package org.apache.cxf.systest.ldap.sts;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.rt.security.claims.Claim;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.sts.claims.ClaimTypes;
import org.apache.cxf.sts.claims.ClaimsManager;
import org.apache.cxf.sts.claims.ClaimsParameters;
import org.apache.cxf.sts.claims.LdapClaimsHandler;
import org.apache.cxf.sts.claims.LdapGroupClaimsHandler;
import org.apache.cxf.sts.claims.ProcessedClaim;
import org.apache.cxf.sts.claims.ProcessedClaimCollection;
import org.apache.cxf.ws.security.sts.provider.STSException;
import org.apache.wss4j.common.principal.CustomTokenPrincipal;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.zapodot.junit.ldap.EmbeddedLdapRule;
import org.zapodot.junit.ldap.EmbeddedLdapRuleBuilder;

/* loaded from: input_file:org/apache/cxf/systest/ldap/sts/LDAPClaimsTest.class */
public class LDAPClaimsTest {

    @ClassRule
    public static EmbeddedLdapRule embeddedLdapRule = EmbeddedLdapRuleBuilder.newInstance().bindingToAddress("localhost").usingBindCredentials("ldap_su").usingBindDSN("UID=admin,DC=example,DC=com").usingDomainDsn("dc=example,dc=com").importingLdifs(new String[]{"ldap.ldif"}).build();
    private static Properties props;
    private static boolean portUpdated;
    private ClassPathXmlApplicationContext appContext;

    @BeforeClass
    public static void startServers() throws Exception {
        props = new Properties();
        try {
            InputStream resourceAsStream = LDAPClaimsTest.class.getResourceAsStream("/ldap.properties");
            Throwable th = null;
            try {
                try {
                    props.load(resourceAsStream);
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @Before
    public void updatePort() throws Exception {
        if (!portUpdated) {
            String property = System.getProperty("basedir");
            if (property == null) {
                property = new File(".").getCanonicalPath();
            }
            Files.write(FileSystems.getDefault().getPath(property, "/target/test-classes/ldapport.xml"), new String(Files.readAllBytes(FileSystems.getDefault().getPath(property, "/src/test/resources/ldap.xml")), StandardCharsets.UTF_8).replaceAll("portno", Integer.toString(embeddedLdapRule.embeddedServerPort())).getBytes(), new OpenOption[0]);
            portUpdated = true;
        }
        this.appContext = new ClassPathXmlApplicationContext("ldapport.xml");
    }

    @Test
    public void testRetrieveClaims() throws Exception {
        LdapClaimsHandler ldapClaimsHandler = (LdapClaimsHandler) this.appContext.getBean("testClaimsHandler");
        ClaimsManager claimsManager = new ClaimsManager();
        claimsManager.setClaimHandlers(Collections.singletonList(ldapClaimsHandler));
        String property = props.getProperty("claimUser");
        Assert.assertNotNull(property, "Property 'claimUser' not configured");
        ClaimCollection createRequestClaimCollection = createRequestClaimCollection();
        ArrayList arrayList = new ArrayList();
        arrayList.add(ClaimTypes.FIRSTNAME.toString());
        arrayList.add(ClaimTypes.LASTNAME.toString());
        arrayList.add(ClaimTypes.EMAILADDRESS.toString());
        ClaimsParameters claimsParameters = new ClaimsParameters();
        claimsParameters.setPrincipal(new CustomTokenPrincipal(property));
        ProcessedClaimCollection retrieveClaimValues = claimsManager.retrieveClaimValues(createRequestClaimCollection, claimsParameters);
        Assert.assertTrue("Retrieved number of claims [" + retrieveClaimValues.size() + "] doesn't match with expected [" + arrayList.size() + "]", retrieveClaimValues.size() == arrayList.size());
        Iterator it = retrieveClaimValues.iterator();
        while (it.hasNext()) {
            ProcessedClaim processedClaim = (ProcessedClaim) it.next();
            if (arrayList.contains(processedClaim.getClaimType())) {
                arrayList.remove(processedClaim.getClaimType());
            } else {
                Assert.assertTrue("Claim '" + processedClaim.getClaimType() + "' not requested", false);
            }
        }
    }

