package org.wildfly.security.sasl.scram;

import java.nio.charset.StandardCharsets;
import java.security.Provider;
import java.security.Security;
import java.util.Collections;
import java.util.HashMap;
import java.util.Random;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslClientFactory;
import javax.security.sasl.SaslException;
import mockit.Mock;
import mockit.MockUp;
import mockit.integration.junit4.JMockit;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.wildfly.security.mechanism.scram.ScramClient;
import org.wildfly.security.sasl.test.SaslTestUtil;
import org.wildfly.security.sasl.util.AbstractSaslParticipant;
import org.wildfly.security.sasl.util.ChannelBindingSaslClientFactory;

@RunWith(JMockit.class)
/* loaded from: input_file:org/wildfly/security/sasl/scram/ScramClientCompatibilityTest.class */
public class ScramClientCompatibilityTest {
    private static final Provider provider = WildFlyElytronSaslScramProvider.getInstance();

    @BeforeClass
    public static void registerPasswordProvider() {
        Security.insertProviderAt(provider, 1);
    }

    @AfterClass
    public static void removePasswordProvider() {
        Security.removeProvider(provider.getName());
    }

    private void mockNonce(final String str) {
        try {
            new MockUp<Object>(Class.forName("org.wildfly.security.mechanism.scram.ScramUtil", true, ScramClient.class.getClassLoader())) { // from class: org.wildfly.security.sasl.scram.ScramClientCompatibilityTest.1
                @Mock
                public byte[] generateNonce(int i, Random random) {
                    return str.getBytes(StandardCharsets.UTF_8);
                }
            };
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    @Test
    public void testRfc5802example() throws Exception {
        mockNonce("fyko+d2lbbFgONRv9qkxdawL");
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(ScramSaslClientFactory.class);
        Assert.assertNotNull(obtainSaslClientFactory);
        SaslClient createSaslClient = obtainSaslClientFactory.createSaslClient(new String[]{"SCRAM-SHA-1"}, (String) null, "protocol", "localhost", Collections.emptyMap(), ScramCallbackHandlerUtils.createClientCallbackHandler("user", "pencil".toCharArray()));
        Assert.assertNotNull(createSaslClient);
        Assert.assertTrue(createSaslClient instanceof ScramSaslClient);
        Assert.assertEquals("n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL", new String(createSaslClient.evaluateChallenge(AbstractSaslParticipant.NO_BYTES), StandardCharsets.UTF_8));
        Assert.assertEquals("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=", new String(createSaslClient.evaluateChallenge("r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
        createSaslClient.evaluateChallenge("v=rmF9pqV8S7suAoZWja4dJRkFsKQ=".getBytes(StandardCharsets.UTF_8));
        Assert.assertTrue(createSaslClient.isComplete());
    }

    @Test
    public void testAuthorizationId() throws Exception {
        mockNonce("fyko+d2lbbFgONRv9qkxdawL");
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(ScramSaslClientFactory.class);
        Assert.assertNotNull(obtainSaslClientFactory);
        SaslClient createSaslClient = obtainSaslClientFactory.createSaslClient(new String[]{"SCRAM-SHA-1"}, "user", "protocol", "localhost", Collections.emptyMap(), ScramCallbackHandlerUtils.createClientCallbackHandler("admin", "secret".toCharArray()));
        Assert.assertNotNull(createSaslClient);
        Assert.assertTrue(createSaslClient instanceof ScramSaslClient);
        Assert.assertEquals("n,a=user,n=admin,r=fyko+d2lbbFgONRv9qkxdawL", new String(createSaslClient.evaluateChallenge(AbstractSaslParticipant.NO_BYTES), StandardCharsets.UTF_8));
        Assert.assertEquals("c=bixhPXVzZXIs,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=JFcfWujky5ZULVQwDmB5aHMkoME=", new String(createSaslClient.evaluateChallenge("r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
        createSaslClient.evaluateChallenge("v=EFUP6P+SBB3T4rZgjRz28Z1FqCg=".getBytes(StandardCharsets.UTF_8));
        Assert.assertTrue(createSaslClient.isComplete());
    }

