package com.ibm.ws.security.wim.adapter.ldap.fat;

import com.ibm.websphere.simplicity.RemoteFile;
import com.ibm.websphere.simplicity.log.Log;
import com.ibm.ws.webcontainer.security.test.servlets.ClientCertAuthClient;
import componenttest.annotation.AllowedFFDC;
import componenttest.custom.junit.runner.FATRunner;
import componenttest.custom.junit.runner.Mode;
import componenttest.topology.impl.LibertyServer;
import componenttest.topology.impl.LibertyServerFactory;
import componenttest.topology.utils.LDAPUtils;
import java.io.File;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(FATRunner.class)
@Mode(Mode.TestMode.LITE)
/* loaded from: input_file:com/ibm/ws/security/wim/adapter/ldap/fat/CertificateLoginTest.class */
public class CertificateLoginTest {
    private static ClientCertAuthClient client;
    protected static final String CLIENT_CERT_SERVLET = "ClientCertServlet";
    protected static final String ksPassword = "security";
    protected static final String AUTH_TYPE_CERT = "CLIENT_CERT";
    protected static final String user1CertFile = "LDAPUser1.jks";
    protected static final String user2CertFile = "LDAPUser2.jks";
    protected static final String user5CertFile = "LDAPUser5.jks";
    protected static final String employeeUser = "LDAPUser1";
    protected static final String user1InvalidCertFile = "LDAPUser1Invalid.jks";
    protected static final String EXACT_DN_SERVER_XML = "clientCertExactDN.xml";
    protected static final String INVALID_FILTER_SERVER_XML = "clientCertInvalidFilter.xml";
    protected static final String COMPLEX_FILTERS_SERVER_XML = "clientCertComplexFilter.xml";
    protected static final String NON_MATCHING_FILTER_SERVER_XML = "clientCertNonMatchingFilter.xml";
    protected static final String MULTIPLE_LDAP_SERVER_XML = "clientCertMultipleLDAP.xml";
    private static LibertyServer myServer = LibertyServerFactory.getLibertyServer("com.ibm.ws.security.wim.adapter.ldap.fat.tds.certlogin");
    private static final Class<?> c = CertificateLoginTest.class;
    protected static final String DEFAULT_CONFIG_FILE = "clientcert.server.xml";
    protected static String serverConfigurationFile = DEFAULT_CONFIG_FILE;

    @BeforeClass
    public static void setUp() throws Exception {
        LDAPUtils.addLDAPVariables(myServer);
        Log.info(c, "setUp", "Starting the server... ");
        myServer.addInstalledAppForValidation("clientcert");
        myServer.startServer(true);
        Assert.assertNotNull("FeatureManager did not report update was complete", myServer.waitForStringInLog("CWWKF0008I"));
        Assert.assertNotNull("Security service did not report it was ready", myServer.waitForStringInLog("CWWKS0008I"));
        Assert.assertNotNull("The application did not report is was started", myServer.waitForStringInLog("CWWKZ0001I"));
        Assert.assertNotNull("We need to wait for the SSL port to be open", myServer.waitForStringInLog("CWWKO0219I:.*defaultHttpEndpoint-ssl"));
        Assert.assertNotNull("Server did not came up", myServer.waitForStringInLog("CWWKF0011I"));
    }

    @AfterClass
    public static void tearDown() throws Exception {
        Log.info(c, "tearDown", "Stopping the server...");
        myServer.stopServer(new String[]{"CWIML4538E"});
    }

    private static ClientCertAuthClient setupClient(String str, boolean z) {
        if (z) {
            client = new ClientCertAuthClient(myServer.getHostname(), myServer.getHttpDefaultSecurePort(), true, myServer, CLIENT_CERT_SERVLET, "/clientcert", myServer.pathToAutoFVTTestFiles + File.separator + "clientcert" + File.separator + str, ksPassword);
        } else {
            client = new ClientCertAuthClient(myServer.getHostname(), myServer.getHttpDefaultSecurePort(), false, myServer, CLIENT_CERT_SERVLET, "/clientcert", (String) null, (String) null);
        }
        return client;
    }

    public void verifyProgrammaticAPIValues(String str, String str2, String str3) {
        Assert.assertTrue("Failed to find expected getAuthType: " + str, str2.contains("getAuthType: " + str3));
        Assert.assertTrue("Failed to find expected getRemoteUser: " + str, str2.contains("getRemoteUser: " + str));
        Assert.assertTrue("Failed to find expected getUserPrincipal: " + str, str2.contains("getUserPrincipal: WSPrincipal:" + str));
    }

    private static void setServerConfiguration(String str) throws Exception {
        if (serverConfigurationFile.equals(str)) {
            return;
        }
        myServer.setMarkToEndOfLog(new RemoteFile[]{myServer.getDefaultLogFile()});
        Log.info(c, "setServerConfiguration", "setServerConfigurationFile to : " + str);
        myServer.setServerConfigurationFile("/" + str);
        Log.info(c, "setServerConfiguration", "waitForStringInLogUsingMark: CWWKG0017I: The server configuration was successfully updated.");
        myServer.waitForStringInLogUsingMark("CWWKG0017I");
        serverConfigurationFile = str;
    }