    @Test
    public void testRetrieveClaimsUsingLDAPLookup() throws Exception {
        LdapClaimsHandler ldapClaimsHandler = (LdapClaimsHandler) this.appContext.getBean("testClaimsHandler");
        ClaimsManager claimsManager = new ClaimsManager();
        claimsManager.setClaimHandlers(Collections.singletonList(ldapClaimsHandler));
        ClaimCollection createRequestClaimCollection = createRequestClaimCollection();
        ArrayList arrayList = new ArrayList();
        arrayList.add(ClaimTypes.FIRSTNAME.toString());
        arrayList.add(ClaimTypes.LASTNAME.toString());
        arrayList.add(ClaimTypes.EMAILADDRESS.toString());
        ClaimsParameters claimsParameters = new ClaimsParameters();
        claimsParameters.setPrincipal(new CustomTokenPrincipal("cn=alice,ou=users,dc=example,dc=com"));
        ProcessedClaimCollection retrieveClaimValues = claimsManager.retrieveClaimValues(createRequestClaimCollection, claimsParameters);
        Assert.assertTrue("Retrieved number of claims [" + retrieveClaimValues.size() + "] doesn't match with expected [" + arrayList.size() + "]", retrieveClaimValues.size() == arrayList.size());
        Iterator it = retrieveClaimValues.iterator();
        while (it.hasNext()) {
            ProcessedClaim processedClaim = (ProcessedClaim) it.next();
            if (arrayList.contains(processedClaim.getClaimType())) {
                arrayList.remove(processedClaim.getClaimType());
            } else {
                Assert.assertTrue("Claim '" + processedClaim.getClaimType() + "' not requested", false);
            }
        }
    }

    @Test
    public void testMultiUserBaseDNs() throws Exception {
        LdapClaimsHandler ldapClaimsHandler = (LdapClaimsHandler) this.appContext.getBean("testClaimsHandlerMultipleUserBaseDNs");
        ClaimsManager claimsManager = new ClaimsManager();
        claimsManager.setClaimHandlers(Collections.singletonList(ldapClaimsHandler));
        String property = props.getProperty("claimUser");
        Assert.assertNotNull(property, "Property 'claimUser' not configured");
        String property2 = props.getProperty("otherClaimUser");
        Assert.assertNotNull(property2, "Property 'otherClaimUser' not configured");
        ClaimCollection createRequestClaimCollection = createRequestClaimCollection();
        ArrayList arrayList = new ArrayList();
        arrayList.add(ClaimTypes.FIRSTNAME.toString());
        arrayList.add(ClaimTypes.LASTNAME.toString());
        arrayList.add(ClaimTypes.EMAILADDRESS.toString());
        ClaimsParameters claimsParameters = new ClaimsParameters();
        claimsParameters.setPrincipal(new CustomTokenPrincipal(property));
        ProcessedClaimCollection retrieveClaimValues = claimsManager.retrieveClaimValues(createRequestClaimCollection, claimsParameters);
        Assert.assertTrue("Retrieved number of claims [" + retrieveClaimValues.size() + "] doesn't match with expected [" + arrayList.size() + "]", retrieveClaimValues.size() == arrayList.size());
        Iterator it = retrieveClaimValues.iterator();
        while (it.hasNext()) {
            ProcessedClaim processedClaim = (ProcessedClaim) it.next();
            if (arrayList.contains(processedClaim.getClaimType())) {
                arrayList.remove(processedClaim.getClaimType());
            } else {
                Assert.assertTrue("Claim '" + processedClaim.getClaimType() + "' not requested", false);
            }
        }
        claimsParameters.setPrincipal(new CustomTokenPrincipal(property2));
        ProcessedClaimCollection retrieveClaimValues2 = claimsManager.retrieveClaimValues(createRequestClaimCollection, claimsParameters);
        arrayList.add(ClaimTypes.FIRSTNAME.toString());
        arrayList.add(ClaimTypes.LASTNAME.toString());
        arrayList.add(ClaimTypes.EMAILADDRESS.toString());
        Assert.assertTrue("Retrieved number of claims [" + retrieveClaimValues2.size() + "] doesn't match with expected [" + arrayList.size() + "]", retrieveClaimValues2.size() == arrayList.size());
        Iterator it2 = retrieveClaimValues2.iterator();
        while (it2.hasNext()) {
            ProcessedClaim processedClaim2 = (ProcessedClaim) it2.next();
            if (arrayList.contains(processedClaim2.getClaimType())) {
                arrayList.remove(processedClaim2.getClaimType());
            } else {
                Assert.assertTrue("Claim '" + processedClaim2.getClaimType() + "' not requested", false);
            }
        }
    }

