package org.apache.nifi.processors.standard.http;

import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import javax.security.auth.x500.X500Principal;
import javax.servlet.http.HttpServletRequest;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.ArgumentMatchers;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:org/apache/nifi/processors/standard/http/HandleHttpRequestCertificateAttributesProviderTest.class */
class HandleHttpRequestCertificateAttributesProviderTest {
    private static final String RFC_822_NAME_GENERAL_NAME = "rfc822Name";
    private static final String DNS_NAME_GENERAL_NAME = "dNSName";
    private static final String EMAIL_ADDRESS = "username@localhost.localdomain";
    private static final String DNS_NAME = "localhost.localdomain";
    private static final String FIRST_SAN_NAME_ATTRIBUTE_KEY = "http.certificate.sans.0.name";
    private static final String FIRST_SAN_NAME_TYPE_ATTRIBUTE_KEY = "http.certificate.sans.0.nameType";
    private static final String SECOND_SAN_NAME_ATTRIBUTE_KEY = "http.certificate.sans.1.name";
    private static final String SECOND_SAN_NAME_TYPE_ATTRIBUTE_KEY = "http.certificate.sans.1.nameType";
    private static final String PARSING_EXCEPTION_MESSAGE = "SAN parsing failed";

    @Mock
    private HttpServletRequest request;

    @Mock
    private X509Certificate certificate;
    private HandleHttpRequestCertificateAttributesProvider provider;
    private static final String SUBJECT_FORMATTED = "CN=subject, OU=users";
    private static final X500Principal SUBJECT_PRINCIPAL = new X500Principal(SUBJECT_FORMATTED);
    private static final String ISSUER_FORMATTED = "CN=issuer, OU=authorities";
    private static final X500Principal ISSUER_PRINCIPAL = new X500Principal(ISSUER_FORMATTED);
    private static final Integer RFC_822_NAME_TYPE = 1;
    private static final Integer DNS_NAME_TYPE = 2;

    HandleHttpRequestCertificateAttributesProviderTest() {
    }

    @BeforeEach
    void setProvider() {
        this.provider = new HandleHttpRequestCertificateAttributesProvider();
    }

    @Test
    void testCertificatesNotFound() {
        Assertions.assertTrue(this.provider.getCertificateAttributes(this.request).isEmpty());
    }

    @Test
    void testCertificatesFound() {
        Mockito.when(this.request.getAttribute((String) ArgumentMatchers.eq("javax.servlet.request.X509Certificate"))).thenReturn(new X509Certificate[]{this.certificate});
        Mockito.when(this.certificate.getSubjectX500Principal()).thenReturn(SUBJECT_PRINCIPAL);
        Mockito.when(this.certificate.getIssuerX500Principal()).thenReturn(ISSUER_PRINCIPAL);
        assertSubjectIssuerFound(this.provider.getCertificateAttributes(this.request));
    }

    @Test
    void testCertificatesFoundParsingException() throws CertificateParsingException {
        Mockito.when(this.request.getAttribute((String) ArgumentMatchers.eq("javax.servlet.request.X509Certificate"))).thenReturn(new X509Certificate[]{this.certificate});
        Mockito.when(this.certificate.getSubjectX500Principal()).thenReturn(SUBJECT_PRINCIPAL);
        Mockito.when(this.certificate.getIssuerX500Principal()).thenReturn(ISSUER_PRINCIPAL);
        Mockito.when(this.certificate.getSubjectAlternativeNames()).thenThrow(new Throwable[]{new CertificateParsingException(PARSING_EXCEPTION_MESSAGE)});
        assertSubjectIssuerFound(this.provider.getCertificateAttributes(this.request));
    }

    @Test
    void testCertificateSubjectAlternativeNamesFound() throws CertificateParsingException {
        Mockito.when(this.request.getAttribute((String) ArgumentMatchers.eq("javax.servlet.request.X509Certificate"))).thenReturn(new X509Certificate[]{this.certificate});
        Mockito.when(this.certificate.getSubjectX500Principal()).thenReturn(SUBJECT_PRINCIPAL);
        Mockito.when(this.certificate.getIssuerX500Principal()).thenReturn(ISSUER_PRINCIPAL);
        ArrayList arrayList = new ArrayList();
        arrayList.add(Arrays.asList(RFC_822_NAME_TYPE, EMAIL_ADDRESS));
        arrayList.add(Arrays.asList(DNS_NAME_TYPE, DNS_NAME));
        Mockito.when(this.certificate.getSubjectAlternativeNames()).thenReturn(arrayList);
        Map<String, String> certificateAttributes = this.provider.getCertificateAttributes(this.request);
        assertSubjectIssuerFound(certificateAttributes);
        Assertions.assertEquals(certificateAttributes.get(FIRST_SAN_NAME_ATTRIBUTE_KEY), EMAIL_ADDRESS);
        Assertions.assertEquals(certificateAttributes.get(FIRST_SAN_NAME_TYPE_ATTRIBUTE_KEY), RFC_822_NAME_GENERAL_NAME);
        Assertions.assertEquals(certificateAttributes.get(SECOND_SAN_NAME_ATTRIBUTE_KEY), DNS_NAME);
        Assertions.assertEquals(certificateAttributes.get(SECOND_SAN_NAME_TYPE_ATTRIBUTE_KEY), DNS_NAME_GENERAL_NAME);
    }

    private void assertSubjectIssuerFound(Map<String, String> map) {
        Assertions.assertEquals(SUBJECT_FORMATTED, map.get(CertificateAttribute.HTTP_SUBJECT_DN.getName()));
        Assertions.assertEquals(ISSUER_FORMATTED, map.get(CertificateAttribute.HTTP_ISSUER_DN.getName()));
    }
}
