package org.wildfly.security.sasl.digest;

import java.io.File;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.Provider;
import java.security.Security;
import java.util.Collections;
import java.util.HashMap;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import mockit.Mock;
import mockit.MockUp;
import mockit.integration.junit4.JMockit;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.wildfly.common.iteration.ByteIterator;
import org.wildfly.common.iteration.CodePointIterator;
import org.wildfly.security.auth.client.AuthenticationConfiguration;
import org.wildfly.security.auth.client.AuthenticationContext;
import org.wildfly.security.auth.client.ClientUtils;
import org.wildfly.security.auth.client.MatchRule;
import org.wildfly.security.auth.server.IdentityCredentials;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.store.CredentialStore;
import org.wildfly.security.credential.store.CredentialStoreBuilder;
import org.wildfly.security.credential.store.WildFlyElytronCredentialStoreProvider;
import org.wildfly.security.credential.store.impl.KeyStoreCredentialStore;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.sasl.SaslMechanismSelector;

@RunWith(JMockit.class)
/* loaded from: input_file:org/wildfly/security/sasl/digest/CompatibilityClientTest.class */
public class CompatibilityClientTest {
    protected static final String DIGEST = "DIGEST-MD5";
    protected static final String QOP_PROPERTY = "javax.security.sasl.qop";
    private SaslClient client;
    private static final Provider[] providers = {WildFlyElytronSaslDigestProvider.getInstance(), WildFlyElytronCredentialStoreProvider.getInstance()};
    private static String CS_FILE_NAME = "target/" + CompatibilityClientTest.class.getSimpleName() + ".cs";

    private static void registerProviders() {
        for (Provider provider : providers) {
            Security.insertProviderAt(provider, 1);
        }
    }

    @AfterClass
    public static void removeProviders() {
        for (Provider provider : providers) {
            Security.removeProvider(provider.getName());
        }
    }

    private void mockNonce(final String str) {
        new MockUp<DigestSaslClient>() { // from class: org.wildfly.security.sasl.digest.CompatibilityClientTest.1
            @Mock
            byte[] generateNonce() {
                return str.getBytes(StandardCharsets.UTF_8);
            }
        };
    }

    @BeforeClass
    public static void setupCredentialStore() throws Exception {
        registerProviders();
        CredentialStoreBuilder.get().setKeyStoreFile(CS_FILE_NAME).setKeyStorePassword("secret_store_1").addPassword("chris_pwd_alias", "secret").build();
    }

    @AfterClass
    public static void cleanUpCredentialStore() {
        File file = new File(CS_FILE_NAME);
        if (file.exists()) {
            file.delete();
        }
    }

    @Test
    public void testRfc2831example1Classic() throws Exception {
        testRfc2831example1(false);
    }

    @Test
    public void testRfc2831example1CredentialStore() throws Exception {
        testRfc2831example1(true);
    }

    private void testRfc2831example1(boolean z) throws Exception {
        mockNonce("OA6MHXh6VqTrRk");
        SaslClient createSaslClient = Sasl.createSaslClient(new String[]{DIGEST}, (String) null, "imap", "elwood.innosoft.com", new HashMap(), z ? createCredentialStoreBasedClientCallbackHandler("chris", null, "chris_pwd_alias", CS_FILE_NAME, "secret_store_1", "secret_key_1") : createClientCallbackHandler("chris", "secret".toCharArray(), null));
        Assert.assertNotNull(createSaslClient);
        Assert.assertFalse(createSaslClient.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",maxbuf=65536,response=d388dad90d4bbd760a152321f2143af7,qop=auth", new String(createSaslClient.evaluateChallenge("realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",qop=\"auth\",algorithm=md5-sess,charset=utf-8".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertFalse(createSaslClient.isComplete());
        Assert.assertEquals((Object) null, createSaslClient.evaluateChallenge("rspauth=ea40f60335c427b5527b84dbabcdfffd".getBytes(StandardCharsets.UTF_8)));
        Assert.assertTrue(createSaslClient.isComplete());
    }

    @Test
    public void testRfc2831example2Classic() throws Exception {
        testRfc2831example2(false);
    }

    @Test
    public void testRfc2831example2CredentialStore() throws Exception {
        testRfc2831example2(true);
    }

    private void testRfc2831example2(boolean z) throws Exception {
        mockNonce("OA9BSuZWMSpW8m");
        this.client = Sasl.createSaslClient(new String[]{DIGEST}, (String) null, "acap", "elwood.innosoft.com", new HashMap(), z ? createCredentialStoreBasedClientCallbackHandler("chris", null, "chris_pwd_alias", CS_FILE_NAME, "secret_store_1", "secret_key_1") : createClientCallbackHandler("chris", "secret".toCharArray(), null));
        Assert.assertFalse(this.client.hasInitialResponse());
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",maxbuf=65536,response=6084c6db3fede7352c551284490fd0fc,qop=auth", new String(this.client.evaluateChallenge("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",qop=\"auth\",algorithm=md5-sess,charset=utf-8".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals((Object) null, this.client.evaluateChallenge("rspauth=2f0b3d7c3c2e486600ef710726aa2eae".getBytes(StandardCharsets.UTF_8)));
        Assert.assertTrue(this.client.isComplete());
    }

