package org.wildfly.security.sasl.entity;

import java.io.Closeable;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Random;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.x500.X500Principal;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslClientFactory;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
import mockit.Mock;
import mockit.MockUp;
import mockit.integration.junit4.JMockit;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.wildfly.common.iteration.CodePointIterator;
import org.wildfly.security.auth.client.AuthenticationConfiguration;
import org.wildfly.security.auth.client.AuthenticationContext;
import org.wildfly.security.auth.client.ClientUtils;
import org.wildfly.security.auth.client.MatchRule;
import org.wildfly.security.auth.realm.KeyStoreBackedSecurityRealm;
import org.wildfly.security.credential.X509CertificateChainPrivateCredential;
import org.wildfly.security.sasl.SaslMechanismSelector;
import org.wildfly.security.sasl.test.SaslServerBuilder;
import org.wildfly.security.sasl.test.SaslTestUtil;
import org.wildfly.security.x500.cert.BasicConstraintsExtension;
import org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKey;
import org.wildfly.security.x500.cert.X509CertificateBuilder;

@RunWith(JMockit.class)
/* loaded from: input_file:org/wildfly/security/sasl/entity/EntityTest.class */
public class EntityTest {
    private static final String CLIENT_KEYSTORE_ALIAS = "testclient1";
    private static final String KEYSTORE_TYPE = "JKS";
    private static final char[] KEYSTORE_PASSWORD = "password".toCharArray();
    private static final Provider provider = WildFlyElytronSaslEntityProvider.getInstance();
    private KeyStore serverKeyStore = null;
    private KeyStore clientKeyStore = null;
    private KeyStore serverTrustStore = null;
    private KeyStore clientTrustStore = null;

    @BeforeClass
    public static void registerProvider() {
        Security.insertProviderAt(provider, 1);
    }

    @AfterClass
    public static void removeProvider() {
        Security.removeProvider(provider.getName());
    }

    private void createClientKeyStoreServerTrustStore(KeyStore keyStore, KeyStore keyStore2) throws Exception {
        SelfSignedX509CertificateAndSigningKey build = SelfSignedX509CertificateAndSigningKey.builder().setKeyAlgorithmName("DSA").setSignatureAlgorithmName("SHA1withDSA").setDn(new X500Principal("CN=testclient2.example.com, OU=JBoss, O=Red Hat, L=Raleigh, ST=North Carolina, C=US")).setKeySize(1024).build();
        X509Certificate selfSignedCertificate = build.getSelfSignedCertificate();
        keyStore.setKeyEntry("dnsincnclient", build.getSigningKey(), KEYSTORE_PASSWORD, new X509Certificate[]{selfSignedCertificate});
        keyStore2.setCertificateEntry("cn=testclient2.example.com,ou=jboss,o=red hat,l=raleigh,st=north carolina,c=us", selfSignedCertificate);
        X500Principal x500Principal = new X500Principal("CN=Test Authority, OU=JBoss, O=Red Hat, L=Raleigh, ST=North Carolina, C=US");
        SelfSignedX509CertificateAndSigningKey build2 = SelfSignedX509CertificateAndSigningKey.builder().setDn(x500Principal).setKeyAlgorithmName("RSA").setSignatureAlgorithmName("SHA256withRSA").addExtension(new BasicConstraintsExtension(false, true, -1)).build();
        X509Certificate selfSignedCertificate2 = build2.getSelfSignedCertificate();
        PrivateKey signingKey = build2.getSigningKey();
        SelfSignedX509CertificateAndSigningKey build3 = SelfSignedX509CertificateAndSigningKey.builder().setDn(new X500Principal("CN=Test Client 1, OU=JBoss, O=Red Hat, L=Raleigh, ST=North Carolina, C=US")).setKeyAlgorithmName("RSA").setSignatureAlgorithmName("SHA256withRSA").addExtension(false, "SubjectAlternativeName", "DNS:testclient1.example.com").build();
        X509Certificate selfSignedCertificate3 = build3.getSelfSignedCertificate();
        keyStore.setKeyEntry(CLIENT_KEYSTORE_ALIAS, build3.getSigningKey(), KEYSTORE_PASSWORD, new X509Certificate[]{selfSignedCertificate3});
        keyStore2.setCertificateEntry("cn=test client 1,ou=jboss,o=red hat,l=raleigh,st=north carolina,c=us", selfSignedCertificate3);
        X500Principal x500Principal2 = new X500Principal("CN=Signed Test Client, OU=JBoss, O=Red Hat, ST=North Carolina, C=US");
        KeyPair generateKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        PublicKey publicKey = generateKeyPair.getPublic();
        keyStore2.setCertificateEntry("cn=signed test client,ou=jboss,o=red hat,st=north carolina,c=us", selfSignedCertificate2);
        keyStore.setKeyEntry("testclientsignedbyca", privateKey, KEYSTORE_PASSWORD, new X509Certificate[]{new X509CertificateBuilder().setIssuerDn(x500Principal).setSubjectDn(x500Principal2).setSignatureAlgorithmName("SHA256withRSA").setSigningKey(signingKey).setPublicKey(publicKey).build()});
    }

