package org.wildfly.security.sasl.gs2;

import java.io.IOException;
import java.net.URI;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.Provider;
import java.security.Security;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslClientFactory;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.wildfly.security.auth.callback.ChannelBindingCallback;
import org.wildfly.security.auth.client.AuthenticationConfiguration;
import org.wildfly.security.auth.client.AuthenticationContext;
import org.wildfly.security.auth.client.ClientUtils;
import org.wildfly.security.auth.client.MatchRule;
import org.wildfly.security.auth.realm.ldap.DirContextFactory;
import org.wildfly.security.auth.realm.ldap.LdapSecurityRealmBuilder;
import org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder;
import org.wildfly.security.auth.util.RegexNameRewriter;
import org.wildfly.security.credential.GSSKerberosCredential;
import org.wildfly.security.mechanism.gssapi.GSSCredentialSecurityFactory;
import org.wildfly.security.sasl.SaslMechanismSelector;
import org.wildfly.security.sasl.gssapi.GssapiTestSuite;
import org.wildfly.security.sasl.gssapi.JaasUtil;
import org.wildfly.security.sasl.gssapi.TestKDC;
import org.wildfly.security.sasl.test.SaslServerBuilder;
import org.wildfly.security.sasl.test.SaslTestUtil;
import org.wildfly.security.sasl.util.ChannelBindingSaslClientFactory;
import org.wildfly.security.sasl.util.PropertiesSaslClientFactory;
import org.wildfly.security.sasl.util.ProtocolSaslClientFactory;
import org.wildfly.security.sasl.util.ServerNameSaslClientFactory;

/* loaded from: input_file:org/wildfly/security/sasl/gs2/Gs2SuiteChild.class */
public class Gs2SuiteChild {
    private static final String TEST_SERVER_1 = "test_server_1";
    private static Subject clientSubject;
    private static Subject serverSubject;
    private SaslServer saslServer;
    private SaslClient saslClient;
    private static final Provider provider = WildFlyElytronSaslGs2Provider.getInstance();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/security/sasl/gs2/Gs2SuiteChild$IndirectCallbackHandler.class */
    public static class IndirectCallbackHandler implements CallbackHandler {
        private final String bindingType;
        private final byte[] bindingData;

        private IndirectCallbackHandler(String str, byte[] bArr) {
            this.bindingType = str;
            this.bindingData = bArr;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (callback instanceof ChannelBindingCallback) {
                    ChannelBindingCallback channelBindingCallback = (ChannelBindingCallback) callback;
                    channelBindingCallback.setBindingType(this.bindingType);
                    channelBindingCallback.setBindingData(this.bindingData);
                }
            }
        }
    }

    @BeforeClass
    public static void registerProvider() {
        Security.insertProviderAt(provider, 1);
    }

    @AfterClass
    public static void removeProvider() {
        Security.removeProvider(provider.getName());
    }

    @BeforeClass
    public static void init() throws LoginException {
        clientSubject = JaasUtil.loginClient();
        serverSubject = JaasUtil.loginServer(GssapiTestSuite.serverKeyTab, false);
    }

    @Test
    public void testChannelBindingIndirect_Server() throws Exception {
        HashMap hashMap = new HashMap();
        this.saslServer = getIndirectSaslServer("GS2-KRB5", "sasl", TEST_SERVER_1, hashMap, null, null);
        Assert.assertEquals("GS2-KRB5", this.saslServer.getMechanismName());
        hashMap.put("wildfly.sasl.channel-binding-required", Boolean.toString(true));
        this.saslServer = getIndirectSaslServer("GS2-KRB5-PLUS", "sasl", TEST_SERVER_1, hashMap, "tls-unique", new byte[0]);
        Assert.assertEquals("GS2-KRB5-PLUS", this.saslServer.getMechanismName());
        this.saslServer = getIndirectSaslServer("GS2-KRB5", "sasl", TEST_SERVER_1, hashMap, null, null);
        Assert.assertNull(this.saslServer);
    }

