package org.keycloak.authentication.x509;

import java.nio.charset.Charset;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.function.Function;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.common.crypto.CryptoIntegration;
import org.keycloak.common.util.PemUtils;
import org.keycloak.common.util.StreamUtil;
import org.keycloak.rule.CryptoInitRule;

/* loaded from: input_file:org/keycloak/authentication/x509/CertificateIdentityExtractorTest.class */
public abstract class CertificateIdentityExtractorTest {
    private static final String UPN_CERT_PATH = "/certs/UPN-cert.pem";
    private static final String ANS_CERT_PATH = "/certs/ANS-cert.pem";

    @ClassRule
    public static CryptoInitRule cryptoInitRule = new CryptoInitRule();
    private static final Function<X509Certificate[], Principal> subject = x509CertificateArr -> {
        return x509CertificateArr[0].getSubjectX500Principal();
    };

    @Test
    public void testExtractsCertInPemFormat() throws Exception {
        X509Certificate certificate = getCertificate(UPN_CERT_PATH);
        Assert.assertEquals(PemUtils.encodeCertificate(certificate), (String) CryptoIntegration.getProvider().getIdentityExtractorProvider().getCertificatePemIdentityExtractor().extractUserIdentity(new X509Certificate[]{certificate}));
    }

    @Test
    public void testExtractsCertInSubjectDNFormat() throws Exception {
        Assert.assertEquals("Test User", (String) CryptoIntegration.getProvider().getIdentityExtractorProvider().getX500NameExtractor("CN", x509CertificateArr -> {
            return x509CertificateArr[0].getSubjectX500Principal();
        }).extractUserIdentity(new X509Certificate[]{getCertificate(UPN_CERT_PATH)}));
    }

    @Test
    public void testX509SubjectAltName_otherName() throws Exception {
        Assert.assertEquals("test-user@some-company-domain", CryptoIntegration.getProvider().getIdentityExtractorProvider().getSubjectAltNameExtractor(0).extractUserIdentity(new X509Certificate[]{getCertificate(UPN_CERT_PATH)}));
    }

    @Test
    public void testX509SubjectAltName_email() throws Exception {
        Assert.assertEquals("test@somecompany.com", CryptoIntegration.getProvider().getIdentityExtractorProvider().getSubjectAltNameExtractor(1).extractUserIdentity(new X509Certificate[]{getCertificate(UPN_CERT_PATH)}));
    }

    private X509Certificate getCertificate(String str) throws Exception {
        return PemUtils.decodeCertificate(StreamUtil.readString(getClass().getResourceAsStream(str), Charset.defaultCharset()));
    }

    @Test
    public void testX509SubjectCommonName() throws Exception {
        Assert.assertEquals("899700252580", CryptoIntegration.getProvider().getIdentityExtractorProvider().getX500NameExtractor("CN", subject).extractUserIdentity(new X509Certificate[]{getCertificate(ANS_CERT_PATH)}));
    }
}