    private void createServerKeyStoreClientTrustStore(KeyStore keyStore, KeyStore keyStore2) throws Exception {
        SelfSignedX509CertificateAndSigningKey build = SelfSignedX509CertificateAndSigningKey.builder().setKeyAlgorithmName("DSA").setSignatureAlgorithmName("SHA1withDSA").setDn(new X500Principal("CN=testserver2.example.com, OU=JBoss, O=Red Hat, L=Raleigh, ST=North Carolina, C=US")).setKeySize(1024).build();
        X509Certificate selfSignedCertificate = build.getSelfSignedCertificate();
        keyStore.setKeyEntry("dnsincnserver", build.getSigningKey(), KEYSTORE_PASSWORD, new X509Certificate[]{selfSignedCertificate});
        keyStore2.setCertificateEntry("dnsincnserver", selfSignedCertificate);
        SelfSignedX509CertificateAndSigningKey build2 = SelfSignedX509CertificateAndSigningKey.builder().setDn(new X500Principal("CN=Test Server 1, OU=JBoss, O=Red Hat, L=Raleigh, ST=North Carolina, C=US")).setKeyAlgorithmName("RSA").setSignatureAlgorithmName("SHA256withRSA").addExtension(false, "SubjectAlternativeName", "DNS:testserver1.example.com").build();
        X509Certificate selfSignedCertificate2 = build2.getSelfSignedCertificate();
        keyStore.setKeyEntry("testserver1", build2.getSigningKey(), KEYSTORE_PASSWORD, new X509Certificate[]{selfSignedCertificate2});
        keyStore2.setCertificateEntry("testserver1", selfSignedCertificate2);
    }

    @Before
    public void beforeTest() throws Exception {
        this.clientKeyStore = KeyStore.getInstance(KEYSTORE_TYPE);
        this.clientKeyStore.load(null, null);
        this.serverTrustStore = KeyStore.getInstance(KEYSTORE_TYPE);
        this.serverTrustStore.load(null, null);
        this.serverKeyStore = KeyStore.getInstance(KEYSTORE_TYPE);
        this.serverKeyStore.load(null, null);
        this.clientTrustStore = KeyStore.getInstance(KEYSTORE_TYPE);
        this.clientTrustStore.load(null, null);
        createClientKeyStoreServerTrustStore(this.clientKeyStore, this.serverTrustStore);
        createServerKeyStoreClientTrustStore(this.serverKeyStore, this.clientTrustStore);
    }

    @After
    public void afterTest() {
        this.serverKeyStore = null;
        this.clientKeyStore = null;
        this.serverTrustStore = null;
        this.clientTrustStore = null;
    }