    @Test
    public void testAuthorizedAuthorizationIdClassic() throws Exception {
        testAuthorizedAuthorizationId(false);
    }

    @Test
    public void testAuthorizedAuthorizationIdCredentialStore() throws Exception {
        testAuthorizedAuthorizationId(true);
    }

    private void testAuthorizedAuthorizationId(boolean z) throws Exception {
        mockNonce("OA9BSuZWMSpW8m");
        this.client = Sasl.createSaslClient(new String[]{DIGEST}, "chris", "acap", "elwood.innosoft.com", new HashMap(), z ? createCredentialStoreBasedClientCallbackHandler("chris", null, "chris_pwd_alias", CS_FILE_NAME, "secret_store_1", "secret_key_1") : createClientCallbackHandler("chris", "secret".toCharArray(), null));
        Assert.assertFalse(this.client.hasInitialResponse());
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",maxbuf=65536,response=aa4e81f1c6656350f7bce05d436665de,qop=auth,authzid=\"chris\"", new String(this.client.evaluateChallenge("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",qop=\"auth\",algorithm=md5-sess,charset=utf-8".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals((Object) null, this.client.evaluateChallenge("rspauth=af3ca83a805d4cfa00675a17315475c4".getBytes(StandardCharsets.UTF_8)));
        Assert.assertTrue(this.client.isComplete());
    }

    @Test
    public void testQopAuthIntClassic() throws Exception {
        testQopAuthInt(false);
    }

    @Test
    public void testQopAuthIntCredentialStore() throws Exception {
        testQopAuthInt(true);
    }

