package io.undertow.server.security;

import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.AuthenticationMode;
import io.undertow.security.api.NotificationReceiver;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.api.SecurityNotification;
import io.undertow.security.handlers.AuthenticationCallHandler;
import io.undertow.security.handlers.AuthenticationConstraintHandler;
import io.undertow.security.handlers.AuthenticationMechanismsHandler;
import io.undertow.security.handlers.CachedAuthenticatedSessionHandler;
import io.undertow.security.handlers.NotificationReceiverHandler;
import io.undertow.security.handlers.SecurityInitialHandler;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import io.undertow.security.idm.DigestCredential;
import io.undertow.security.idm.GSSContextCredential;
import io.undertow.security.idm.IdentityManager;
import io.undertow.security.idm.PasswordCredential;
import io.undertow.security.idm.X509CertificateCredential;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.testutils.DefaultServer;
import io.undertow.testutils.TestHttpClient;
import io.undertow.util.HeaderMap;
import io.undertow.util.HexConverter;
import io.undertow.util.HttpString;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.ietf.jgss.GSSException;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:io/undertow/server/security/AuthenticationTestBase.class */
public abstract class AuthenticationTestBase {
    protected static final IdentityManager identityManager;
    private static final Charset UTF_8 = Charset.forName("UTF-8");
    protected static final AuditReceiver auditReceiver = new AuditReceiver();

    /* loaded from: input_file:io/undertow/server/security/AuthenticationTestBase$AuditReceiver.class */
    protected static class AuditReceiver implements NotificationReceiver {
        private final List<SecurityNotification> receivedNotifications = new ArrayList();

        protected AuditReceiver() {
        }

        public void handleNotification(SecurityNotification securityNotification) {
            this.receivedNotifications.add(securityNotification);
        }

        public List<SecurityNotification> takeNotifications() {
            try {
                return new ArrayList(this.receivedNotifications);
            } finally {
                this.receivedNotifications.clear();
            }
        }
    }

    /* loaded from: input_file:io/undertow/server/security/AuthenticationTestBase$ResponseHandler.class */
    protected static class ResponseHandler implements HttpHandler {
        static final HttpString PROCESSED_BY = new HttpString("ProcessedBy");
        static final HttpString AUTHENTICATED_USER = new HttpString("AuthenticatedUser");

        public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
            HeaderMap responseHeaders = httpServerExchange.getResponseHeaders();
            responseHeaders.add(PROCESSED_BY, "ResponseHandler");
            String authenticatedUser = AuthenticationTestBase.getAuthenticatedUser(httpServerExchange);
            if (authenticatedUser != null) {
                responseHeaders.add(AUTHENTICATED_USER, authenticatedUser);
            }
            if (httpServerExchange.getQueryParameters().get("logout") != null) {
                httpServerExchange.getSecurityContext().logout();
            }
            httpServerExchange.endExchange();
        }
    }

    @Before
    public void setAuthenticationChain() {
        List<AuthenticationMechanism> testMechanisms = getTestMechanisms();
        if (testMechanisms == null) {
            return;
        }
        AuthenticationMechanismsHandler authenticationMechanismsHandler = new AuthenticationMechanismsHandler(new AuthenticationConstraintHandler(new AuthenticationCallHandler(new ResponseHandler())), testMechanisms);
        auditReceiver.takeNotifications();
        HttpHandler notificationReceiverHandler = new NotificationReceiverHandler(authenticationMechanismsHandler, Collections.singleton(auditReceiver));
        if (cachingRequired()) {
            notificationReceiverHandler = new CachedAuthenticatedSessionHandler(notificationReceiverHandler);
        }
        setRootHandler(new SecurityInitialHandler(AuthenticationMode.PRO_ACTIVE, identityManager, notificationReceiverHandler));
    }

    protected boolean cachingRequired() {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setRootHandler(HttpHandler httpHandler) {
        DefaultServer.setRootHandler(httpHandler);
    }

    protected abstract List<AuthenticationMechanism> getTestMechanisms();

    @Test
    public void testNoMechanisms() throws Exception {
        DefaultServer.setRootHandler(new ResponseHandler());
        HttpResponse execute = new TestHttpClient().execute(new HttpGet(DefaultServer.getDefaultServerURL()));
        Assert.assertEquals(200L, execute.getStatusLine().getStatusCode());
        Header[] headers = execute.getHeaders("ProcessedBy");
        Assert.assertEquals(1L, headers.length);
        Assert.assertEquals("ResponseHandler", headers[0].getValue());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void assertSingleNotificationType(SecurityNotification.EventType eventType) {
        List<SecurityNotification> takeNotifications = auditReceiver.takeNotifications();
        Assert.assertEquals("A single notification is expected.", 1L, takeNotifications.size());
        Assert.assertEquals("Expected EventType not matched.", eventType, takeNotifications.get(0).getEventType());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void assertNotifiactions(SecurityNotification.EventType... eventTypeArr) {
        List<SecurityNotification> takeNotifications = auditReceiver.takeNotifications();
        Assert.assertEquals("A single notification is expected.", eventTypeArr.length, takeNotifications.size());
        ArrayList arrayList = new ArrayList();
        Iterator<SecurityNotification> it = takeNotifications.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getEventType());
        }
        Assert.assertEquals("Expected EventType not matched.", Arrays.asList(eventTypeArr), arrayList);
    }

