package org.apache.cxf.systest.kerberos.ldap;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.net.URI;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.apache.commons.io.IOUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.rt.security.claims.Claim;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.sts.claims.ClaimTypes;
import org.apache.cxf.sts.claims.ClaimsParameters;
import org.apache.cxf.sts.claims.LdapClaimsHandler;
import org.apache.cxf.sts.claims.ProcessedClaim;
import org.apache.cxf.sts.claims.ProcessedClaimCollection;
import org.apache.cxf.ws.security.sts.provider.STSException;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.annotations.CreateIndex;
import org.apache.directory.server.core.annotations.CreatePartition;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.wss4j.common.principal.CustomTokenPrincipal;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.util.Assert;

@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")})
@RunWith(FrameworkRunner.class)
@CreateDS(name = "LDAPClaimsTest-class", enableAccessControl = false, allowAnonAccess = false, enableChangeLog = true, partitions = {@CreatePartition(name = "example", suffix = "dc=example,dc=com", indexes = {@CreateIndex(attribute = "objectClass"), @CreateIndex(attribute = "dc"), @CreateIndex(attribute = "ou")})})
@ApplyLdifFiles({"ldap.ldif"})
/* loaded from: input_file:org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.class */
public class LDAPClaimsTest extends AbstractLdapTestUnit {
    private static Properties props;
    private static boolean portUpdated;
    private ClassPathXmlApplicationContext appContext;

    @BeforeClass
    public static void startServers() throws Exception {
        props = new Properties();
        InputStream inputStream = null;
        try {
            try {
                inputStream = LDAPClaimsTest.class.getResourceAsStream("/ldap.properties");
                props.load(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
            } catch (Exception e) {
                e.printStackTrace();
                if (inputStream != null) {
                    inputStream.close();
                }
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                inputStream.close();
            }
            throw th;
        }
    }

    @Before
    public void updatePort() throws Exception {
        if (!portUpdated) {
            String property = System.getProperty("basedir");
            if (property == null) {
                property = new File(".").getCanonicalPath();
            }
            FileInputStream fileInputStream = new FileInputStream(new File(property + "/src/test/resources/ldap.xml"));
            String iOUtils = IOUtils.toString(fileInputStream, "UTF-8");
            fileInputStream.close();
            String replaceAll = iOUtils.replaceAll("portno", "" + AbstractLdapTestUnit.getLdapServer().getPort());
            FileOutputStream fileOutputStream = new FileOutputStream(new File(property + "/target/test-classes/ldapport.xml"));
            IOUtils.write(replaceAll, fileOutputStream, "UTF-8");
            fileOutputStream.close();
            portUpdated = true;
        }
        this.appContext = new ClassPathXmlApplicationContext("ldapport.xml");
    }

    @Test
    public void testRetrieveClaims() throws Exception {
        LdapClaimsHandler ldapClaimsHandler = (LdapClaimsHandler) this.appContext.getBean("testClaimsHandler");
        String property = props.getProperty("claimUser");
        Assert.notNull(property, "Property 'claimUser' not configured");
        ClaimCollection createRequestClaimCollection = createRequestClaimCollection();
        ArrayList arrayList = new ArrayList();
        arrayList.add(ClaimTypes.FIRSTNAME);
        arrayList.add(ClaimTypes.LASTNAME);
        arrayList.add(ClaimTypes.EMAILADDRESS);
        ClaimsParameters claimsParameters = new ClaimsParameters();
        claimsParameters.setPrincipal(new CustomTokenPrincipal(property));
        ProcessedClaimCollection retrieveClaimValues = ldapClaimsHandler.retrieveClaimValues(createRequestClaimCollection, claimsParameters);
        Assert.isTrue(retrieveClaimValues.size() == arrayList.size(), "Retrieved number of claims [" + retrieveClaimValues.size() + "] doesn't match with expected [" + arrayList.size() + "]");
        Iterator it = retrieveClaimValues.iterator();
        while (it.hasNext()) {
            ProcessedClaim processedClaim = (ProcessedClaim) it.next();
            if (arrayList.contains(processedClaim.getClaimType())) {
                arrayList.remove(processedClaim.getClaimType());
            } else {
                Assert.isTrue(false, "Claim '" + processedClaim.getClaimType() + "' not requested");
            }
        }
    }

