package io.undertow.test.security;

import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.impl.AuthenticationInfoToken;
import io.undertow.security.impl.DigestAlgorithm;
import io.undertow.security.impl.DigestAuthenticationMechanism;
import io.undertow.security.impl.DigestAuthorizationToken;
import io.undertow.security.impl.DigestWWWAuthenticateToken;
import io.undertow.security.impl.SimpleNonceManager;
import io.undertow.test.utils.DefaultServer;
import io.undertow.util.Headers;
import io.undertow.util.HexConverter;
import io.undertow.util.TestHttpClient;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.util.Collections;
import java.util.Map;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(DefaultServer.class)
/* loaded from: input_file:io/undertow/test/security/DigestAuthentication2069TestCase.class */
public class DigestAuthentication2069TestCase extends AuthenticationTestBase {
    private static final Charset UTF_8 = Charset.forName("UTF-8");
    private static final String REALM_NAME = "Digest_Realm";

    @Override // io.undertow.test.security.AuthenticationTestBase
    protected AuthenticationMechanism getTestMechanism() {
        return new DigestAuthenticationMechanism(Collections.singletonList(DigestAlgorithm.MD5), Collections.emptyList(), REALM_NAME, "/", new SimpleNonceManager(), true);
    }

    private String createResponse(String str, String str2, String str3, String str4, String str5, String str6) throws Exception {
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        messageDigest.update(str.getBytes(UTF_8));
        messageDigest.update((byte) 58);
        messageDigest.update(str2.getBytes(UTF_8));
        messageDigest.update((byte) 58);
        messageDigest.update(str3.getBytes(UTF_8));
        byte[] convertToHexBytes = HexConverter.convertToHexBytes(messageDigest.digest());
        messageDigest.update(str4.getBytes(UTF_8));
        messageDigest.update((byte) 58);
        messageDigest.update(str5.getBytes(UTF_8));
        byte[] convertToHexBytes2 = HexConverter.convertToHexBytes(messageDigest.digest());
        messageDigest.update(convertToHexBytes);
        messageDigest.update((byte) 58);
        messageDigest.update(str6.getBytes(UTF_8));
        messageDigest.update((byte) 58);
        messageDigest.update(convertToHexBytes2);
        return HexConverter.convertToHexString(messageDigest.digest());
    }

    @Test
    public void testDigestSuccess() throws Exception {
        setAuthenticationChain();
        HttpResponse execute = new TestHttpClient().execute(new HttpGet(DefaultServer.getDefaultServerURL()));
        Assert.assertEquals(401L, execute.getStatusLine().getStatusCode());
        Header[] headers = execute.getHeaders(Headers.WWW_AUTHENTICATE.toString());
        Assert.assertEquals(1L, headers.length);
        String value = headers[0].getValue();
        Assert.assertTrue(value.startsWith(Headers.DIGEST.toString()));
        Map parseHeader = DigestWWWAuthenticateToken.parseHeader(value.substring(7));
        Assert.assertEquals(REALM_NAME, parseHeader.get(DigestWWWAuthenticateToken.REALM));
        Assert.assertEquals(DigestAlgorithm.MD5.getToken(), parseHeader.get(DigestWWWAuthenticateToken.ALGORITHM));
        Assert.assertFalse(parseHeader.containsKey(DigestWWWAuthenticateToken.MESSAGE_QOP));
        String str = (String) parseHeader.get(DigestWWWAuthenticateToken.NONCE);
        String createResponse = createResponse("userOne", REALM_NAME, "passwordOne", "GET", "/", str);
        TestHttpClient testHttpClient = new TestHttpClient();
        HttpGet httpGet = new HttpGet(DefaultServer.getDefaultServerURL());
        StringBuilder sb = new StringBuilder(Headers.DIGEST.toString());
