package org.apache.cxf.systest.jaxrs.cors;

import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
import java.io.Closeable;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.systest.jaxrs.AbstractSpringServer;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.http.Header;
import org.apache.http.HeaderElement;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpOptions;
import org.apache.http.impl.client.DefaultHttpClient;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;

/* loaded from: input_file:org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.class */
public class CrossOriginSimpleTest extends AbstractBusClientServerTestBase {
    public static final int PORT = SpringServer.PORT;
    private WebClient configClient;

    @Ignore
    /* loaded from: input_file:org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest$SpringServer.class */
    public static class SpringServer extends AbstractSpringServer {
        public static final int PORT = allocatePortAsInt(SpringServer.class);

        public SpringServer() {
            super("/jaxrs_cors", PORT);
        }
    }

    @BeforeClass
    public static void startServers() throws Exception {
        assertTrue("server did not launch correctly", launchServer(SpringServer.class, true));
    }

    @Before
    public void before() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JacksonJsonProvider());
        this.configClient = WebClient.create("http://localhost:" + PORT + "/config", arrayList);
    }

    private List<String> headerValues(Header[] headerArr) {
        ArrayList arrayList = new ArrayList();
        for (Header header : headerArr) {
            for (HeaderElement headerElement : header.getElements()) {
                arrayList.add(headerElement.getName());
            }
        }
        return arrayList;
    }

    private void assertAllOrigin(boolean z, String[] strArr, String[] strArr2, boolean z2) throws ClientProtocolException, IOException {
        configureAllowOrigins(z, strArr);
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpGet httpGet = new HttpGet("http://localhost:" + PORT + "/untest/simpleGet/HelloThere");
        if (strArr2 != null) {
            StringBuffer stringBuffer = new StringBuffer();
            for (String str : strArr2) {
                stringBuffer.append(str);
                stringBuffer.append(" ");
            }
            httpGet.addHeader("Origin", stringBuffer.toString());
        }
        HttpResponse execute = defaultHttpClient.execute(httpGet);
        assertEquals(200L, execute.getStatusLine().getStatusCode());
        assertEquals("HelloThere", IOUtils.toString(execute.getEntity().getContent(), "utf-8"));
        assertOriginResponse(z, strArr2, z2, execute);
    }

    private void assertOriginResponse(boolean z, String[] strArr, boolean z2, HttpResponse httpResponse) {
        Header[] headers = httpResponse.getHeaders("Access-Control-Allow-Origin");
        if (!z2) {
            assertTrue(headers == null || headers.length == 0);
            return;
        }
        assertNotNull(headers);
        if (z) {
            assertEquals(1L, headers.length);
            assertEquals("*", headers[0].getValue());
            return;
        }
        List<String> headerValues = headerValues(headers);
        assertEquals(1L, headerValues.size());
        String[] split = headerValues.get(0).split(" +");
        for (int i = 0; i < strArr.length; i++) {
            assertEquals(strArr[i], split[i]);
        }
    }

    private void configureAllowOrigins(boolean z, String[] strArr) {
        if (z) {
            strArr = new String[0];
        }
        assertEquals("ok", (String) this.configClient.accept(new String[]{"text/plain"}).replacePath("/setOriginList").type("application/json").post(strArr, String.class));
    }

    @Test
    public void failNoOrigin() throws Exception {
        assertAllOrigin(true, null, null, false);
    }

    @Test
    public void allowStarPassOne() throws Exception {
        assertAllOrigin(true, null, new String[]{"http://localhost:" + PORT}, true);
    }

    @Test
    public void preflightPostClassAnnotationFail() throws ClientProtocolException, IOException {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpOptions httpOptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost");
        httpOptions.addHeader("Origin", "http://in.org");
        httpOptions.addHeader("Content-Type", "application/json");
        httpOptions.addHeader("Access-Control-Request-Method", "POST");
        httpOptions.addHeader("Access-Control-Request-Headers", "X-custom-1");
        HttpResponse execute = defaultHttpClient.execute(httpOptions);
        assertEquals(200L, execute.getStatusLine().getStatusCode());
        assertEquals(0L, execute.getHeaders("Access-Control-Allow-Origin").length);
        assertEquals(0L, execute.getHeaders("Access-Control-Allow-Headers").length);
        assertEquals(0L, execute.getHeaders("Access-Control-Allow-Methods").length);
    }

