package org.apache.cxf.systest.ldap.xkms;

import java.net.URISyntaxException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.naming.NamingException;
import org.apache.cxf.testutil.common.AbstractClientServerTestBase;
import org.apache.cxf.xkms.handlers.Applications;
import org.apache.cxf.xkms.model.xkms.UseKeyWithType;
import org.apache.cxf.xkms.x509.repo.CertificateRepo;
import org.apache.cxf.xkms.x509.repo.ldap.LdapCertificateRepo;
import org.apache.cxf.xkms.x509.repo.ldap.LdapSchemaConfig;
import org.apache.cxf.xkms.x509.repo.ldap.LdapSearch;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;
import org.zapodot.junit.ldap.EmbeddedLdapRule;
import org.zapodot.junit.ldap.EmbeddedLdapRuleBuilder;

/* loaded from: input_file:org/apache/cxf/systest/ldap/xkms/LDAPCertificateRepoTest.class */
public class LDAPCertificateRepoTest {
    private static final String EXPECTED_SUBJECT_DN = "cn=dave,ou=users";
    private static final String EXPECTED_SUBJECT_DN2 = "cn=newuser,ou=users";
    private static final String EXPECTED_SERVICE_URI = "http://myservice.apache.org/MyServiceName";
    private static final String ROOT_DN = "dc=example,dc=com";

    @ClassRule
    public static EmbeddedLdapRule embeddedLdapRule = EmbeddedLdapRuleBuilder.newInstance().bindingToAddress("localhost").usingBindCredentials("ldap_su").usingBindDSN("UID=admin,DC=example,DC=com").usingDomainDsn(ROOT_DN).importingLdifs(new String[]{"ldap.ldif"}).build();

    @AfterClass
    public static void cleanup() throws Exception {
        AbstractClientServerTestBase.stopAllServers();
    }

    @Test
    public void testFindUserCert() throws URISyntaxException, NamingException, CertificateException {
        Assert.assertNotNull(createLdapCertificateRepo().findBySubjectDn(EXPECTED_SUBJECT_DN));
    }

    @Test
    public void testFindUserCertForNonExistentDn() throws URISyntaxException, NamingException, CertificateException {
        Assert.assertNull("Certificate should be null", createLdapCertificateRepo().findBySubjectDn("CN=wrong"));
    }

    @Test
    public void testFindUserCertViaUID() throws URISyntaxException, NamingException, CertificateException {
        Assert.assertNotNull(createLdapCertificateRepo().findBySubjectDn("dave"));
    }

    @Test
    public void testFindUserCertViaWrongUID() throws URISyntaxException, NamingException, CertificateException {
        Assert.assertNull("Certificate should be null", createLdapCertificateRepo().findBySubjectDn("wrong"));
    }

    @Test
    public void testSave() throws Exception {
        CertificateRepo createLdapCertificateRepo = createLdapCertificateRepo();
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(getClass().getResource("cert1.cer").openStream());
        Assert.assertNotNull(x509Certificate);
        UseKeyWithType useKeyWithType = new UseKeyWithType();
        useKeyWithType.setApplication(Applications.PKIX.getUri());
        useKeyWithType.setIdentifier(EXPECTED_SUBJECT_DN2);
        createLdapCertificateRepo.saveCertificate(x509Certificate, useKeyWithType);
        Assert.assertNotNull(createLdapCertificateRepo.findBySubjectDn(EXPECTED_SUBJECT_DN2));
    }

    @Test
    public void testSaveServiceCert() throws Exception {
        CertificateRepo createLdapCertificateRepo = createLdapCertificateRepo();
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(getClass().getResource("cert1.cer").openStream());
        Assert.assertNotNull(x509Certificate);
        UseKeyWithType useKeyWithType = new UseKeyWithType();
        useKeyWithType.setApplication(Applications.SERVICE_NAME.getUri());
        useKeyWithType.setIdentifier(EXPECTED_SERVICE_URI);
        createLdapCertificateRepo.saveCertificate(x509Certificate, useKeyWithType);
        Assert.assertNotNull(createLdapCertificateRepo.findByServiceName(EXPECTED_SERVICE_URI));
        Assert.assertNotNull(createLdapCertificateRepo.findByServiceName(x509Certificate.getSubjectX500Principal().getName()));
    }

    private CertificateRepo createLdapCertificateRepo() throws CertificateException {
        LdapSearch ldapSearch = new LdapSearch("ldap://localhost:" + embeddedLdapRule.embeddedServerPort(), "UID=admin,DC=example,DC=com", "ldap_su", 2);
        LdapSchemaConfig ldapSchemaConfig = new LdapSchemaConfig();
        ldapSchemaConfig.setAttrCrtBinary("userCertificate");
        return new LdapCertificateRepo(ldapSearch, ldapSchemaConfig, ROOT_DN);
    }
}
