routingContext);
        Assertions.assertTrue(routingContext.request().path().endsWith("/roles/admin"));
        assertAsyncAuthZFailureObserved(2);
        RestAssured.get("/roles-blocking", new Object[0]).then().statusCode(401);
        assertSyncObserved(4);
        assertAsyncAuthZFailureObserved(3);
        RestAssured.given().auth().preemptive().basic("user", "user").get("/roles-blocking/admin", new Object[0]).then().statusCode(403);
        assertSyncObserved(6);
        AuthenticationSuccessEvent authenticationSuccessEvent2 = this.observer.syncEvents.get(4);
        SecurityIdentity securityIdentity3 = authenticationSuccessEvent2.getSecurityIdentity();
        Assertions.assertNotNull(securityIdentity3);
        Assertions.assertEquals("user", securityIdentity3.getPrincipal().getName());
        RoutingContext routingContext2 = (RoutingContext) authenticationSuccessEvent2.getEventProperties().get(RoutingContext.class.getName());
        Assertions.assertNotNull(routingContext2);
        Assertions.assertTrue(routingContext2.request().path().endsWith("/roles-blocking/admin"));
        assertAsyncAuthZFailureObserved(4);
    }

    @Test
    public void testNestedRolesAllowed() {
        RestAssured.given().auth().preemptive().basic("admin", "admin").get("/roles-service/hello", new Object[0]).then().statusCode(200).body(Matchers.is(RolesAllowedService.SERVICE_HELLO), new Matcher[0]);
        assertSyncObserved(3, false, false);
        AuthenticationSuccessEvent authenticationSuccessEvent = this.observer.syncEvents.get(0);
        SecurityIdentity securityIdentity = authenticationSuccessEvent.getSecurityIdentity();
        Assertions.assertNotNull(securityIdentity);
        Assertions.assertEquals("admin", securityIdentity.getPrincipal().getName());
        RoutingContext routingContext = (RoutingContext) authenticationSuccessEvent.getEventProperties().get(RoutingContext.class.getName());
        Assertions.assertNotNull(routingContext);
        Assertions.assertTrue(routingContext.request().path().endsWith("/roles-service/hello"));
        AuthorizationSuccessEvent authorizationSuccessEvent = this.observer.syncEvents.get(1);
        Assertions.assertEquals(securityIdentity, authorizationSuccessEvent.getSecurityIdentity());
        SecurityIdentity securityIdentity2 = authorizationSuccessEvent.getSecurityIdentity();
        Assertions.assertEquals(routingContext, authorizationSuccessEvent.getEventProperties().get(RoutingContext.class.getName()));
        AuthorizationSuccessEvent authorizationSuccessEvent2 = this.observer.syncEvents.get(2);
        Assertions.assertEquals(securityIdentity2, authorizationSuccessEvent2.getSecurityIdentity());
        Assertions.assertNull(authorizationSuccessEvent2.getEventProperties().get(RoutingContext.class.getName()));
        assertAsyncAuthZFailureObserved(0);
        RestAssured.given().auth().preemptive().basic("user", "user").get("/roles-service/hello", new Object[0]).then().statusCode(403);
        assertSyncObserved(6, false, false);
        AuthenticationSuccessEvent authenticationSuccessEvent2 = this.observer.syncEvents.get(3);
        SecurityIdentity securityIdentity3 = authenticationSuccessEvent2.getSecurityIdentity();
        Assertions.assertNotNull(securityIdentity3);
        Assertions.assertEquals("user", securityIdentity3.getPrincipal().getName());
        RoutingContext routingContext2 = (RoutingContext) authenticationSuccessEvent2.getEventProperties().get(RoutingContext.class.getName());
        Assertions.assertNotNull(routingContext2);
        Assertions.assertTrue(routingContext2.request().path().endsWith("/roles-service/hello"));
        AuthorizationSuccessEvent authorizationSuccessEvent3 = this.observer.syncEvents.get(4);
        Assertions.assertEquals(securityIdentity3, authorizationSuccessEvent3.getSecurityIdentity());
        Assertions.assertEquals(routingContext2, authorizationSuccessEvent3.getEventProperties().get(RoutingContext.class.getName()));
        assertAsyncAuthZFailureObserved(1, false);
        AuthorizationFailureEvent authorizationFailureEvent = this.observer.asyncAuthZFailureEvents.get(0);
        SecurityIdentity securityIdentity4 = authorizationFailureEvent.getSecurityIdentity();
        Assertions.assertNotNull(securityIdentity4);
        Assertions.assertTrue(securityIdentity4.hasRole("user"));
        Assertions.assertEquals("user", securityIdentity4.getPrincipal().getName());
        Assertions.assertNull(authorizationFailureEvent.getEventProperties().get(RoutingContext.class.getName()));
        Assertions.assertEquals(RolesAllowedCheck.class.getName(), authorizationFailureEvent.getAuthorizationContext());
    }

