package org.wildfly.security.http;

import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import mockit.integration.junit4.JMockit;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.wildfly.security.http.digest.WildFlyElytronHttpDigestProvider;
import org.wildfly.security.http.impl.AbstractBaseHttpTest;
import org.wildfly.security.http.util.SecurityProviderServerMechanismFactory;

@RunWith(JMockit.class)
/* loaded from: input_file:org/wildfly/security/http/HttpAuthenticatorTest.class */
public class HttpAuthenticatorTest extends AbstractBaseHttpTest {
    private HttpAuthenticator authenticator;
    private final AbstractBaseHttpTest.TestingHttpExchangeSpi exchangeSpi = new AbstractBaseHttpTest.TestingHttpExchangeSpi();
    private final String digestHeader = "Digest username=\"Mufasa\",\n       realm=\"http-auth@example.org\",\n       uri=\"/dir/index.html\",\n       algorithm=MD5,\n       nonce=\"7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v\",\n       nc=00000001,\n       cnonce=\"f2/wE4q74E6zIJEtWaHKaf5wv/H5QzzpXusqGemxURZJ\",\n       qop=auth,\n       response=\"8ca523f5e9506fed4657c9700eebdbec\",\n       opaque=\"FQhe/qaU925kfnzjCev0ciny7QMkPqMAFRtzCUYo5tdS\"";
    private final String digestSha256Header = "Digest username=\"Mufasa\",\n       realm=\"http-auth@example.org\",\n       uri=\"/dir/index.html\",\n       algorithm=SHA-256,\n       nonce=\"7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v\",\n       nc=00000001,\n       cnonce=\"f2/wE4q74E6zIJEtWaHKaf5wv/H5QzzpXusqGemxURZJ\",\n       qop=auth,\n       response=\"753927fa0e85d155564e2e272a28d1802ca10daf4496794697cf8db5856cb6c1\",\n       opaque=\"FQhe/qaU925kfnzjCev0ciny7QMkPqMAFRtzCUYo5tdS\"";

    private CallbackHandler callbackHandler() {
        return getCallbackHandler("Mufasa", "http-auth@example.org", "Circle of Life");
    }

    private void testOneOfThree() throws Exception {
        mockDigestNonce("7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v");
        HashMap hashMap = new HashMap();
        hashMap.put(HttpConstants.CONFIG_REALM, "http-auth@example.org");
        hashMap.put("org.wildfly.security.http.validate-digest-uri", "false");
        CallbackHandler callbackHandler = callbackHandler();
        LinkedList linkedList = new LinkedList();
        linkedList.add(this.digestFactory.createAuthenticationMechanism("DIGEST", hashMap, callbackHandler));
        linkedList.add(this.basicFactory.createAuthenticationMechanism("BASIC", Collections.emptyMap(), callbackHandler));
        linkedList.add(this.digestFactory.createAuthenticationMechanism("DIGEST-SHA-256", hashMap, callbackHandler));
        this.authenticator = HttpAuthenticator.builder().setMechanismSupplier(() -> {
            return linkedList;
        }).setHttpExchangeSpi(this.exchangeSpi).setRequired(true).build();
        Assert.assertFalse(this.authenticator.authenticate());
        Assert.assertEquals("All three mechanisms provided authenticate response", 3L, this.exchangeSpi.getResponseAuthenticateHeaders().size());
        Assert.assertEquals(401L, this.exchangeSpi.getStatusCode());
        Assert.assertEquals((Object) null, this.exchangeSpi.getResult());
        this.exchangeSpi.setStatusCode(0);
    }

    private void authenticateWithDigestMD5() throws HttpAuthenticationException {
        this.exchangeSpi.setRequestAuthorizationHeaders(Collections.singletonList("Digest username=\"Mufasa\",\n       realm=\"http-auth@example.org\",\n       uri=\"/dir/index.html\",\n       algorithm=MD5,\n       nonce=\"7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v\",\n       nc=00000001,\n       cnonce=\"f2/wE4q74E6zIJEtWaHKaf5wv/H5QzzpXusqGemxURZJ\",\n       qop=auth,\n       response=\"8ca523f5e9506fed4657c9700eebdbec\",\n       opaque=\"FQhe/qaU925kfnzjCev0ciny7QMkPqMAFRtzCUYo5tdS\""));
        Assert.assertTrue("Digest-MD5 successful", this.authenticator.authenticate());
        Assert.assertEquals(0L, this.exchangeSpi.getStatusCode());
        Assert.assertEquals(AbstractBaseHttpTest.Status.COMPLETE, this.exchangeSpi.getResult());
    }