    @Test
    public void testBadNonce() throws Exception {
        mockNonce("fyko+d2lbbFgONRv9qkxdawL");
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(ScramSaslClientFactory.class);
        Assert.assertNotNull(obtainSaslClientFactory);
        SaslClient createSaslClient = obtainSaslClientFactory.createSaslClient(new String[]{"SCRAM-SHA-1"}, "user", "protocol", "localhost", Collections.emptyMap(), ScramCallbackHandlerUtils.createClientCallbackHandler("admin", "secret".toCharArray()));
        Assert.assertNotNull(createSaslClient);
        Assert.assertTrue(createSaslClient instanceof ScramSaslClient);
        Assert.assertEquals("n,a=user,n=admin,r=fyko+d2lbbFgONRv9qkxdawL", new String(createSaslClient.evaluateChallenge(AbstractSaslParticipant.NO_BYTES), StandardCharsets.UTF_8));
        try {
            createSaslClient.evaluateChallenge("r=BADo+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".getBytes(StandardCharsets.UTF_8));
            Assert.fail("SaslException not throwed");
        } catch (SaslException e) {
        }
        Assert.assertFalse(createSaslClient.isComplete());
    }

    @Test
    public void testBadVerifier() throws Exception {
        mockNonce("fyko+d2lbbFgONRv9qkxdawL");
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(ScramSaslClientFactory.class);
        Assert.assertNotNull(obtainSaslClientFactory);
        SaslClient createSaslClient = obtainSaslClientFactory.createSaslClient(new String[]{"SCRAM-SHA-1"}, "user", "protocol", "localhost", Collections.emptyMap(), ScramCallbackHandlerUtils.createClientCallbackHandler("admin", "secret".toCharArray()));
        Assert.assertNotNull(createSaslClient);
        Assert.assertTrue(createSaslClient instanceof ScramSaslClient);
        Assert.assertEquals("n,a=user,n=admin,r=fyko+d2lbbFgONRv9qkxdawL", new String(createSaslClient.evaluateChallenge(AbstractSaslParticipant.NO_BYTES), StandardCharsets.UTF_8));
        Assert.assertEquals("c=bixhPXVzZXIs,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=JFcfWujky5ZULVQwDmB5aHMkoME=", new String(createSaslClient.evaluateChallenge("r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
        try {
            createSaslClient.evaluateChallenge("v=badP6P+SBB3T4rZgjRz28Z1FqCg=".getBytes(StandardCharsets.UTF_8));
            Assert.fail("SaslException not throwed");
        } catch (SaslException e) {
        }
        Assert.assertFalse(createSaslClient.isComplete());
    }

    @Test
    public void testStrangeCredentials() throws Exception {
        mockNonce("fyko+d2lbbFgONRv9qkxdawL");
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(ScramSaslClientFactory.class);
        Assert.assertNotNull(obtainSaslClientFactory);
        SaslClient createSaslClient = obtainSaslClientFactory.createSaslClient(new String[]{"SCRAM-SHA-1"}, "strange=admin, \\и你��½´", "protocol", "localhost", Collections.emptyMap(), ScramCallbackHandlerUtils.createClientCallbackHandler("strange=user, \\и你��½´", "strange=password, \\и你��½´".toCharArray()));
        Assert.assertNotNull(createSaslClient);
        Assert.assertTrue(createSaslClient instanceof ScramSaslClient);
        Assert.assertEquals("n,a=strange=3Dadmin=2C \\и你��1⁄2 ́,n=strange=3Duser=2C \\и你��1⁄2 ́,r=fyko+d2lbbFgONRv9qkxdawL", new String(createSaslClient.evaluateChallenge(AbstractSaslParticipant.NO_BYTES), StandardCharsets.UTF_8));
        Assert.assertEquals("c=bixhPXN0cmFuZ2U9M0RhZG1pbj0yQyBc0LjkvaDwn4KhMeKBhDIgzIEs,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=5Drqrw2srEQfQ84h8Okz6eV091w=", new String(createSaslClient.evaluateChallenge("r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
        createSaslClient.evaluateChallenge("v=7xo0Rb9jQts952duIEz4oaIfD/c=".getBytes(StandardCharsets.UTF_8));
        Assert.assertTrue(createSaslClient.isComplete());
    }