    private void testQopAuthInt(boolean z) throws Exception {
        mockNonce("OA9BSuZWMSpW8m");
        HashMap hashMap = new HashMap();
        hashMap.put(QOP_PROPERTY, "auth-int");
        this.client = Sasl.createSaslClient(new String[]{DIGEST}, "chris", "acap", "elwood.innosoft.com", hashMap, z ? createCredentialStoreBasedClientCallbackHandler("chris", null, "chris_pwd_alias", CS_FILE_NAME, "secret_store_1", "secret_key_1") : createClientCallbackHandler("chris", "secret".toCharArray(), null));
        Assert.assertFalse(this.client.hasInitialResponse());
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",maxbuf=65536,response=d8b17f55b410208c6ebb22f89f9d6cbb,qop=auth-int,authzid=\"chris\"", new String(this.client.evaluateChallenge("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",qop=\"auth-int\",charset=utf-8,algorithm=md5-sess".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals((Object) null, this.client.evaluateChallenge("rspauth=7a8794654d6d6de607e9143d52b554a8".getBytes(StandardCharsets.UTF_8)));
        Assert.assertTrue(this.client.isComplete());
        byte[] drain = CodePointIterator.ofString("11223344").hexDecode().drain();
        Assert.assertEquals("1122334499191be7952a49d8549b000100000000", ByteIterator.ofBytes(this.client.wrap(drain, 0, drain.length)).hexEncode().drainToString());
        byte[] drain2 = CodePointIterator.ofString("55667788cf5e02ad15987d9076b8000100000000").hexDecode().drain();
        Assert.assertEquals("55667788", ByteIterator.ofBytes(this.client.unwrap(drain2, 0, drain2.length)).hexEncode().drainToString());
        byte[] drain3 = CodePointIterator.ofString("aabbcc").hexDecode().drain();
        Assert.assertEquals("aabbcc7e845ed48b0474447543000100000001", ByteIterator.ofBytes(this.client.wrap(drain3, 0, drain3.length)).hexEncode().drainToString());
        byte[] bArr = new byte[0];
        Assert.assertEquals("", ByteIterator.ofBytes(this.client.unwrap(bArr, 0, bArr.length)).hexEncode().drainToString());
        byte[] drain4 = CodePointIterator.ofString("016603ce7148b6869e1b8df557000100000001").hexDecode().drain();
        Assert.assertEquals("", ByteIterator.ofBytes(this.client.unwrap(drain4, 0, drain4.length)).hexEncode().drainToString());
        try {
            byte[] drain5 = CodePointIterator.ofString("01020352873023be5e875d6a93000100000002").hexDecode().drain();
            this.client.unwrap(drain5, 0, drain5.length);
            Assert.fail("Out of order sequencing SaslException expected!");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testQopAuthConf() throws Exception {
        mockNonce("OA9BSuZWMSpW8m");
        CallbackHandler createClientCallbackHandler = createClientCallbackHandler("chris", "secret".toCharArray(), null);
        HashMap hashMap = new HashMap();
        hashMap.put(QOP_PROPERTY, "auth-conf");
        this.client = Sasl.createSaslClient(new String[]{DIGEST}, "chris", "acap", "elwood.innosoft.com", hashMap, createClientCallbackHandler);
        Assert.assertFalse(this.client.hasInitialResponse());
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",maxbuf=65536,response=4520cf48234bb93b95548a25cd56601b,qop=auth-conf,cipher=\"3des\",authzid=\"chris\"", new String(this.client.evaluateChallenge("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",qop=\"auth-conf\",charset=utf-8,cipher=\"3des,rc4,des,rc4-56,rc4-40\",algorithm=md5-sess".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals((Object) null, this.client.evaluateChallenge("rspauth=a804fda66588e2d911bbacd1b1163bc1".getBytes(StandardCharsets.UTF_8)));
        Assert.assertTrue(this.client.isComplete());
        byte[] drain = CodePointIterator.ofString("11223344").hexDecode().drain();
        Assert.assertEquals("13f7644f8c783501177522c1a455cb1f000100000000", ByteIterator.ofBytes(this.client.wrap(drain, 0, drain.length)).hexEncode().drainToString());
        byte[] drain2 = CodePointIterator.ofString("93ce33409e0fe5187e07c16fc3041f64000100000000").hexDecode().drain();
        Assert.assertEquals("55667788", ByteIterator.ofBytes(this.client.unwrap(drain2, 0, drain2.length)).hexEncode().drainToString());
        byte[] drain3 = CodePointIterator.ofString("aabbcc").hexDecode().drain();
        Assert.assertEquals("ec426d9cd3276f22285ab5da8df8f26b000100000001", ByteIterator.ofBytes(this.client.wrap(drain3, 0, drain3.length)).hexEncode().drainToString());
        byte[] bArr = new byte[0];
        Assert.assertEquals("", ByteIterator.ofBytes(this.client.unwrap(bArr, 0, bArr.length)).hexEncode().drainToString());
        byte[] drain4 = CodePointIterator.ofString("cb8905522a50046ecb969c11a9d72014000100000001").hexDecode().drain();
        Assert.assertEquals("", ByteIterator.ofBytes(this.client.unwrap(drain4, 0, drain4.length)).hexEncode().drainToString());
        try {
            byte[] drain5 = CodePointIterator.ofString("b12efd35ef3289f98cf6d98e6547bd3a000100000002").hexDecode().drain();
            this.client.unwrap(drain5, 0, drain5.length);
            Assert.fail("Out of order sequencing SaslException expected!");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testQopAuthConfRc4Classic() throws Exception {
        testQopAuthConfRc4(false);
    }

    @Test
    public void testQopAuthConfRc4CredentialStore() throws Exception {
        testQopAuthConfRc4(true);
    }