    @Test
    public void testServerAuthIndirect_Server() throws Exception {
        HashMap hashMap = new HashMap();
        SaslServer createSaslServer = Sasl.createSaslServer("9798-U-RSA-SHA1-ENC", "TestProtocol", "TestServer", hashMap, (CallbackHandler) null);
        Assert.assertEquals(EntitySaslServer.class, createSaslServer.getClass());
        Assert.assertEquals("9798-U-RSA-SHA1-ENC", createSaslServer.getMechanismName());
        hashMap.put("javax.security.sasl.server.authentication", Boolean.toString(true));
        Assert.assertNull(Sasl.createSaslServer("9798-U-RSA-SHA1-ENC", "TestProtocol", "TestServer", hashMap, (CallbackHandler) null));
    }

    @Test
    public void testServerAuthDirect_Server() {
        SaslServerFactory obtainSaslServerFactory = SaslTestUtil.obtainSaslServerFactory(EntitySaslServerFactory.class);
        Assert.assertNotNull("SaslServerFactory not registered", obtainSaslServerFactory);
        HashMap hashMap = new HashMap();
        SaslTestUtil.assertMechanisms(new String[]{"9798-U-RSA-SHA1-ENC", "9798-M-RSA-SHA1-ENC", "9798-U-DSA-SHA1", "9798-M-DSA-SHA1", "9798-U-ECDSA-SHA1", "9798-M-ECDSA-SHA1"}, obtainSaslServerFactory.getMechanismNames(hashMap));
        hashMap.put("javax.security.sasl.server.authentication", Boolean.toString(true));
        SaslTestUtil.assertMechanisms(new String[]{"9798-M-RSA-SHA1-ENC", "9798-M-DSA-SHA1", "9798-M-ECDSA-SHA1"}, obtainSaslServerFactory.getMechanismNames(hashMap));
    }

    @Test
    public void testServerAuthIndirect_Client() throws Exception {
        HashMap hashMap = new HashMap();
        SaslClient createSaslClient = Sasl.createSaslClient(new String[]{"9798-U-RSA-SHA1-ENC"}, "TestUser", "TestProtocol", "TestServer", hashMap, (CallbackHandler) null);
        Assert.assertEquals(EntitySaslClient.class, createSaslClient.getClass());
        Assert.assertEquals("9798-U-RSA-SHA1-ENC", createSaslClient.getMechanismName());
        hashMap.put("javax.security.sasl.server.authentication", Boolean.toString(true));
        Assert.assertNull(Sasl.createSaslClient(new String[]{"9798-U-RSA-SHA1-ENC", "9798-U-DSA-SHA1", "9798-U-ECDSA-SHA1"}, "TestUser", "TestProtocol", "TestServer", hashMap, (CallbackHandler) null));
        hashMap.put("javax.security.sasl.server.authentication", Boolean.toString(true));
        SaslClient createSaslClient2 = Sasl.createSaslClient(new String[]{"9798-U-RSA-SHA1-ENC", "9798-U-DSA-SHA1", "9798-U-ECDSA-SHA1", "9798-M-RSA-SHA1-ENC", "9798-M-DSA-SHA1", "9798-M-ECDSA-SHA1"}, "TestUser", "TestProtocol", "TestServer", hashMap, (CallbackHandler) null);
        Assert.assertEquals(EntitySaslClient.class, createSaslClient2.getClass());
        Assert.assertEquals("9798-M-RSA-SHA1-ENC", createSaslClient2.getMechanismName());
    }

    @Test
    public void testServerAuthDirect_Client() {
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(EntitySaslClientFactory.class);
        Assert.assertNotNull("SaslClientFactory not registered", obtainSaslClientFactory);
        HashMap hashMap = new HashMap();
        SaslTestUtil.assertMechanisms(new String[]{"9798-U-RSA-SHA1-ENC", "9798-M-RSA-SHA1-ENC", "9798-U-DSA-SHA1", "9798-M-DSA-SHA1", "9798-U-ECDSA-SHA1", "9798-M-ECDSA-SHA1"}, obtainSaslClientFactory.getMechanismNames(hashMap));
        hashMap.put("javax.security.sasl.server.authentication", Boolean.toString(true));
        SaslTestUtil.assertMechanisms(new String[]{"9798-M-RSA-SHA1-ENC", "9798-M-DSA-SHA1", "9798-M-ECDSA-SHA1"}, obtainSaslClientFactory.getMechanismNames(hashMap));
    }

