package org.wildfly.security.auth.server;

import java.io.File;
import java.io.IOException;
import java.nio.file.FileVisitResult;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.SimpleFileVisitor;
import java.nio.file.attribute.BasicFileAttributes;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.regex.Pattern;
import javax.security.auth.x500.X500Principal;
import org.junit.Test;
import org.wildfly.common.Assert;
import org.wildfly.security.asn1.ASN1Encodable;
import org.wildfly.security.auth.permission.LoginPermission;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.realm.AggregateSecurityRealm;
import org.wildfly.security.auth.realm.FileSystemSecurityRealm;
import org.wildfly.security.auth.realm.KeyStoreBackedSecurityRealm;
import org.wildfly.security.auth.util.RegexNameRewriter;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.X509PeerCertificateChainEvidence;
import org.wildfly.security.permission.PermissionVerifier;
import org.wildfly.security.x500.GeneralName;
import org.wildfly.security.x500.X500AttributeTypeAndValue;
import org.wildfly.security.x500.X500PrincipalBuilder;
import org.wildfly.security.x500.cert.SubjectAlternativeNamesExtension;
import org.wildfly.security.x500.cert.X509CertificateBuilder;
import org.wildfly.security.x500.principal.X500AttributePrincipalDecoder;

/* loaded from: input_file:org/wildfly/security/auth/server/CustomRealmMapperTest.class */
public class CustomRealmMapperTest {
    private final String REALM_A = "realmA";
    private final String REALM_B = "realmB";

    /* loaded from: input_file:org/wildfly/security/auth/server/CustomRealmMapperTest$CustomRealmMapper.class */
    private class CustomRealmMapper implements RealmMapper {
        public CustomRealmMapper() {
        }

        public String getRealmMapping(Principal principal, Evidence evidence) {
            return evidence != null ? "realmA" : "realmB";
        }
    }

    @Test
    public void testEvidenceUsedInServerAuthenticationContextRealmMapping() throws Exception {
        CustomRealmMapper customRealmMapper = new CustomRealmMapper();
        X509Certificate[] populateCertificateChain = populateCertificateChain();
        AggregateSecurityRealm aggregateSecurityRealm = new AggregateSecurityRealm(createKeystoreSecurityRealm(populateCertificateChain), createSecurityRealm(true, "realmA"));
        FileSystemSecurityRealm createSecurityRealm = createSecurityRealm(false, "realmB");
        ServerAuthenticationContext createNewAuthenticationContext = SecurityDomain.builder().addRealm("realmA", aggregateSecurityRealm).build().addRealm("realmB", createSecurityRealm).build().setDefaultRealmName("realmB").setPermissionMapper((permissionMappable, roles) -> {
            return roles.contains("Admin") ? LoginPermission.getInstance() : PermissionVerifier.NONE;
        }).setRealmMapper(customRealmMapper).setPrincipalDecoder(new X500AttributePrincipalDecoder("2.5.4.3")).setPreRealmRewriter(NameRewriter.chain(new NameRewriter[]{new RegexNameRewriter(Pattern.compile(".*([0-9]+)$"), "$1", true)})).build().createNewAuthenticationContext();
        Assert.assertTrue(createNewAuthenticationContext.verifyEvidence(new X509PeerCertificateChainEvidence(populateCertificateChain)));
        Assert.assertTrue(createNewAuthenticationContext.authorize());
    }

    private KeyStoreBackedSecurityRealm createKeystoreSecurityRealm(X509Certificate[] x509CertificateArr) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        for (int i = 0; i < x509CertificateArr.length; i++) {
            keyStore.setCertificateEntry(String.valueOf(i), x509CertificateArr[i]);
        }
        return new KeyStoreBackedSecurityRealm(keyStore);
    }

    private FileSystemSecurityRealm createSecurityRealm(boolean z, String str) throws Exception {
        FileSystemSecurityRealm fileSystemSecurityRealm = new FileSystemSecurityRealm(getRootPath(true, str));
        if (z) {
            addUser(fileSystemSecurityRealm, "0", "Admin");
        } else {
            addUser(fileSystemSecurityRealm, "0", "Employee");
        }
        return fileSystemSecurityRealm;
    }