    @Test
    public void testChannelBindingDirect_Server() {
        SaslServerFactory obtainSaslServerFactory = SaslTestUtil.obtainSaslServerFactory(Gs2SaslServerFactory.class);
        Assert.assertNotNull("SaslServerFactory not registered", obtainSaslServerFactory);
        HashMap hashMap = new HashMap();
        SaslTestUtil.assertMechanisms(new String[]{"GS2-KRB5", "GS2-KRB5-PLUS"}, obtainSaslServerFactory.getMechanismNames(hashMap));
        hashMap.put("wildfly.sasl.channel-binding-required", Boolean.toString(true));
        SaslTestUtil.assertMechanisms(new String[]{"GS2-KRB5-PLUS"}, obtainSaslServerFactory.getMechanismNames(hashMap));
    }

    @Test
    public void testChannelBindingIndirect_Client() throws Exception {
        HashMap hashMap = new HashMap();
        this.saslClient = getIndirectSaslClient(new String[]{"GS2-KRB5"}, null, "sasl", TEST_SERVER_1, hashMap, null, null);
        Assert.assertEquals(Gs2SaslClient.class, this.saslClient.getClass());
        Assert.assertEquals("GS2-KRB5", this.saslClient.getMechanismName());
        hashMap.put("wildfly.sasl.channel-binding-required", Boolean.toString(true));
        this.saslClient = getIndirectSaslClient(new String[]{"GS2-DT4PIK22T6A", "GS2-KRB5"}, null, "sasl", TEST_SERVER_1, hashMap, null, null);
        Assert.assertNull(this.saslClient);
        this.saslClient = getIndirectSaslClient(new String[]{"GS2-DT4PIK22T6A-PLUS", "GS2-KRB5-PLUS"}, null, "sasl", TEST_SERVER_1, hashMap, "tls-unique", new byte[0]);
        Assert.assertEquals(Gs2SaslClient.class, this.saslClient.getClass());
        Assert.assertEquals("GS2-KRB5-PLUS", this.saslClient.getMechanismName());
    }

    @Test
    public void testChannelBindingDirect_Client() {
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(Gs2SaslClientFactory.class);
        Assert.assertNotNull("SaslClientFactory not registered", obtainSaslClientFactory);
        HashMap hashMap = new HashMap();
        SaslTestUtil.assertMechanisms(new String[]{"GS2-KRB5", "GS2-KRB5-PLUS"}, obtainSaslClientFactory.getMechanismNames(hashMap));
        hashMap.put("wildfly.sasl.channel-binding-required", Boolean.toString(true));
        SaslTestUtil.assertMechanisms(new String[]{"GS2-KRB5-PLUS"}, obtainSaslClientFactory.getMechanismNames(hashMap));
    }

    @Test
    public void testKrb5AuthenticationWithoutChannelBinding() throws Exception {
        this.saslServer = getSaslServer("GS2-KRB5", "sasl", TEST_SERVER_1, Collections.emptyMap(), null, null);
        Assert.assertNotNull(this.saslServer);
        Assert.assertEquals("GS2-KRB5", this.saslServer.getMechanismName());
        Assert.assertFalse(this.saslServer.isComplete());
        this.saslClient = getSaslClient(new String[]{"GS2-KRB5"}, null, "sasl", TEST_SERVER_1, Collections.emptyMap(), null, null);
        Assert.assertNotNull(this.saslClient);
        Assert.assertTrue(this.saslClient instanceof Gs2SaslClient);
        Assert.assertTrue(this.saslClient.hasInitialResponse());
        Assert.assertFalse(this.saslClient.isComplete());
        byte[] evaluateChallenge = evaluateChallenge(new byte[0]);
        Assert.assertFalse(this.saslClient.isComplete());
        Assert.assertFalse(this.saslServer.isComplete());
        byte[] evaluateResponse = evaluateResponse(evaluateChallenge);
        Assert.assertTrue(this.saslServer.isComplete());
        Assert.assertNotNull(evaluateResponse);
        Assert.assertFalse(this.saslClient.isComplete());
        byte[] evaluateChallenge2 = evaluateChallenge(evaluateResponse);
        Assert.assertTrue(this.saslClient.isComplete());
        Assert.assertNull(evaluateChallenge2);
        Assert.assertEquals("jduke@WILDFLY.ORG", this.saslServer.getAuthorizationID());
    }