    @Test
    public void preflightPostClassAnnotationFail2() throws ClientProtocolException, IOException {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpOptions httpOptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost");
        httpOptions.addHeader("Origin", "http://area51.mil:31415");
        httpOptions.addHeader("Content-Type", "application/json");
        httpOptions.addHeader("Access-Control-Request-Method", "POST");
        httpOptions.addHeader("Access-Control-Request-Headers", "X-custom-3");
        HttpResponse execute = defaultHttpClient.execute(httpOptions);
        assertEquals(200L, execute.getStatusLine().getStatusCode());
        assertEquals(0L, execute.getHeaders("Access-Control-Allow-Origin").length);
        assertEquals(0L, execute.getHeaders("Access-Control-Allow-Headers").length);
        assertEquals(0L, execute.getHeaders("Access-Control-Allow-Methods").length);
    }

    @Test
    public void preflightPostClassAnnotationPass() throws ClientProtocolException, IOException {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpOptions httpOptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost");
        httpOptions.addHeader("Origin", "http://area51.mil:31415");
        httpOptions.addHeader("Content-Type", "application/json");
        httpOptions.addHeader("Access-Control-Request-Method", "POST");
        httpOptions.addHeader("Access-Control-Request-Headers", "X-custom-1");
        HttpResponse execute = defaultHttpClient.execute(httpOptions);
        assertEquals(200L, execute.getStatusLine().getStatusCode());
        Header[] headers = execute.getHeaders("Access-Control-Allow-Origin");
        assertEquals(1L, headers.length);
        assertEquals("http://area51.mil:31415", headers[0].getValue());
        Header[] headers2 = execute.getHeaders("Access-Control-Allow-Methods");
        assertEquals(1L, headers2.length);
        assertEquals("POST", headers2[0].getValue());
        Header[] headers3 = execute.getHeaders("Access-Control-Allow-Headers");
        assertEquals(1L, headers3.length);
        assertEquals("X-custom-1", headers3[0].getValue());
    }

    @Test
    public void preflightPostClassAnnotationPass2() throws ClientProtocolException, IOException {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpOptions httpOptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost");
        httpOptions.addHeader("Origin", "http://area51.mil:31415");
        httpOptions.addHeader("Content-Type", "application/json");
        httpOptions.addHeader("Access-Control-Request-Method", "POST");
        httpOptions.addHeader("Access-Control-Request-Headers", "X-custom-1, X-custom-2");
        HttpResponse execute = defaultHttpClient.execute(httpOptions);
        assertEquals(200L, execute.getStatusLine().getStatusCode());
        Header[] headers = execute.getHeaders("Access-Control-Allow-Origin");
        assertEquals(1L, headers.length);
        assertEquals("http://area51.mil:31415", headers[0].getValue());
        Header[] headers2 = execute.getHeaders("Access-Control-Allow-Methods");
        assertEquals(1L, headers2.length);
        assertEquals("POST", headers2[0].getValue());
        Header[] headers3 = execute.getHeaders("Access-Control-Allow-Headers");
        assertEquals(1L, headers3.length);
        assertTrue(headers3[0].getValue().contains("X-custom-1"));
        assertTrue(headers3[0].getValue().contains("X-custom-2"));
    }

    @Test
    public void simplePostClassAnnotation() throws ClientProtocolException, IOException {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpOptions httpOptions = new HttpOptions("http://localhost:" + PORT + "/antest/unannotatedPost");
        httpOptions.addHeader("Origin", "http://in.org");
        httpOptions.addHeader("Content-Type", "text/plain");
        httpOptions.addHeader("Access-Control-Request-Method", "POST");
        assertEquals(200L, defaultHttpClient.execute(httpOptions).getStatusLine().getStatusCode());
    }

    @Test
    public void allowStarPassNone() throws Exception {
        assertAllOrigin(true, null, null, false);
    }

    @Test
    public void allowOnePassOne() throws Exception {
        assertAllOrigin(false, new String[]{"http://localhost:" + PORT}, new String[]{"http://localhost:" + PORT}, true);
    }

    @Test
    public void allowOnePassWrong() throws Exception {
        assertAllOrigin(false, new String[]{"http://localhost:" + PORT}, new String[]{"http://area51.mil:31315"}, false);
    }

    @Test
    public void allowTwoPassOne() throws Exception {
        assertAllOrigin(false, new String[]{"http://localhost:" + PORT, "http://area51.mil:3141"}, new String[]{"http://localhost:" + PORT}, true);
    }

    @Test
    public void allowTwoPassTwo() throws Exception {
        assertAllOrigin(false, new String[]{"http://localhost:" + PORT, "http://area51.mil:3141"}, new String[]{"http://localhost:" + PORT, "http://area51.mil:3141"}, true);
    }