    @Test(expected = STSException.class)
    public void testRetrieveClaimsWithUnsupportedMandatoryClaimType() throws Exception {
        LdapClaimsHandler ldapClaimsHandler = (LdapClaimsHandler) this.appContext.getBean("testClaimsHandler");
        ClaimsManager claimsManager = new ClaimsManager();
        claimsManager.setClaimHandlers(Collections.singletonList(ldapClaimsHandler));
        String property = props.getProperty("claimUser");
        Assert.assertNotNull(property, "Property 'claimUser' not configured");
        ClaimCollection createRequestClaimCollection = createRequestClaimCollection();
        Claim claim = new Claim();
        claim.setClaimType(ClaimTypes.GENDER);
        claim.setOptional(false);
        createRequestClaimCollection.add(claim);
        ClaimsParameters claimsParameters = new ClaimsParameters();
        claimsParameters.setPrincipal(new CustomTokenPrincipal(property));
        claimsManager.retrieveClaimValues(createRequestClaimCollection, claimsParameters);
    }

    @Test
    public void testRetrieveClaimsWithUnsupportedOptionalClaimType() throws Exception {
        LdapClaimsHandler ldapClaimsHandler = (LdapClaimsHandler) this.appContext.getBean("testClaimsHandler");
        ClaimsManager claimsManager = new ClaimsManager();
        claimsManager.setClaimHandlers(Collections.singletonList(ldapClaimsHandler));
        String property = props.getProperty("claimUser");
        Assert.assertNotNull(property, "Property 'claimUser' not configured");
        ClaimCollection createRequestClaimCollection = createRequestClaimCollection();
        Claim claim = new Claim();
        claim.setClaimType(ClaimTypes.GENDER);
        claim.setOptional(true);
        createRequestClaimCollection.add(claim);
        ArrayList arrayList = new ArrayList();
        arrayList.add(ClaimTypes.FIRSTNAME.toString());
        arrayList.add(ClaimTypes.LASTNAME.toString());
        arrayList.add(ClaimTypes.EMAILADDRESS.toString());
        ClaimsParameters claimsParameters = new ClaimsParameters();
        claimsParameters.setPrincipal(new CustomTokenPrincipal(property));
        ProcessedClaimCollection retrieveClaimValues = claimsManager.retrieveClaimValues(createRequestClaimCollection, claimsParameters);
        Assert.assertTrue("Retrieved number of claims [" + retrieveClaimValues.size() + "] doesn't match with expected [" + arrayList.size() + "]", retrieveClaimValues.size() == arrayList.size());
        Iterator it = retrieveClaimValues.iterator();
        while (it.hasNext()) {
            ProcessedClaim processedClaim = (ProcessedClaim) it.next();
            if (arrayList.contains(processedClaim.getClaimType())) {
                arrayList.remove(processedClaim.getClaimType());
            } else {
                Assert.assertTrue("Claim '" + processedClaim.getClaimType() + "' not requested", false);
            }
        }
    }

    @Test
    public void testSupportedClaims() throws Exception {
        Map cast = CastUtils.cast((Map) this.appContext.getBean("claimsToLdapAttributeMapping"));
        LdapClaimsHandler ldapClaimsHandler = new LdapClaimsHandler();
        ldapClaimsHandler.setClaimsLdapAttributeMapping(cast);
        List supportedClaimTypes = ldapClaimsHandler.getSupportedClaimTypes();
        Assert.assertTrue("Supported claims and claims/ldap attribute mapping size different", cast.size() == supportedClaimTypes.size());
        for (String str : cast.keySet()) {
            Assert.assertTrue("Claim '" + str + "' not listed in supported list", supportedClaimTypes.contains(str));
        }
    }