    private Path getRootPath(boolean z, String str) throws Exception {
        Path resolve = Paths.get(getClass().getResource(File.separator).toURI()).resolve("filesystem-realm/" + str);
        return (!resolve.toFile().exists() || z) ? Files.walkFileTree(Files.createDirectories(resolve, new FileAttribute[0]), new SimpleFileVisitor<Path>() { // from class: org.wildfly.security.auth.server.CustomRealmMapperTest.1
            @Override // java.nio.file.SimpleFileVisitor, java.nio.file.FileVisitor
            public FileVisitResult visitFile(Path path, BasicFileAttributes basicFileAttributes) throws IOException {
                Files.delete(path);
                return FileVisitResult.CONTINUE;
            }

            @Override // java.nio.file.SimpleFileVisitor, java.nio.file.FileVisitor
            public FileVisitResult postVisitDirectory(Path path, IOException iOException) throws IOException {
                return FileVisitResult.CONTINUE;
            }
        }) : resolve;
    }

    private void addUser(ModifiableSecurityRealm modifiableSecurityRealm, String str, String str2) throws RealmUnavailableException {
        MapAttributes mapAttributes = new MapAttributes();
        mapAttributes.addAll("Roles", Collections.singletonList(str2));
        ModifiableRealmIdentity realmIdentityForUpdate = modifiableSecurityRealm.getRealmIdentityForUpdate(new NamePrincipal(str));
        realmIdentityForUpdate.create();
        realmIdentityForUpdate.setAttributes(mapAttributes);
        realmIdentityForUpdate.dispose();
    }

    private static X509Certificate[] populateCertificateChain() throws Exception {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            KeyPair[] keyPairArr = new KeyPair[5];
            for (int i = 0; i < keyPairArr.length; i++) {
                keyPairArr[i] = keyPairGenerator.generateKeyPair();
            }
            X509Certificate[] x509CertificateArr = new X509Certificate[5];
            for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                X509CertificateBuilder x509CertificateBuilder = new X509CertificateBuilder();
                X500PrincipalBuilder x500PrincipalBuilder = new X500PrincipalBuilder();
                x500PrincipalBuilder.addItem(X500AttributeTypeAndValue.create("2.5.4.3", ASN1Encodable.ofUtf8String("bob" + i2)));
                X500Principal build = x500PrincipalBuilder.build();
                x509CertificateBuilder.setSubjectDn(build);
                if (i2 == x509CertificateArr.length - 1) {
                    x509CertificateBuilder.setIssuerDn(build);
                    x509CertificateBuilder.setSigningKey(keyPairArr[i2].getPrivate());
                } else {
                    X500PrincipalBuilder x500PrincipalBuilder2 = new X500PrincipalBuilder();
                    x500PrincipalBuilder2.addItem(X500AttributeTypeAndValue.create("2.5.4.3", ASN1Encodable.ofUtf8String("bob" + (i2 + 1))));
                    x509CertificateBuilder.setIssuerDn(x500PrincipalBuilder2.build());
                    x509CertificateBuilder.setSigningKey(keyPairArr[i2 + 1].getPrivate());
                    x509CertificateBuilder.addExtension(new SubjectAlternativeNamesExtension(true, Arrays.asList(new GeneralName.RFC822Name("bob" + i2 + "@example.com"), new GeneralName.DNSName("bob" + i2 + ".example.com"), new GeneralName.RFC822Name("bob" + i2 + "@anotherexample.com"))));
                }
                x509CertificateBuilder.setSignatureAlgorithmName("SHA256withRSA");
                x509CertificateBuilder.setPublicKey(keyPairArr[i2].getPublic());
                x509CertificateArr[i2] = x509CertificateBuilder.build();
            }
            return x509CertificateArr;
        } catch (NoSuchAlgorithmException e) {
            throw new Error(e);
        }
    }
}