    @Test
    public void testAuthenticated() {
        RestAssured.given().auth().preemptive().basic("admin", "admin").get("/unsecured/authenticated", new Object[0]).then().statusCode(200).body(Matchers.is("authenticated"), new Matcher[0]);
        assertSyncObserved(2);
        assertAsyncAuthZFailureObserved(0);
        SecurityIdentity securityIdentity = this.observer.syncEvents.get(0).getSecurityIdentity();
        Assertions.assertNotNull(securityIdentity);
        Assertions.assertEquals("admin", securityIdentity.getPrincipal().getName());
        AuthorizationSuccessEvent authorizationSuccessEvent = this.observer.syncEvents.get(1);
        Assertions.assertEquals(securityIdentity, authorizationSuccessEvent.getSecurityIdentity());
        Assertions.assertTrue(((RoutingContext) authorizationSuccessEvent.getEventProperties().get(RoutingContext.class.getName())).request().path().endsWith("/unsecured/authenticated"));
        RestAssured.given().get("/unsecured/authenticated", new Object[0]).then().statusCode(401);
        assertSyncObserved(3);
        assertAsyncAuthZFailureObserved(1);
        Assertions.assertEquals(1, this.observer.asyncAuthZFailureEvents.size());
        AuthorizationFailureEvent authorizationFailureEvent = this.observer.asyncAuthZFailureEvents.get(0);
        SecurityIdentity securityIdentity2 = authorizationFailureEvent.getSecurityIdentity();
        Assertions.assertNotNull(securityIdentity2);
        Assertions.assertTrue(securityIdentity2.isAnonymous());
        RoutingContext routingContext = (RoutingContext) authorizationFailureEvent.getEventProperties().get(RoutingContext.class.getName());
        Assertions.assertNotNull(routingContext);
        Assertions.assertTrue(routingContext.request().path().endsWith("/unsecured/authenticated"));
    }

    @Test
    public void testDenyAll() {
        RestAssured.given().auth().preemptive().basic("admin", "admin").get("/unsecured/denyAll", new Object[0]).then().statusCode(403);
        assertSyncObserved(2);
        assertAsyncAuthZFailureObserved(1);
        AuthorizationFailureEvent authorizationFailureEvent = this.observer.syncEvents.get(1);
        SecurityIdentity securityIdentity = authorizationFailureEvent.getSecurityIdentity();
        Assertions.assertNotNull(securityIdentity);
        Assertions.assertEquals("admin", securityIdentity.getPrincipal().getName());
        Assertions.assertTrue(securityIdentity.hasRole("admin"));
        Assertions.assertEquals(securityIdentity, this.observer.asyncAuthZFailureEvents.get(0).getSecurityIdentity());
        AuthenticationSuccessEvent authenticationSuccessEvent = this.observer.syncEvents.get(0);
        Assertions.assertEquals(securityIdentity, authenticationSuccessEvent.getSecurityIdentity());
        RoutingContext routingContext = (RoutingContext) authenticationSuccessEvent.getEventProperties().get(RoutingContext.class.getName());
        Assertions.assertNotNull(routingContext);
        Assertions.assertTrue(routingContext.request().path().endsWith("unsecured/denyAll"));
        Assertions.assertEquals(routingContext, authorizationFailureEvent.getEventProperties().get(RoutingContext.class.getName()));
        RestAssured.given().get("/unsecured/authenticated", new Object[0]).then().statusCode(401);
        assertSyncObserved(3);
        assertAsyncAuthZFailureObserved(2);
    }