    @Test
    public void testDigestMd5() throws Exception {
        testOneOfThree();
        authenticateWithDigestMD5();
    }

    @Test
    public void testBasic() throws Exception {
        testOneOfThree();
        this.exchangeSpi.setRequestAuthorizationHeaders(Collections.singletonList("Basic TXVmYXNhOkNpcmNsZSBvZiBMaWZl"));
        Assert.assertTrue("Basic successful", this.authenticator.authenticate());
        Assert.assertEquals(0L, this.exchangeSpi.getStatusCode());
        Assert.assertEquals(AbstractBaseHttpTest.Status.COMPLETE, this.exchangeSpi.getResult());
    }

    @Test
    public void testBasicCaseInsensitive() throws Exception {
        testOneOfThree();
        this.exchangeSpi.setRequestAuthorizationHeaders(Collections.singletonList("BASIC TXVmYXNhOkNpcmNsZSBvZiBMaWZl"));
        Assert.assertTrue("Basic successful", this.authenticator.authenticate());
        Assert.assertEquals(0L, this.exchangeSpi.getStatusCode());
        Assert.assertEquals(AbstractBaseHttpTest.Status.COMPLETE, this.exchangeSpi.getResult());
    }

    @Test
    public void testDigestSha256() throws Exception {
        testOneOfThree();
        this.exchangeSpi.setRequestAuthorizationHeaders(Collections.singletonList("Digest username=\"Mufasa\",\n       realm=\"http-auth@example.org\",\n       uri=\"/dir/index.html\",\n       algorithm=SHA-256,\n       nonce=\"7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v\",\n       nc=00000001,\n       cnonce=\"f2/wE4q74E6zIJEtWaHKaf5wv/H5QzzpXusqGemxURZJ\",\n       qop=auth,\n       response=\"753927fa0e85d155564e2e272a28d1802ca10daf4496794697cf8db5856cb6c1\",\n       opaque=\"FQhe/qaU925kfnzjCev0ciny7QMkPqMAFRtzCUYo5tdS\""));
        Assert.assertTrue("Digest-SHA-256 successful", this.authenticator.authenticate());
        Assert.assertEquals(0L, this.exchangeSpi.getStatusCode());
        Assert.assertEquals(AbstractBaseHttpTest.Status.COMPLETE, this.exchangeSpi.getResult());
    }

    @Test
    public void testDigestSha256CaseInsensitive() throws Exception {
        testOneOfThree();
        this.exchangeSpi.setRequestAuthorizationHeaders(Collections.singletonList("DIGEST " + "Digest username=\"Mufasa\",\n       realm=\"http-auth@example.org\",\n       uri=\"/dir/index.html\",\n       algorithm=SHA-256,\n       nonce=\"7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v\",\n       nc=00000001,\n       cnonce=\"f2/wE4q74E6zIJEtWaHKaf5wv/H5QzzpXusqGemxURZJ\",\n       qop=auth,\n       response=\"753927fa0e85d155564e2e272a28d1802ca10daf4496794697cf8db5856cb6c1\",\n       opaque=\"FQhe/qaU925kfnzjCev0ciny7QMkPqMAFRtzCUYo5tdS\"".substring(7)));
        Assert.assertTrue("Digest-SHA-256 successful", this.authenticator.authenticate());
        Assert.assertEquals(0L, this.exchangeSpi.getStatusCode());
        Assert.assertEquals(AbstractBaseHttpTest.Status.COMPLETE, this.exchangeSpi.getResult());
    }

