package org.jasig.cas.adaptors.x509.authentication.handler.support;

import java.math.BigInteger;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import javax.security.auth.login.FailedLoginException;
import org.cryptacular.util.CertUtil;
import org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredential;
import org.jasig.cas.authentication.Credential;
import org.jasig.cas.authentication.DefaultHandlerResult;
import org.jasig.cas.authentication.HandlerResult;
import org.jasig.cas.authentication.UsernamePasswordCredential;
import org.jasig.cas.authentication.principal.DefaultPrincipalFactory;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.springframework.core.io.ClassPathResource;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/jasig/cas/adaptors/x509/authentication/handler/support/X509CredentialsAuthenticationHandlerTests.class */
public class X509CredentialsAuthenticationHandlerTests {
    private final X509CredentialsAuthenticationHandler handler;
    private final Credential credential;
    private final boolean expectedSupports;
    private final Object expectedResult;

    public X509CredentialsAuthenticationHandlerTests(X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler, Credential credential, boolean z, Object obj) {
        this.handler = x509CredentialsAuthenticationHandler;
        this.credential = credential;
        this.expectedSupports = z;
        this.expectedResult = obj;
    }

    @Parameterized.Parameters
    public static Collection<Object[]> getTestParameters() throws Exception {
        ArrayList arrayList = new ArrayList();
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler = new X509CredentialsAuthenticationHandler();
        x509CredentialsAuthenticationHandler.setTrustedIssuerDnPattern(".*");
        arrayList.add(new Object[]{x509CredentialsAuthenticationHandler, new UsernamePasswordCredential(), false, null});
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler2 = new X509CredentialsAuthenticationHandler();
        x509CredentialsAuthenticationHandler2.setTrustedIssuerDnPattern(".*");
        X509CertificateCredential x509CertificateCredential = new X509CertificateCredential(createCertificates("user-valid.crt"));
        arrayList.add(new Object[]{x509CredentialsAuthenticationHandler2, x509CertificateCredential, true, new DefaultHandlerResult(x509CredentialsAuthenticationHandler2, x509CertificateCredential, new DefaultPrincipalFactory().createPrincipal(x509CertificateCredential.getId()))});
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler3 = new X509CredentialsAuthenticationHandler();
        x509CredentialsAuthenticationHandler3.setTrustedIssuerDnPattern(".*");
        arrayList.add(new Object[]{x509CredentialsAuthenticationHandler3, new X509CertificateCredential(createCertificates("user-expired.crt")), true, new CertificateExpiredException()});
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler4 = new X509CredentialsAuthenticationHandler();
        x509CredentialsAuthenticationHandler4.setTrustedIssuerDnPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US");
        x509CredentialsAuthenticationHandler4.setMaxPathLengthAllowUnspecified(true);
        arrayList.add(new Object[]{x509CredentialsAuthenticationHandler4, new X509CertificateCredential(createCertificates("snake-oil.crt")), true, new FailedLoginException()});
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler5 = new X509CredentialsAuthenticationHandler();
        x509CredentialsAuthenticationHandler5.setTrustedIssuerDnPattern(".*");
        x509CredentialsAuthenticationHandler5.setSubjectDnPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US");
        x509CredentialsAuthenticationHandler5.setMaxPathLengthAllowUnspecified(true);
        arrayList.add(new Object[]{x509CredentialsAuthenticationHandler5, new X509CertificateCredential(createCertificates("snake-oil.crt")), true, new FailedLoginException()});
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler6 = new X509CredentialsAuthenticationHandler();
        x509CredentialsAuthenticationHandler6.setTrustedIssuerDnPattern(".*");
        x509CredentialsAuthenticationHandler6.setCheckKeyUsage(true);
        X509CertificateCredential x509CertificateCredential2 = new X509CertificateCredential(createCertificates("user-valid.crt"));
        arrayList.add(new Object[]{x509CredentialsAuthenticationHandler6, x509CertificateCredential2, true, new DefaultHandlerResult(x509CredentialsAuthenticationHandler6, x509CertificateCredential2, new DefaultPrincipalFactory().createPrincipal(x509CertificateCredential2.getId()))});
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler7 = new X509CredentialsAuthenticationHandler();
        x509CredentialsAuthenticationHandler7.setTrustedIssuerDnPattern(".*");
        x509CredentialsAuthenticationHandler7.setCheckKeyUsage(true);
        x509CredentialsAuthenticationHandler7.setRequireKeyUsage(true);
        arrayList.add(new Object[]{x509CredentialsAuthenticationHandler7, new X509CertificateCredential(createCertificates("user-valid.crt")), true, new FailedLoginException()});
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler8 = new X509CredentialsAuthenticationHandler();
        x509CredentialsAuthenticationHandler8.setTrustedIssuerDnPattern(".*");
        x509CredentialsAuthenticationHandler8.setCheckKeyUsage(true);
        x509CredentialsAuthenticationHandler8.setRequireKeyUsage(true);
        X509CertificateCredential x509CertificateCredential3 = new X509CertificateCredential(createCertificates("user-valid-keyUsage.crt"));
        arrayList.add(new Object[]{x509CredentialsAuthenticationHandler8, x509CertificateCredential3, true, new DefaultHandlerResult(x509CredentialsAuthenticationHandler8, x509CertificateCredential3, new DefaultPrincipalFactory().createPrincipal(x509CertificateCredential3.getId()))});
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler9 = new X509CredentialsAuthenticationHandler();
        x509CredentialsAuthenticationHandler9.setTrustedIssuerDnPattern(".*");
        x509CredentialsAuthenticationHandler9.setCheckKeyUsage(true);
        x509CredentialsAuthenticationHandler9.setRequireKeyUsage(true);
        arrayList.add(new Object[]{x509CredentialsAuthenticationHandler9, new X509CertificateCredential(createCertificates("user-invalid-keyUsage.crt")), true, new FailedLoginException()});
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler10 = new X509CredentialsAuthenticationHandler();
        ResourceCRLRevocationChecker resourceCRLRevocationChecker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
        resourceCRLRevocationChecker.afterPropertiesSet();
        x509CredentialsAuthenticationHandler10.setRevocationChecker(resourceCRLRevocationChecker);
        x509CredentialsAuthenticationHandler10.setTrustedIssuerDnPattern(".*");
        X509CertificateCredential x509CertificateCredential4 = new X509CertificateCredential(createCertificates("user-valid.crt"));
        arrayList.add(new Object[]{x509CredentialsAuthenticationHandler10, new X509CertificateCredential(createCertificates("user-valid.crt")), true, new DefaultHandlerResult(x509CredentialsAuthenticationHandler10, x509CertificateCredential4, new DefaultPrincipalFactory().createPrincipal(x509CertificateCredential4.getId()))});
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler11 = new X509CredentialsAuthenticationHandler();
        ResourceCRLRevocationChecker resourceCRLRevocationChecker2 = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
        resourceCRLRevocationChecker2.afterPropertiesSet();
        x509CredentialsAuthenticationHandler11.setRevocationChecker(resourceCRLRevocationChecker2);
        x509CredentialsAuthenticationHandler11.setTrustedIssuerDnPattern(".*");
        arrayList.add(new Object[]{x509CredentialsAuthenticationHandler11, new X509CertificateCredential(createCertificates("user-revoked.crt")), true, new RevokedCertificateException((Date) null, (BigInteger) null)});
        ThresholdExpiredCRLRevocationPolicy thresholdExpiredCRLRevocationPolicy = new ThresholdExpiredCRLRevocationPolicy();
        thresholdExpiredCRLRevocationPolicy.setThreshold(0);
        X509CredentialsAuthenticationHandler x509CredentialsAuthenticationHandler12 = new X509CredentialsAuthenticationHandler();
        x509CredentialsAuthenticationHandler12.setTrustedIssuerDnPattern(".*");
        ResourceCRLRevocationChecker resourceCRLRevocationChecker3 = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-expired.crl"));
        resourceCRLRevocationChecker3.setExpiredCRLPolicy(thresholdExpiredCRLRevocationPolicy);
        resourceCRLRevocationChecker3.afterPropertiesSet();
        x509CredentialsAuthenticationHandler12.setRevocationChecker(resourceCRLRevocationChecker3);
        arrayList.add(new Object[]{x509CredentialsAuthenticationHandler12, new X509CertificateCredential(createCertificates("user-valid.crt")), true, new ExpiredCRLException((String) null, (Date) null)});
        return arrayList;
    }