    @Test
    public void testSimpleUnilateralSha1WithRsaAuthentication() throws Exception {
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(EntitySaslClientFactory.class);
        Assert.assertNotNull(obtainSaslClientFactory);
        SaslServer createSaslServer = createSaslServer("9798-U-RSA-SHA1-ENC", "testserver1.example.com", getX509KeyManager(this.serverKeyStore, KEYSTORE_PASSWORD), this.serverTrustStore);
        Assert.assertNotNull(createSaslServer);
        Assert.assertFalse(createSaslServer.isComplete());
        String[] strArr = {"9798-U-RSA-SHA1-ENC"};
        SaslClient createSaslClient = obtainSaslClientFactory.createSaslClient(strArr, (String) null, "test", "testserver1.example.com", Collections.emptyMap(), createClientCallbackHandler(strArr, this.clientKeyStore, CLIENT_KEYSTORE_ALIAS, KEYSTORE_PASSWORD, null));
        Assert.assertNotNull(createSaslClient);
        Assert.assertTrue(createSaslClient instanceof EntitySaslClient);
        Assert.assertFalse(createSaslClient.hasInitialResponse());
        Assert.assertFalse(createSaslClient.isComplete());
        byte[] evaluateResponse = createSaslServer.evaluateResponse(new byte[0]);
        Assert.assertFalse(createSaslServer.isComplete());
        Assert.assertFalse(createSaslClient.isComplete());
        byte[] evaluateChallenge = createSaslClient.evaluateChallenge(evaluateResponse);
        Assert.assertFalse(createSaslServer.isComplete());
        Assert.assertFalse(createSaslClient.isComplete());
        byte[] evaluateResponse2 = createSaslServer.evaluateResponse(evaluateChallenge);
        Assert.assertTrue(createSaslServer.isComplete());
        Assert.assertNull(evaluateResponse2);
        Assert.assertNull(createSaslClient.evaluateChallenge(evaluateResponse2));
        Assert.assertTrue(createSaslClient.isComplete());
        Assert.assertEquals("cn=test client 1,ou=jboss,o=red hat,l=raleigh,st=north carolina,c=us", createSaslServer.getAuthorizationID());
    }

    @Test
    public void testUnilateralSha1WithRsaAuthenticationWithTrustedAuthorities() throws Exception {
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(EntitySaslClientFactory.class);
        Assert.assertNotNull(obtainSaslClientFactory);
        SaslServer createSaslServer = createSaslServer("9798-U-RSA-SHA1-ENC", "testserver1.example.com", getX509KeyManager(this.serverKeyStore, KEYSTORE_PASSWORD), this.serverTrustStore);
        Assert.assertNotNull(createSaslServer);
        Assert.assertFalse(createSaslServer.isComplete());
        String[] strArr = {"9798-U-RSA-SHA1-ENC"};
        SaslClient createSaslClient = obtainSaslClientFactory.createSaslClient(strArr, (String) null, "test", "testserver1.example.com", Collections.emptyMap(), createClientCallbackHandler(strArr, getX509KeyManager(this.clientKeyStore, KEYSTORE_PASSWORD), null));
        Assert.assertNotNull(createSaslClient);
        Assert.assertTrue(createSaslClient instanceof EntitySaslClient);
        Assert.assertFalse(createSaslClient.hasInitialResponse());
        Assert.assertFalse(createSaslClient.isComplete());
        byte[] evaluateResponse = createSaslServer.evaluateResponse(new byte[0]);
        Assert.assertFalse(createSaslServer.isComplete());
        Assert.assertFalse(createSaslClient.isComplete());
        byte[] evaluateChallenge = createSaslClient.evaluateChallenge(evaluateResponse);
        Assert.assertFalse(createSaslServer.isComplete());
        Assert.assertFalse(createSaslClient.isComplete());
        byte[] evaluateResponse2 = createSaslServer.evaluateResponse(evaluateChallenge);
        Assert.assertTrue(createSaslServer.isComplete());
        Assert.assertNull(evaluateResponse2);
        Assert.assertNull(createSaslClient.evaluateChallenge(evaluateResponse2));
        Assert.assertTrue(createSaslClient.isComplete());
        Assert.assertEquals("cn=signed test client,ou=jboss,o=red hat,st=north carolina,c=us", createSaslServer.getAuthorizationID());
    }

