package org.apache.directory.server.ldap.handlers.sasl.external;

import java.io.ByteArrayInputStream;
import java.io.FileOutputStream;
import java.net.InetAddress;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Date;
import java.util.Hashtable;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
import org.apache.directory.api.ldap.model.entry.DefaultModification;
import org.apache.directory.api.ldap.model.entry.Modification;
import org.apache.directory.api.ldap.model.entry.ModificationOperation;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.Network;
import org.apache.directory.ldap.client.api.NoVerificationTrustManager;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.annotations.SaslMechanism;
import org.apache.directory.server.core.annotations.ApplyLdifs;
import org.apache.directory.server.core.annotations.ContextEntry;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.annotations.CreateIndex;
import org.apache.directory.server.core.annotations.CreatePartition;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.ApacheDSTestExtension;
import org.apache.directory.server.core.security.TlsKeyGenerator;
import org.apache.directory.server.ldap.handlers.sasl.external.certificate.CertificateMechanismHandler;
import org.apache.directory.server.ssl.ClientCertificateSslSocketFactory;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;

@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAPS", clientAuth = true)}, saslMechanisms = {@SaslMechanism(name = "EXTERNAL", implClass = CertificateMechanismHandler.class)}, trustManagers = {NoVerificationTrustManager.class})
@ExtendWith({ApacheDSTestExtension.class})
@CreateDS(allowAnonAccess = true, name = "ClientCertificateAuthenticationIT-class", partitions = {@CreatePartition(name = "example", suffix = "dc=example,dc=com", contextEntry = @ContextEntry(entryLdif = "dn: dc=example,dc=com\ndc: example\nobjectClass: top\nobjectClass: domain\n\n"), indexes = {@CreateIndex(attribute = "objectClass"), @CreateIndex(attribute = "dc"), @CreateIndex(attribute = "ou")})})
@ApplyLdifs({"dn: ou=users,dc=example,dc=com", "objectClass: organizationalUnit", "objectClass: top", "ou: users\n", "dn: uid=testsubject,ou=users,dc=example,dc=com", "objectClass: inetOrgPerson", "objectClass: organizationalPerson", "objectClass: person", "objectClass: top", "uid: testsubject", "userPassword: not_set", "cn: Test Subject", "sn: Subject"})
/* loaded from: input_file:org/apache/directory/server/ldap/handlers/sasl/external/ClientCertificateAuthenticationIT.class */
public class ClientCertificateAuthenticationIT extends AbstractLdapTestUnit {
    private Dn authenticationUserDn;

    /* JADX WARN: Type inference failed for: r4v5, types: [byte[], byte[][]] */
    @BeforeEach
    public void installKeyStoreWithCertificate() throws Exception {
        this.authenticationUserDn = new Dn(new String[]{"uid=testsubject,ou=users,dc=example,dc=com"});
        String str = "CN=" + InetAddress.getLocalHost().getHostName();
        Date date = new Date();
        Date date2 = new Date(System.currentTimeMillis() + 31536000000L);
        DefaultEntry defaultEntry = new DefaultEntry();
        TlsKeyGenerator.addKeyPair(defaultEntry, "CN=ApacheDS,OU=Directory, O=ASF, C=US", str, date, date2, "RSA", 2048, (PrivateKey) null, false);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(TlsKeyGenerator.getCertificate(defaultEntry).getEncoded());
        Throwable th = null;
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(ClientCertificateSslSocketFactory.ksFile);
            Throwable th2 = null;
            try {
                try {
                    Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(null, null);
                    keyStore.setKeyEntry("apacheds", TlsKeyGenerator.getKeyPair(defaultEntry).getPrivate(), ClientCertificateSslSocketFactory.ksPassword, new Certificate[]{generateCertificate});
                    keyStore.store(fileOutputStream, ClientCertificateSslSocketFactory.ksPassword);
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                    getLdapServer().getDirectoryService().getAdminSession().modify(new Dn(new String[]{"uid=testsubject,ou=users,dc=example,dc=com"}), new Modification[]{new DefaultModification(ModificationOperation.ADD_ATTRIBUTE, "userCertificate", (byte[][]) new byte[]{defaultEntry.get("userCertificate").getBytes()})});
                } finally {
                }
            } catch (Throwable th4) {
                if (fileOutputStream != null) {
                    if (th2 != null) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (byteArrayInputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
        }
    }

    @AfterEach
    public void teardown() throws Exception {
        if (ClientCertificateSslSocketFactory.ksFile == null || !ClientCertificateSslSocketFactory.ksFile.exists()) {
            return;
        }
        ClientCertificateSslSocketFactory.ksFile.delete();
    }

    @Test
    public void testExternalClientCertificateAuthentication() throws Exception {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", Network.ldapLoopbackUrl(getLdapServer().getPortSSL()));
        hashtable.put("java.naming.security.protocol", "ssl");
        hashtable.put("java.naming.ldap.factory.socket", ClientCertificateSslSocketFactory.class.getName());
        hashtable.put("java.naming.security.authentication", "EXTERNAL");
        InitialDirContext initialDirContext = new InitialDirContext(hashtable);
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(0);
            Assertions.assertTrue(initialDirContext.search("dc=example,dc=com", "(objectClass=*)", searchControls).hasMore());
            Assertions.assertEquals(this.authenticationUserDn.getName(), getLdapServer().getLdapSessionManager().getSessions()[0].getCoreSession().getAuthenticatedPrincipal().getDn().getName());
            initialDirContext.close();
        } catch (Throwable th) {
            initialDirContext.close();
            throw th;
        }
    }
}