    private void testQopAuthConfRc4(boolean z) throws Exception {
        mockNonce("OA9BSuZWMSpW8m");
        HashMap hashMap = new HashMap();
        hashMap.put(QOP_PROPERTY, "auth-conf");
        this.client = Sasl.createSaslClient(new String[]{DIGEST}, "chris", "acap", "elwood.innosoft.com", hashMap, z ? createCredentialStoreBasedClientCallbackHandler("chris", null, "chris_pwd_alias", CS_FILE_NAME, "secret_store_1", "secret_key_1") : createClientCallbackHandler("chris", "secret".toCharArray(), null));
        Assert.assertFalse(this.client.hasInitialResponse());
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",maxbuf=65536,response=4520cf48234bb93b95548a25cd56601b,qop=auth-conf,cipher=\"rc4\",authzid=\"chris\"", new String(this.client.evaluateChallenge("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",qop=\"auth-conf\",charset=utf-8,cipher=\"rc4\",algorithm=md5-sess".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals((Object) null, this.client.evaluateChallenge("rspauth=a804fda66588e2d911bbacd1b1163bc1".getBytes(StandardCharsets.UTF_8)));
        Assert.assertTrue(this.client.isComplete());
        byte[] drain = CodePointIterator.ofString("11223344").hexDecode().drain();
        Assert.assertEquals("6a9328ca634e47c8d1ecc3c3f6e6000100000000", ByteIterator.ofBytes(this.client.wrap(drain, 0, drain.length)).hexEncode().drainToString());
        byte[] drain2 = CodePointIterator.ofString("9fc7eb1c3c9e04b52df6e347a389000100000000").hexDecode().drain();
        Assert.assertEquals("55667788", ByteIterator.ofBytes(this.client.unwrap(drain2, 0, drain2.length)).hexEncode().drainToString());
        byte[] drain3 = CodePointIterator.ofString("aabbcc").hexDecode().drain();
        Assert.assertEquals("7e15b940fccbb58a5612f54da7000100000001", ByteIterator.ofBytes(this.client.wrap(drain3, 0, drain3.length)).hexEncode().drainToString());
        byte[] bArr = new byte[0];
        Assert.assertEquals("", ByteIterator.ofBytes(this.client.unwrap(bArr, 0, bArr.length)).hexEncode().drainToString());
        byte[] drain4 = CodePointIterator.ofString("b0d829402149855796493cdf21000100000001").hexDecode().drain();
        Assert.assertEquals("", ByteIterator.ofBytes(this.client.unwrap(drain4, 0, drain4.length)).hexEncode().drainToString());
        try {
            byte[] drain5 = CodePointIterator.ofString("a5a7390698ed8ab7ac667406a3000100000002").hexDecode().drain();
            this.client.unwrap(drain5, 0, drain5.length);
            Assert.fail("Out of order sequencing SaslException expected!");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testQopAuthConfDes() throws Exception {
        mockNonce("OA9BSuZWMSpW8m");
        CallbackHandler createClientCallbackHandler = createClientCallbackHandler("chris", "secret".toCharArray(), null);
        HashMap hashMap = new HashMap();
        hashMap.put(QOP_PROPERTY, "auth-conf");
        this.client = Sasl.createSaslClient(new String[]{DIGEST}, "chris", "acap", "elwood.innosoft.com", hashMap, createClientCallbackHandler);
        Assert.assertFalse(this.client.hasInitialResponse());
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",maxbuf=65536,response=4520cf48234bb93b95548a25cd56601b,qop=auth-conf,cipher=\"des\",authzid=\"chris\"", new String(this.client.evaluateChallenge("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",qop=\"auth-conf\",charset=utf-8,cipher=\"des\",algorithm=md5-sess".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals((Object) null, this.client.evaluateChallenge("rspauth=a804fda66588e2d911bbacd1b1163bc1".getBytes(StandardCharsets.UTF_8)));
        Assert.assertTrue(this.client.isComplete());
        byte[] drain = CodePointIterator.ofString("11223344").hexDecode().drain();
        Assert.assertEquals("b2a12ba8ccd1030e7da4bac57a224197000100000000", ByteIterator.ofBytes(this.client.wrap(drain, 0, drain.length)).hexEncode().drainToString());
        byte[] drain2 = CodePointIterator.ofString("8bc1267e71a769456f0c60f030e13f32000100000000").hexDecode().drain();
        Assert.assertEquals("55667788", ByteIterator.ofBytes(this.client.unwrap(drain2, 0, drain2.length)).hexEncode().drainToString());
        byte[] drain3 = CodePointIterator.ofString("aabbcc").hexDecode().drain();
        Assert.assertEquals("13144fc90ca65d3838d3547cca43e8ad000100000001", ByteIterator.ofBytes(this.client.wrap(drain3, 0, drain3.length)).hexEncode().drainToString());
        byte[] bArr = new byte[0];
        Assert.assertEquals("", ByteIterator.ofBytes(this.client.unwrap(bArr, 0, bArr.length)).hexEncode().drainToString());
        byte[] drain4 = CodePointIterator.ofString("54d717857f511fb1964a723e08bf810c000100000001").hexDecode().drain();
        Assert.assertEquals("", ByteIterator.ofBytes(this.client.unwrap(drain4, 0, drain4.length)).hexEncode().drainToString());
        try {
            byte[] drain5 = CodePointIterator.ofString("44dd10b5277ee6c7de87cd0c3acacfad000100000002").hexDecode().drain();
            this.client.unwrap(drain5, 0, drain5.length);
            Assert.fail("Out of order sequencing SaslException expected!");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testQopAuthConfRc456() throws Exception {
        mockNonce("OA9BSuZWMSpW8m");
        CallbackHandler createClientCallbackHandler = createClientCallbackHandler("chris", "secret".toCharArray(), null);
        HashMap hashMap = new HashMap();
        hashMap.put(QOP_PROPERTY, "auth-conf");
        this.client = Sasl.createSaslClient(new String[]{DIGEST}, "chris", "acap", "elwood.innosoft.com", hashMap, createClientCallbackHandler);
        Assert.assertFalse(this.client.hasInitialResponse());
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",maxbuf=65536,response=4520cf48234bb93b95548a25cd56601b,qop=auth-conf,cipher=\"rc4-56\",authzid=\"chris\"", new String(this.client.evaluateChallenge("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",qop=\"auth-conf\",charset=utf-8,cipher=\"rc4-56\",algorithm=md5-sess".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals((Object) null, this.client.evaluateChallenge("rspauth=a804fda66588e2d911bbacd1b1163bc1".getBytes(StandardCharsets.UTF_8)));
        Assert.assertTrue(this.client.isComplete());
        byte[] drain = CodePointIterator.ofString("11223344").hexDecode().drain();
        Assert.assertEquals("7a77c4b8b20208e502e5dc09bbfc000100000000", ByteIterator.ofBytes(this.client.wrap(drain, 0, drain.length)).hexEncode().drainToString());
        byte[] drain2 = CodePointIterator.ofString("c10acbf737cdebf2298df53417bc000100000000").hexDecode().drain();
        Assert.assertEquals("55667788", ByteIterator.ofBytes(this.client.unwrap(drain2, 0, drain2.length)).hexEncode().drainToString());
        byte[] drain3 = CodePointIterator.ofString("aabbcc").hexDecode().drain();
        Assert.assertEquals("efcb8662925427788b0ffeab2c000100000001", ByteIterator.ofBytes(this.client.wrap(drain3, 0, drain3.length)).hexEncode().drainToString());
        byte[] bArr = new byte[0];
        Assert.assertEquals("", ByteIterator.ofBytes(this.client.unwrap(bArr, 0, bArr.length)).hexEncode().drainToString());
        byte[] drain4 = CodePointIterator.ofString("b18150d7204da90f0f733e3f73000100000001").hexDecode().drain();
        Assert.assertEquals("", ByteIterator.ofBytes(this.client.unwrap(drain4, 0, drain4.length)).hexEncode().drainToString());
        try {
            byte[] drain5 = CodePointIterator.ofString("ed5cc6b9058c9e5f3a175cdcbf000100000002").hexDecode().drain();
            this.client.unwrap(drain5, 0, drain5.length);
            Assert.fail("Out of order sequencing SaslException expected!");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testQopAuthConfRc440Classic() throws Exception {
        testQopAuthConfRc440(false);
    }

