package org.wildfly.security.ldap;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Collections;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.realm.ldap.LdapSecurityRealmBuilder;
import org.wildfly.security.auth.server.ModifiableRealmIdentity;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.password.interfaces.OneTimePassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.password.spec.OneTimePasswordSpec;

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
/* loaded from: input_file:org/wildfly/security/ldap/PasswordSupportSuiteChild.class */
public class PasswordSupportSuiteChild {
    private static SecurityRealm simpleToDnRealm;

    @BeforeClass
    public static void createRealm() {
        simpleToDnRealm = LdapSecurityRealmBuilder.builder().setDirContextSupplier(LdapTestSuite.dirContextFactory.create()).identityMapping().setSearchDn("dc=elytron,dc=wildfly,dc=org").setRdnIdentifier("uid").build().userPasswordCredentialLoader().enablePersistence().build().otpCredentialLoader().setOtpAlgorithmAttribute("otpAlgorithm").setOtpHashAttribute("otpHash").setOtpSeedAttribute("otpSeed").setOtpSequenceAttribute("otpSequence").build().build();
    }

    @Test
    public void testPlainUser() throws Exception {
        performSimpleNameTest("plainUser", "clear", "plainPassword".toCharArray());
    }

    @Test
    public void testMd5User() throws Exception {
        performSimpleNameTest("md5User", "simple-digest-md5", "md5Password".toCharArray());
    }

    @Test
    public void testSmd5User() throws Exception {
        performSimpleNameTest("smd5User", "password-salt-digest-md5", "smd5Password".toCharArray());
    }

    @Test
    public void testSha512User() throws Exception {
        performSimpleNameTest("sha512User", "simple-digest-sha-512", "sha512Password".toCharArray());
    }

    @Test
    public void testSsha512User() throws Exception {
        performSimpleNameTest("ssha512User", "password-salt-digest-sha-512", "ssha512Password".toCharArray());
    }

    @Test
    public void testCryptUser() throws Exception {
        performSimpleNameTest("cryptUser", "crypt-des", "cryptIt".toCharArray());
    }

    @Test
    public void testCryptUserLongPassword() throws Exception {
        performSimpleNameTest("cryptUserLong", "crypt-des", "cryptPassword".toCharArray());
    }

    @Test
    public void testBsdCryptUser() throws Exception {
        performSimpleNameTest("bsdCryptUser", "bsd-crypt-des", "cryptPassword".toCharArray());
    }

    @Test
    public void testBsdCryptUserBinary() throws Exception {
        performSimpleNameTest("bsdCryptUser_binary", "bsd-crypt-des", "cryptPassword".toCharArray());
    }

    @Test
    public void testOneTimePasswordUser0() throws Exception {
        Assert.assertEquals("Pre identity", SupportLevel.SUPPORTED, simpleToDnRealm.getCredentialAcquireSupport(PasswordCredential.class, (String) null, (AlgorithmParameterSpec) null));
        RealmIdentity realmIdentity = simpleToDnRealm.getRealmIdentity(new NamePrincipal("userWithOtp"));
        verifyPasswordSupport(realmIdentity, "otp-sha1", SupportLevel.SUPPORTED);
        OneTimePassword password = realmIdentity.getCredential(PasswordCredential.class, "otp-sha1").getPassword(OneTimePassword.class);
        Assert.assertNotNull(password);
        Assert.assertEquals(1234L, password.getSequenceNumber());
        Assert.assertArrayEquals(new byte[]{97, 98, 99, 100}, password.getHash());
        Assert.assertEquals("efgh", password.getSeed());
    }

    @Test
    public void testOneTimePasswordUser1Update() throws Exception {
        OneTimePassword generatePassword = PasswordFactory.getInstance("otp-sha1").generatePassword(new OneTimePasswordSpec(new byte[]{105, 106, 107}, "lmn", 4321));
        Assert.assertNotNull(generatePassword);
        ModifiableRealmIdentity realmIdentity = simpleToDnRealm.getRealmIdentity(new NamePrincipal("userWithOtp"));
        Assert.assertNotNull(realmIdentity);
        Assert.assertEquals(SupportLevel.POSSIBLY_SUPPORTED, simpleToDnRealm.getCredentialAcquireSupport(PasswordCredential.class, "otp-sha1", (AlgorithmParameterSpec) null));
        Assert.assertEquals(SupportLevel.SUPPORTED, realmIdentity.getCredentialAcquireSupport(PasswordCredential.class, "otp-sha1", (AlgorithmParameterSpec) null));
        realmIdentity.setCredentials(Collections.singleton(new PasswordCredential(generatePassword)));
        ModifiableRealmIdentity realmIdentity2 = simpleToDnRealm.getRealmIdentity(new NamePrincipal("userWithOtp"));
        Assert.assertNotNull(realmIdentity2);
        verifyPasswordSupport(realmIdentity2, "otp-sha1", SupportLevel.SUPPORTED);
        OneTimePassword password = realmIdentity2.getCredential(PasswordCredential.class, "otp-sha1").getPassword(OneTimePassword.class);
        Assert.assertNotNull(password);
        Assert.assertEquals(4321L, password.getSequenceNumber());
        Assert.assertArrayEquals(new byte[]{105, 106, 107}, password.getHash());
        Assert.assertEquals("lmn", password.getSeed());
    }

