package org.apache.brooklyn.rest;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import java.net.URI;
import java.util.List;
import org.apache.brooklyn.core.BrooklynFeatureEnablement;
import org.apache.brooklyn.core.test.entity.LocalManagementContextForTests;
import org.apache.brooklyn.rest.filter.CorsImplSupplierFilter;
import org.apache.brooklyn.util.collections.MutableMap;
import org.apache.brooklyn.util.http.HttpTool;
import org.apache.brooklyn.util.http.HttpToolResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.methods.RequestBuilder;
import org.apache.http.impl.client.HttpClients;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/brooklyn/rest/CorsFilterLauncherTest.class */
public class CorsFilterLauncherTest extends BrooklynRestApiLauncherTestFixture {
    @Test
    public void test1CorsIsEnabledOnOneOriginGET() throws IOException {
        setCorsFilterFeature(true, ImmutableList.of("http://foo.bar.com"));
        HttpClient client = client();
        HttpToolResponse execAndConsume = HttpTool.execAndConsume(client, httpOptionsRequest("server/status", "GET", "http://foo.bar.com"));
        assertAcAllowOrigin(execAndConsume, "http://foo.bar.com", "GET");
        CsrfTokenFilterLauncherTest.assertOkayResponse(execAndConsume, "");
        HttpToolResponse execAndConsume2 = HttpTool.execAndConsume(client, RequestBuilder.get(getBaseUriRest() + "server/status").addHeader("Origin", "http://foo.bar.com").addHeader("Access-Control-Request-Method", "GET").build());
        assertAcAllowOrigin(execAndConsume2, "http://foo.bar.com", "GET", false);
        CsrfTokenFilterLauncherTest.assertOkayResponse(execAndConsume2, "MASTER");
        HttpToolResponse execAndConsume3 = HttpTool.execAndConsume(client, httpOptionsRequest("server/status", "GET", "http://foo.bar1.com"));
        assertAcNotAllowOrigin(execAndConsume3);
        CsrfTokenFilterLauncherTest.assertOkayResponse(execAndConsume3, "");
        HttpToolResponse execAndConsume4 = HttpTool.execAndConsume(client, RequestBuilder.get(getBaseUriRest() + "server/status").addHeader("Origin", "http://foo.bar1.com").addHeader("Access-Control-Request-Method", "GET").build());
        assertAcNotAllowOrigin(execAndConsume4);
        CsrfTokenFilterLauncherTest.assertOkayResponse(execAndConsume4, "MASTER");
    }

    @Test
    public void test1CorsIsEnabledOnOneOriginPOST() throws IOException {
        setCorsFilterFeature(true, ImmutableList.of("http://foo.bar.com"));
        HttpClient client = client();
        HttpToolResponse execAndConsume = HttpTool.execAndConsume(client, httpOptionsRequest("script/groovy", "POST", "http://foo.bar.com"));
        assertAcAllowOrigin(execAndConsume, "http://foo.bar.com", "POST");
        CsrfTokenFilterLauncherTest.assertOkayResponse(execAndConsume, "");
        HttpToolResponse httpPost = HttpTool.httpPost(client, URI.create(getBaseUriRest() + "script/groovy"), ImmutableMap.of("Origin", "http://foo.bar.com", "Content-Type", "application/text"), "return 0;".getBytes());
        assertAcAllowOrigin(httpPost, "http://foo.bar.com", "POST", false);
        CsrfTokenFilterLauncherTest.assertOkayResponse(httpPost, "{\"result\":\"0\"}");
        HttpToolResponse execAndConsume2 = HttpTool.execAndConsume(client, httpOptionsRequest("script/groovy", "POST", "http://foo.bar1.com"));
        assertAcNotAllowOrigin(execAndConsume2);
        CsrfTokenFilterLauncherTest.assertOkayResponse(execAndConsume2, "");
        HttpToolResponse httpPost2 = HttpTool.httpPost(client, URI.create(getBaseUriRest() + "script/groovy"), ImmutableMap.of("Origin", "http://foo.bar1.com", "Content-Type", "application/text"), "return 0;".getBytes());
        assertAcNotAllowOrigin(httpPost2);
        CsrfTokenFilterLauncherTest.assertOkayResponse(httpPost2, "{\"result\":\"0\"}");
    }

    @Test
    public void test1CorsIsEnabledOnAllDomainsGET() throws IOException {
        setCorsFilterFeature(true, ImmutableList.of());
        HttpClient client = client();
        HttpToolResponse execAndConsume = HttpTool.execAndConsume(client, httpOptionsRequest("server/status", "GET", "http://foo.bar.com"));
        List list = (List) execAndConsume.getHeaderLists().get("Access-Control-Allow-Origin");
        Assert.assertEquals(list.size(), 1);
        Assert.assertEquals((String) list.get(0), "*", "Should allow GET requests made from http://foo.bar.com");
        Assert.assertEquals(((List) execAndConsume.getHeaderLists().get("Access-Control-Allow-Headers")).size(), 1);
        Assert.assertEquals((String) ((List) execAndConsume.getHeaderLists().get("Access-Control-Allow-Headers")).get(0), "x-csrf-token", "Should have asked and allowed x-csrf-token header from http://foo.bar.com");
        CsrfTokenFilterLauncherTest.assertOkayResponse(execAndConsume, "");
        HttpToolResponse execAndConsume2 = HttpTool.execAndConsume(client, RequestBuilder.get(getBaseUriRest() + "server/status").addHeader("Origin", "http://foo.bar.com").addHeader("Access-Control-Request-Method", "GET").build());
        List list2 = (List) execAndConsume2.getHeaderLists().get("Access-Control-Allow-Origin");
        Assert.assertEquals(list2.size(), 1);
        Assert.assertEquals((String) list2.get(0), "*", "Should allow GET requests made from http://foo.bar.com");
        CsrfTokenFilterLauncherTest.assertOkayResponse(execAndConsume2, "MASTER");
    }

