package org.apereo.cas.adaptors.x509.authentication.handler.support;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.stream.Stream;
import javax.security.auth.login.FailedLoginException;
import org.apereo.cas.adaptors.x509.authentication.CasX509Certificate;
import org.apereo.cas.adaptors.x509.authentication.ExpiredCRLException;
import org.apereo.cas.adaptors.x509.authentication.principal.X509CertificateCredential;
import org.apereo.cas.adaptors.x509.authentication.revocation.RevokedCertificateException;
import org.apereo.cas.adaptors.x509.authentication.revocation.checker.ResourceCRLRevocationChecker;
import org.apereo.cas.adaptors.x509.authentication.revocation.policy.RevocationPolicy;
import org.apereo.cas.adaptors.x509.authentication.revocation.policy.ThresholdExpiredCRLRevocationPolicy;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.credential.UsernamePasswordCredential;
import org.apereo.cas.authentication.principal.PrincipalFactoryUtils;
import org.apereo.cas.authentication.principal.Service;
import org.apereo.cas.util.RegexUtils;
import org.apereo.cas.util.junit.Assertions;
import org.cryptacular.util.CertUtil;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import org.mockito.Mockito;
import org.springframework.core.io.ClassPathResource;

@Tag("X509")
/* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/handler/support/X509CredentialsAuthenticationHandlerTests.class */
public class X509CredentialsAuthenticationHandlerTests {
    private static final String USER_VALID_CRT = "user-valid.crt";

    public static Stream<Arguments> getTestParameters() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(Arguments.arguments(new Object[]{new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*")), new UsernamePasswordCredential(), false, null, null}));
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
        X509CertificateCredential x509CertificateCredential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
        arrayList.add(Arguments.arguments(new Object[]{x509CredentialsAuthenticationHandler, x509CertificateCredential, true, new DefaultAuthenticationHandlerExecutionResult(x509CredentialsAuthenticationHandler, x509CertificateCredential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(x509CertificateCredential.getId())), null}));
        arrayList.add(Arguments.arguments(new Object[]{new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*")), new X509CertificateCredential(createCertificates("user-expired.crt")), true, null, new CertificateExpiredException()}));
        arrayList.add(Arguments.arguments(new Object[]{new X509CredentialsAuthenticationHandler(RegexUtils.createPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US"), true, false, false), new X509CertificateCredential(createCertificates("snake-oil.crt")), true, null, new FailedLoginException()}));
        arrayList.add(Arguments.arguments(new Object[]{new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), true, RegexUtils.createPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US")), new X509CertificateCredential(createCertificates("snake-oil.crt")), true, null, new FailedLoginException()}));
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler2 = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, false);
        X509CertificateCredential x509CertificateCredential2 = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
        arrayList.add(Arguments.arguments(new Object[]{x509CredentialsAuthenticationHandler2, x509CertificateCredential2, true, new DefaultAuthenticationHandlerExecutionResult(x509CredentialsAuthenticationHandler2, x509CertificateCredential2, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(x509CertificateCredential2.getId())), null}));
        arrayList.add(Arguments.arguments(new Object[]{new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true), new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, null, new FailedLoginException()}));
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler3 = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
        X509CertificateCredential x509CertificateCredential3 = new X509CertificateCredential(createCertificates("user-valid-keyUsage.crt"));
        arrayList.add(Arguments.arguments(new Object[]{x509CredentialsAuthenticationHandler3, x509CertificateCredential3, true, new DefaultAuthenticationHandlerExecutionResult(x509CredentialsAuthenticationHandler3, x509CertificateCredential3, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(x509CertificateCredential3.getId())), null}));
        arrayList.add(Arguments.arguments(new Object[]{new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true), new X509CertificateCredential(createCertificates("user-invalid-keyUsage.crt")), true, null, new FailedLoginException()}));
        ResourceCRLRevocationChecker resourceCRLRevocationChecker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
        resourceCRLRevocationChecker.init();
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler4 = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), resourceCRLRevocationChecker);
        X509CertificateCredential x509CertificateCredential4 = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
        arrayList.add(Arguments.arguments(new Object[]{x509CredentialsAuthenticationHandler4, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, new DefaultAuthenticationHandlerExecutionResult(x509CredentialsAuthenticationHandler4, x509CertificateCredential4, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(x509CertificateCredential4.getId())), null}));
        ResourceCRLRevocationChecker resourceCRLRevocationChecker2 = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
        resourceCRLRevocationChecker2.init();
        arrayList.add(Arguments.arguments(new Object[]{new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), resourceCRLRevocationChecker2), new X509CertificateCredential(createCertificates("user-revoked.crt")), true, null, new RevokedCertificateException(ZonedDateTime.now(ZoneOffset.UTC), (BigInteger) null)}));
        ResourceCRLRevocationChecker resourceCRLRevocationChecker3 = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-expired.crl"), (RevocationPolicy) null, new ThresholdExpiredCRLRevocationPolicy(0));
        resourceCRLRevocationChecker3.init();
        arrayList.add(Arguments.arguments(new Object[]{new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), resourceCRLRevocationChecker3), new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, null, new ExpiredCRLException((String) null, ZonedDateTime.now(ZoneOffset.UTC))}));
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler5 = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, RegexUtils.MATCH_NOTHING_PATTERN);
        X509CertificateCredential x509CertificateCredential5 = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
        arrayList.add(Arguments.arguments(new Object[]{x509CredentialsAuthenticationHandler5, x509CertificateCredential5, true, new DefaultAuthenticationHandlerExecutionResult(x509CredentialsAuthenticationHandler5, x509CertificateCredential5, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(x509CertificateCredential5.getId())), new FailedLoginException()}));
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler6 = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, 0);
        CasX509Certificate casX509Certificate = new CasX509Certificate(true);
        casX509Certificate.setBasicConstraints(Integer.MAX_VALUE);
        X509CertificateCredential x509CertificateCredential6 = new X509CertificateCredential((X509Certificate[]) Stream.of(casX509Certificate).toArray(i -> {
            return new X509Certificate[i];
        }));
        arrayList.add(Arguments.arguments(new Object[]{x509CredentialsAuthenticationHandler6, x509CertificateCredential6, true, new DefaultAuthenticationHandlerExecutionResult(x509CredentialsAuthenticationHandler6, x509CertificateCredential6, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(x509CertificateCredential6.getId())), new FailedLoginException()}));
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler7 = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, 1);
        CasX509Certificate casX509Certificate2 = new CasX509Certificate(true);
        casX509Certificate2.setBasicConstraints(10);
        X509CertificateCredential x509CertificateCredential7 = new X509CertificateCredential((X509Certificate[]) Stream.of(casX509Certificate2).toArray(i2 -> {
            return new X509Certificate[i2];
        }));
        arrayList.add(Arguments.arguments(new Object[]{x509CredentialsAuthenticationHandler7, x509CertificateCredential7, true, new DefaultAuthenticationHandlerExecutionResult(x509CredentialsAuthenticationHandler7, x509CertificateCredential7, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(x509CertificateCredential7.getId())), new FailedLoginException()}));
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler8 = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".+"), true, true, false);
        CasX509Certificate casX509Certificate3 = new CasX509Certificate(true);
        casX509Certificate3.setKeyUsage(true);
        X509CertificateCredential x509CertificateCredential8 = new X509CertificateCredential((X509Certificate[]) Stream.of(casX509Certificate3).toArray(i3 -> {
            return new X509Certificate[i3];
        }));
        arrayList.add(Arguments.arguments(new Object[]{x509CredentialsAuthenticationHandler8, x509CertificateCredential8, true, new DefaultAuthenticationHandlerExecutionResult(x509CredentialsAuthenticationHandler8, x509CertificateCredential8, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(x509CertificateCredential8.getId())), null}));
        return arrayList.stream();
    }

