package org.apereo.cas.adaptors.x509.authentication.ldap;

import java.net.URI;
import java.net.URL;
import java.security.cert.CertificateException;
import org.apereo.cas.adaptors.ldap.LdapIntegrationTestsOperations;
import org.apereo.cas.adaptors.x509.authentication.CRLFetcher;
import org.apereo.cas.adaptors.x509.authentication.handler.support.AbstractX509LdapTests;
import org.apereo.cas.adaptors.x509.authentication.revocation.checker.CRLDistributionPointRevocationChecker;
import org.apereo.cas.adaptors.x509.authentication.revocation.policy.AllowRevocationPolicy;
import org.apereo.cas.adaptors.x509.authentication.revocation.policy.RevocationPolicy;
import org.apereo.cas.util.crypto.CertUtils;
import org.ehcache.UserManagedCache;
import org.ehcache.config.builders.ResourcePoolsBuilder;
import org.ehcache.config.builders.UserManagedCacheBuilder;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.test.context.TestPropertySource;

@Tag("Ldap")
/* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/ldap/LdaptiveResourceCRLFetcherTests.class */
public class LdaptiveResourceCRLFetcherTests {
    private static final int LDAP_PORT = 1389;

    @Tag("Ldap")
    @Nested
    /* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/ldap/LdaptiveResourceCRLFetcherTests$DefaultFetchFromLdap.class */
    public class DefaultFetchFromLdap extends BaseX509LdapResourceFetcherTests {

        @Autowired
        @Qualifier("crlFetcher")
        private CRLFetcher fetcher;

        public DefaultFetchFromLdap() {
        }

        @Test
        public void verifyResourceFromResourceUrl() throws Exception {
            Resource resource = (Resource) Mockito.mock(Resource.class);
            Mockito.when(resource.toString()).thenReturn("ldap://localhost:1389");
            Assertions.assertNotNull(this.fetcher.fetch(resource));
            Assertions.assertNotNull(this.fetcher.fetch(new URI("ldap://localhost:1389")));
            URL url = (URL) Mockito.mock(URL.class);
            Mockito.when(url.toString()).thenReturn("ldap://localhost:1389");
            Mockito.when(url.getProtocol()).thenReturn("ldap");
            Assertions.assertNotNull(this.fetcher.fetch(url));
            Assertions.assertNotNull(this.fetcher.fetch("ldap://localhost:1389"));
        }

        @Test
        public void getCrlFromLdap() throws Exception {
            UserManagedCache<URI, byte[]> cache = getCache(100);
            for (int i = 0; i < 10; i++) {
                new CRLDistributionPointRevocationChecker(false, new AllowRevocationPolicy(), (RevocationPolicy) null, cache, this.fetcher, true).check(CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt")));
            }
        }

        @Test
        public void getCrlFromLdapWithNoCaching() throws Exception {
            for (int i = 0; i < 10; i++) {
                new CRLDistributionPointRevocationChecker(false, new AllowRevocationPolicy(), (RevocationPolicy) null, getCache(100), this.fetcher, true).check(CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt")));
            }
        }

        private UserManagedCache<URI, byte[]> getCache(int i) {
            return UserManagedCacheBuilder.newUserManagedCacheBuilder(URI.class, byte[].class).withResourcePools(ResourcePoolsBuilder.heap(i)).build();
        }
    }

    @Tag("Ldap")
    @Nested
    @TestPropertySource(properties = {"cas.authn.x509.ldap.certificate-attribute=cn"})
    /* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/ldap/LdaptiveResourceCRLFetcherTests$InvalidNonBinaryAttributeFetchFromLdap.class */
    public class InvalidNonBinaryAttributeFetchFromLdap extends BaseX509LdapResourceFetcherTests {

        @Autowired
        @Qualifier("crlFetcher")
        private CRLFetcher fetcher;

        public InvalidNonBinaryAttributeFetchFromLdap() {
        }

        @Test
        public void verifyResourceFromResourceUrl() throws Exception {
            Resource resource = (Resource) Mockito.mock(Resource.class);
            Mockito.when(resource.toString()).thenReturn("ldap://localhost:1389");
            Assertions.assertThrows(CertificateException.class, () -> {
                this.fetcher.fetch(resource);
            });
        }
    }

    @Tag("Ldap")
    @Nested
    @TestPropertySource(properties = {"cas.authn.x509.ldap.certificate-attribute=unknown"})
    /* loaded from: input_file:org/apereo/cas/adaptors/x509/authentication/ldap/LdaptiveResourceCRLFetcherTests$UnknownAttributeFetchFromLdap.class */
    public class UnknownAttributeFetchFromLdap extends BaseX509LdapResourceFetcherTests {

        @Autowired
        @Qualifier("crlFetcher")
        private CRLFetcher fetcher;

        public UnknownAttributeFetchFromLdap() {
        }

        @Test
        public void verifyResourceFromResourceUrl() throws Exception {
            Resource resource = (Resource) Mockito.mock(Resource.class);
            Mockito.when(resource.toString()).thenReturn("ldap://localhost:1389");
            Assertions.assertThrows(CertificateException.class, () -> {
                this.fetcher.fetch(resource);
            });
        }
    }

    @BeforeAll
    public static void bootstrapTests() throws Exception {
        LdapIntegrationTestsOperations.initDirectoryServer(LDAP_PORT);
        AbstractX509LdapTests.bootstrap(LDAP_PORT);
    }
}
