package org.opensaml.xml.security.x509.tls;

import java.util.ArrayList;
import java.util.LinkedList;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import javax.security.auth.x500.X500Principal;
import junit.framework.Assert;
import junit.framework.TestCase;
import org.opensaml.xml.security.x509.X509Util;

/* loaded from: input_file:org/opensaml/xml/security/x509/tls/StrictHostnameVerifierTest.class */
public class StrictHostnameVerifierTest extends TestCase {
    private HostnameVerifier verifier;

    public void setUp() {
        this.verifier = new StrictHostnameVerifier();
    }

    public void testSuccessDN() {
        Assert.assertTrue(this.verifier.verify("foo.example.org", buildSSLSession("foo.example.org", "cn=foo.example.org, O=SomeOrg", new String[0])));
    }

    public void testFailureDN() {
        Assert.assertFalse(this.verifier.verify("foo.example.org", buildSSLSession("foo.example.org", "cn=notfoo.example.org, O=SomeOrg", new String[0])));
    }

    public void testSuccessAltnames() {
        Assert.assertTrue(this.verifier.verify("foo.example.org", buildSSLSession("foo.example.org", "cn=notfoo.example.org, O=SomeOrg", "www.example.org", "foo.example.org")));
    }

    public void testFailureAltnames() {
        Assert.assertFalse(this.verifier.verify("foo.example.org", buildSSLSession("foo.example.org", "cn=notfoo.example.org, O=SomeOrg", "www.example.org")));
    }

    public void testSuccessDNWildcard() {
        Assert.assertTrue(this.verifier.verify("foo.example.org", buildSSLSession("foo.example.org", "cn=*.example.org, O=SomeOrg", new String[0])));
    }

    public void testFailureDNWildcard() {
        Assert.assertFalse(this.verifier.verify("foo.subdomain.example.org", buildSSLSession("foo.subdomain.example.org", "cn=*.example.org, O=SomeOrg", new String[0])));
    }

    public void testSuccessAltnameWildcard() {
        Assert.assertTrue(this.verifier.verify("foo.example.org", buildSSLSession("foo.example.org", "cn=notfoo.example.org, O=SomeOrg", "*.example.org")));
    }

    public void testFailureAltnameWildcard() {
        Assert.assertFalse(this.verifier.verify("foo.subdomain.example.org", buildSSLSession("foo.subdomain.example.org", "cn=notfoo.example.org, O=SomeOrg", "*.example.org")));
    }

    public void testMultipleCNsInDN() {
        Assert.assertTrue(this.verifier.verify("foo.example.org", buildSSLSession("foo.example.org", "cn=foo.example.org, cn=other1.example.org, cn=other2.example.org, o=SomeOrg", new String[0])));
        Assert.assertTrue(this.verifier.verify("foo.example.org", buildSSLSession("foo.example.org", "cn=foo.example.org, cn=WebServers, cn=Hosts, o=SomeOrg", new String[0])));
        Assert.assertFalse(this.verifier.verify("foo.example.org", buildSSLSession("foo.example.org", "cn=other1.example.org, cn=foo.example.org, cn=other2.example.org, o=SomeOrg", new String[0])));
        Assert.assertFalse(this.verifier.verify("foo.example.org", buildSSLSession("foo.example.org", "cn=other1.example.org, cn=other2.example.org, cn=foo.example.org, o=SomeOrg", new String[0])));
    }

    public void testMaliciousDNs() {
        Assert.assertFalse(this.verifier.verify("www.apache.org", buildSSLSession("www.apache.org", "cn=foo.example.org, o=foo \\,cn=www.apache.org", new String[0])));
        Assert.assertFalse(this.verifier.verify("www.apache.org", buildSSLSession("www.apache.org", "cn=foo.example.org, o=cn=www.apache.org\\, foo", new String[0])));
    }

    private SSLSession buildSSLSession(String str, String str2, String... strArr) {
        X500Principal x500Principal = new X500Principal(str2);
        LinkedList linkedList = null;
        if (strArr.length > 0) {
            linkedList = new LinkedList();
            for (String str3 : strArr) {
                ArrayList arrayList = new ArrayList(2);
                arrayList.add(0, X509Util.DNS_ALT_NAME);
                arrayList.add(1, str3);
                linkedList.add(arrayList);
            }
        }
        return new MockSSLSession(new MockX509Certificate(x500Principal, linkedList), str);
    }
}
