package io.confluent.common.security.jetty;

import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.stream.Stream;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.easymock.Capture;
import org.easymock.EasyMock;
import org.easymock.EasyMockSupport;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.UserAuthentication;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.UserIdentity;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:io/confluent/common/security/jetty/CertificateAuthenticatorTest.class */
public class CertificateAuthenticatorTest extends EasyMockSupport {
    private LoginService mockLoginService;
    private IdentityService mockIdentityService;
    private UserIdentity mockIdentity;
    private Authenticator.AuthConfiguration mockConfig;
    private HttpServletRequest mockRequest;
    private HttpServletResponse mockResponse;
    private CertificateAuthenticator authenticator;

    @Before
    public void setup() {
        this.mockIdentityService = (IdentityService) createMock(IdentityService.class);
        this.mockLoginService = (LoginService) createMock(LoginService.class);
        this.mockIdentity = (UserIdentity) createMock(UserIdentity.class);
        this.mockConfig = (Authenticator.AuthConfiguration) createMock(Authenticator.AuthConfiguration.class);
        this.mockRequest = (HttpServletRequest) createMock(HttpServletRequest.class);
        this.mockResponse = (HttpServletResponse) createMock(HttpServletResponse.class);
        EasyMock.expect(this.mockConfig.getLoginService()).andReturn(this.mockLoginService).anyTimes();
        EasyMock.expect(this.mockConfig.getIdentityService()).andReturn(this.mockIdentityService).anyTimes();
        EasyMock.expect(Boolean.valueOf(this.mockConfig.isSessionRenewedOnAuthentication())).andReturn(true).anyTimes();
        EasyMock.expect(this.mockLoginService.getIdentityService()).andReturn(this.mockIdentityService).anyTimes();
        this.authenticator = new CertificateAuthenticator();
    }

    @Test
    public void testCertificateAuthentication() throws Exception {
        X509Certificate[] loadCertificateChain = loadCertificateChain("/certificates/test.p12", "changeit", "test");
        X509Certificate x509Certificate = loadCertificateChain[0];
        EasyMock.expect(this.mockRequest.getAttribute("javax.servlet.request.X509Certificate")).andReturn(loadCertificateChain).anyTimes();
        Capture newInstance = Capture.newInstance();
        Capture newInstance2 = Capture.newInstance();
        EasyMock.expect(this.mockLoginService.login((String) EasyMock.capture(newInstance), EasyMock.capture(newInstance2), (ServletRequest) EasyMock.eq(this.mockRequest))).andReturn(this.mockIdentity).once();
        replayAll();
        this.authenticator.setConfiguration(this.mockConfig);
        UserAuthentication validateRequest = this.authenticator.validateRequest(this.mockRequest, this.mockResponse, true);
        Assert.assertEquals("CLIENT_CERT", validateRequest.getAuthMethod());
        Assert.assertEquals(this.mockIdentity, validateRequest.getUserIdentity());
        Assert.assertEquals("CN=Test,O=Confluent,C=US", newInstance.getValue());
        Assert.assertEquals(x509Certificate, newInstance2.getValue());
        verifyAll();
    }

    @Test
    public void testFailsIfNoCertificates() throws Exception {
        EasyMock.expect(this.mockRequest.getAttribute("javax.servlet.request.X509Certificate")).andReturn((Object) null).anyTimes();
        replayAll();
        this.authenticator.setConfiguration(this.mockConfig);
        Assert.assertEquals(Authentication.NOT_CHECKED, this.authenticator.validateRequest(this.mockRequest, this.mockResponse, true));
        verifyAll();
    }

    private X509Certificate[] loadCertificateChain(String str, String str2, String str3) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("pkcs12");
        keyStore.load(getClass().getResourceAsStream(str), str2.toCharArray());
        Stream stream = Arrays.stream(keyStore.getCertificateChain(str3));
        Class<X509Certificate> cls = X509Certificate.class;
        X509Certificate.class.getClass();
        return (X509Certificate[]) stream.map((v1) -> {
            return r1.cast(v1);
        }).toArray(i -> {
            return new X509Certificate[i];
        });
    }
}