        sb.append(" ");
        sb.append(DigestAuthorizationToken.USERNAME.getName()).append("=").append("\"userOne\"").append(",");
        sb.append(DigestAuthorizationToken.REALM.getName()).append("=\"").append(REALM_NAME).append("\",");
        sb.append(DigestAuthorizationToken.NONCE.getName()).append("=\"").append(str).append("\",");
        sb.append(DigestAuthorizationToken.DIGEST_URI.getName()).append("=\"/\",");
        sb.append(DigestAuthorizationToken.RESPONSE.getName()).append("=\"").append(createResponse).append("\"");
        httpGet.addHeader(Headers.AUTHORIZATION.toString(), sb.toString());
        HttpResponse execute2 = testHttpClient.execute(httpGet);
        Assert.assertEquals(200L, execute2.getStatusLine().getStatusCode());
        Header[] headers2 = execute2.getHeaders("ProcessedBy");
        Assert.assertEquals(1L, headers2.length);
        Assert.assertEquals("ResponseHandler", headers2[0].getValue());
        Header[] headers3 = execute2.getHeaders("Authentication-Info");
        Assert.assertEquals(1L, headers3.length);
        String str2 = (String) AuthenticationInfoToken.parseHeader(headers3[0].getValue()).get(AuthenticationInfoToken.NEXT_NONCE);
        String createResponse2 = createResponse("userOne", REALM_NAME, "passwordOne", "GET", "/", str2);
        TestHttpClient testHttpClient2 = new TestHttpClient();
        HttpGet httpGet2 = new HttpGet(DefaultServer.getDefaultServerURL());
        StringBuilder sb2 = new StringBuilder(Headers.DIGEST.toString());
        sb2.append(" ");
        sb2.append(DigestAuthorizationToken.USERNAME.getName()).append("=").append("\"userOne\"").append(",");
        sb2.append(DigestAuthorizationToken.REALM.getName()).append("=\"").append(REALM_NAME).append("\",");
        sb2.append(DigestAuthorizationToken.NONCE.getName()).append("=\"").append(str2).append("\",");
        sb2.append(DigestAuthorizationToken.DIGEST_URI.getName()).append("=\"/\",");
        sb2.append(DigestAuthorizationToken.RESPONSE.getName()).append("=\"").append(createResponse2).append("\"");
        httpGet2.addHeader(Headers.AUTHORIZATION.toString(), sb2.toString());
        HttpResponse execute3 = testHttpClient2.execute(httpGet2);
        Assert.assertEquals(200L, execute3.getStatusLine().getStatusCode());
        Header[] headers4 = execute3.getHeaders("ProcessedBy");
        Assert.assertEquals(1L, headers4.length);
        Assert.assertEquals("ResponseHandler", headers4[0].getValue());
    }

    @Test
    public void testBadUserName() throws Exception {
        setAuthenticationChain();
        HttpResponse execute = new TestHttpClient().execute(new HttpGet(DefaultServer.getDefaultServerURL()));
        Assert.assertEquals(401L, execute.getStatusLine().getStatusCode());
        Header[] headers = execute.getHeaders(Headers.WWW_AUTHENTICATE.toString());
        Assert.assertEquals(1L, headers.length);
        String value = headers[0].getValue();
        Assert.assertTrue(value.startsWith(Headers.DIGEST.toString()));
        Map parseHeader = DigestWWWAuthenticateToken.parseHeader(value.substring(7));
        Assert.assertEquals(REALM_NAME, parseHeader.get(DigestWWWAuthenticateToken.REALM));
        Assert.assertEquals(DigestAlgorithm.MD5.getToken(), parseHeader.get(DigestWWWAuthenticateToken.ALGORITHM));
        String str = (String) parseHeader.get(DigestWWWAuthenticateToken.NONCE);
        String createResponse = createResponse("badUser", REALM_NAME, "passwordOne", "GET", "/", str);
        TestHttpClient testHttpClient = new TestHttpClient();
        HttpGet httpGet = new HttpGet(DefaultServer.getDefaultServerURL());
        StringBuilder sb = new StringBuilder(Headers.DIGEST.toString());
        sb.append(" ");