    public List<HttpServerAuthenticationMechanism> prepareBasicSilentMechanisms() throws Exception {
        mockDigestNonce("7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v");
        LinkedList linkedList = new LinkedList();
        HashMap hashMap = new HashMap();
        hashMap.put("silent", "true");
        linkedList.add(this.basicFactory.createAuthenticationMechanism("BASIC", hashMap, callbackHandler()));
        this.authenticator = HttpAuthenticator.builder().setMechanismSupplier(() -> {
            return linkedList;
        }).setHttpExchangeSpi(this.exchangeSpi).setRequired(true).build();
        return linkedList;
    }

    public void prepareSilentBasicWithDigestMechanisms() throws Exception {
        List<HttpServerAuthenticationMechanism> prepareBasicSilentMechanisms = prepareBasicSilentMechanisms();
        HashMap hashMap = new HashMap();
        hashMap.put(HttpConstants.CONFIG_REALM, "http-auth@example.org");
        hashMap.put("org.wildfly.security.http.validate-digest-uri", "false");
        prepareBasicSilentMechanisms.add(this.digestFactory.createAuthenticationMechanism("DIGEST", hashMap, callbackHandler()));
        this.authenticator = HttpAuthenticator.builder().setMechanismSupplier(() -> {
            return prepareBasicSilentMechanisms;
        }).setHttpExchangeSpi(this.exchangeSpi).setRequired(true).build();
    }

    @Test
    public void testBasicSilent() throws Exception {
        prepareBasicSilentMechanisms();
        Assert.assertFalse(this.authenticator.authenticate());
        Assert.assertEquals("Basic authentication with silent mode does not send challenge if AUTHORIZATION header is not present", 0L, this.exchangeSpi.getResponseAuthenticateHeaders().size());
        Assert.assertEquals(200L, this.exchangeSpi.getStatusCode());
        this.exchangeSpi.setRequestAuthorizationHeaders(Collections.singletonList("Basic "));
        Assert.assertFalse(this.authenticator.authenticate());
        Assert.assertEquals("Basic authentication with silent mode sends challenge when AUTHORIZATION header is present", 1L, this.exchangeSpi.getResponseAuthenticateHeaders().size());
        Assert.assertEquals(401L, this.exchangeSpi.getStatusCode());
        this.exchangeSpi.setRequestAuthorizationHeaders(Collections.singletonList("Basic TXVmYXNhOkNpcmNsZSBvZiBMaWZl"));
        Assert.assertTrue("Basic auth successful", this.authenticator.authenticate());
        Assert.assertEquals(AbstractBaseHttpTest.Status.COMPLETE, this.exchangeSpi.getResult());
    }

    @Test
    public void testBasicSilentWithDigest() throws Exception {
        prepareSilentBasicWithDigestMechanisms();
        authenticateWithDigestMD5();
    }

    public void prepareSecurityProviderServerMechanismWithDigestMD5() throws Exception {
        mockDigestNonce("7ypf/xlj9XXwfDPEoM4URrv/xwf94BcCAzFZH4GiTo0v");
        LinkedList linkedList = new LinkedList();
        HashMap hashMap = new HashMap();
        hashMap.put(HttpConstants.CONFIG_REALM, "http-auth@example.org");
        hashMap.put("org.wildfly.security.http.validate-digest-uri", "false");
        linkedList.add(new SecurityProviderServerMechanismFactory(WildFlyElytronHttpDigestProvider.getInstance()).createAuthenticationMechanism("DIGEST", hashMap, callbackHandler()));
        this.authenticator = HttpAuthenticator.builder().setMechanismSupplier(() -> {
            return linkedList;
        }).setHttpExchangeSpi(this.exchangeSpi).setRequired(true).build();
    }

    @Test
    public void testUsingSecurityProviderServerMechanismWithDigestMD5() throws Exception {
        prepareSecurityProviderServerMechanismWithDigestMD5();
        Assert.assertFalse(this.authenticator.authenticate());
        Assert.assertEquals("DIGEST response is received", 1L, this.exchangeSpi.getResponseAuthenticateHeaders().size());
        Assert.assertEquals(401L, this.exchangeSpi.getStatusCode());
        Assert.assertEquals((Object) null, this.exchangeSpi.getResult());
        this.exchangeSpi.setStatusCode(0);
        authenticateWithDigestMD5();
    }
}
