package org.apereo.cas.adaptors.x509.authentication.principal;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.stream.Stream;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.CoreAuthenticationUtils;
import org.apereo.cas.authentication.attribute.AttributeDefinitionStore;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.resolvers.PrincipalResolutionContext;
import org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesCoreProperties;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.util.CollectionUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;

@Tag("X509")
/* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/principal/X509SubjectAlternativeNameUPNPrincipalResolverTests.class */
public class X509SubjectAlternativeNameUPNPrincipalResolverTests {

    @Mock
    private ServicesManager servicesManager;

    @Mock
    private AttributeDefinitionStore attributeDefinitionStore;

    @BeforeEach
    public void before() throws Exception {
        MockitoAnnotations.openMocks(this).close();
    }

    public static Stream<Arguments> getTestParameters() {
        return Stream.of((Object[]) new Arguments[]{Arguments.arguments(new Object[]{"/x509-san-upn-resolver.crt", "test-user@some-company-domain", null}), Arguments.arguments(new Object[]{"/x509-san-upn-resolver.crt", "test-user@some-company-domain", "subjectDn"}), Arguments.arguments(new Object[]{"/user-valid.crt", "CN=Alice, OU=CAS, O=Jasig, L=Westminster, ST=Colorado, C=US", "subjectDn"}), Arguments.arguments(new Object[]{"/user-valid.crt", null, "badAttribute"})});
    }

    @MethodSource({"getTestParameters"})
    @ParameterizedTest
    public void verifyResolvePrincipalInternal(String str, String str2, String str3) throws FileNotFoundException, CertificateException {
        X509SubjectAlternativeNameUPNPrincipalResolver x509SubjectAlternativeNameUPNPrincipalResolver = new X509SubjectAlternativeNameUPNPrincipalResolver(PrincipalResolutionContext.builder().attributeDefinitionStore(this.attributeDefinitionStore).servicesManager(this.servicesManager).attributeMerger(CoreAuthenticationUtils.getAttributeMerger(PrincipalAttributesCoreProperties.MergingStrategyTypes.REPLACE)).attributeRepository(CoreAuthenticationTestUtils.getAttributeRepository()).principalFactory(PrincipalFactoryUtils.newPrincipalFactory()).returnNullIfNoAttributes(false).principalNameTransformer(str4 -> {
            return str4;
        }).useCurrentPrincipalId(false).resolveAttributes(true).activeAttributeRepositoryIdentifiers(CollectionUtils.wrapSet("*")).build());
        x509SubjectAlternativeNameUPNPrincipalResolver.setAlternatePrincipalAttribute(str3);
        x509SubjectAlternativeNameUPNPrincipalResolver.setX509AttributeExtractor(new DefaultX509AttributeExtractor());
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new FileInputStream(getClass().getResource(str).getPath()));
        Assertions.assertEquals(str2, x509SubjectAlternativeNameUPNPrincipalResolver.resolvePrincipalInternal(x509Certificate));
        X509CertificateCredential x509CertificateCredential = new X509CertificateCredential(new X509Certificate[]{x509Certificate});
        x509CertificateCredential.setCertificate(x509Certificate);
        Principal resolve = x509SubjectAlternativeNameUPNPrincipalResolver.resolve(x509CertificateCredential);
        if (str2 == null) {
            Assertions.assertNull(resolve);
        } else {
            Assertions.assertNotNull(resolve);
            Assertions.assertFalse(resolve.getAttributes().isEmpty());
        }
    }

    @Test
    public void verifyAlternate() throws Exception {
        X509SubjectAlternativeNameUPNPrincipalResolver x509SubjectAlternativeNameUPNPrincipalResolver = new X509SubjectAlternativeNameUPNPrincipalResolver(PrincipalResolutionContext.builder().attributeDefinitionStore(this.attributeDefinitionStore).servicesManager(this.servicesManager).attributeMerger(CoreAuthenticationUtils.getAttributeMerger(PrincipalAttributesCoreProperties.MergingStrategyTypes.REPLACE)).attributeRepository(CoreAuthenticationTestUtils.getAttributeRepository()).principalFactory(PrincipalFactoryUtils.newPrincipalFactory()).returnNullIfNoAttributes(false).principalNameTransformer(str -> {
            return str;
        }).useCurrentPrincipalId(false).resolveAttributes(true).activeAttributeRepositoryIdentifiers(CollectionUtils.wrapSet("*")).build());
        x509SubjectAlternativeNameUPNPrincipalResolver.setX509AttributeExtractor(new DefaultX509AttributeExtractor());
        X509Certificate x509Certificate = (X509Certificate) Mockito.mock(X509Certificate.class);
        Mockito.when(x509Certificate.getSubjectAlternativeNames()).thenThrow(new Throwable[]{new CertificateParsingException()});
        Assertions.assertNull(x509SubjectAlternativeNameUPNPrincipalResolver.resolvePrincipalInternal(x509Certificate));
    }
}
