package org.apereo.cas.adaptors.x509.authentication.handler.support;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import java.io.File;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.stream.Stream;
import lombok.Generated;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apereo.cas.adaptors.x509.authentication.ExpiredCRLException;
import org.apereo.cas.adaptors.x509.authentication.revocation.RevokedCertificateException;
import org.apereo.cas.adaptors.x509.authentication.revocation.checker.CRLDistributionPointRevocationChecker;
import org.apereo.cas.adaptors.x509.authentication.revocation.policy.AllowRevocationPolicy;
import org.apereo.cas.adaptors.x509.authentication.revocation.policy.RevocationPolicy;
import org.apereo.cas.adaptors.x509.authentication.revocation.policy.ThresholdExpiredCRLRevocationPolicy;
import org.apereo.cas.configuration.support.Beans;
import org.apereo.cas.util.MockWebServer;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.FileSystemResource;

@Tag("X509")
/* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/handler/support/CRLDistributionPointRevocationCheckerTests.class */
public class CRLDistributionPointRevocationCheckerTests extends BaseCRLRevocationCheckerTests {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CRLDistributionPointRevocationCheckerTests.class);
    private MockWebServer webServer;

    private static Cache<URI, byte[]> getCache() {
        return Caffeine.newBuilder().maximumSize(1000L).expireAfterWrite(Beans.newDuration("PT1H")).build();
    }

    public static Stream<Arguments> getTestParameters() {
        ArrayList arrayList = new ArrayList();
        ThresholdExpiredCRLRevocationPolicy thresholdExpiredCRLRevocationPolicy = new ThresholdExpiredCRLRevocationPolicy(0);
        ThresholdExpiredCRLRevocationPolicy thresholdExpiredCRLRevocationPolicy2 = new ThresholdExpiredCRLRevocationPolicy(0);
        arrayList.add(Arguments.arguments(new Object[]{new CRLDistributionPointRevocationChecker(getCache(), thresholdExpiredCRLRevocationPolicy, (RevocationPolicy) null), new String[]{"uservalid-encoded-crl.crt"}, "test ca.crl", null}));
        arrayList.add(Arguments.arguments(new Object[]{new CRLDistributionPointRevocationChecker(getCache(), thresholdExpiredCRLRevocationPolicy, (RevocationPolicy) null, true), new String[]{"user-valid-distcrl.crt"}, "userCA-valid.crl", null}));
        arrayList.add(Arguments.arguments(new Object[]{new CRLDistributionPointRevocationChecker(getCache(), thresholdExpiredCRLRevocationPolicy, (RevocationPolicy) null), new String[]{"user-revoked-distcrl.crt"}, "userCA-valid.crl", new RevokedCertificateException(ZonedDateTime.now(ZoneOffset.UTC), new BigInteger("1"))}));
        arrayList.add(Arguments.arguments(new Object[]{new CRLDistributionPointRevocationChecker(getCache(), thresholdExpiredCRLRevocationPolicy2, (RevocationPolicy) null), new String[]{"user-valid-distcrl.crt"}, "userCA-expired.crl", new ExpiredCRLException("test", ZonedDateTime.now(ZoneOffset.UTC))}));
        arrayList.add(Arguments.arguments(new Object[]{new CRLDistributionPointRevocationChecker(getCache(), x509crl -> {
        }, (RevocationPolicy) null), new String[]{"user-valid-distcrl.crt"}, "userCA-expired.crl", null}));
        arrayList.add(Arguments.arguments(new Object[]{new CRLDistributionPointRevocationChecker(getCache(), thresholdExpiredCRLRevocationPolicy, new AllowRevocationPolicy()), new String[]{"user-valid.crt"}, "userCA-expired.crl", null}));
        arrayList.add(Arguments.arguments(new Object[]{new CRLDistributionPointRevocationChecker(getCache(), thresholdExpiredCRLRevocationPolicy, (RevocationPolicy) null), new String[]{"user-revoked-distcrl2.crt"}, "userCA-valid.crl", new RevokedCertificateException(ZonedDateTime.now(ZoneOffset.UTC), new BigInteger("1"))}));
        return arrayList.stream();
    }

    @AfterAll
    public static void destroy() {
        File file = new File("ca.crl");
        if (file.exists()) {
            file.delete();
        }
    }

    @MethodSource({"getTestParameters"})
    @ParameterizedTest
    public void checkCertificate(CRLDistributionPointRevocationChecker cRLDistributionPointRevocationChecker, String[] strArr, String str, GeneralSecurityException generalSecurityException) throws Exception {
        File file = new File(FileUtils.getTempDirectory(), "ca.crl");
        IOUtils.copy(new ClassPathResource(str).getInputStream(), new FileOutputStream(file));
        this.webServer = new MockWebServer(8085, new FileSystemResource(file), "text/plain");
        this.webServer.start();
        LOGGER.debug("Web server listening on port 8085 serving file [{}]", str);
        Thread.sleep(500L);
        BaseCRLRevocationCheckerTests.checkCertificate(cRLDistributionPointRevocationChecker, strArr, generalSecurityException);
    }

    @AfterEach
    public void afterEachTest() {
        LOGGER.debug("Stopping web server...");
        this.webServer.stop();
        LOGGER.debug("Web server stopped [{}]", Boolean.valueOf(!this.webServer.isRunning()));
    }
}