    @Test
    public void testPermitAll() {
        RestAssured.given().auth().preemptive().basic("admin", "admin").get("/unsecured/permitAll", new Object[0]).then().statusCode(200).body(Matchers.is("permitAll"), new Matcher[0]);
        assertAsyncAuthZFailureObserved(0);
        if (isProactiveAuth()) {
            assertSyncObserved(2, true, true);
            AuthenticationSuccessEvent authenticationSuccessEvent = this.observer.syncEvents.get(0);
            SecurityIdentity securityIdentity = authenticationSuccessEvent.getSecurityIdentity();
            Assertions.assertNotNull(securityIdentity);
            Assertions.assertEquals("admin", securityIdentity.getPrincipal().getName());
            RoutingContext routingContext = (RoutingContext) authenticationSuccessEvent.getEventProperties().get(RoutingContext.class.getName());
            Assertions.assertNotNull(routingContext);
            Assertions.assertTrue(routingContext.request().path().endsWith("/unsecured/permitAll"));
            AuthorizationSuccessEvent authorizationSuccessEvent = this.observer.syncEvents.get(1);
            Assertions.assertNull(authorizationSuccessEvent.getSecurityIdentity());
            Assertions.assertEquals(routingContext, authorizationSuccessEvent.getEventProperties().get(RoutingContext.class.getName()));
        } else {
            assertSyncObserved(1, true, true);
            AuthorizationSuccessEvent authorizationSuccessEvent2 = this.observer.syncEvents.get(0);
            Assertions.assertNull(authorizationSuccessEvent2.getSecurityIdentity());
            Assertions.assertNotNull(authorizationSuccessEvent2.getEventProperties().get(RoutingContext.class.getName()));
        }
        RestAssured.given().get("/unsecured/permitAll", new Object[0]).then().statusCode(200).body(Matchers.is("permitAll"), new Matcher[0]);
        if (isProactiveAuth()) {
            assertSyncObserved(3, true, true);
        } else {
            assertSyncObserved(2, true, true);
        }
        assertAsyncAuthZFailureObserved(0);
    }

    private void assertSyncObserved(int i) {
        assertSyncObserved(i, true, false);
    }

    private void assertSyncObserved(int i, boolean z, boolean z2) {
        Assertions.assertEquals(i, this.observer.syncEvents.size());
        if (i > 0) {
            if (!z2) {
                Assertions.assertTrue(this.observer.syncEvents.stream().allMatch(securityEvent -> {
                    return securityEvent.getSecurityIdentity() != null;
                }));
            }
            if (z) {
                Assertions.assertTrue(this.observer.syncEvents.stream().map(securityEvent2 -> {
                    return securityEvent2.getEventProperties().get(RoutingContext.class.getName());
                }).allMatch(Objects::nonNull));
            }
        }
    }

    private void assertAsyncAuthZFailureObserved(int i) {
        assertAsyncAuthZFailureObserved(i, true);
    }

    private void assertAsyncAuthZFailureObserved(int i, boolean z) {
        Awaitility.await().atMost(Duration.ofSeconds(2L)).untilAsserted(() -> {
            Assertions.assertEquals(i, this.observer.asyncAuthZFailureEvents.size());
        });
        if (i > 0) {
            Assertions.assertTrue(this.observer.asyncAuthZFailureEvents.stream().allMatch(authorizationFailureEvent -> {
                return authorizationFailureEvent.getSecurityIdentity() != null;
            }));
            if (z) {
                Assertions.assertTrue(this.observer.asyncAuthZFailureEvents.stream().map(authorizationFailureEvent2 -> {
                    return authorizationFailureEvent2.getEventProperties().get(RoutingContext.class.getName());
                }).allMatch(Objects::nonNull));
            }
        }
    }
}