    @Test
    public void allowTwoPassThree() throws Exception {
        assertAllOrigin(false, new String[]{"http://localhost:" + PORT, "http://area51.mil:3141"}, new String[]{"http://localhost:" + PORT, "http://area51.mil:3141", "http://hogwarts.edu:9"}, false);
    }

    @Test
    public void testAllowCredentials() throws Exception {
        assertEquals("ok", (String) this.configClient.replacePath("/setAllowCredentials/true").accept(new String[]{"text/plain"}).post((Object) null, String.class));
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpGet httpGet = new HttpGet("http://localhost:" + PORT + "/untest/simpleGet/HelloThere");
        httpGet.addHeader("Origin", "http://localhost:" + PORT);
        HttpResponse execute = defaultHttpClient.execute(httpGet);
        assertEquals(200L, execute.getStatusLine().getStatusCode());
        assertAllowCredentials(execute, true);
    }

    @Test
    public void testForbidCredentials() throws Exception {
        assertEquals("ok", (String) this.configClient.replacePath("/setAllowCredentials/false").accept(new String[]{"text/plain"}).post((Object) null, String.class));
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpGet httpGet = new HttpGet("http://localhost:" + PORT + "/untest/simpleGet/HelloThere");
        httpGet.addHeader("Origin", "http://localhost:" + PORT);
        HttpResponse execute = defaultHttpClient.execute(httpGet);
        assertEquals(200L, execute.getStatusLine().getStatusCode());
        assertAllowCredentials(execute, false);
    }

    @Test
    public void testNonSimpleActualRequest() throws Exception {
        configureAllowOrigins(true, null);
        assertEquals("ok", (String) this.configClient.replacePath("/setAllowCredentials/false").accept(new String[]{"text/plain"}).post((Object) null, String.class));
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpDelete httpDelete = new HttpDelete("http://localhost:" + PORT + "/untest/delete");
        httpDelete.addHeader("Origin", "http://localhost:" + PORT);
        HttpResponse execute = defaultHttpClient.execute(httpDelete);
        assertEquals(200L, execute.getStatusLine().getStatusCode());
        assertAllowCredentials(execute, false);
        assertOriginResponse(true, null, true, execute);
    }

    private void assertAllowCredentials(HttpResponse httpResponse, boolean z) {
        Header[] headers = httpResponse.getHeaders("Access-Control-Allow-Credentials");
        assertEquals(1L, headers.length);
        assertEquals(Boolean.toString(z), headers[0].getValue());
    }

    @Test
    public void testAnnotatedSimple() throws Exception {
        configureAllowOrigins(true, null);
        assertEquals("ok", (String) this.configClient.replacePath("/setAllowCredentials/false").accept(new String[]{"text/plain"}).post((Object) null, String.class));
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpGet httpGet = new HttpGet("http://localhost:" + PORT + "/untest/annotatedGet/HelloThere");
        httpGet.addHeader("Origin", "http://area51.mil:31415");
        HttpResponse execute = defaultHttpClient.execute(httpGet);
        assertEquals(200L, execute.getStatusLine().getStatusCode());
        assertOriginResponse(false, new String[]{"http://area51.mil:31415"}, true, execute);
        assertAllowCredentials(execute, false);
        assertEquals(Arrays.asList("X-custom-3", "X-custom-4"), headerValues(execute.getHeaders("Access-Control-Expose-Headers")));
    }

    @Test
    public void testAnnotatedMethodPreflight() throws Exception {
        configureAllowOrigins(true, null);
        assertEquals("ok", (String) this.configClient.replacePath("/setAllowCredentials/false").accept(new String[]{"text/plain"}).post((Object) null, String.class));
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpOptions httpOptions = new HttpOptions("http://localhost:" + PORT + "/untest/annotatedPut");
        httpOptions.addHeader("Origin", "http://area51.mil:31415");
        httpOptions.addHeader("Access-Control-Request-Method", "PUT");
        httpOptions.addHeader("Access-Control-Request-Headers", "X-custom-1, x-custom-2");
        HttpResponse execute = defaultHttpClient.execute(httpOptions);
        assertEquals(200L, execute.getStatusLine().getStatusCode());
        assertOriginResponse(false, new String[]{"http://area51.mil:31415"}, true, execute);
        assertAllowCredentials(execute, true);
        assertEquals(Collections.emptyList(), headerValues(execute.getHeaders("Access-Control-Expose-Headers")));
        assertEquals(Arrays.asList("X-custom-1", "x-custom-2"), headerValues(execute.getHeaders("Access-Control-Allow-Headers")));
    }

