package io.undertow.servlet.test.security.basic;

import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import io.undertow.security.idm.IdentityManager;
import io.undertow.security.idm.X509CertificateCredential;
import io.undertow.server.handlers.PathHandler;
import io.undertow.servlet.api.AuthMethodConfig;
import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.DeploymentManager;
import io.undertow.servlet.api.LoginConfig;
import io.undertow.servlet.api.SecurityConstraint;
import io.undertow.servlet.api.SecurityInfo;
import io.undertow.servlet.api.ServletContainer;
import io.undertow.servlet.api.ServletInfo;
import io.undertow.servlet.api.WebResourceCollection;
import io.undertow.servlet.test.SimpleServletTestCase;
import io.undertow.servlet.test.security.SendAuthTypeServlet;
import io.undertow.servlet.test.security.SendUsernameServlet;
import io.undertow.servlet.test.util.TestClassIntrospector;
import io.undertow.testutils.DefaultServer;
import io.undertow.testutils.HttpClientUtils;
import io.undertow.testutils.TestHttpClient;
import java.io.IOException;
import java.security.Principal;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.security.auth.x500.X500Principal;
import javax.servlet.ServletException;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(DefaultServer.class)
@Ignore("UT3 - P2")
/* loaded from: input_file:io/undertow/servlet/test/security/basic/ServletClientCertAuthTestCase.class */
public class ServletClientCertAuthTestCase {
    private static final String REALM_NAME = "Servlet_Realm";
    protected static final IdentityManager identityManager;
    private static SSLContext clientSSLContext;

    @BeforeClass
    public static void startSSL() throws Exception {
    }

    @AfterClass
    public static void stopSSL() throws Exception {
        clientSSLContext = null;
        DefaultServer.stopSSLServer();
    }

    @BeforeClass
    public static void setup() throws ServletException, IOException {
        DefaultServer.startSSLServer();
        clientSSLContext = DefaultServer.getClientSSLContext();
        PathHandler pathHandler = new PathHandler();
        ServletContainer newInstance = ServletContainer.Factory.newInstance();
        ServletInfo addMapping = new ServletInfo("Username Servlet", SendUsernameServlet.class).addMapping("/secured/username");
        ServletInfo addMapping2 = new ServletInfo("Auth Type Servlet", SendAuthTypeServlet.class).addMapping("/secured/authType");
        LoginConfig loginConfig = new LoginConfig(REALM_NAME);
        loginConfig.addFirstAuthMethod(new AuthMethodConfig("CLIENT_CERT"));
        DeploymentInfo addServlets = new DeploymentInfo().setClassLoader(SimpleServletTestCase.class.getClassLoader()).setContextPath("/servletContext").setClassIntrospecter(TestClassIntrospector.INSTANCE).setDeploymentName("servletContext.war").setIdentityManager(identityManager).setLoginConfig(loginConfig).addServlets(new ServletInfo[]{addMapping, addMapping2});
        addServlets.addSecurityConstraint(new SecurityConstraint().addWebResourceCollection(new WebResourceCollection().addUrlPattern("/secured/*")).addRoleAllowed("role1").setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.DENY));
        DeploymentManager addDeployment = newInstance.addDeployment(addServlets);
        addDeployment.deploy();
        pathHandler.addPrefixPath(addServlets.getContextPath(), addDeployment.start());
        DefaultServer.setRootHandler(pathHandler);
    }

    @Test
    public void testUserName() throws Exception {
        testCall("username", "CN=Test Client,OU=OU,O=Org,L=City,ST=State,C=GB", 200);
    }

    @Test
    public void testAuthType() throws Exception {
        testCall("authType", "CLIENT_CERT", 200);
    }

    public void testCall(String str, String str2, int i) throws Exception {
        TestHttpClient testHttpClient = new TestHttpClient();
        testHttpClient.setSSLContext(clientSSLContext);
        try {
            CloseableHttpResponse execute = testHttpClient.execute(new HttpGet(DefaultServer.getDefaultServerSSLAddress() + "/servletContext/secured/" + str));
            Assert.assertEquals(i, execute.getStatusLine().getStatusCode());
            String readResponse = HttpClientUtils.readResponse(execute);
            if (i == 200) {
                Assert.assertEquals(str2, readResponse);
            }
        } finally {
            testHttpClient.getConnectionManager().shutdown();
        }
    }

    static {
        final HashSet hashSet = new HashSet();
        hashSet.add("CN=Test Client,OU=OU,O=Org,L=City,ST=State,C=GB");
        identityManager = new IdentityManager() { // from class: io.undertow.servlet.test.security.basic.ServletClientCertAuthTestCase.1
            public Account verify(Account account) {
                return account;
            }

            public Account verify(String str, Credential credential) {
                return null;
            }

            public Account verify(Credential credential) {
                if (!(credential instanceof X509CertificateCredential)) {
                    return null;
                }
                final X500Principal subjectX500Principal = ((X509CertificateCredential) credential).getCertificate().getSubjectX500Principal();
                if (hashSet.contains(subjectX500Principal.getName())) {
                    return new Account() { // from class: io.undertow.servlet.test.security.basic.ServletClientCertAuthTestCase.1.1
                        public Principal getPrincipal() {
                            return subjectX500Principal;
                        }

                        public Set<String> getRoles() {
                            return Collections.singleton("role1");
                        }
                    };
                }
                return null;
            }
        };
    }
}