    @Test
    public void testUnilateralSha1WithRsaAuthenticationWithAuthorizationId() throws Exception {
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(EntitySaslClientFactory.class);
        Assert.assertNotNull(obtainSaslClientFactory);
        SaslServer createSaslServer = createSaslServer("9798-U-RSA-SHA1-ENC", "testserver1.example.com", getX509KeyManager(this.serverKeyStore, KEYSTORE_PASSWORD), this.serverTrustStore);
        String[] strArr = {"9798-U-RSA-SHA1-ENC"};
        SaslClient createSaslClient = obtainSaslClientFactory.createSaslClient(strArr, "cn=test client 1,ou=jboss,o=red hat,l=raleigh,st=north carolina,c=us", "test", "testserver1.example.com", Collections.emptyMap(), createClientCallbackHandler(strArr, this.clientKeyStore, CLIENT_KEYSTORE_ALIAS, KEYSTORE_PASSWORD, null));
        Assert.assertFalse(createSaslServer.isComplete());
        Assert.assertFalse(createSaslClient.isComplete());
        byte[] evaluateResponse = createSaslServer.evaluateResponse(new byte[0]);
        Assert.assertFalse(createSaslServer.isComplete());
        Assert.assertFalse(createSaslClient.isComplete());
        byte[] evaluateChallenge = createSaslClient.evaluateChallenge(evaluateResponse);
        Assert.assertFalse(createSaslServer.isComplete());
        Assert.assertFalse(createSaslClient.isComplete());
        byte[] evaluateResponse2 = createSaslServer.evaluateResponse(evaluateChallenge);
        Assert.assertTrue(createSaslServer.isComplete());
        Assert.assertNull(evaluateResponse2);
        Assert.assertNull(createSaslClient.evaluateChallenge(evaluateResponse2));
        Assert.assertTrue(createSaslClient.isComplete());
        Assert.assertEquals("cn=test client 1,ou=jboss,o=red hat,l=raleigh,st=north carolina,c=us", createSaslServer.getAuthorizationID());
    }

    @Test
    public void testSimpleMutualSha1WithRsaAuthentication() throws Exception {
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(EntitySaslClientFactory.class);
        Assert.assertNotNull(obtainSaslClientFactory);
        SaslServer createSaslServer = createSaslServer("9798-M-RSA-SHA1-ENC", "testserver1.example.com", getX509KeyManager(this.serverKeyStore, KEYSTORE_PASSWORD), this.serverTrustStore);
        String[] strArr = {"9798-M-RSA-SHA1-ENC"};
        SaslClient createSaslClient = obtainSaslClientFactory.createSaslClient(strArr, (String) null, "test", "testserver1.example.com", Collections.emptyMap(), createClientCallbackHandler(strArr, this.clientKeyStore, CLIENT_KEYSTORE_ALIAS, KEYSTORE_PASSWORD, getX509TrustManager(this.clientTrustStore)));
        Assert.assertFalse(createSaslServer.isComplete());
        Assert.assertFalse(createSaslClient.isComplete());
        byte[] evaluateResponse = createSaslServer.evaluateResponse(new byte[0]);
        Assert.assertFalse(createSaslServer.isComplete());
        Assert.assertFalse(createSaslClient.isComplete());
        byte[] evaluateChallenge = createSaslClient.evaluateChallenge(evaluateResponse);
        Assert.assertFalse(createSaslServer.isComplete());
        Assert.assertFalse(createSaslClient.isComplete());
        byte[] evaluateResponse2 = createSaslServer.evaluateResponse(evaluateChallenge);
        Assert.assertNotNull(evaluateResponse2);
        Assert.assertNull(createSaslClient.evaluateChallenge(evaluateResponse2));
        Assert.assertTrue(createSaslClient.isComplete());
        Assert.assertTrue(createSaslServer.isComplete());
        Assert.assertEquals("cn=test client 1,ou=jboss,o=red hat,l=raleigh,st=north carolina,c=us", createSaslServer.getAuthorizationID());
    }