    @Test
    public void testAnnotatedMethodPreflight2() throws Exception {
        configureAllowOrigins(true, null);
        assertEquals("ok", (String) this.configClient.replacePath("/setAllowCredentials/false").accept(new String[]{"text/plain"}).post((Object) null, String.class));
        HttpClient defaultHttpClient = new DefaultHttpClient();
        HttpOptions httpOptions = new HttpOptions("http://localhost:" + PORT + "/untest/annotatedPut2");
        httpOptions.addHeader("Origin", "http://area51.mil:31415");
        httpOptions.addHeader("Access-Control-Request-Method", "PUT");
        httpOptions.addHeader("Access-Control-Request-Headers", "X-custom-1, x-custom-2");
        HttpResponse execute = defaultHttpClient.execute(httpOptions);
        assertEquals(200L, execute.getStatusLine().getStatusCode());
        assertOriginResponse(false, new String[]{"http://area51.mil:31415"}, true, execute);
        assertAllowCredentials(execute, true);
        assertEquals(Collections.emptyList(), headerValues(execute.getHeaders("Access-Control-Expose-Headers")));
        assertEquals(Arrays.asList("X-custom-1", "x-custom-2"), headerValues(execute.getHeaders("Access-Control-Allow-Headers")));
        if (defaultHttpClient instanceof Closeable) {
            ((Closeable) defaultHttpClient).close();
        }
    }

    @Test
    public void testAnnotatedClassCorrectOrigin() throws Exception {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpGet httpGet = new HttpGet("http://localhost:" + PORT + "/antest/simpleGet/HelloThere");
        httpGet.addHeader("Origin", "http://area51.mil:31415");
        HttpResponse execute = defaultHttpClient.execute(httpGet);
        assertEquals(200L, execute.getStatusLine().getStatusCode());
        assertEquals("HelloThere", IOUtils.toString(execute.getEntity().getContent(), "utf-8"));
        assertOriginResponse(false, new String[]{"http://area51.mil:31415"}, true, execute);
    }

    @Test
    public void testAnnotatedClassWrongOrigin() throws Exception {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpGet httpGet = new HttpGet("http://localhost:" + PORT + "/antest/simpleGet/HelloThere");
        httpGet.addHeader("Origin", "http://su.us:1001");
        HttpResponse execute = defaultHttpClient.execute(httpGet);
        assertEquals(200L, execute.getStatusLine().getStatusCode());
        assertEquals("HelloThere", IOUtils.toString(execute.getEntity().getContent(), "utf-8"));
        assertOriginResponse(false, null, false, execute);
    }

    @Test
    public void testAnnotatedLocalPreflight() throws Exception {
        configureAllowOrigins(true, null);
        assertEquals("ok", (String) this.configClient.replacePath("/setAllowCredentials/false").accept(new String[]{"text/plain"}).post((Object) null, String.class));
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpOptions httpOptions = new HttpOptions("http://localhost:" + PORT + "/antest/delete");
        httpOptions.addHeader("Origin", "http://area51.mil:3333");
        httpOptions.addHeader("Access-Control-Request-Method", "DELETE");
        HttpResponse execute = defaultHttpClient.execute(httpOptions);
        assertEquals(200L, execute.getStatusLine().getStatusCode());
        assertOriginResponse(false, new String[]{"http://area51.mil:3333"}, true, execute);
        assertAllowCredentials(execute, false);
        assertEquals(Collections.emptyList(), headerValues(execute.getHeaders("Access-Control-Expose-Headers")));
        assertEquals(Arrays.asList("DELETE PUT"), headerValues(execute.getHeaders("Access-Control-Allow-Methods")));
    }

    @Test
    public void testAnnotatedLocalPreflightNoGo() throws Exception {
        configureAllowOrigins(true, null);
        assertEquals("ok", (String) this.configClient.replacePath("/setAllowCredentials/false").accept(new String[]{"text/plain"}).post((Object) null, String.class));
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpOptions httpOptions = new HttpOptions("http://localhost:" + PORT + "/antest/delete");
        httpOptions.addHeader("Origin", "http://area51.mil:4444");
        httpOptions.addHeader("Access-Control-Request-Method", "DELETE");
        HttpResponse execute = defaultHttpClient.execute(httpOptions);
        assertEquals(200L, execute.getStatusLine().getStatusCode());
        assertOriginResponse(false, new String[]{"http://area51.mil:4444"}, false, execute);
    }
}