    @Test
    public void testKrb5AuthenticationWithChannelBinding() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("wildfly.sasl.channel-binding-required", Boolean.toString(true));
        this.saslServer = getSaslServer("GS2-KRB5-PLUS", "sasl", TEST_SERVER_1, hashMap, "tls-unique", new byte[0]);
        Assert.assertNotNull(this.saslServer);
        Assert.assertEquals("GS2-KRB5-PLUS", this.saslServer.getMechanismName());
        Assert.assertFalse(this.saslServer.isComplete());
        this.saslClient = getSaslClient(new String[]{"GS2-KRB5-PLUS"}, "jduke@WILDFLY.ORG", "sasl", TEST_SERVER_1, hashMap, "tls-unique", new byte[0]);
        Assert.assertNotNull(this.saslClient);
        Assert.assertTrue(this.saslClient instanceof Gs2SaslClient);
        Assert.assertTrue(this.saslClient.hasInitialResponse());
        Assert.assertFalse(this.saslClient.isComplete());
        byte[] evaluateChallenge = evaluateChallenge(new byte[0]);
        Assert.assertFalse(this.saslClient.isComplete());
        Assert.assertFalse(this.saslServer.isComplete());
        byte[] evaluateResponse = evaluateResponse(evaluateChallenge);
        Assert.assertTrue(this.saslServer.isComplete());
        Assert.assertNotNull(evaluateResponse);
        Assert.assertFalse(this.saslClient.isComplete());
        byte[] evaluateChallenge2 = evaluateChallenge(evaluateResponse);
        Assert.assertTrue(this.saslClient.isComplete());
        Assert.assertNull(evaluateChallenge2);
        Assert.assertEquals("jduke@WILDFLY.ORG", this.saslServer.getAuthorizationID());
    }

    @Test
    public void testKrb5AuthenticationWithCredentialPassedInForClientAndServer() throws Exception {
        this.saslServer = getSaslServer("GS2-KRB5", "sasl", TEST_SERVER_1, Collections.emptyMap(), null, null, true);
        Assert.assertNotNull(this.saslServer);
        Assert.assertEquals("GS2-KRB5", this.saslServer.getMechanismName());
        Assert.assertFalse(this.saslServer.isComplete());
        this.saslClient = getSaslClient(new String[]{"GS2-KRB5"}, "jduke@WILDFLY.ORG", "sasl", TEST_SERVER_1, Collections.emptyMap(), null, null, true);
        Assert.assertNotNull(this.saslClient);
        Assert.assertTrue(this.saslClient instanceof Gs2SaslClient);
        Assert.assertTrue(this.saslClient.hasInitialResponse());
        Assert.assertFalse(this.saslClient.isComplete());
        byte[] evaluateChallenge = this.saslClient.evaluateChallenge(new byte[0]);
        Assert.assertFalse(this.saslClient.isComplete());
        Assert.assertFalse(this.saslServer.isComplete());
        byte[] evaluateResponse = this.saslServer.evaluateResponse(evaluateChallenge);
        Assert.assertTrue(this.saslServer.isComplete());
        Assert.assertNotNull(evaluateResponse);
        Assert.assertFalse(this.saslClient.isComplete());
        byte[] evaluateChallenge2 = this.saslClient.evaluateChallenge(evaluateResponse);
        Assert.assertTrue(this.saslClient.isComplete());
        Assert.assertNull(evaluateChallenge2);
        Assert.assertEquals("jduke@WILDFLY.ORG", this.saslServer.getAuthorizationID());
    }