    @Test
    public void testQopAuthConfRc440CredentialStore() throws Exception {
        testQopAuthConfRc440(true);
    }

    public void testQopAuthConfRc440(boolean z) throws Exception {
        mockNonce("OA9BSuZWMSpW8m");
        HashMap hashMap = new HashMap();
        hashMap.put(QOP_PROPERTY, "auth-conf");
        this.client = Sasl.createSaslClient(new String[]{DIGEST}, "chris", "acap", "elwood.innosoft.com", hashMap, z ? createCredentialStoreBasedClientCallbackHandler("chris", null, "chris_pwd_alias", CS_FILE_NAME, "secret_store_1", "secret_key_1") : createClientCallbackHandler("chris", "secret".toCharArray(), null));
        Assert.assertFalse(this.client.hasInitialResponse());
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",maxbuf=65536,response=4520cf48234bb93b95548a25cd56601b,qop=auth-conf,cipher=\"rc4-40\",authzid=\"chris\"", new String(this.client.evaluateChallenge("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",qop=\"auth-conf\",charset=utf-8,cipher=\"rc4-40\",algorithm=md5-sess".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals((Object) null, this.client.evaluateChallenge("rspauth=a804fda66588e2d911bbacd1b1163bc1".getBytes(StandardCharsets.UTF_8)));
        Assert.assertTrue(this.client.isComplete());
        byte[] drain = CodePointIterator.ofString("11223344").hexDecode().drain();
        Assert.assertEquals("ed46c6b0d38acb719aad661f9625000100000000", ByteIterator.ofBytes(this.client.wrap(drain, 0, drain.length)).hexEncode().drainToString());
        byte[] drain2 = CodePointIterator.ofString("44aca6145a89353d26258e524724000100000000").hexDecode().drain();
        Assert.assertEquals("55667788", ByteIterator.ofBytes(this.client.unwrap(drain2, 0, drain2.length)).hexEncode().drainToString());
        byte[] drain3 = CodePointIterator.ofString("aabbcc").hexDecode().drain();
        Assert.assertEquals("b7bdc8f08733182154289e7f3d000100000001", ByteIterator.ofBytes(this.client.wrap(drain3, 0, drain3.length)).hexEncode().drainToString());
        byte[] bArr = new byte[0];
        Assert.assertEquals("", ByteIterator.ofBytes(this.client.unwrap(bArr, 0, bArr.length)).hexEncode().drainToString());
        byte[] drain4 = CodePointIterator.ofString("685082d4671e03ac60df93d1b9000100000001").hexDecode().drain();
        Assert.assertEquals("", ByteIterator.ofBytes(this.client.unwrap(drain4, 0, drain4.length)).hexEncode().drainToString());
        try {
            byte[] drain5 = CodePointIterator.ofString("c7b5198826c7066b48e474db0c000100000002").hexDecode().drain();
            this.client.unwrap(drain5, 0, drain5.length);
            Assert.fail("Out of order sequencing SaslException expected!");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testQopAuthConfUnknown() throws Exception {
        mockNonce("OA9BSuZWMSpW8m");
        CallbackHandler createClientCallbackHandler = createClientCallbackHandler("chris", "secret".toCharArray(), null);
        HashMap hashMap = new HashMap();
        hashMap.put(QOP_PROPERTY, "auth-conf");
        this.client = Sasl.createSaslClient(new String[]{DIGEST}, "chris", "acap", "elwood.innosoft.com", hashMap, createClientCallbackHandler);
        Assert.assertFalse(this.client.hasInitialResponse());
        Assert.assertFalse(this.client.isComplete());
        try {
            this.client.evaluateChallenge("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",qop=\"auth-conf\",charset=utf-8,cipher=\"unknown\",algorithm=md5-sess".getBytes(StandardCharsets.UTF_8));
            Assert.fail("Not thrown SaslException!");
        } catch (SaslException e) {
        }
        Assert.assertFalse(this.client.isComplete());
    }

