package org.opensaml.security.x509.tls.impl;

import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.opensaml.security.SecurityException;
import org.opensaml.security.trust.MockTrustEngine;
import org.opensaml.security.x509.X509Support;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/security/x509/tls/impl/ThreadLocalX509TrustManagerTest.class */
public class ThreadLocalX509TrustManagerTest {
    private ThreadLocalX509TrustManager trustManager = new ThreadLocalX509TrustManager();
    private X509Certificate[] chain;
    private CriteriaSet criteria;

    @BeforeClass
    public void beforeClass() throws CertificateException, IOException {
        InputStream resourceAsStream = getClass().getResourceAsStream("/data/certificate.pem");
        try {
            this.chain = (X509Certificate[]) X509Support.decodeCertificates(resourceAsStream).stream().toArray(i -> {
                return new X509Certificate[i];
            });
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @BeforeMethod
    public void beforeMethod() {
        ThreadLocalX509TrustEngineContext.clearCurrent();
        this.criteria = new CriteriaSet();
    }

    @AfterMethod
    public void afterMethod() {
        ThreadLocalX509TrustEngineContext.clearCurrent();
    }

    @Test
    public void trusted() throws CertificateException {
        ThreadLocalX509TrustEngineContext.loadCurrent(new MockTrustEngine(true), this.criteria, true);
        this.trustManager.checkServerTrusted(this.chain, "RSA");
        Assert.assertTrue(ThreadLocalX509TrustEngineContext.getTrusted().booleanValue());
    }

    @Test
    public void notTrusted() throws CertificateException {
        ThreadLocalX509TrustEngineContext.loadCurrent(new MockTrustEngine(false), this.criteria, true);
        try {
            this.trustManager.checkServerTrusted(this.chain, "RSA");
            Assert.fail("Trust manager should have thrown");
        } catch (CertificateException e) {
            Assert.assertFalse(ThreadLocalX509TrustEngineContext.getTrusted().booleanValue());
        }
    }

    @Test
    public void notTrustedNotFatal() throws CertificateException {
        ThreadLocalX509TrustEngineContext.loadCurrent(new MockTrustEngine(false), this.criteria, false);
        this.trustManager.checkServerTrusted(this.chain, "RSA");
        Assert.assertFalse(ThreadLocalX509TrustEngineContext.getTrusted().booleanValue());
    }

    @Test
    public void trustEngineThrowsSecurityException() throws CertificateException {
        ThreadLocalX509TrustEngineContext.loadCurrent(new MockTrustEngine(new SecurityException()), this.criteria, true);
        try {
            this.trustManager.checkServerTrusted(this.chain, "RSA");
            Assert.fail("Trust manager should have thrown");
        } catch (CertificateException e) {
            Assert.assertFalse(ThreadLocalX509TrustEngineContext.getTrusted().booleanValue());
        }
    }

    @Test
    public void trustEngineThrowsSecurityExceptionNotFatal() throws CertificateException {
        ThreadLocalX509TrustEngineContext.loadCurrent(new MockTrustEngine(new SecurityException()), this.criteria, false);
        this.trustManager.checkServerTrusted(this.chain, "RSA");
        Assert.assertFalse(ThreadLocalX509TrustEngineContext.getTrusted().booleanValue());
    }

    @Test
    public void trustEngineThrowsRuntimeException() throws CertificateException {
        ThreadLocalX509TrustEngineContext.loadCurrent(new MockTrustEngine(new RuntimeException()), this.criteria, true);
        try {
            this.trustManager.checkServerTrusted(this.chain, "RSA");
            Assert.fail("Trust manager should have thrown");
        } catch (CertificateException e) {
            Assert.assertFalse(ThreadLocalX509TrustEngineContext.getTrusted().booleanValue());
        }
    }

    @Test
    public void trustEngineThrowsRuntimeExceptionNotFatal() throws CertificateException {
        ThreadLocalX509TrustEngineContext.loadCurrent(new MockTrustEngine(new RuntimeException()), this.criteria, false);
        this.trustManager.checkServerTrusted(this.chain, "RSA");
        Assert.assertFalse(ThreadLocalX509TrustEngineContext.getTrusted().booleanValue());
    }

    @Test
    public void threadLocalNotLoaded() throws CertificateException {
        try {
            this.trustManager.checkServerTrusted(this.chain, "RSA");
            Assert.fail("Trust manager should have thrown");
        } catch (CertificateException e) {
            Assert.assertNull(ThreadLocalX509TrustEngineContext.getTrusted());
        }
    }

    @Test(expectedExceptions = {IllegalArgumentException.class})
    public void nullChain() throws CertificateException {
        ThreadLocalX509TrustEngineContext.loadCurrent(new MockTrustEngine(true), this.criteria, true);
        this.trustManager.checkServerTrusted((X509Certificate[]) null, "RSA");
    }

    @Test(expectedExceptions = {IllegalArgumentException.class})
    public void emptyChain() throws CertificateException {
        ThreadLocalX509TrustEngineContext.loadCurrent(new MockTrustEngine(true), this.criteria, true);
        this.trustManager.checkServerTrusted(new X509Certificate[0], "RSA");
    }

    @Test(expectedExceptions = {IllegalArgumentException.class})
    public void nullAuthType() throws CertificateException {
        ThreadLocalX509TrustEngineContext.loadCurrent(new MockTrustEngine(true), this.criteria, true);
        this.trustManager.checkServerTrusted(this.chain, (String) null);
    }

    @Test(expectedExceptions = {IllegalArgumentException.class})
    public void emptyAuthType() throws CertificateException {
        ThreadLocalX509TrustEngineContext.loadCurrent(new MockTrustEngine(true), this.criteria, true);
        this.trustManager.checkServerTrusted(this.chain, "");
    }
}
