package org.apache.jena.fuseki.main;

import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.function.Consumer;
import org.apache.jena.atlas.lib.Lib;
import org.apache.jena.fuseki.system.FusekiLogging;
import org.apache.jena.http.HttpLib;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/jena/fuseki/main/TestCrossOriginFilter.class */
public class TestCrossOriginFilter {
    private static String jdkAllowRestrictedHeaders;
    private static Optional<String> systemValue;

    @BeforeClass
    public static void beforeClass() {
        systemValue = Optional.ofNullable(System.setProperty(jdkAllowRestrictedHeaders, "host"));
    }

    @AfterClass
    public static void afterClass() {
        if (systemValue != null) {
            if (systemValue.isPresent()) {
                System.setProperty(jdkAllowRestrictedHeaders, systemValue.get());
            } else {
                System.clearProperty(jdkAllowRestrictedHeaders);
            }
        }
    }

    private static FusekiServer server(String... strArr) {
        return FusekiServer.construct(strArr);
    }

    private static void executeWithServer(FusekiServer fusekiServer, String str, Consumer<String> consumer) {
        fusekiServer.start();
        try {
            consumer.accept(fusekiServer.datasetURL(str));
            fusekiServer.stop();
        } catch (Throwable th) {
            fusekiServer.stop();
            throw th;
        }
    }

    @Test
    public void test_corsWithOrigin() {
        executeWithServer(FusekiServer.construct(new String[]{"-v", "--port=0", "--mem", "/ds"}), "/ds", str -> {
            HttpResponse<InputStream> httpOptions = httpOptions(str, "Access-Control-Request-Method", "GET", "Origin", "https://test.example.org/");
            String header = getHeader(httpOptions, "Access-Control-Allow-Credentials");
            Assert.assertNotNull(header);
            assertEqualsIgnoreCase(header, "true");
            assertSetEquals(getHeaderSet(httpOptions, "Access-Control-Allow-Headers"), Set.of("X-Requested-With", "Content-Type", "Accept", "Origin", "Last-Modified", "Authorization"));
            assertSetEquals(getHeaderSet(httpOptions, "Access-Control-Allow-Methods"), Set.of("GET", "POST", "PUT", "DELETE", "HEAD", "PATCH", "OPTIONS"));
            assertEqualsIgnoreCase(getHeader(httpOptions, "Access-Control-Allow-Origin"), "https://test.example.org/");
            Assert.assertNotNull(getHeader(httpOptions, "Access-Control-Max-Age"));
            HttpLib.handleResponseNoBody(httpOptions);
        });
    }

    @Test
    public void test_corsLocalhost() {
        executeWithServer(FusekiServer.construct(new String[]{"-v", "--port=0", "--mem", "/ds"}), "/ds", str -> {
            HttpResponse<InputStream> httpOptions = httpOptions(str, "Access-Control-Request-Method", "GET");
            Assert.assertNull(getHeader(httpOptions, "Access-Control-Allow-Credentials"));
            Assert.assertNull(getHeader(httpOptions, "Access-Control-Allow-Headers"));
            Assert.assertNull(getHeader(httpOptions, "Access-Control-Allow-Methods"));
            Assert.assertNull(getHeader(httpOptions, "Access-Control-Allow-Origin"));
            Assert.assertNull(getHeader(httpOptions, "Access-Control-Max-Age"));
            HttpLib.handleResponseNoBody(httpOptions);
        });
    }

    private static String getHeader(HttpResponse<?> httpResponse, String str) {
        List list = (List) httpResponse.headers().map().get(Lib.lowercase(str));
        if (list == null) {
            return null;
        }
        Assert.assertEquals(1L, list.size());
        return (String) list.get(0);
    }

    private static Set<String> getHeaderSet(HttpResponse<?> httpResponse, String str) {
        List list = (List) httpResponse.headers().map().get(Lib.lowercase(str));
        if (list == null) {
            return null;
        }
        Assert.assertEquals(1L, list.size());
        return Set.of((Object[]) ((String) list.get(0)).split(" *, *"));
    }

    private static void assertEqualsIgnoreCase(String str, String str2) {
        Assert.assertEquals("Not equals (ignoring case)", Lib.lowercase(str), Lib.lowercase(str2));
    }

    private static void assertSetEquals(Set<String> set, Set<String> set2) {
        if (set.size() != set2.size()) {
            Assert.fail("Different size: " + set + " -- " + set2);
        }
        Iterator<String> it = set2.iterator();
        while (it.hasNext()) {
            assertSetContains(set, it.next());
        }
    }

    private static void assertSetContains(Set<String> set, String str) {
        Lib.lowercase(str);
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            if (it.next().equalsIgnoreCase(str)) {
                return;
            }
        }
        Assert.fail("Not found: " + str + " in set " + set);
    }

