package org.wildfly.security.auth;

import java.io.InputStream;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;
import java.security.spec.AlgorithmParameterSpec;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.realm.KeyStoreBackedSecurityRealm;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.evidence.PasswordGuessEvidence;
import org.wildfly.security.keystore.WildFlyElytronKeyStoreProvider;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.WildFlyElytronPasswordProvider;
import org.wildfly.security.password.interfaces.BCryptPassword;
import org.wildfly.security.password.interfaces.UnixMD5CryptPassword;

/* loaded from: input_file:org/wildfly/security/auth/KeyStoreBackedSecurityRealmTest.class */
public class KeyStoreBackedSecurityRealmTest {
    private static final Provider[] providers = {WildFlyElytronKeyStoreProvider.getInstance(), WildFlyElytronPasswordProvider.getInstance()};

    @BeforeClass
    public static void register() {
        for (Provider provider : providers) {
            Security.addProvider(provider);
        }
    }

    @AfterClass
    public static void remove() {
        for (Provider provider : providers) {
            Security.removeProvider(provider.getName());
        }
    }

    @Test
    public void testPasswordFileKeyStore() throws Exception {
        InputStream resourceAsStream = getClass().getResourceAsStream("passwd");
        KeyStore keyStore = KeyStore.getInstance("PasswordFile");
        keyStore.load(resourceAsStream, null);
        Assert.assertEquals("Invalid number of keystore entries", 2L, keyStore.size());
        KeyStoreBackedSecurityRealm keyStoreBackedSecurityRealm = new KeyStoreBackedSecurityRealm(keyStore);
        RealmIdentity realmIdentity = keyStoreBackedSecurityRealm.getRealmIdentity(new NamePrincipal("elytron"));
        Assert.assertEquals("Invalid credential support", SupportLevel.SUPPORTED, realmIdentity.getCredentialAcquireSupport(PasswordCredential.class, "crypt-md5", (AlgorithmParameterSpec) null));
        Assert.assertEquals("Invalid credential support", SupportLevel.UNSUPPORTED, realmIdentity.getCredentialAcquireSupport(PasswordCredential.class, "bcrypt", (AlgorithmParameterSpec) null));
        Password password = realmIdentity.getCredential(PasswordCredential.class, (String) null).getPassword();
        Assert.assertNotNull("Invalid null password", password);
        Assert.assertTrue("Invalid password type", password instanceof UnixMD5CryptPassword);
        Assert.assertTrue("Error validating credential", realmIdentity.verifyEvidence(new PasswordGuessEvidence("passwd12#$".toCharArray())));
        Assert.assertFalse("Error validating credential", realmIdentity.verifyEvidence(new PasswordGuessEvidence("wrongpass".toCharArray())));
        RealmIdentity realmIdentity2 = keyStoreBackedSecurityRealm.getRealmIdentity(new NamePrincipal("javajoe"));
        Assert.assertEquals("Invalid credential support", SupportLevel.SUPPORTED, realmIdentity2.getCredentialAcquireSupport(PasswordCredential.class, "bcrypt", (AlgorithmParameterSpec) null));
        Assert.assertEquals("Invalid credential support", SupportLevel.UNSUPPORTED, realmIdentity2.getCredentialAcquireSupport(PasswordCredential.class, "crypt-md5", (AlgorithmParameterSpec) null));
        Password password2 = realmIdentity2.getCredential(PasswordCredential.class, (String) null).getPassword();
        Assert.assertNotNull("Invalid null password", password2);
        Assert.assertTrue("Invalid password type", password2 instanceof BCryptPassword);
        Assert.assertTrue("Error validating credential", realmIdentity2.verifyEvidence(new PasswordGuessEvidence("$#21pass".toCharArray())));
        Assert.assertFalse("Error validating credential", realmIdentity2.verifyEvidence(new PasswordGuessEvidence("wrongpass".toCharArray())));
    }
}