    @Test
    public void testMoreRealmsFromServer() throws Exception {
        mockNonce("OA6MHXh6VqTrRk");
        this.client = Sasl.createSaslClient(new String[]{DIGEST}, (String) null, "imap", "elwood.innosoft.com", Collections.emptyMap(), createClientCallbackHandler("chris", "secret".toCharArray(), "elwood.innosoft.com"));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",maxbuf=65536,response=d388dad90d4bbd760a152321f2143af7,qop=auth", new String(this.client.evaluateChallenge("realm=\"other-realm\",realm=\"elwood.innosoft.com\",realm=\"next-realm\",nonce=\"OA6MG9tEQGm2hh\",qop=\"auth\",algorithm=md5-sess,charset=utf-8".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals((Object) null, this.client.evaluateChallenge("rspauth=ea40f60335c427b5527b84dbabcdfffd".getBytes(StandardCharsets.UTF_8)));
        Assert.assertTrue(this.client.isComplete());
    }

    @Test
    public void testNoRealmsFromServer() throws Exception {
        mockNonce("OA6MHXh6VqTrRk");
        this.client = Sasl.createSaslClient(new String[]{DIGEST}, (String) null, "imap", "elwood.innosoft.com", Collections.emptyMap(), createClientCallbackHandler("chris", "secret".toCharArray(), null));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"chris\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",maxbuf=65536,response=695dcc815019923b9d438fd28c641aa9,qop=auth", new String(this.client.evaluateChallenge("nonce=\"OA6MG9tEQGm2hh\",qop=\"auth\",algorithm=md5-sess,charset=utf-8".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals((Object) null, this.client.evaluateChallenge("rspauth=ef0a550cd88d926ff426790bef156af3".getBytes(StandardCharsets.UTF_8)));
        Assert.assertTrue(this.client.isComplete());
    }

    @Test
    public void testNoServerNonce() throws Exception {
        this.client = Sasl.createSaslClient(new String[]{DIGEST}, (String) null, "imap", "elwood.innosoft.com", Collections.emptyMap(), createClientCallbackHandler("chris", "secret".toCharArray(), null));
        Assert.assertFalse(this.client.isComplete());
        try {
            this.client.evaluateChallenge("qop=\"auth\",algorithm=md5-sess,charset=utf-8".getBytes(StandardCharsets.UTF_8));
            Assert.fail("Not thrown SaslException!");
        } catch (SaslException e) {
        }
        Assert.assertFalse(this.client.isComplete());
    }

    @Test
    public void testBlankServerNonce() throws Exception {
        mockNonce("OA6MHXh6VqTrRk");
        this.client = Sasl.createSaslClient(new String[]{DIGEST}, (String) null, "imap", "elwood.innosoft.com", Collections.emptyMap(), createClientCallbackHandler("chris", "secret".toCharArray(), null));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"chris\",nonce=\"\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",maxbuf=65536,response=c87a63a455fed82d007a7996d49a51bc,qop=auth", new String(this.client.evaluateChallenge("nonce=\"\",qop=\"auth\",algorithm=md5-sess,charset=utf-8".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals((Object) null, this.client.evaluateChallenge("rspauth=fa4e5be53f9b154858fb82d96c93a03a".getBytes(StandardCharsets.UTF_8)));
        Assert.assertTrue(this.client.isComplete());
    }