        sb.append(DigestAuthorizationToken.USERNAME.getName()).append("=").append("\"badUser\"").append(",");
        sb.append(DigestAuthorizationToken.REALM.getName()).append("=\"").append(REALM_NAME).append("\",");
        sb.append(DigestAuthorizationToken.NONCE.getName()).append("=\"").append(str).append("\",");
        sb.append(DigestAuthorizationToken.DIGEST_URI.getName()).append("=\"/\",");
        sb.append(DigestAuthorizationToken.RESPONSE.getName()).append("=\"").append(createResponse).append("\"");
        httpGet.addHeader(Headers.AUTHORIZATION.toString(), sb.toString());
        Assert.assertEquals(401L, testHttpClient.execute(httpGet).getStatusLine().getStatusCode());
    }

    @Test
    public void testBadPassword() throws Exception {
        setAuthenticationChain();
        HttpResponse execute = new TestHttpClient().execute(new HttpGet(DefaultServer.getDefaultServerURL()));
        Assert.assertEquals(401L, execute.getStatusLine().getStatusCode());
        Header[] headers = execute.getHeaders(Headers.WWW_AUTHENTICATE.toString());
        Assert.assertEquals(1L, headers.length);
        String value = headers[0].getValue();
        Assert.assertTrue(value.startsWith(Headers.DIGEST.toString()));
        Map parseHeader = DigestWWWAuthenticateToken.parseHeader(value.substring(7));
        Assert.assertEquals(REALM_NAME, parseHeader.get(DigestWWWAuthenticateToken.REALM));
        Assert.assertEquals(DigestAlgorithm.MD5.getToken(), parseHeader.get(DigestWWWAuthenticateToken.ALGORITHM));
        String str = (String) parseHeader.get(DigestWWWAuthenticateToken.NONCE);
        String createResponse = createResponse("userOne", REALM_NAME, "badPassword", "GET", "/", str);
        TestHttpClient testHttpClient = new TestHttpClient();
        HttpGet httpGet = new HttpGet(DefaultServer.getDefaultServerURL());
        StringBuilder sb = new StringBuilder(Headers.DIGEST.toString());
        sb.append(" ");
        sb.append(DigestAuthorizationToken.USERNAME.getName()).append("=").append("\"userOne\"").append(",");
        sb.append(DigestAuthorizationToken.REALM.getName()).append("=\"").append(REALM_NAME).append("\",");
        sb.append(DigestAuthorizationToken.NONCE.getName()).append("=\"").append(str).append("\",");
        sb.append(DigestAuthorizationToken.DIGEST_URI.getName()).append("=\"/\",");
        sb.append(DigestAuthorizationToken.RESPONSE.getName()).append("=\"").append(createResponse).append("\"");
        httpGet.addHeader(Headers.AUTHORIZATION.toString(), sb.toString());
        Assert.assertEquals(401L, testHttpClient.execute(httpGet).getStatusLine().getStatusCode());
    }

    @Test
    public void testDifferentNonce() throws Exception {
        setAuthenticationChain();
        HttpResponse execute = new TestHttpClient().execute(new HttpGet(DefaultServer.getDefaultServerURL()));
        Assert.assertEquals(401L, execute.getStatusLine().getStatusCode());
        Header[] headers = execute.getHeaders(Headers.WWW_AUTHENTICATE.toString());
        Assert.assertEquals(1L, headers.length);
        String value = headers[0].getValue();
        Assert.assertTrue(value.startsWith(Headers.DIGEST.toString()));
        Map parseHeader = DigestWWWAuthenticateToken.parseHeader(value.substring(7));
        Assert.assertEquals(REALM_NAME, parseHeader.get(DigestWWWAuthenticateToken.REALM));
        Assert.assertEquals(DigestAlgorithm.MD5.getToken(), parseHeader.get(DigestWWWAuthenticateToken.ALGORITHM));
        String createResponse = createResponse("userOne", REALM_NAME, "passwordOne", "GET", "/", "AU1aCIiy48ENMTM1MTE3OTUxMDU2OLrHnBlV2GBzzguCWOPET+0=");
        TestHttpClient testHttpClient = new TestHttpClient();
        HttpGet httpGet = new HttpGet(DefaultServer.getDefaultServerURL());