    @Test
    public void verifyAuthenticate() {
        try {
            if (this.handler.supports(this.credential)) {
                HandlerResult authenticate = this.handler.authenticate(this.credential);
                if (this.expectedResult instanceof DefaultHandlerResult) {
                    Assert.assertEquals(this.expectedResult, authenticate);
                } else {
                    Assert.fail("Authentication succeeded when it should have failed with " + this.expectedResult);
                }
            }
        } catch (Exception e) {
            if (this.expectedResult instanceof Exception) {
                Assert.assertEquals(this.expectedResult.getClass(), e.getClass());
            } else {
                Assert.fail("Authentication failed when it should have succeeded.");
            }
        }
    }

    @Test
    public void verifySupports() {
        Assert.assertEquals(Boolean.valueOf(this.expectedSupports), Boolean.valueOf(this.handler.supports(this.credential)));
    }

    protected static X509Certificate[] createCertificates(String... strArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[strArr.length];
        int i = 0;
        for (String str : strArr) {
            try {
                int i2 = i;
                i++;
                x509CertificateArr[i2] = CertUtil.readCertificate(new ClassPathResource(str).getInputStream());
            } catch (Exception e) {
                throw new RuntimeException("Error creating certificate at " + str, e);
            }
        }
        return x509CertificateArr;
    }
}