    @Test
    public void testKrb5AuthenticationUnboundedServerName() throws Exception {
        this.saslServer = getSaslServer("GS2-KRB5", "sasl", null, Collections.emptyMap(), null, null);
        Assert.assertNotNull(this.saslServer);
        Assert.assertEquals("GS2-KRB5", this.saslServer.getMechanismName());
        Assert.assertFalse(this.saslServer.isComplete());
        this.saslClient = getSaslClient(new String[]{"GS2-KRB5"}, null, "sasl", TEST_SERVER_1, Collections.emptyMap(), null, null);
        Assert.assertNotNull(this.saslClient);
        Assert.assertTrue(this.saslClient instanceof Gs2SaslClient);
        Assert.assertTrue(this.saslClient.hasInitialResponse());
        Assert.assertFalse(this.saslClient.isComplete());
        byte[] evaluateChallenge = evaluateChallenge(new byte[0]);
        Assert.assertFalse(this.saslClient.isComplete());
        Assert.assertFalse(this.saslServer.isComplete());
        byte[] evaluateResponse = evaluateResponse(evaluateChallenge);
        Assert.assertTrue(this.saslServer.isComplete());
        Assert.assertNotNull(evaluateResponse);
        Assert.assertFalse(this.saslClient.isComplete());
        byte[] evaluateChallenge2 = evaluateChallenge(evaluateResponse);
        Assert.assertTrue(this.saslClient.isComplete());
        Assert.assertNull(evaluateChallenge2);
        Assert.assertEquals("jduke@WILDFLY.ORG", this.saslServer.getAuthorizationID());
        Assert.assertEquals("Bound server name", TEST_SERVER_1, this.saslServer.getNegotiatedProperty("javax.security.sasl.bound.server.name"));
    }