    @Test
    public void testMutualAuthenticationWithDNSInCNField() throws Exception {
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(EntitySaslClientFactory.class);
        Assert.assertNotNull(obtainSaslClientFactory);
        KeyStore keyStore = this.serverKeyStore;
        Certificate[] certificateChain = keyStore.getCertificateChain("dnsInCNServer");
        SaslServer createSaslServer = createSaslServer("9798-M-DSA-SHA1", "testserver2.example.com", this.serverTrustStore, (PrivateKey) keyStore.getKey("dnsInCNServer", KEYSTORE_PASSWORD), (X509Certificate[]) Arrays.copyOf(certificateChain, certificateChain.length, X509Certificate[].class));
        String[] strArr = {"9798-M-DSA-SHA1"};
        SaslClient createSaslClient = obtainSaslClientFactory.createSaslClient(strArr, (String) null, "test", "testserver2.example.com", Collections.emptyMap(), createClientCallbackHandler(strArr, this.clientKeyStore, "dnsInCNClient", KEYSTORE_PASSWORD, getX509TrustManager(this.clientTrustStore)));
        Assert.assertFalse(createSaslServer.isComplete());
        Assert.assertFalse(createSaslClient.isComplete());
        byte[] evaluateResponse = createSaslServer.evaluateResponse(new byte[0]);
        Assert.assertFalse(createSaslServer.isComplete());
        Assert.assertFalse(createSaslClient.isComplete());
        byte[] evaluateChallenge = createSaslClient.evaluateChallenge(evaluateResponse);
        Assert.assertFalse(createSaslServer.isComplete());
        Assert.assertFalse(createSaslClient.isComplete());
        byte[] evaluateResponse2 = createSaslServer.evaluateResponse(evaluateChallenge);
        Assert.assertNotNull(evaluateResponse2);
        Assert.assertNull(createSaslClient.evaluateChallenge(evaluateResponse2));
        Assert.assertTrue(createSaslClient.isComplete());
        Assert.assertTrue(createSaslServer.isComplete());
        Assert.assertEquals("cn=testclient2.example.com,ou=jboss,o=red hat,l=raleigh,st=north carolina,c=us", createSaslServer.getAuthorizationID());
    }