    @Test
    public void testClientCert_SimpleCertificateFilter() throws Exception {
        Log.info(c, "testClientCert_SimpleCertificateFilter", "Entering test testClientCert_SimpleCertificateFilter");
        setServerConfiguration(DEFAULT_CONFIG_FILE);
        client = setupClient(user1CertFile, true);
        verifyProgrammaticAPIValues(employeeUser, client.access("/SimpleServlet", 200), AUTH_TYPE_CERT);
        Log.info(c, "testClientCert_SimpleCertificateFilter", "Exiting test testClientCert_SimpleCertificateFilter");
    }

    @Test
    public void testClientCert_ExactDN() throws Exception {
        Log.info(c, "testClientCert_ExactDN", "Entering test testClientCert_ExactDN");
        setServerConfiguration(EXACT_DN_SERVER_XML);
        client = setupClient(user1CertFile, true);
        verifyProgrammaticAPIValues(employeeUser, client.access("/SimpleServlet", 200), AUTH_TYPE_CERT);
        Log.info(c, "testClientCert_ExactDN", "Exiting test testClientCert_ExactDN");
    }

    @Test
    @AllowedFFDC({"com.ibm.ws.security.registry.RegistryException"})
    public void testClientCert_ExactDNWithCNOnly() throws Exception {
        Log.info(c, "testClientCert_ExactDNWithCNOnly", "Entering test testClientCert_ExactDNWithCNOnly");
        setServerConfiguration(EXACT_DN_SERVER_XML);
        client = setupClient(user2CertFile, true);
        client.access("/SimpleServlet", 401);
        Log.info(c, "testClientCert_ExactDNWithCNOnly", "Exiting test testClientCert_ExactDNWithCNOnly");
    }

    @Test
    public void testClientCert_CertificateNotAuthorized() throws Exception {
        Log.info(c, "testClientCert_CertificateNotAuthorized", "Entering test testClientCert_CertificateNotAuthorized");
        setServerConfiguration(DEFAULT_CONFIG_FILE);
        client = setupClient(user5CertFile, true);
        client.access("/SimpleServlet", 403);
        Log.info(c, "testClientCert_CertificateNotAuthorized", "Exiting test testClientCert_CertificateNotAuthorized");
    }

    @Test
    @AllowedFFDC({"com.ibm.ws.security.registry.RegistryException"})
    public void testClientCert_InvalidFilter() throws Exception {
        Log.info(c, "testClientCert_InvalidFilter", "Entering test testClientCert_InvalidFilter");
        setServerConfiguration(INVALID_FILTER_SERVER_XML);
        client = setupClient(user1CertFile, true);
        client.access("/SimpleServlet", 403);
        Log.info(c, "testClientCert_InvalidFilter", "Exiting test testClientCert_InvalidFilter");
    }

    @Test
    public void testClientCert_ComplexFilters() throws Exception {
        Log.info(c, "testClientCert_ComplexFilters", "Entering test testClientCert_ComplexFilters");
        setServerConfiguration(COMPLEX_FILTERS_SERVER_XML);
        client = setupClient(user1CertFile, true);
        verifyProgrammaticAPIValues(employeeUser, client.access("/SimpleServlet", 200), AUTH_TYPE_CERT);
        Log.info(c, "testClientCert_ComplexFilters", "Exiting test testClientCert_ComplexFilters");
    }

    @Test
    @AllowedFFDC({"com.ibm.ws.security.registry.RegistryException"})
    public void testClientCert_InvalidDNInCertAndValidFilter() throws Exception {
        Log.info(c, "testClientCert_InvalidDNInCertAndValidFilter", "Entering test testClientCert_InvalidDNInCertAndValidFilter");
        setServerConfiguration(NON_MATCHING_FILTER_SERVER_XML);
        client = setupClient(user1InvalidCertFile, true);
        client.access("/SimpleServlet", 403);
        myServer.waitForStringInLog("CWIML4537E:", 2000L);
        Log.info(c, "testClientCert_InvalidDNInCertAndValidFilter", "Exiting test testClientCert_InvalidDNInCertAndValidFilter");
    }

    @Test
    @AllowedFFDC({"com.ibm.ws.security.registry.RegistryException"})
    public void testClientCert_MultipleLDAPServers() throws Exception {
        Log.info(c, "testClientCert_MultipleLDAPServers", "Entering test testClientCert_MultipleLDAPServers");
        setServerConfiguration(MULTIPLE_LDAP_SERVER_XML);
        client = setupClient(user1CertFile, true);
        client.access("/SimpleServlet", 403);
        myServer.waitForStringInLog("CWIML4538E:");
        Log.info(c, "testClientCert_MultipleLDAPServers", "Exiting test testClientCert_MultipleLDAPServers");
    }
}