    protected static String getAuthenticatedUser(HttpServerExchange httpServerExchange) {
        Account authenticatedAccount;
        SecurityContext securityContext = httpServerExchange.getSecurityContext();
        if (securityContext == null || (authenticatedAccount = securityContext.getAuthenticatedAccount()) == null) {
            return null;
        }
        return authenticatedAccount.getPrincipal().getName();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getAuthHeader(HttpString httpString, Header[] headerArr) {
        for (Header header : headerArr) {
            String value = header.getValue();
            if (value.startsWith(httpString.toString())) {
                return value;
            }
        }
        Assert.fail("Expected header not found.");
        return null;
    }

    static {
        final HashSet hashSet = new HashSet();
        hashSet.add("CN=Test Client,OU=OU,O=Org,L=City,ST=State,C=GB");
        final HashSet hashSet2 = new HashSet();
        hashSet2.add("jduke@UNDERTOW.IO");
        final HashMap hashMap = new HashMap(2);
        hashMap.put("userOne", "passwordOne".toCharArray());
        hashMap.put("userTwo", "passwordTwo".toCharArray());
        hashMap.put("encodingUser", "password-ü".toCharArray());
        identityManager = new IdentityManager() { // from class: io.undertow.server.security.AuthenticationTestBase.1
            public Account verify(Account account) {
                return account;
            }

            public Account verify(String str, Credential credential) {
                Account account = getAccount(str);
                if (account == null || !verifyCredential(account, credential)) {
                    return null;
                }
                return account;
            }

            public Account verify(Credential credential) {
                if (credential instanceof X509CertificateCredential) {
                    final X500Principal subjectX500Principal = ((X509CertificateCredential) credential).getCertificate().getSubjectX500Principal();
                    if (hashSet.contains(subjectX500Principal.getName())) {
                        return new Account() { // from class: io.undertow.server.security.AuthenticationTestBase.1.1
                            public Principal getPrincipal() {
                                return subjectX500Principal;
                            }

                            public Set<String> getRoles() {
                                return Collections.emptySet();
                            }
                        };
                    }
                    return null;
                }
                if (!(credential instanceof GSSContextCredential)) {
                    return null;
                }
                try {
                    final String gSSName = ((GSSContextCredential) credential).getGssContext().getSrcName().toString();
                    if (hashSet2.contains(gSSName)) {
                        return new Account() { // from class: io.undertow.server.security.AuthenticationTestBase.1.2
                            private final Principal principal = new Principal() { // from class: io.undertow.server.security.AuthenticationTestBase.1.2.1
                                @Override // java.security.Principal
                                public String getName() {
                                    return gSSName;
                                }
                            };

                            public Principal getPrincipal() {
                                return this.principal;
                            }

                            public Set<String> getRoles() {
                                return Collections.emptySet();
                            }
                        };
                    }
                    return null;
                } catch (GSSException e) {
                    throw new RuntimeException((Throwable) e);
                }
            }

            private boolean verifyCredential(Account account, Credential credential) {
                if (credential instanceof PasswordCredential) {
                    return Arrays.equals(((PasswordCredential) credential).getPassword(), (char[]) hashMap.get(account.getPrincipal().getName()));
                }
                if (!(credential instanceof DigestCredential)) {
                    throw new IllegalArgumentException("Invalid Credential Type " + credential.getClass().getName());
                }
                DigestCredential digestCredential = (DigestCredential) credential;
                MessageDigest messageDigest = null;
                try {
                    try {
                        messageDigest = digestCredential.getAlgorithm().getMessageDigest();
                        messageDigest.update(account.getPrincipal().getName().getBytes(AuthenticationTestBase.UTF_8));
                        messageDigest.update((byte) 58);
                        messageDigest.update(digestCredential.getRealm().getBytes(AuthenticationTestBase.UTF_8));
                        messageDigest.update((byte) 58);
                        messageDigest.update(new String((char[]) hashMap.get(account.getPrincipal().getName())).getBytes(AuthenticationTestBase.UTF_8));
                        boolean verifyHA1 = digestCredential.verifyHA1(HexConverter.convertToHexBytes(messageDigest.digest()));
                        messageDigest.reset();
                        return verifyHA1;
                    } catch (NoSuchAlgorithmException e) {
                        throw new IllegalStateException("Unsupported Algorithm", e);
                    }
                } catch (Throwable th) {
                    messageDigest.reset();
                    throw th;
                }
            }

            private Account getAccount(final String str) {
                if (hashMap.containsKey(str)) {
                    return new Account() { // from class: io.undertow.server.security.AuthenticationTestBase.1.3
                        private final Principal principal = new Principal() { // from class: io.undertow.server.security.AuthenticationTestBase.1.3.1
                            @Override // java.security.Principal
                            public String getName() {
                                return str;
                            }
                        };

                        public Principal getPrincipal() {
                            return this.principal;
                        }

                        public Set<String> getRoles() {
                            return Collections.emptySet();
                        }
                    };
                }
                return null;
            }
        };
    }
}