    @Test
    public void testServerNameMismatch() throws Exception {
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(EntitySaslClientFactory.class);
        Assert.assertNotNull(obtainSaslClientFactory);
        String[] strArr = {"9798-M-RSA-SHA1-ENC"};
        try {
            obtainSaslClientFactory.createSaslClient(strArr, (String) null, "test", "anotherserver.example.com", Collections.emptyMap(), createClientCallbackHandler(strArr, this.clientKeyStore, CLIENT_KEYSTORE_ALIAS, KEYSTORE_PASSWORD, getX509TrustManager(this.clientTrustStore))).evaluateChallenge(createSaslServer("9798-M-RSA-SHA1-ENC", "testserver1.example.com", getX509KeyManager(this.serverKeyStore, KEYSTORE_PASSWORD), this.serverTrustStore).evaluateResponse(new byte[0]));
            Assert.fail("Expected SaslException not thrown");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testClientNotTrustedByServer() throws Exception {
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(EntitySaslClientFactory.class);
        Assert.assertNotNull(obtainSaslClientFactory);
        SaslServer createSaslServer = createSaslServer("9798-M-RSA-SHA1-ENC", "testserver1.example.com", getX509KeyManager(this.serverKeyStore, KEYSTORE_PASSWORD), KeyStore.getInstance(KEYSTORE_TYPE));
        String[] strArr = {"9798-M-RSA-SHA1-ENC"};
        try {
            createSaslServer.evaluateResponse(obtainSaslClientFactory.createSaslClient(strArr, (String) null, "test", "testserver1.example.com", Collections.emptyMap(), createClientCallbackHandler(strArr, this.clientKeyStore, CLIENT_KEYSTORE_ALIAS, KEYSTORE_PASSWORD, getX509TrustManager(this.clientTrustStore))).evaluateChallenge(createSaslServer.evaluateResponse(new byte[0])));
            Assert.fail("Expected SaslException not thrown");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testServerNotTrustedByClient() throws Exception {
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(EntitySaslClientFactory.class);
        Assert.assertNotNull(obtainSaslClientFactory);
        SaslServer createSaslServer = createSaslServer("9798-M-RSA-SHA1-ENC", "testserver1.example.com", getX509KeyManager(this.serverKeyStore, KEYSTORE_PASSWORD), this.serverTrustStore);
        String[] strArr = {"9798-M-RSA-SHA1-ENC"};
        SaslClient createSaslClient = obtainSaslClientFactory.createSaslClient(strArr, (String) null, "test", "testserver1.example.com", Collections.emptyMap(), createClientCallbackHandler(strArr, this.clientKeyStore, CLIENT_KEYSTORE_ALIAS, KEYSTORE_PASSWORD, null));
        try {
            createSaslClient.evaluateChallenge(createSaslServer.evaluateResponse(createSaslClient.evaluateChallenge(createSaslServer.evaluateResponse(new byte[0]))));
            Assert.fail("Expected SaslException not thrown");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testRfc3163Example() throws Exception {
        mockRandom(new byte[]{18, 56, -105, 88, 121, -121, 71, -104});
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        SaslServer createSaslServer = createSaslServer("9798-U-RSA-SHA1-ENC", "", getX509KeyManager(this.serverKeyStore, KEYSTORE_PASSWORD), keyStore);
        Assert.assertNotNull(createSaslServer);
        Assert.assertFalse(createSaslServer.isComplete());
        Assert.assertArrayEquals(CodePointIterator.ofString("MAoECBI4l1h5h0eY").base64Decode().drain(), createSaslServer.evaluateResponse(new byte[0]));
        Assert.assertFalse(createSaslServer.isComplete());
        try {
            createSaslServer.evaluateResponse(CodePointIterator.ofString("MIIBAgQIIxh5I0h5RYegD4INc2FzbC1yLXVzLmNvbaFPFk1odHRwOi8vY2VydHMtci11cy5jb20vY2VydD9paD1odmNOQVFFRkJRQURnWUVBZ2hBR2hZVFJna0ZqJnNuPUVQOXVFbFkzS0RlZ2pscjCBkzANBgkqhkiG9w0BAQUFAAOBgQCkuC2GgtYcxGG1NEzLA4bh5lqJGOZySACMmc+mDrV7A7KAgbpO2OuZpMCl7zvNt/L3OjQZatiX8d1XbuQ40l+g2TJzJt06o7ogomxdDwqlA/3zp2WMohlI0MotHmfDSWEDZmEYDEA3/eGgkWyi1v1lEVdFuYmrTr8E4wE9hxdQrA==").base64Decode().drain());
            Assert.fail("Expected SaslException not thrown");
        } catch (SaslException e) {
            Assert.assertTrue(e.getCause().getMessage().contains("Unexpected ASN.1 tag encountered"));
        }
        Assert.assertFalse(createSaslServer.isComplete());
    }

    private void safeClose(Closeable closeable) {
        if (closeable != null) {
            try {
                closeable.close();
            } catch (Throwable th) {
            }
        }
    }