    protected static X509Certificate[] createCertificates(String... strArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[strArr.length];
        int i = 0;
        for (String str : strArr) {
            try {
                int i2 = i;
                i++;
                x509CertificateArr[i2] = CertUtil.readCertificate(new ClassPathResource(str).getInputStream());
            } catch (Exception e) {
                throw new IllegalArgumentException("Error creating certificate at " + str, e);
            }
        }
        return x509CertificateArr;
    }

    @MethodSource({"getTestParameters"})
    @ParameterizedTest
    public void verifyAuthenticate(X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler, Credential credential, boolean z, AuthenticationHandlerExecutionResult authenticationHandlerExecutionResult, GeneralSecurityException generalSecurityException) {
        Assertions.assertThrowsOrNot(generalSecurityException, () -> {
            if (z) {
                org.junit.jupiter.api.Assertions.assertTrue(x509CredentialsAuthenticationHandler.supports(credential));
                org.junit.jupiter.api.Assertions.assertEquals(authenticationHandlerExecutionResult, x509CredentialsAuthenticationHandler.authenticate(credential, (Service) Mockito.mock(Service.class)));
            }
        });
        org.junit.jupiter.api.Assertions.assertEquals(Boolean.valueOf(z), Boolean.valueOf(x509CredentialsAuthenticationHandler.supports(credential)));
        org.junit.jupiter.api.Assertions.assertEquals(Boolean.valueOf(z), Boolean.valueOf(x509CredentialsAuthenticationHandler.supports(credential.getClass())));
    }
}