    @Test
    public void testBindingCorrectY() throws Exception {
        mockNonce("fyko+d2lbbFgONRv9qkxdawL");
        CallbackHandler createClientCallbackHandler = ScramCallbackHandlerUtils.createClientCallbackHandler("user", "pencil".toCharArray());
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(ScramSaslClientFactory.class);
        Assert.assertNotNull(obtainSaslClientFactory);
        ChannelBindingSaslClientFactory channelBindingSaslClientFactory = new ChannelBindingSaslClientFactory(obtainSaslClientFactory, "same-type", new byte[]{18, 44, 0});
        Assert.assertNotNull(channelBindingSaslClientFactory);
        SaslClient createSaslClient = channelBindingSaslClientFactory.createSaslClient(new String[]{"SCRAM-SHA-1"}, (String) null, "protocol", "localhost", Collections.emptyMap(), createClientCallbackHandler);
        Assert.assertNotNull(createSaslClient);
        Assert.assertTrue(createSaslClient instanceof ScramSaslClient);
        Assert.assertEquals("y,,n=user,r=fyko+d2lbbFgONRv9qkxdawL", new String(createSaslClient.evaluateChallenge(AbstractSaslParticipant.NO_BYTES), StandardCharsets.UTF_8));
        Assert.assertEquals("c=eSws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=BjZF5dV+EkD3YCb3pH3IP8riMGw=", new String(createSaslClient.evaluateChallenge("r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
        createSaslClient.evaluateChallenge("v=dsprQ5R2AGYt1kn4bQRwTAE0PTU=".getBytes(StandardCharsets.UTF_8));
        Assert.assertTrue(createSaslClient.isComplete());
    }

    @Test
    public void testBindingCorrectP() throws Exception {
        mockNonce("fyko+d2lbbFgONRv9qkxdawL");
        CallbackHandler createClientCallbackHandler = ScramCallbackHandlerUtils.createClientCallbackHandler("user", "pencil".toCharArray());
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(ScramSaslClientFactory.class);
        Assert.assertNotNull(obtainSaslClientFactory);
        ChannelBindingSaslClientFactory channelBindingSaslClientFactory = new ChannelBindingSaslClientFactory(obtainSaslClientFactory, "same-type", new byte[]{18, 44, 0});
        Assert.assertNotNull(channelBindingSaslClientFactory);
        HashMap hashMap = new HashMap();
        hashMap.put("wildfly.sasl.channel-binding-required", "true");
        SaslClient createSaslClient = channelBindingSaslClientFactory.createSaslClient(new String[]{"SCRAM-SHA-1-PLUS"}, (String) null, "protocol", "localhost", hashMap, createClientCallbackHandler);
        Assert.assertNotNull(createSaslClient);
        Assert.assertTrue(createSaslClient instanceof ScramSaslClient);
        Assert.assertEquals("p=same-type,,n=user,r=fyko+d2lbbFgONRv9qkxdawL", new String(createSaslClient.evaluateChallenge(AbstractSaslParticipant.NO_BYTES), StandardCharsets.UTF_8));
        Assert.assertEquals("c=cD1zYW1lLXR5cGUsLBIsAA==,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=0xrnDt+5S5sPyZE7IiTMKHbuZGQ=", new String(createSaslClient.evaluateChallenge("r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
        createSaslClient.evaluateChallenge("v=ooHARfuURZosAZ4dAMTwrFBGBFc=".getBytes(StandardCharsets.UTF_8));
        Assert.assertTrue(createSaslClient.isComplete());
    }

    @Test
    public void testServerError() throws Exception {
        mockNonce("fyko+d2lbbFgONRv9qkxdawL");
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(ScramSaslClientFactory.class);
        Assert.assertNotNull(obtainSaslClientFactory);
        SaslClient createSaslClient = obtainSaslClientFactory.createSaslClient(new String[]{"SCRAM-SHA-1"}, "user", "protocol", "localhost", Collections.emptyMap(), ScramCallbackHandlerUtils.createClientCallbackHandler("admin", "secret".toCharArray()));
        Assert.assertNotNull(createSaslClient);
        Assert.assertTrue(createSaslClient instanceof ScramSaslClient);
        Assert.assertEquals("n,a=user,n=admin,r=fyko+d2lbbFgONRv9qkxdawL", new String(createSaslClient.evaluateChallenge(AbstractSaslParticipant.NO_BYTES), StandardCharsets.UTF_8));
        Assert.assertEquals("c=bixhPXVzZXIs,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=JFcfWujky5ZULVQwDmB5aHMkoME=", new String(createSaslClient.evaluateChallenge("r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
        try {
            createSaslClient.evaluateChallenge("e=invalid-proof".getBytes(StandardCharsets.UTF_8));
            Assert.fail("SaslException not thrown");
        } catch (SaslException e) {
            if (!e.getMessage().contains("invalid-proof")) {
                Assert.fail("SaslException not contain error message (" + e.getMessage() + ")");
            }
        }
        Assert.assertFalse(createSaslClient.isComplete());
    }
}