    @Test
    public void testRetrieveBinaryClaims() throws Exception {
        LdapClaimsHandler ldapClaimsHandler = (LdapClaimsHandler) this.appContext.getBean("testClaimsHandler");
        ClaimsManager claimsManager = new ClaimsManager();
        claimsManager.setClaimHandlers(Collections.singletonList(ldapClaimsHandler));
        String property = props.getProperty("binaryClaimUser");
        Assert.assertNotNull(property, "Property 'binaryClaimUser' not configured");
        ClaimCollection createRequestClaimCollection = createRequestClaimCollection();
        Claim claim = new Claim();
        claim.setClaimType("http://custom/x509");
        claim.setOptional(true);
        createRequestClaimCollection.add(claim);
        ArrayList arrayList = new ArrayList();
        arrayList.add(ClaimTypes.FIRSTNAME.toString());
        arrayList.add(ClaimTypes.LASTNAME.toString());
        arrayList.add(ClaimTypes.EMAILADDRESS.toString());
        arrayList.add("http://custom/x509");
        ClaimsParameters claimsParameters = new ClaimsParameters();
        claimsParameters.setPrincipal(new CustomTokenPrincipal(property));
        ProcessedClaimCollection retrieveClaimValues = claimsManager.retrieveClaimValues(createRequestClaimCollection, claimsParameters);
        Assert.assertTrue("Retrieved number of claims [" + retrieveClaimValues.size() + "] doesn't match with expected [" + arrayList.size() + "]", retrieveClaimValues.size() == arrayList.size());
        boolean z = false;
        Iterator it = retrieveClaimValues.iterator();
        while (it.hasNext()) {
            ProcessedClaim processedClaim = (ProcessedClaim) it.next();
            if ("http://custom/x509".equals(processedClaim.getClaimType())) {
                z = true;
                Assert.assertTrue(processedClaim.getValues().get(0) instanceof byte[]);
                Assert.assertNotNull((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream((byte[]) processedClaim.getValues().get(0))));
            }
        }
        Assert.assertTrue(z);
    }

    @Test
    public void testRetrieveRolesForAlice() throws Exception {
        LdapGroupClaimsHandler ldapGroupClaimsHandler = (LdapGroupClaimsHandler) this.appContext.getBean("testGroupClaimsHandler");
        ClaimsManager claimsManager = new ClaimsManager();
        claimsManager.setClaimHandlers(Collections.singletonList(ldapGroupClaimsHandler));
        String property = props.getProperty("claimUser");
        Assert.assertNotNull(property, "Property 'claimUser' not configured");
        ClaimCollection claimCollection = new ClaimCollection();
        Claim claim = new Claim();
        claim.setClaimType("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
        claimCollection.add(claim);
        ClaimsParameters claimsParameters = new ClaimsParameters();
        claimsParameters.setPrincipal(new CustomTokenPrincipal(property));
        ProcessedClaimCollection retrieveClaimValues = claimsManager.retrieveClaimValues(claimCollection, claimsParameters);
        Assert.assertTrue(retrieveClaimValues.size() == 1);
        Assert.assertEquals(((ProcessedClaim) retrieveClaimValues.get(0)).getClaimType(), "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
        Assert.assertTrue(((ProcessedClaim) retrieveClaimValues.get(0)).getValues().size() == 2);
    }