    @Test
    public void testChannelBindingNotUsedByClientSupportedByServer() throws Exception {
        this.saslClient = getSaslClient(new String[]{"GS2-KRB5"}, null, "sasl", TEST_SERVER_1, Collections.emptyMap(), "tls-unique", new byte[0]);
        Assert.assertNotNull(this.saslClient);
        this.saslServer = getSaslServer("GS2-KRB5-PLUS", "sasl", TEST_SERVER_1, Collections.emptyMap(), "tls-unique", new byte[0]);
        Assert.assertNotNull(this.saslServer);
        try {
            evaluateResponse(evaluateChallenge(new byte[0]));
            Assert.fail("Expected SaslException not thrown");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testChannelBindingUsedByClientUnsupportedByServer() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("wildfly.sasl.channel-binding-required", Boolean.toString(true));
        this.saslClient = getSaslClient(new String[]{"GS2-KRB5-PLUS"}, null, "sasl", TEST_SERVER_1, hashMap, "tls-unique", new byte[0]);
        Assert.assertNotNull(this.saslClient);
        this.saslServer = getSaslServer("GS2-KRB5", "sasl", TEST_SERVER_1, Collections.emptyMap(), null, null);
        Assert.assertNotNull(this.saslServer);
        try {
            evaluateResponse(evaluateChallenge(new byte[0]));
            Assert.fail("Expected SaslException not thrown");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testChannelBindingUnsupportedByClientSupportedByServer() throws Exception {
        this.saslClient = getSaslClient(new String[]{"GS2-KRB5"}, null, "sasl", TEST_SERVER_1, Collections.emptyMap(), null, null);
        Assert.assertNotNull(this.saslClient);
        this.saslServer = getSaslServer("GS2-KRB5-PLUS", "sasl", TEST_SERVER_1, Collections.emptyMap(), "tls-unique", new byte[0]);
        Assert.assertNotNull(this.saslServer);
        try {
            evaluateResponse(evaluateChallenge(new byte[0]));
            Assert.fail("Expected SaslException not thrown");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testChannelBindingTypeMismatch() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("wildfly.sasl.channel-binding-required", Boolean.toString(true));
        this.saslClient = getSaslClient(new String[]{"GS2-KRB5-PLUS"}, null, "sasl", TEST_SERVER_1, hashMap, "tls-unique", new byte[0]);
        Assert.assertNotNull(this.saslClient);
        this.saslServer = getSaslServer("GS2-KRB5-PLUS", "sasl", TEST_SERVER_1, Collections.emptyMap(), "tls-unique-for-telnet", new byte[0]);
        Assert.assertNotNull(this.saslServer);
        try {
            evaluateResponse(evaluateChallenge(new byte[0]));
            Assert.fail("Expected SaslException not thrown");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testChannelBindingDataMismatch() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("wildfly.sasl.channel-binding-required", Boolean.toString(true));
        this.saslClient = getSaslClient(new String[]{"GS2-KRB5-PLUS"}, null, "sasl", TEST_SERVER_1, hashMap, "tls-unique", new byte[0]);
        Assert.assertNotNull(this.saslClient);
        this.saslServer = getSaslServer("GS2-KRB5-PLUS", "sasl", TEST_SERVER_1, Collections.emptyMap(), "tls-unique", new byte[1]);
        Assert.assertNotNull(this.saslServer);
        try {
            evaluateResponse(evaluateChallenge(new byte[0]));
            Assert.fail("Expected SaslException not thrown");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testUnauthorizedAuthorizationId() throws Exception {
        this.saslServer = getSaslServer("GS2-KRB5", "sasl", TEST_SERVER_1, Collections.emptyMap(), null, null);
        Assert.assertNotNull(this.saslServer);
        this.saslClient = getSaslClient(new String[]{"GS2-KRB5"}, "sasl/test_server_1@WILDFLY.ORG", "sasl", TEST_SERVER_1, Collections.emptyMap(), null, null);
        Assert.assertNotNull(this.saslClient);
        try {
            evaluateResponse(evaluateChallenge(new byte[0]));
            Assert.fail("Expected SaslException not thrown");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testUnneededNonStdFlag() throws Exception {
        this.saslServer = getSaslServer("GS2-KRB5", "sasl", TEST_SERVER_1, Collections.emptyMap(), null, null);
        Assert.assertNotNull(this.saslServer);
        this.saslClient = getSaslClient(new String[]{"GS2-KRB5"}, null, "sasl", TEST_SERVER_1, Collections.emptyMap(), null, null);
        Assert.assertNotNull(this.saslClient);
        byte[] evaluateChallenge = evaluateChallenge(new byte[0]);
        Assert.assertFalse(this.saslClient.isComplete());
        Assert.assertFalse(this.saslServer.isComplete());
        byte[] bArr = new byte[evaluateChallenge.length + 2];
        System.arraycopy(evaluateChallenge, 0, bArr, 2, evaluateChallenge.length);
        bArr[0] = 70;
        bArr[1] = 44;
        try {
            evaluateResponse(bArr);
            Assert.fail("Expected SaslException not thrown");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testInvalidGs2Header() throws Exception {
        this.saslServer = getSaslServer("GS2-KRB5", "sasl", TEST_SERVER_1, Collections.emptyMap(), null, null);
        Assert.assertNotNull(this.saslServer);
        try {
            evaluateResponse(new byte[]{98, 44, 44, 1, 0, 110, -126, 1, -13, 48, -126, 1, -17, -96, 3, 2, 1, 5, -95, 3, 2, 1, 14, -94, 7, 3, 5, 0, 32, 0, 0, 0, -93, -126, 1, 11, 97, -126, 1, 7, 48, -126, 1, 3, -96, 3, 2, 1, 5, -95, 13, 27, 11, 87, 73, 76, 68, 70, 76, 89, 46, 79, 82, 71, -94, 32, 48, 30, -96, 3, 2, 1, 0, -95, 23, 48, 21, 27, 4, 115, 97, 115, 108, 27, 13, 116, 101, 115, 116, 95, 115, 101, 114, 118, 101, 114, 95, 49, -93, -127, -54, 48, -127, -57, -96, 3, 2, 1, 16, -94, -127, -65, 4, -127, -68, 85, 26, 77, -98, -85, 110, 17, -61, 12, -36, 34, -105, 37, 126, 2, 74, -98, 47, -23, -108, 57, 2, -4, 110, -71, -79, -99, 8, 71, 11, -90, -118, -23, -122, -115, 3, -105, 31, 52, -50, -104, 35, -7, -14, -102, -39, 110, 74, -17, 55, 78, 67, -52, 74, -59, 85, 40, 89, -8, -61, -109, -69, -126, 31, -100, 62, 37, 78, -20, 99, -24, -28, -54, 112, 34, 87, -4, 57, -46, 97, 118, 43, 103, -74, -39, -59, -16, -88, 8, -122, 81, 83, -103, 83, 49, 54, -20, -125, -110, 18, 26, 87, -22, -111, 71, 122, 110, 83, -33, -92, -94, 114, -92, -30, 114, 22, 46, 73, 38, 58, -117, -118, -23, -18, -91, -14, -42, 84, 37, -4, 90, 116, -77, -41, 93, 82, 54, -69, 114, 124, -82, -102, -50, -83, 17, 117, -86, 106, 50, 78, -122, 54, 57, -27, -89, -85, 125, -104, 110, -38, 75, -25, -85, 91, -77, -7, -68, 112, 87, -125, -28, 34, 71, -62, -34, -110, -122, -120, -86, -93, -41, 41, -34, 91, 88, -114, 112, 83, -92, -127, -54, 48, -127, -57, -96, 3, 2, 1, 16, -94, -127, -65, 4, -127, -68, -12, -3, 100, 43, -53, 16, 56, -68, 107, -81, 105, 26, 123, 115, 94, -94, 119, 36, 65, 109, 68, 26, -61, 22, -68, -68, 29, -36, -80, 80, -66, 24, 74, -7, -5, -43, 37, -75, 26, -33, 50, 89, 81, 125, 67, 64, 27, 104, 24, -42, 37, -19, 13, 65, 95, -25, -19, 23, 58, -42, -43, 88, -42, -1, 121, 87, -12, 17, 55, -116, 81, -107, -22, -56, 0, 99, -56, 56, 67, 57, -127, -3, 73, -56, -100, -74, -78, 27, 7, 58, -47, 23, -12, 20, 15, 65, -77, -36, 14, 122, -95, 45, -9, -116, 89, 87, 82, -117, -60, 22, 55, 104, 103, -71, -12, -45, -1, -44, 106, -117, 91, 83, -44, -60, 122, -100, -89, -65, 43, 107, -124, -57, -82, 113, 72, 77, -84, 121, -90, 57, -28, 90, 80, -33, 97, -62, 10, 124, 67, 97, 110, 87, 20, -78, -14, -9, 84, 64, 78, 28, -63, -78, -29, -93, 29, 111, -34, Byte.MIN_VALUE, 96, -53, -25, -84, -39, -44, 85, 96, 0, -35, 35, -100, -123, 7, -112, -26, -89, 14, 92, -28});
            Assert.fail("Expected SaslException not thrown");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testDisallowedMechanism() throws Exception {
        this.saslServer = getSaslServer("SPNEGO", "sasl", TEST_SERVER_1, Collections.emptyMap(), null, null);
        Assert.assertNull(this.saslServer);
        this.saslClient = getSaslClient(new String[]{"SPNEGO", "SPNEGO-PLUS"}, "bsmith@WILDFLY.ORG", "sasl", TEST_SERVER_1, Collections.emptyMap(), null, null);
        Assert.assertNull(this.saslClient);
    }

