package com.floragunn.dlic.auth.ldap;

import com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend;
import com.floragunn.searchguard.ssl.util.ExceptionUtils;
import com.floragunn.searchguard.user.AuthCredentials;
import java.io.File;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLDecoder;
import java.nio.file.Path;
import org.elasticsearch.common.settings.Settings;
import org.junit.Assert;
import org.junit.Ignore;
import org.junit.Test;

@Ignore
/* loaded from: input_file:com/floragunn/dlic/auth/ldap/LdapBackendTestClientCert.class */
public class LdapBackendTestClientCert {
    @Test
    public void testNoAuth() throws Exception {
        try {
            new LDAPAuthenticationBackend(Settings.builder().putList("hosts", new String[]{"localhost:636"}).put("usersearch", "(uid={0})").put("enable_ssl", true).put("searchguard.ssl.transport.truststore_filepath", "/Users/temp/search-guard-integration-tests/ldap/ssl-root-ca/truststore.jks").put("userbase", "ou=people,dc=example,dc=com").put("username_attribute", "uid").put("path.home", ".").build(), (Path) null).authenticate(AuthCredentials.forUser("ldap_hr_employee").password("ldap_hr_employee").build());
            Assert.fail();
        } catch (Exception e) {
            Assert.assertTrue(ExceptionUtils.getRootCause(e).getMessage(), ExceptionUtils.getRootCause(e).getMessage().contains("authentication required"));
        }
    }

    @Test
    public void testNoAuthX() throws Exception {
        try {
            new LDAPAuthenticationBackend(Settings.builder().putList("hosts", new String[]{"kdc.dummy.com:636"}).put("usersearch", "(uid={0})").put("enable_ssl", true).put("searchguard.ssl.transport.truststore_filepath", "/Users/temp/search-guard-integration-tests/ldap/ssl-root-ca/truststore.jks").put("verify_hostnames", false).put("userbase", "ou=people,dc=example,dc=com").put("username_attribute", "uid").put("path.home", ".").build(), (Path) null).authenticate(AuthCredentials.forUser("ldap_hr_employee").password("ldap_hr_employee").build());
            Assert.fail();
        } catch (Exception e) {
            Assert.assertTrue(ExceptionUtils.getRootCause(e).getMessage(), ExceptionUtils.getRootCause(e).getMessage().contains("authentication required"));
        }
    }

    @Test
    public void testNoAuthY() throws Exception {
        try {
            new LDAPAuthenticationBackend(Settings.builder().putList("hosts", new String[]{"kdc.dummy.com:636"}).put("usersearch", "(uid={0})").put("enable_ssl", true).put("searchguard.ssl.transport.truststore_filepath", "/Users/temp/search-guard-integration-tests/ldap/ssl-root-ca/wrong/truststore.jks").put("verify_hostnames", false).put("userbase", "ou=people,dc=example,dc=com").put("username_attribute", "uid").put("path.home", ".").build(), (Path) null).authenticate(AuthCredentials.forUser("ldap_hr_employee").password("ldap_hr_employee").build());
            Assert.fail();
        } catch (Exception e) {
            Assert.assertTrue(ExceptionUtils.getRootCause(e).getMessage(), ExceptionUtils.getRootCause(e).getMessage().contains("Unable to connect to any"));
        }
    }

    @Test
    public void testBindDnAuthLocalhost() throws Exception {
        LdapUser authenticate = new LDAPAuthenticationBackend(Settings.builder().putList("hosts", new String[]{"localhost:636"}).put("usersearch", "(uid={0})").put("enable_ssl", true).put("searchguard.ssl.transport.truststore_filepath", "/Users/temp/search-guard-integration-tests/ldap/ssl-root-ca/truststore.jks").put("userbase", "ou=people,dc=example,dc=com").put("username_attribute", "uid").put("bind_dn", "cn=ldapbinder,ou=people,dc=example,dc=com").put("password", "ldapbinder").put("path.home", ".").build(), (Path) null).authenticate(AuthCredentials.forUser("ldap_hr_employee").password("ldap_hr_employee").build());
        Assert.assertNotNull(authenticate);
        Assert.assertEquals("ldap_hr_employee", authenticate.getName());
    }

