package io.confluent.common.security.auth;

import io.confluent.common.security.ssl.SslPrincipalMapper;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Optional;
import javax.ws.rs.container.ContainerRequestContext;
import org.apache.kafka.test.TestSslUtils;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:io/confluent/common/security/auth/SslAuthenticationModuleTest.class */
public class SslAuthenticationModuleTest {
    private static final String distinguishedName = "CN=restproxy/localhost@EXAMPLE.COM";
    private static KeyPair KEYPAIR;
    private static X509Certificate CLIENT_CERT;

    @BeforeClass
    public static void generateCert() throws Exception {
        KEYPAIR = TestSslUtils.generateKeyPair("RSA");
        CLIENT_CERT = TestSslUtils.generateCertificate(distinguishedName, KEYPAIR, 30, "SHA1withRSA");
    }

    @Test
    public void testDistinguishedNameMappingRules() throws Exception {
        SslAuthenticationModule sslAuthenticationModule = new SslAuthenticationModule(Optional.of(SslPrincipalMapper.fromRules(Collections.singletonList("RULE:^CN=(.*?)$/$1/"))));
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) Mockito.mock(ContainerRequestContext.class);
        Mockito.when(containerRequestContext.getProperty("javax.servlet.request.X509Certificate")).thenReturn(new X509Certificate[]{CLIENT_CERT});
        Assert.assertEquals("restproxy/localhost@EXAMPLE.COM", sslAuthenticationModule.authenticate(containerRequestContext).getName());
    }

    @Test
    public void testNoDistinguishedNameMappingRules() throws Exception {
        SslAuthenticationModule sslAuthenticationModule = new SslAuthenticationModule(Optional.empty());
        ContainerRequestContext containerRequestContext = (ContainerRequestContext) Mockito.mock(ContainerRequestContext.class);
        Mockito.when(containerRequestContext.getProperty("javax.servlet.request.X509Certificate")).thenReturn(new X509Certificate[]{CLIENT_CERT});
        Assert.assertEquals(distinguishedName, sslAuthenticationModule.authenticate(containerRequestContext).getName());
    }
}