    @Test
    public void testGetSaslNameForMechanismOid() throws Exception {
        Assert.assertEquals("GS2-KRB5", Gs2.getSaslNameForMechanism(GSSCredentialSecurityFactory.KERBEROS_V5, false));
        Assert.assertEquals("SPNEGO-PLUS", Gs2.getSaslNameForMechanism(GSSCredentialSecurityFactory.SPNEGO, true));
        Assert.assertEquals("GS2-DT4PIK22T6A-PLUS", Gs2.getSaslNameForMechanism(new Oid("1.3.6.1.5.5.1.1"), true));
    }

    @Test
    public void testGetMechanismForSaslName() throws Exception {
        Assert.assertEquals(GSSCredentialSecurityFactory.KERBEROS_V5, Gs2.getMechanismForSaslName(GSSManager.getInstance(), "GS2-KRB5-PLUS"));
        Assert.assertEquals(GSSCredentialSecurityFactory.SPNEGO, Gs2.getMechanismForSaslName(GSSManager.getInstance(), "SPNEGO"));
    }

    private SaslServer getIndirectSaslServer(final String str, final String str2, final String str3, final Map<String, Object> map, final String str4, final byte[] bArr) throws SaslException {
        try {
            return (SaslServer) Subject.doAs(serverSubject, new PrivilegedExceptionAction<SaslServer>() { // from class: org.wildfly.security.sasl.gs2.Gs2SuiteChild.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public SaslServer run() throws SaslException {
                    return Sasl.createSaslServer(str, str2, str3, map, new IndirectCallbackHandler(str4, bArr));
                }
            });
        } catch (PrivilegedActionException e) {
            if (e.getCause() instanceof SaslException) {
                throw e.getCause();
            }
            throw new RuntimeException(e.getCause());
        }
    }

    private SaslServer getSaslServer(String str, String str2, String str3, Map<String, Object> map, String str4, byte[] bArr) throws SaslException {
        return getSaslServer(str, str2, str3, map, str4, bArr, false);
    }