    @Test
    public void testUtf8Charset() throws Exception {
        mockNonce("cnи你��");
        this.client = Sasl.createSaslClient(new String[]{DIGEST}, (String) null, "и你��", "realm.и你��.com", Collections.emptyMap(), createClientCallbackHandler("и你��", "и你��".toCharArray(), null));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"и你��\",realm=\"realm.и你��.com\",nonce=\"snи你��\",nc=00000001,cnonce=\"cnи你��\",digest-uri=\"и你��/realm.и你��.com\",maxbuf=65536,response=420939e06d2d748c157c5e33499b41a9,qop=auth", new String(this.client.evaluateChallenge("realm=\"realm.и你��.com\",nonce=\"snи你��\",charset=utf-8,algorithm=md5-sess".getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals((Object) null, this.client.evaluateChallenge("rspauth=9c4d137545617ba98c11aaea939b4381".getBytes(StandardCharsets.UTF_8)));
        Assert.assertTrue(this.client.isComplete());
    }

    @Test
    public void testMoreRealmsWithEscapedDelimiters() throws Exception {
        mockNonce("OA6MHXh6VqTrRk");
        this.client = Sasl.createSaslClient(new String[]{DIGEST}, (String) null, "protocol name", "server name", Collections.emptyMap(), createClientCallbackHandler("chris", "secret".toCharArray(), "first realm"));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"chris\",realm=\"first realm\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"protocol name/server name\",maxbuf=65536,response=bf3dd710ee08b05c663456975c156075,qop=auth", new String(this.client.evaluateChallenge("realm=\"first realm\",realm=\"second\\\\ realm\",realm=\" with spaces \",realm=\" \",nonce=\"OA9BSXrbuRhWay\",charset=utf-8,algorithm=md5-sess".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals((Object) null, this.client.evaluateChallenge("rspauth=05a18aff49b22e373bb91af7396ce345".getBytes(StandardCharsets.UTF_8)));
        Assert.assertTrue(this.client.isComplete());
    }

    @Test
    public void testWrongStepThreeRspauth() throws Exception {
        mockNonce("OA6MHXh6VqTrRk");
        this.client = Sasl.createSaslClient(new String[]{DIGEST}, (String) null, "imap", "elwood.innosoft.com", Collections.emptyMap(), createClientCallbackHandler("chris", "secret".toCharArray(), null));
        Assert.assertFalse(this.client.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",maxbuf=65536,response=d388dad90d4bbd760a152321f2143af7,qop=auth", new String(this.client.evaluateChallenge("realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",qop=\"auth\",algorithm=md5-sess,charset=utf-8".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertFalse(this.client.isComplete());
        try {
            this.client.evaluateChallenge("rspauth=ab66f60335c427b5527b84dbabcdaacc".getBytes(StandardCharsets.UTF_8));
            Assert.fail("Not thrown SaslException!");
        } catch (SaslException e) {
        }
        Assert.assertFalse(this.client.isComplete());
    }

    @Test
    public void testQopSelection1() throws Exception {
        mockNonce("+7HQhcJThEsqZ3gor1hThC5on8hQ3DRP2esrw+km");
        HashMap hashMap = new HashMap();
        hashMap.put(QOP_PROPERTY, "auth-conf,auth-int,auth");
        SaslClient createSaslClient = Sasl.createSaslClient(new String[]{DIGEST}, "user", "TestProtocol", "TestServer", hashMap, createClientCallbackHandler("user", "password".toCharArray(), null));
        Assert.assertFalse(createSaslClient.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"user\",realm=\"TestServer\",nonce=\"288HcNYUg60jN/kEFYT/HklRVjZA6opb2if8tsja\",nc=00000001,cnonce=\"+7HQhcJThEsqZ3gor1hThC5on8hQ3DRP2esrw+km\",digest-uri=\"TestProtocol/TestServer\",maxbuf=65536,response=663997cd2a9dc34c84240430fb1be16c,qop=auth-int,authzid=\"user\"", new String(createSaslClient.evaluateChallenge("realm=\"TestServer\",nonce=\"288HcNYUg60jN/kEFYT/HklRVjZA6opb2if8tsja\",qop=\"auth,auth-int\",charset=utf-8,algorithm=md5-sess".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertFalse(createSaslClient.isComplete());
        Assert.assertEquals((Object) null, createSaslClient.evaluateChallenge("rspauth=b3d6f9165b0bb0972adaa5778b840c3a".getBytes(StandardCharsets.UTF_8)));
        Assert.assertTrue(createSaslClient.isComplete());
    }