    @Test
    public void testLdapSslAuth() throws Exception {
        LdapUser authenticate = new LDAPAuthenticationBackend(Settings.builder().putList("hosts", new String[]{"localhost:636"}).put("usersearch", "(uid={0})").put("enable_ssl", true).put("searchguard.ssl.transport.keystore_filepath", "/Users/temp/search-guard-integration-tests/ldap/ssl-root-ca/spock-keystore.jks").put("searchguard.ssl.transport.truststore_filepath", "/Users/temp/search-guard-integration-tests/ldap/ssl-root-ca/truststore.jks").put("enable_ssl_client_auth", true).put("cert_alias", "spock").put("userbase", "ou=people,dc=example,dc=com").put("username_attribute", "uid").put("path.home", ".").build(), (Path) null).authenticate(AuthCredentials.forUser("ldap_hr_employee").password("ldap_hr_employee").build());
        Assert.assertNotNull(authenticate);
        Assert.assertEquals("ldap_hr_employee", authenticate.getName());
    }

    @Test
    public void testLdapSslAuthPem() throws Exception {
        LdapUser authenticate = new LDAPAuthenticationBackend(Settings.builder().putList("hosts", new String[]{"localhost:636"}).put("usersearch", "(uid={0})").put("enable_ssl", true).put("pemtrustedcas_filepath", "/Users/temp/search-guard-integration-tests/ldap/ssl-root-ca/ca/root-ca.pem").put("pemcert_filepath", "/Users/temp/search-guard-integration-tests/ldap/ssl-root-ca/spock.crtfull.pem").put("pemkey_filepath", "/Users/temp/search-guard-integration-tests/ldap/ssl-root-ca/spock.key.pem").put("enable_ssl_client_auth", true).put("userbase", "ou=people,dc=example,dc=com").put("username_attribute", "uid").put("path.home", ".").build(), (Path) null).authenticate(AuthCredentials.forUser("ldap_hr_employee").password("ldap_hr_employee").build());
        Assert.assertNotNull(authenticate);
        Assert.assertEquals("ldap_hr_employee", authenticate.getName());
    }

    @Test
    public void testLdapSslAuthNo() throws Exception {
        LdapUser authenticate = new LDAPAuthenticationBackend(Settings.builder().putList("hosts", new String[]{"localhost:636"}).put("usersearch", "(uid={0})").put("enable_ssl", true).put("searchguard.ssl.transport.keystore_filepath", "/Users/temp/search-guard-integration-tests/ldap/ssl-root-ca/kirk-keystore.jks").put("searchguard.ssl.transport.truststore_filepath", "/Users/temp/search-guard-integration-tests/ldap/ssl-root-ca/truststore.jks").put("enable_ssl_client_auth", true).put("cert_alias", "kirk").put("userbase", "ou=people,dc=example,dc=com").put("username_attribute", "uid").put("path.home", ".").build(), (Path) null).authenticate(AuthCredentials.forUser("ldap_hr_employee").password("ldap_hr_employee").build());
        Assert.assertNotNull(authenticate);
        Assert.assertEquals("ldap_hr_employee", authenticate.getName());
    }

    public void testLdapAuthenticationSSL() throws Exception {
        LdapUser authenticate = new LDAPAuthenticationBackend(Settings.builder().putList("hosts", new String[]{"kdc.dummy.com:636"}).put("usersearch", "(uid={0})").put("enable_ssl", true).put("searchguard.ssl.transport.truststore_filepath", "/Users/temp/search-guard-integration-tests/ldap/ssl-root-ca/truststore.jks").put("userbase", "ou=people,dc=example,dc=com").put("username_attribute", "uid").put("path.home", ".").build(), (Path) null).authenticate(AuthCredentials.forUser("ldap_hr_employee").password("ldap_hr_employee").build());
        Assert.assertNotNull(authenticate);
        Assert.assertEquals("ldap_hr_employee", authenticate.getName());
    }

    public static File getAbsoluteFilePathFromClassPath(String str) {
        URL resource = LdapBackendTestClientCert.class.getClassLoader().getResource(str);
        if (resource == null) {
            System.err.println("Failed to load " + str);
            return null;
        }
        try {
            File file = new File(URLDecoder.decode(resource.getFile(), "UTF-8"));
            if (file.exists() && file.canRead()) {
                return file;
            }
            System.err.println("Cannot read from {}, maybe the file does not exists? " + file.getAbsolutePath());
            return null;
        } catch (UnsupportedEncodingException e) {
            return null;
        }
    }

    static {
        System.setProperty("sg.display_lic_none", "true");
    }
}