    private SaslServer getSaslServer(String str, String str2, String str3, Map<String, Object> map, String str4, byte[] bArr, boolean z) throws SaslException {
        GSSCredential gSSCredential = null;
        if (z) {
            try {
                gSSCredential = (GSSCredential) Subject.doAs(serverSubject, new PrivilegedExceptionAction<GSSCredential>() { // from class: org.wildfly.security.sasl.gs2.Gs2SuiteChild.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public GSSCredential run() throws SaslException {
                        try {
                            return GSSManager.getInstance().createCredential((GSSName) null, Integer.MAX_VALUE, GSSCredentialSecurityFactory.KERBEROS_V5, 2);
                        } catch (GSSException e) {
                            throw new SaslException(e.getMessage());
                        }
                    }
                });
            } catch (PrivilegedActionException e) {
                if (e.getCause() instanceof SaslException) {
                    throw e.getCause();
                }
                throw new RuntimeException(e.getCause());
            }
        }
        final SaslServerBuilder dontAssertBuiltServer = new SaslServerBuilder(Gs2SaslServerFactory.class, str).setDontAssertBuiltServer();
        dontAssertBuiltServer.addRealm("ldapRealm", LdapSecurityRealmBuilder.builder().setDirContextSupplier(() -> {
            return SimpleDirContextFactoryBuilder.builder().setProviderUrl(String.format("ldap://localhost:%d/", Integer.valueOf(TestKDC.LDAP_PORT))).setSecurityPrincipal("uid=Sasl_1,ou=Users,dc=wildfly,dc=org").setSecurityCredential("servicepwd").build().obtainDirContext(DirContextFactory.ReferralMode.IGNORE);
        }).setNameRewriter(new RegexNameRewriter(Pattern.compile("(.*)@WILDFLY\\.ORG"), "$1", true)).identityMapping().setSearchDn("dc=wildfly,dc=org").searchRecursive().setRdnIdentifier("uid").build().build());
        dontAssertBuiltServer.setDefaultRealmName("ldapRealm");
        if (str2 != null) {
            dontAssertBuiltServer.setProtocol(str2);
        }
        if (str3 != null) {
            dontAssertBuiltServer.setServerName(str3);
        }
        if (map != null) {
            dontAssertBuiltServer.setProperties(map);
        }
        if (str4 != null || bArr != null) {
            dontAssertBuiltServer.setChannelBinding(str4, bArr);
        }
        if (gSSCredential != null) {
            dontAssertBuiltServer.setCredential(new GSSKerberosCredential(gSSCredential));
        }
        try {
            return (SaslServer) Subject.doAs(serverSubject, new PrivilegedExceptionAction<SaslServer>() { // from class: org.wildfly.security.sasl.gs2.Gs2SuiteChild.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public SaslServer run() throws Exception {
                    return dontAssertBuiltServer.build();
                }
            });
        } catch (PrivilegedActionException e2) {
            if (e2.getCause() instanceof SaslException) {
                throw e2.getCause();
            }
            throw new RuntimeException(e2.getCause());
        }
    }

    private SaslClient getIndirectSaslClient(final String[] strArr, final String str, final String str2, final String str3, final Map<String, Object> map, final String str4, final byte[] bArr) throws SaslException {
        try {
            return (SaslClient) Subject.doAs(clientSubject, new PrivilegedExceptionAction<SaslClient>() { // from class: org.wildfly.security.sasl.gs2.Gs2SuiteChild.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public SaslClient run() throws SaslException {
                    return Sasl.createSaslClient(strArr, str, str2, str3, map, new IndirectCallbackHandler(str4, bArr));
                }
            });
        } catch (PrivilegedActionException e) {
            if (e.getCause() instanceof SaslException) {
                throw e.getCause();
            }
            throw new RuntimeException(e.getCause());
        }
    }

    private SaslClient getSaslClient(String[] strArr, String str, String str2, String str3, Map<String, Object> map, String str4, byte[] bArr) throws Exception {
        return getSaslClient(strArr, str, str2, str3, map, str4, bArr, false);
    }