    private void mockRandom(final byte[] bArr) {
        new MockUp<EntityUtil>() { // from class: org.wildfly.security.sasl.entity.EntityTest.1
            @Mock
            byte[] generateRandomString(int i, Random random) {
                return bArr;
            }
        };
    }

    private KeyStore loadKeyStore(File file) throws IOException, GeneralSecurityException {
        if (file == null) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(file);
            keyStore.load(fileInputStream, KEYSTORE_PASSWORD);
            safeClose(fileInputStream);
            return keyStore;
        } catch (Throwable th) {
            safeClose(fileInputStream);
            throw th;
        }
    }

    private SaslServer createSaslServer(String str, String str2, X509KeyManager x509KeyManager, File file) throws Exception {
        return createSaslServer(str, str2, x509KeyManager, loadKeyStore(file));
    }

    private SaslServer createSaslServer(String str, String str2, X509KeyManager x509KeyManager, KeyStore keyStore) throws Exception {
        return new SaslServerBuilder(EntitySaslServerFactory.class, str).setProtocol("test").setServerName(str2).addRealm("keyStoreRealm", new KeyStoreBackedSecurityRealm(keyStore)).setDefaultRealmName("keyStoreRealm").setKeyManager(x509KeyManager).setTrustManager(getX509TrustManager(keyStore)).build();
    }

    private SaslServer createSaslServer(String str, String str2, KeyStore keyStore, PrivateKey privateKey, X509Certificate... x509CertificateArr) throws Exception {
        return new SaslServerBuilder(EntitySaslServerFactory.class, str).setProtocol("test").setServerName(str2).addRealm("keyStoreRealm", new KeyStoreBackedSecurityRealm(keyStore)).setDefaultRealmName("keyStoreRealm").setCredential(new X509CertificateChainPrivateCredential(privateKey, x509CertificateArr)).setTrustManager(getX509TrustManager(keyStore)).build();
    }

    private CallbackHandler createClientCallbackHandler(String[] strArr, KeyStore keyStore, String str, char[] cArr, X509TrustManager x509TrustManager) throws Exception {
        return ClientUtils.getCallbackHandler(new URI("remote://localhost"), AuthenticationContext.empty().with(MatchRule.ALL, AuthenticationConfiguration.empty().useKeyStoreCredential(keyStore, str, new KeyStore.PasswordProtection(cArr)).useTrustManager(x509TrustManager).setSaslMechanismSelector(SaslMechanismSelector.NONE.addMechanisms(strArr))));
    }

    private CallbackHandler createClientCallbackHandler(String[] strArr, X509KeyManager x509KeyManager, X509TrustManager x509TrustManager) throws Exception {
        return ClientUtils.getCallbackHandler(new URI("remote://localhost"), AuthenticationContext.empty().with(MatchRule.ALL, AuthenticationConfiguration.empty().useKeyManagerCredential(x509KeyManager).useTrustManager(x509TrustManager).setSaslMechanismSelector(SaslMechanismSelector.NONE.addMechanisms(strArr))));
    }

    private CallbackHandler createClientCallbackHandler(String[] strArr, PrivateKey privateKey, X509Certificate[] x509CertificateArr, X509TrustManager x509TrustManager) throws Exception {
        return ClientUtils.getCallbackHandler(new URI("remote://localhost"), AuthenticationContext.empty().with(MatchRule.ALL, AuthenticationConfiguration.empty().useCertificateCredential(privateKey, x509CertificateArr).useTrustManager(x509TrustManager).setSaslMechanismSelector(SaslMechanismSelector.NONE.addMechanisms(strArr))));
    }

    private X509KeyManager getX509KeyManager(KeyStore keyStore, char[] cArr) throws GeneralSecurityException, IOException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, cArr);
        for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        return null;
    }

    private X509TrustManager getX509TrustManager(File file) throws GeneralSecurityException, IOException {
        return getX509TrustManager(loadKeyStore(file));
    }

    private X509TrustManager getX509TrustManager(KeyStore keyStore) throws GeneralSecurityException, IOException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }
}