    @Test
    public void test1CorsIsEnabledOnAllDomainsByDefaultPOST() throws IOException {
        BrooklynFeatureEnablement.enable("brooklyn.experimental.feature.corsCxfFeature");
        BrooklynRestApiLauncher withoutJsgui = baseLauncher().withoutJsgui();
        withoutJsgui.managementContext(LocalManagementContextForTests.builder(true).useAdditionalProperties(MutableMap.of("brooklyn.experimental.feature.corsCxfFeature", true)).build());
        useServerForTest(withoutJsgui.start());
        HttpClient client = client();
        HttpToolResponse execAndConsume = HttpTool.execAndConsume(client, httpOptionsRequest("script/groovy", "POST", "http://foo.bar.com"));
        List list = (List) execAndConsume.getHeaderLists().get("Access-Control-Allow-Origin");
        Assert.assertEquals(list.size(), 1);
        Assert.assertEquals((String) list.get(0), "*", "Should allow POST requests made from http://foo.bar.com");
        Assert.assertEquals(((List) execAndConsume.getHeaderLists().get("Access-Control-Allow-Headers")).size(), 1);
        Assert.assertEquals((String) ((List) execAndConsume.getHeaderLists().get("Access-Control-Allow-Headers")).get(0), "x-csrf-token", "Should have asked and allowed x-csrf-token header from http://foo.bar.com");
        CsrfTokenFilterLauncherTest.assertOkayResponse(execAndConsume, "");
        HttpToolResponse httpPost = HttpTool.httpPost(client, URI.create(getBaseUriRest() + "script/groovy"), ImmutableMap.of("Origin", "http://foo.bar.com", "Content-Type", "application/text"), "return 0;".getBytes());
        List list2 = (List) httpPost.getHeaderLists().get("Access-Control-Allow-Origin");
        Assert.assertEquals(list2.size(), 1);
        Assert.assertEquals((String) list2.get(0), "*", "Should allow GET requests made from http://foo.bar.com");
        CsrfTokenFilterLauncherTest.assertOkayResponse(httpPost, "{\"result\":\"0\"}");
    }

    @Test
    public void test2CorsIsDisabled() throws IOException {
        BrooklynFeatureEnablement.disable("brooklyn.experimental.feature.corsCxfFeature");
        setCorsFilterFeature(false, null);
        HttpClient client = client();
        HttpToolResponse execAndConsume = HttpTool.execAndConsume(client, httpOptionsRequest("server/status", "GET", "http://foo.bar.com"));
        assertAcNotAllowOrigin(execAndConsume);
        CsrfTokenFilterLauncherTest.assertOkayResponse(execAndConsume, "");
        HttpToolResponse execAndConsume2 = HttpTool.execAndConsume(client, httpOptionsRequest("script/groovy", "http://foo.bar.com", "POST"));
        assertAcNotAllowOrigin(execAndConsume2);
        CsrfTokenFilterLauncherTest.assertOkayResponse(execAndConsume2, "");
    }

    private void setCorsFilterFeature(boolean z, List<String> list) {
        if (z) {
            BrooklynFeatureEnablement.enable("brooklyn.experimental.feature.corsCxfFeature");
        } else {
            BrooklynFeatureEnablement.disable("brooklyn.experimental.feature.corsCxfFeature");
        }
        BrooklynRestApiLauncher withoutJsgui = baseLauncher().withoutJsgui();
        withoutJsgui.managementContext(LocalManagementContextForTests.builder(true).useAdditionalProperties(MutableMap.of("brooklyn.experimental.feature.corsCxfFeature", Boolean.valueOf(z), "brooklyn.experimental.feature.corsCxfFeature." + CorsImplSupplierFilter.ALLOW_ORIGINS.getName(), list)).build());
        useServerForTest(withoutJsgui.start());
    }

    protected HttpClient client() {
        return HttpClients.createMinimal();
    }

    public void assertAcAllowOrigin(HttpToolResponse httpToolResponse, String str, String str2) {
        assertAcAllowOrigin(httpToolResponse, str, str2, true);
    }

    public void assertAcAllowOrigin(HttpToolResponse httpToolResponse, String str, String str2, boolean z) {
        List list = (List) httpToolResponse.getHeaderLists().get("Access-Control-Allow-Origin");
        Assert.assertEquals(list.size(), 1);
        Assert.assertEquals((String) list.get(0), str, "Should allow " + str2 + " requests made from " + str);
        if (z) {
            List list2 = (List) httpToolResponse.getHeaderLists().get("Access-Control-Allow-Headers");
            Assert.assertEquals(list2.size(), 1);
            Assert.assertEquals((String) list2.get(0), "x-csrf-token", "Should have asked and allowed x-csrf-token header from " + str);
        }
    }

    public void assertAcNotAllowOrigin(HttpToolResponse httpToolResponse) {
        Assert.assertNull((List) httpToolResponse.getHeaderLists().get("Access-Control-Allow-Origin"), "Access Control Header should not be available.");
    }

    private HttpUriRequest httpOptionsRequest(String str, String str2, String str3) {
        return RequestBuilder.options(getBaseUriRest() + str).addHeader("Origin", str3).addHeader("Access-Control-Request-Headers", "x-csrf-token").addHeader("Access-Control-Request-Method", str2).build();
    }
}