    private SaslClient getSaslClient(final String[] strArr, final String str, final String str2, final String str3, final Map<String, Object> map, String str4, byte[] bArr, boolean z) throws Exception {
        GSSCredential gSSCredential = null;
        if (z) {
            try {
                gSSCredential = (GSSCredential) Subject.doAs(clientSubject, new PrivilegedExceptionAction<GSSCredential>() { // from class: org.wildfly.security.sasl.gs2.Gs2SuiteChild.5
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public GSSCredential run() throws SaslException {
                        try {
                            return GSSManager.getInstance().createCredential((GSSName) null, Integer.MAX_VALUE, GSSCredentialSecurityFactory.KERBEROS_V5, 1);
                        } catch (GSSException e) {
                            throw new SaslException(e.getMessage());
                        }
                    }
                });
            } catch (PrivilegedActionException e) {
                if (e.getCause() instanceof SaslException) {
                    throw e.getCause();
                }
                throw new RuntimeException(e.getCause());
            }
        }
        final CallbackHandler createClientCallbackHandler = createClientCallbackHandler(strArr, str, gSSCredential);
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(Gs2SaslClientFactory.class);
        Assert.assertNotNull(obtainSaslClientFactory);
        if (str4 != null || bArr != null) {
            obtainSaslClientFactory = new ChannelBindingSaslClientFactory(obtainSaslClientFactory, str4, bArr);
            Assert.assertNotNull(obtainSaslClientFactory);
        }
        if (str2 != null) {
            obtainSaslClientFactory = new ProtocolSaslClientFactory(obtainSaslClientFactory, str2);
            Assert.assertNotNull(obtainSaslClientFactory);
        }
        if (str3 != null) {
            obtainSaslClientFactory = new ServerNameSaslClientFactory(obtainSaslClientFactory, str3);
            Assert.assertNotNull(obtainSaslClientFactory);
        }
        if (map != null) {
            obtainSaslClientFactory = new PropertiesSaslClientFactory(obtainSaslClientFactory, map);
            Assert.assertNotNull(obtainSaslClientFactory);
        }
        final SaslClientFactory saslClientFactory = obtainSaslClientFactory;
        try {
            return (SaslClient) Subject.doAs(clientSubject, new PrivilegedExceptionAction<SaslClient>() { // from class: org.wildfly.security.sasl.gs2.Gs2SuiteChild.6
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public SaslClient run() throws SaslException {
                    return saslClientFactory.createSaslClient(strArr, str, str2, str3, map, createClientCallbackHandler);
                }
            });
        } catch (PrivilegedActionException e2) {
            if (e2.getCause() instanceof SaslException) {
                throw e2.getCause();
            }
            throw new RuntimeException(e2.getCause());
        }
    }

    private CallbackHandler createClientCallbackHandler(String[] strArr, String str, GSSCredential gSSCredential) throws Exception {
        return ClientUtils.getCallbackHandler(new URI("remote://localhost"), AuthenticationContext.empty().with(MatchRule.ALL, AuthenticationConfiguration.empty().useAuthorizationName(str).useGSSCredential(gSSCredential).setSaslMechanismSelector(SaslMechanismSelector.NONE.addMechanisms(strArr))));
    }

    private byte[] evaluateResponse(final byte[] bArr) throws SaslException {
        try {
            return (byte[]) Subject.doAs(serverSubject, new PrivilegedExceptionAction<byte[]>() { // from class: org.wildfly.security.sasl.gs2.Gs2SuiteChild.7
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public byte[] run() throws SaslException {
                    return Gs2SuiteChild.this.saslServer.evaluateResponse(bArr);
                }
            });
        } catch (PrivilegedActionException e) {
            if (e.getCause() instanceof SaslException) {
                throw e.getCause();
            }
            throw new RuntimeException(e.getCause());
        }
    }

    private byte[] evaluateChallenge(final byte[] bArr) throws SaslException {
        try {
            return (byte[]) Subject.doAs(clientSubject, new PrivilegedExceptionAction<byte[]>() { // from class: org.wildfly.security.sasl.gs2.Gs2SuiteChild.8
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public byte[] run() throws SaslException {
                    return Gs2SuiteChild.this.saslClient.evaluateChallenge(bArr);
                }
            });
        } catch (PrivilegedActionException e) {
            if (e.getCause() instanceof SaslException) {
                throw e.getCause();
            }
            throw new RuntimeException(e.getCause());
        }
    }
}
