package org.wildfly.security.ldap;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.realm.ldap.LdapSecurityRealmBuilder;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.evidence.X509PeerCertificateChainEvidence;

/* loaded from: input_file:org/wildfly/security/ldap/X509EvidenceVerificationSuiteChild.class */
public class X509EvidenceVerificationSuiteChild {
    private static final String LDAP_DIRECTORY_LOCATION = "./target/test-classes/ldap";
    private static final String LDIF_LOCATION = "/elytron-x509-verification.ldif";

    @After
    public void cleanUpLdapFiles() throws Exception {
        File file = new File(LDAP_DIRECTORY_LOCATION);
        if (file.exists()) {
            Files.copy(Paths.get(file + LDIF_LOCATION + ".bak", new String[0]), Paths.get(file + LDIF_LOCATION, new String[0]), StandardCopyOption.REPLACE_EXISTING);
        }
    }

    @Test
    public void testX509Auth() throws Exception {
        testX509AuthInternal("scarab");
    }

    @Test
    public void testX509AuthBinary() throws Exception {
        testX509AuthInternal("scarab_binary");
    }

    private void testX509AuthInternal(String str) throws Exception {
        RealmIdentity realmIdentity = LdapSecurityRealmBuilder.builder().setDirContextSupplier(LdapTestSuite.dirContextFactory.create()).identityMapping().setSearchDn("dc=elytron,dc=wildfly,dc=org").setRdnIdentifier("uid").build().x509EvidenceVerifier().addSerialNumberCertificateVerifier("x509serialNumber").addSubjectDnCertificateVerifier("x509subject").addDigestCertificateVerifier("x509digest", "SHA-1").addEncodedCertificateVerifier("usercertificate").build().build().getRealmIdentity(new NamePrincipal(str));
        Assert.assertEquals("Identity verification level support", SupportLevel.POSSIBLY_SUPPORTED, realmIdentity.getEvidenceVerifySupport(X509PeerCertificateChainEvidence.class, (String) null));
        Assert.assertTrue(realmIdentity.verifyEvidence(new X509PeerCertificateChainEvidence(new X509Certificate[]{loadCertificate("scarab", "/ca/jks/scarab.keystore"), loadCertificate("ca", "/ca/jks/ca.keystore")})));
    }

    private X509Certificate loadCertificate(String str, String str2) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        InputStream resourceAsStream = X509EvidenceVerificationSuiteChild.class.getResourceAsStream(str2);
        try {
            keyStore.load(resourceAsStream, "Elytron".toCharArray());
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str);
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
            return x509Certificate;
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