        StringBuilder sb = new StringBuilder(Headers.DIGEST.toString());
        sb.append(" ");
        sb.append(DigestAuthorizationToken.USERNAME.getName()).append("=").append("\"userOne\"").append(",");
        sb.append(DigestAuthorizationToken.REALM.getName()).append("=\"").append(REALM_NAME).append("\",");
        sb.append(DigestAuthorizationToken.NONCE.getName()).append("=\"").append("AU1aCIiy48ENMTM1MTE3OTUxMDU2OLrHnBlV2GBzzguCWOPET+0=").append("\",");
        sb.append(DigestAuthorizationToken.DIGEST_URI.getName()).append("=\"/\",");
        sb.append(DigestAuthorizationToken.RESPONSE.getName()).append("=\"").append(createResponse).append("\"");
        httpGet.addHeader(Headers.AUTHORIZATION.toString(), sb.toString());
        HttpResponse execute2 = testHttpClient.execute(httpGet);
        Assert.assertEquals(401L, execute2.getStatusLine().getStatusCode());
        Header[] headers2 = execute2.getHeaders(Headers.WWW_AUTHENTICATE.toString());
        Assert.assertEquals(1L, headers2.length);
        String value2 = headers2[0].getValue();
        Assert.assertTrue(value2.startsWith(Headers.DIGEST.toString()));
        Map parseHeader2 = DigestWWWAuthenticateToken.parseHeader(value2.substring(7));
        Assert.assertEquals(REALM_NAME, parseHeader2.get(DigestWWWAuthenticateToken.REALM));
        Assert.assertEquals(DigestAlgorithm.MD5.getToken(), parseHeader2.get(DigestWWWAuthenticateToken.ALGORITHM));
        Assert.assertEquals("true", parseHeader2.get(DigestWWWAuthenticateToken.STALE));
        String str = (String) parseHeader2.get(DigestWWWAuthenticateToken.NONCE);
        String createResponse2 = createResponse("userOne", REALM_NAME, "passwordOne", "GET", "/", str);
        TestHttpClient testHttpClient2 = new TestHttpClient();
        HttpGet httpGet2 = new HttpGet(DefaultServer.getDefaultServerURL());
        StringBuilder sb2 = new StringBuilder(Headers.DIGEST.toString());
        sb2.append(" ");
        sb2.append(DigestAuthorizationToken.USERNAME.getName()).append("=").append("\"userOne\"").append(",");
        sb2.append(DigestAuthorizationToken.REALM.getName()).append("=\"").append(REALM_NAME).append("\",");
        sb2.append(DigestAuthorizationToken.NONCE.getName()).append("=\"").append(str).append("\",");
        sb2.append(DigestAuthorizationToken.DIGEST_URI.getName()).append("=\"/\",");
        sb2.append(DigestAuthorizationToken.RESPONSE.getName()).append("=\"").append(createResponse2).append("\"");
        httpGet2.addHeader(Headers.AUTHORIZATION.toString(), sb2.toString());
        HttpResponse execute3 = testHttpClient2.execute(httpGet2);
        Assert.assertEquals(200L, execute3.getStatusLine().getStatusCode());
        Header[] headers3 = execute3.getHeaders("ProcessedBy");
        Assert.assertEquals(1L, headers3.length);
        Assert.assertEquals("ResponseHandler", headers3[0].getValue());
    }

    @Test
    public void testNonceReUse() throws Exception {
        setAuthenticationChain();
        HttpResponse execute = new TestHttpClient().execute(new HttpGet(DefaultServer.getDefaultServerURL()));
        Assert.assertEquals(401L, execute.getStatusLine().getStatusCode());
        Header[] headers = execute.getHeaders(Headers.WWW_AUTHENTICATE.toString());
        Assert.assertEquals(1L, headers.length);
        String value = headers[0].getValue();
        Assert.assertTrue(value.startsWith(Headers.DIGEST.toString()));
        Map parseHeader = DigestWWWAuthenticateToken.parseHeader(value.substring(7));
        Assert.assertEquals(REALM_NAME, parseHeader.get(DigestWWWAuthenticateToken.REALM));
        Assert.assertEquals(DigestAlgorithm.MD5.getToken(), parseHeader.get(DigestWWWAuthenticateToken.ALGORITHM));