    @Test
    public void test_CORS_default_success() {
        String[] strArr = {"Access-Control-Request-Method", "POST", "Origin", "localhost:12345", "Access-Control-Request-Headers", "X-Requested-With, Content-Type, Accept, Origin, Last-Modified, Authorization"};
        String str = "X-Requested-With,Content-Type,Accept,Origin,Last-Modified,Authorization";
        executeWithServer(server("--mem", "/ds"), "/ds", str2 -> {
            HttpResponse<InputStream> httpOptions = httpOptions(str2, strArr);
            Assert.assertNotNull(httpOptions);
            Assert.assertEquals(httpOptions.statusCode(), 200L);
            String responseHeader = HttpLib.responseHeader(httpOptions, "Access-Control-Allow-Headers");
            Assert.assertNotNull("Expecting valid headers", responseHeader);
            Assert.assertEquals(str, responseHeader);
            HttpLib.handleResponseNoBody(httpOptions);
        });
    }

    @Test
    public void test_CORS_default_fail() {
        String[] strArr = {"Access-Control-Request-Method", "POST", "Access-Control-Request-Headers", "Content-Type, unknown-header"};
        executeWithServer(server("--port=0", "--mem", "/ds"), "/ds", str -> {
            HttpResponse<InputStream> httpOptions = httpOptions(str, strArr);
            Assert.assertNotNull(httpOptions);
            Assert.assertEquals(httpOptions.statusCode(), 200L);
            Assert.assertNull("No headers expected given invalid request", HttpLib.responseHeader(httpOptions, "Access-Control-Allow-Headers"));
            HttpLib.handleResponseNoBody(httpOptions);
        });
    }

    @Test
    public void test_CORS_config_success() {
        String[] strArr = {"Access-Control-Request-Method", "POST", "Origin", "http://localhost:5173", "Access-Control-Request-Headers", "Content-Type, Custom-Header"};
        String str = "X-Requested-With,Content-Type,Accept,Origin,Last-Modified,Authorization,Custom-Header";
        executeWithServer(server("--port=0", "--mem", "--CORS=testing/Config/cors.properties", "/ds"), "/ds", str2 -> {
            HttpResponse<InputStream> httpOptions = httpOptions(str2, strArr);
            Assert.assertNotNull(httpOptions);
            Assert.assertEquals(httpOptions.statusCode(), 200L);
            String responseHeader = HttpLib.responseHeader(httpOptions, "Access-Control-Allow-Headers");
            Assert.assertNotNull("Expecting valid headers", responseHeader);
            Assert.assertEquals(str, responseHeader);
            HttpLib.handleResponseNoBody(httpOptions);
        });
    }

    @Test
    public void test_CORS_noConfig() {
        String[] strArr = {"Access-Control-Request-Method", "POST", "Access-Control-Request-Headers", "Content-Type"};
        executeWithServer(server("--port=0", "--mem", "--noCORS", "/ds"), "/ds", str -> {
            HttpResponse<InputStream> httpOptions = httpOptions(str, strArr);
            Assert.assertNotNull(httpOptions);
            Assert.assertEquals(httpOptions.statusCode(), 200L);
            Assert.assertNull("No headers expected given invalid request", HttpLib.responseHeader(httpOptions, "Access-Control-Allow-Headers"));
            HttpLib.handleResponseNoBody(httpOptions);
        });
    }

    private static HttpResponse<InputStream> httpOptions(String str, String... strArr) {
        try {
            return HttpClient.newHttpClient().send(HttpRequest.newBuilder().uri(URI.create(str)).method("OPTIONS", HttpRequest.BodyPublishers.noBody()).headers(strArr).build(), HttpResponse.BodyHandlers.ofInputStream());
        } catch (IOException | InterruptedException e) {
            e.printStackTrace();
            return null;
        }
    }

    private static void print(HttpResponse<?> httpResponse) {
        httpResponse.headers().map().forEach((str, list) -> {
            System.out.printf("%s : %s\n", str, list);
        });
    }

    static {
        FusekiLogging.setLogging();
        jdkAllowRestrictedHeaders = "jdk.httpclient.allowRestrictedHeaders";
        systemValue = null;
    }
}