    @Test
    public void testRetrieveRolesForAliceUsingLDAPLookup() throws Exception {
        LdapGroupClaimsHandler ldapGroupClaimsHandler = (LdapGroupClaimsHandler) this.appContext.getBean("testGroupClaimsHandler");
        ClaimsManager claimsManager = new ClaimsManager();
        claimsManager.setClaimHandlers(Collections.singletonList(ldapGroupClaimsHandler));
        ClaimCollection claimCollection = new ClaimCollection();
        Claim claim = new Claim();
        claim.setClaimType("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
        claimCollection.add(claim);
        ClaimsParameters claimsParameters = new ClaimsParameters();
        claimsParameters.setPrincipal(new CustomTokenPrincipal("cn=alice,ou=users,dc=example,dc=com"));
        ProcessedClaimCollection retrieveClaimValues = claimsManager.retrieveClaimValues(claimCollection, claimsParameters);
        Assert.assertTrue(retrieveClaimValues.size() == 1);
        Assert.assertEquals(((ProcessedClaim) retrieveClaimValues.get(0)).getClaimType(), "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
        Assert.assertTrue(((ProcessedClaim) retrieveClaimValues.get(0)).getValues().size() == 2);
    }

    @Test
    public void testRetrieveRolesForBob() throws Exception {
        LdapGroupClaimsHandler ldapGroupClaimsHandler = (LdapGroupClaimsHandler) this.appContext.getBean("testGroupClaimsHandlerOtherUsers");
        ClaimsManager claimsManager = new ClaimsManager();
        claimsManager.setClaimHandlers(Collections.singletonList(ldapGroupClaimsHandler));
        String property = props.getProperty("otherClaimUser");
        Assert.assertNotNull(property, "Property 'claimUser' not configured");
        ClaimCollection claimCollection = new ClaimCollection();
        Claim claim = new Claim();
        claim.setClaimType("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
        claimCollection.add(claim);
        ClaimsParameters claimsParameters = new ClaimsParameters();
        claimsParameters.setPrincipal(new CustomTokenPrincipal(property));
        ProcessedClaimCollection retrieveClaimValues = claimsManager.retrieveClaimValues(claimCollection, claimsParameters);
        Assert.assertTrue(retrieveClaimValues.size() == 1);
        Assert.assertEquals(((ProcessedClaim) retrieveClaimValues.get(0)).getClaimType(), "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
        Assert.assertTrue(((ProcessedClaim) retrieveClaimValues.get(0)).getValues().size() == 2);
    }

    @Test
    public void testRetrieveRolesForBobInBusinessCategoryWidgets() throws Exception {
        LdapGroupClaimsHandler ldapGroupClaimsHandler = (LdapGroupClaimsHandler) this.appContext.getBean("testGroupClaimsHandlerFilter");
        ClaimsManager claimsManager = new ClaimsManager();
        claimsManager.setClaimHandlers(Collections.singletonList(ldapGroupClaimsHandler));
        String property = props.getProperty("otherClaimUser");
        Assert.assertNotNull(property, "Property 'claimUser' not configured");
        ClaimCollection claimCollection = new ClaimCollection();
        Claim claim = new Claim();
        claim.setClaimType("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
        claimCollection.add(claim);
        ClaimsParameters claimsParameters = new ClaimsParameters();
        claimsParameters.setPrincipal(new CustomTokenPrincipal(property));
        ProcessedClaimCollection retrieveClaimValues = claimsManager.retrieveClaimValues(claimCollection, claimsParameters);
        Assert.assertTrue(retrieveClaimValues.size() == 1);
        Assert.assertEquals(((ProcessedClaim) retrieveClaimValues.get(0)).getClaimType(), "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
        Assert.assertTrue(((ProcessedClaim) retrieveClaimValues.get(0)).getValues().size() == 1);
    }

    private ClaimCollection createRequestClaimCollection() {
        ClaimCollection claimCollection = new ClaimCollection();
        Claim claim = new Claim();
        claim.setClaimType(ClaimTypes.FIRSTNAME);
        claim.setOptional(true);
        claimCollection.add(claim);
        Claim claim2 = new Claim();
        claim2.setClaimType(ClaimTypes.LASTNAME);
        claim2.setOptional(true);
        claimCollection.add(claim2);
        Claim claim3 = new Claim();
        claim3.setClaimType(ClaimTypes.EMAILADDRESS);
        claim3.setOptional(true);
        claimCollection.add(claim3);
        return claimCollection;
    }
}