        String str = (String) parseHeader.get(DigestWWWAuthenticateToken.NONCE);
        String createResponse = createResponse("userOne", REALM_NAME, "passwordOne", "GET", "/", str);
        TestHttpClient testHttpClient = new TestHttpClient();
        HttpGet httpGet = new HttpGet(DefaultServer.getDefaultServerURL());
        StringBuilder sb = new StringBuilder(Headers.DIGEST.toString());
        sb.append(" ");
        sb.append(DigestAuthorizationToken.USERNAME.getName()).append("=").append("\"userOne\"").append(",");
        sb.append(DigestAuthorizationToken.REALM.getName()).append("=\"").append(REALM_NAME).append("\",");
        sb.append(DigestAuthorizationToken.NONCE.getName()).append("=\"").append(str).append("\",");
        sb.append(DigestAuthorizationToken.DIGEST_URI.getName()).append("=\"/\",");
        sb.append(DigestAuthorizationToken.RESPONSE.getName()).append("=\"").append(createResponse).append("\"");
        httpGet.addHeader(Headers.AUTHORIZATION.toString(), sb.toString());
        HttpResponse execute2 = testHttpClient.execute(httpGet);
        Assert.assertEquals(200L, execute2.getStatusLine().getStatusCode());
        Header[] headers2 = execute2.getHeaders("ProcessedBy");
        Assert.assertEquals(1L, headers2.length);
        Assert.assertEquals("ResponseHandler", headers2[0].getValue());
        TestHttpClient testHttpClient2 = new TestHttpClient();
        HttpGet httpGet2 = new HttpGet(DefaultServer.getDefaultServerURL());
        httpGet2.addHeader(Headers.AUTHORIZATION.toString(), sb.toString());
        HttpResponse execute3 = testHttpClient2.execute(httpGet2);
        Assert.assertEquals(401L, execute3.getStatusLine().getStatusCode());
        Header[] headers3 = execute3.getHeaders(Headers.WWW_AUTHENTICATE.toString());
        Assert.assertEquals(1L, headers3.length);
        String value2 = headers3[0].getValue();
        Assert.assertTrue(value2.startsWith(Headers.DIGEST.toString()));
        Map parseHeader2 = DigestWWWAuthenticateToken.parseHeader(value2.substring(7));
        Assert.assertEquals(REALM_NAME, parseHeader2.get(DigestWWWAuthenticateToken.REALM));
        Assert.assertEquals(DigestAlgorithm.MD5.getToken(), parseHeader2.get(DigestWWWAuthenticateToken.ALGORITHM));
        Assert.assertEquals("true", parseHeader2.get(DigestWWWAuthenticateToken.STALE));
        String str2 = (String) parseHeader2.get(DigestWWWAuthenticateToken.NONCE);
        String createResponse2 = createResponse("userOne", REALM_NAME, "passwordOne", "GET", "/", str2);
        TestHttpClient testHttpClient3 = new TestHttpClient();
        HttpGet httpGet3 = new HttpGet(DefaultServer.getDefaultServerURL());
        StringBuilder sb2 = new StringBuilder(Headers.DIGEST.toString());
        sb2.append(" ");
        sb2.append(DigestAuthorizationToken.USERNAME.getName()).append("=").append("\"userOne\"").append(",");
        sb2.append(DigestAuthorizationToken.REALM.getName()).append("=\"").append(REALM_NAME).append("\",");
        sb2.append(DigestAuthorizationToken.NONCE.getName()).append("=\"").append(str2).append("\",");
        sb2.append(DigestAuthorizationToken.DIGEST_URI.getName()).append("=\"/\",");
        sb2.append(DigestAuthorizationToken.RESPONSE.getName()).append("=\"").append(createResponse2).append("\"");
        httpGet3.addHeader(Headers.AUTHORIZATION.toString(), sb2.toString());
        HttpResponse execute4 = testHttpClient3.execute(httpGet3);
        Assert.assertEquals(200L, execute4.getStatusLine().getStatusCode());
        Header[] headers4 = execute4.getHeaders("ProcessedBy");
        Assert.assertEquals(1L, headers4.length);
        Assert.assertEquals("ResponseHandler", headers4[0].getValue());
    }
}