    @Test(expected = STSException.class)
    public void testRetrieveClaimsWithUnsupportedMandatoryClaimType() throws Exception {
        LdapClaimsHandler ldapClaimsHandler = (LdapClaimsHandler) this.appContext.getBean("testClaimsHandler");
        String property = props.getProperty("claimUser");
        Assert.notNull(property, "Property 'claimUser' not configured");
        ClaimCollection createRequestClaimCollection = createRequestClaimCollection();
        Claim claim = new Claim();
        claim.setClaimType(ClaimTypes.GENDER);
        claim.setOptional(false);
        createRequestClaimCollection.add(claim);
        ClaimsParameters claimsParameters = new ClaimsParameters();
        claimsParameters.setPrincipal(new CustomTokenPrincipal(property));
        ProcessedClaimCollection retrieveClaimValues = ldapClaimsHandler.retrieveClaimValues(createRequestClaimCollection, claimsParameters);
        Iterator it = createRequestClaimCollection.iterator();
        while (it.hasNext()) {
            Claim claim2 = (Claim) it.next();
            URI claimType = claim2.getClaimType();
            boolean z = false;
            if (!claim2.isOptional()) {
                Iterator it2 = retrieveClaimValues.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    } else if (((ProcessedClaim) it2.next()).getClaimType().equals(claimType)) {
                        z = true;
                        break;
                    }
                }
                if (!z) {
                    throw new STSException("Mandatory claim '" + claim.getClaimType() + "' not found");
                }
            }
        }
    }

    @Test
    public void testRetrieveClaimsWithUnsupportedOptionalClaimType() throws Exception {
        LdapClaimsHandler ldapClaimsHandler = (LdapClaimsHandler) this.appContext.getBean("testClaimsHandler");
        String property = props.getProperty("claimUser");
        Assert.notNull(property, "Property 'claimUser' not configured");
        ClaimCollection createRequestClaimCollection = createRequestClaimCollection();
        Claim claim = new Claim();
        claim.setClaimType(ClaimTypes.GENDER);
        claim.setOptional(true);
        createRequestClaimCollection.add(claim);
        ArrayList arrayList = new ArrayList();
        arrayList.add(ClaimTypes.FIRSTNAME);
        arrayList.add(ClaimTypes.LASTNAME);
        arrayList.add(ClaimTypes.EMAILADDRESS);
        ClaimsParameters claimsParameters = new ClaimsParameters();
        claimsParameters.setPrincipal(new CustomTokenPrincipal(property));
        ProcessedClaimCollection retrieveClaimValues = ldapClaimsHandler.retrieveClaimValues(createRequestClaimCollection, claimsParameters);
        Assert.isTrue(retrieveClaimValues.size() == arrayList.size(), "Retrieved number of claims [" + retrieveClaimValues.size() + "] doesn't match with expected [" + arrayList.size() + "]");
        Iterator it = retrieveClaimValues.iterator();
        while (it.hasNext()) {
            ProcessedClaim processedClaim = (ProcessedClaim) it.next();
            if (arrayList.contains(processedClaim.getClaimType())) {
                arrayList.remove(processedClaim.getClaimType());
            } else {
                Assert.isTrue(false, "Claim '" + processedClaim.getClaimType() + "' not requested");
            }
        }
    }

    @Test
    public void testSupportedClaims() throws Exception {
        Map cast = CastUtils.cast((Map) this.appContext.getBean("claimsToLdapAttributeMapping"));
        LdapClaimsHandler ldapClaimsHandler = new LdapClaimsHandler();
        ldapClaimsHandler.setClaimsLdapAttributeMapping(cast);
        List supportedClaimTypes = ldapClaimsHandler.getSupportedClaimTypes();
        Assert.isTrue(cast.size() == supportedClaimTypes.size(), "Supported claims and claims/ldap attribute mapping size different");
        for (String str : cast.keySet()) {
            Assert.isTrue(supportedClaimTypes.contains(new URI(str)), "Claim '" + str + "' not listed in supported list");
        }
    }

    private ClaimCollection createRequestClaimCollection() {
        ClaimCollection claimCollection = new ClaimCollection();
        Claim claim = new Claim();
        claim.setClaimType(ClaimTypes.FIRSTNAME);
        claim.setOptional(true);
        claimCollection.add(claim);
        Claim claim2 = new Claim();
        claim2.setClaimType(ClaimTypes.LASTNAME);
        claim2.setOptional(true);
        claimCollection.add(claim2);
        Claim claim3 = new Claim();
        claim3.setClaimType(ClaimTypes.EMAILADDRESS);
        claim3.setOptional(true);
        claimCollection.add(claim3);
        return claimCollection;
    }
}