    @Test
    public void testQopSelection2() throws Exception {
        mockNonce("a7YfTdcWo4L0OeurbYrT9G+01rZiNe6LSWuCSo73");
        HashMap hashMap = new HashMap();
        hashMap.put(QOP_PROPERTY, "auth-conf,auth,auth-int");
        SaslClient createSaslClient = Sasl.createSaslClient(new String[]{DIGEST}, "user", "TestProtocol", "TestServer", hashMap, createClientCallbackHandler("user", "password".toCharArray(), null));
        Assert.assertFalse(createSaslClient.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"user\",realm=\"TestServer\",nonce=\"QduN0itdkfbx8VqlrWt56ZS7uRhI2Rt3P8bqfsM/\",nc=00000001,cnonce=\"a7YfTdcWo4L0OeurbYrT9G+01rZiNe6LSWuCSo73\",digest-uri=\"TestProtocol/TestServer\",maxbuf=65536,response=636d1e3c3d73e1bfb15f85957720ce35,qop=auth,authzid=\"user\"", new String(createSaslClient.evaluateChallenge("realm=\"TestServer\",nonce=\"QduN0itdkfbx8VqlrWt56ZS7uRhI2Rt3P8bqfsM/\",qop=\"auth-int,auth\",charset=utf-8,algorithm=md5-sess".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertFalse(createSaslClient.isComplete());
        Assert.assertEquals((Object) null, createSaslClient.evaluateChallenge("rspauth=a77854059f533745d50abb064b7df938".getBytes(StandardCharsets.UTF_8)));
        Assert.assertTrue(createSaslClient.isComplete());
    }

    @Test
    public void testQopSelectionFail() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put(QOP_PROPERTY, "auth-conf");
        SaslClient createSaslClient = Sasl.createSaslClient(new String[]{DIGEST}, "user", "TestProtocol", "TestServer", hashMap, createClientCallbackHandler("user", "password".toCharArray(), null));
        Assert.assertFalse(createSaslClient.isComplete());
        try {
            createSaslClient.evaluateChallenge("realm=\"TestServer\",nonce=\"QduN0itdkfbx8VqlrWt56ZS7uRhI2Rt3P8bqfsM/\",qop=\"auth-int,auth\",charset=utf-8,algorithm=md5-sess".getBytes(StandardCharsets.UTF_8));
            Assert.fail("Not thrown SaslException!");
        } catch (SaslException e) {
        }
        Assert.assertFalse(createSaslClient.isComplete());
    }

    @Test
    public void testStaleNonce() throws Exception {
        mockNonce("OA6MHXh6VqTrRk");
        SaslClient createSaslClient = Sasl.createSaslClient(new String[]{DIGEST}, (String) null, "imap", "elwood.innosoft.com", new HashMap(), createClientCallbackHandler("chris", "secret".toCharArray(), null));
        Assert.assertNotNull(createSaslClient);
        Assert.assertFalse(createSaslClient.isComplete());
        createSaslClient.evaluateChallenge("realm=\"elwood.innosoft.com\",nonce=\"tooOldNonce\",qop=\"auth\",algorithm=md5-sess,charset=utf-8".getBytes(StandardCharsets.UTF_8));
        Assert.assertFalse(createSaslClient.isComplete());
        Assert.assertEquals("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",maxbuf=65536,response=d388dad90d4bbd760a152321f2143af7,qop=auth", new String(createSaslClient.evaluateChallenge("stale=true,realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",qop=\"auth\",algorithm=md5-sess,charset=utf-8".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertFalse(createSaslClient.isComplete());
        Assert.assertEquals((Object) null, createSaslClient.evaluateChallenge("rspauth=ea40f60335c427b5527b84dbabcdfffd".getBytes(StandardCharsets.UTF_8)));
        Assert.assertTrue(createSaslClient.isComplete());
    }

    private CallbackHandler createClientCallbackHandler(String str, char[] cArr, String str2) throws Exception {
        return ClientUtils.getCallbackHandler(new URI("doesnot://matter?"), AuthenticationContext.empty().with(MatchRule.ALL, AuthenticationConfiguration.empty().useName(str).usePassword(cArr).useRealm(str2).setSaslMechanismSelector(SaslMechanismSelector.NONE.addMechanism(DIGEST))));
    }

    private CallbackHandler createCredentialStoreBasedClientCallbackHandler(String str, String str2, String str3, String str4, String str5, String str6) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("location", str4);
        hashMap.put("keyStoreType", "JCEKS");
        try {
            CredentialStore credentialStore = CredentialStore.getInstance(KeyStoreCredentialStore.KEY_STORE_CREDENTIAL_STORE);
            credentialStore.initialize(hashMap, new CredentialStore.CredentialSourceProtectionParameter(IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw("clear", str5.toCharArray())))));
            return ClientUtils.getCallbackHandler(new URI("doesnot://matter"), AuthenticationContext.empty().with(MatchRule.ALL, AuthenticationConfiguration.empty().useName(str).useCredentialStoreEntry(credentialStore, str3).useRealm(str2).setSaslMechanismSelector(SaslMechanismSelector.NONE.addMechanism(DIGEST))));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