    @Test
    public void testOneTimePasswordUser2SetCredentials() throws Exception {
        OneTimePassword generatePassword = PasswordFactory.getInstance("otp-sha1").generatePassword(new OneTimePasswordSpec(new byte[]{111, 112, 113}, "rst", 65));
        Assert.assertNotNull(generatePassword);
        ModifiableRealmIdentity realmIdentity = simpleToDnRealm.getRealmIdentity(new NamePrincipal("userWithOtp"));
        Assert.assertNotNull(realmIdentity);
        realmIdentity.setCredentials(Collections.emptyList());
        realmIdentity.setCredentials(Collections.emptyList());
        realmIdentity.setCredentials(Collections.singleton(new PasswordCredential(generatePassword)));
        ModifiableRealmIdentity realmIdentity2 = simpleToDnRealm.getRealmIdentity(new NamePrincipal("userWithOtp"));
        Assert.assertNotNull(realmIdentity2);
        verifyPasswordSupport(realmIdentity2, "otp-sha1", SupportLevel.SUPPORTED);
        OneTimePassword password = realmIdentity2.getCredential(PasswordCredential.class, "otp-sha1").getPassword(OneTimePassword.class);
        Assert.assertNotNull(password);
        Assert.assertEquals(65L, password.getSequenceNumber());
        Assert.assertArrayEquals(new byte[]{111, 112, 113}, password.getHash());
        Assert.assertEquals("rst", password.getSeed());
    }

    @Test
    public void testUserPasswordUserUpdate() throws Exception {
        ClearPassword generatePassword = PasswordFactory.getInstance("clear").generatePassword(new ClearPasswordSpec("createdPassword".toCharArray()));
        Assert.assertNotNull(generatePassword);
        ModifiableRealmIdentity realmIdentity = simpleToDnRealm.getRealmIdentity(new NamePrincipal("userToChange"));
        Assert.assertNotNull(realmIdentity);
        Assert.assertEquals(SupportLevel.POSSIBLY_SUPPORTED, simpleToDnRealm.getCredentialAcquireSupport(PasswordCredential.class, "clear", (AlgorithmParameterSpec) null));
        Assert.assertEquals(SupportLevel.SUPPORTED, realmIdentity.getCredentialAcquireSupport(PasswordCredential.class, "clear", (AlgorithmParameterSpec) null));
        realmIdentity.setCredentials(Collections.singleton(new PasswordCredential(generatePassword)));
        ModifiableRealmIdentity realmIdentity2 = simpleToDnRealm.getRealmIdentity(new NamePrincipal("userToChange"));
        Assert.assertNotNull(realmIdentity2);
        verifyPasswordSupport(realmIdentity2, "clear", SupportLevel.SUPPORTED);
        ClearPassword password = realmIdentity2.getCredential(PasswordCredential.class, "clear").getPassword(ClearPassword.class);
        Assert.assertNotNull(password);
        Assert.assertEquals("createdPassword", new String(password.getPassword()));
    }

    private void performSimpleNameTest(String str, String str2, char[] cArr) throws NoSuchAlgorithmException, InvalidKeyException, RealmUnavailableException {
        RealmIdentity realmIdentity = simpleToDnRealm.getRealmIdentity(new NamePrincipal(str));
        Assert.assertEquals("Pre identity", SupportLevel.POSSIBLY_SUPPORTED, simpleToDnRealm.getCredentialAcquireSupport(PasswordCredential.class, str2, (AlgorithmParameterSpec) null));
        verifyPasswordSupport(realmIdentity, str2, SupportLevel.SUPPORTED);
        verifyPassword(realmIdentity, str2, cArr);
    }

    private void verifyPasswordSupport(RealmIdentity realmIdentity, String str, SupportLevel supportLevel) throws RealmUnavailableException {
        Assert.assertEquals("Identity level support", supportLevel, realmIdentity.getCredentialAcquireSupport(PasswordCredential.class, str, (AlgorithmParameterSpec) null));
    }

    private void verifyPassword(RealmIdentity realmIdentity, String str, char[] cArr) throws NoSuchAlgorithmException, InvalidKeyException, RealmUnavailableException {
        Password password = realmIdentity.getCredential(PasswordCredential.class).getPassword();
        PasswordFactory passwordFactory = PasswordFactory.getInstance(str);
        Password translate = passwordFactory.translate(password);
        Assert.assertTrue("Valid Password", passwordFactory.verify(translate, cArr));
        Assert.assertFalse("Invalid Password", passwordFactory.verify(translate, "LetMeIn".toCharArray()));
    }
}
