package org.wildfly.security.sasl.gssapi;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.AccessController;
import java.security.Provider;
import java.security.Security;
import java.util.Arrays;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslClientFactory;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/wildfly/security/sasl/gssapi/CommunicationSuiteChild.class */
public class CommunicationSuiteChild {
    private static final String TEST_SERVER_1 = "test_server_1";
    private static final String SASL_CLIENT_FACTORY_GSSAPI = "SaslClientFactory.GSSAPI";
    private static final String SASL_SERVER_FACTORY_GSSAPI = "SaslServerFactory.GSSAPI";
    private static final String GSSAPI = "GSSAPI";
    private static final String QOP_AUTH = "auth";
    private static final String QOP_AUTH_INT = "auth-int";
    private static final String QOP_AUTH_CONF = "auth-conf";
    static final String SERVER_KEY_TAB = "serverKeyTab";
    static final String SERVER_UNBOUND_KEY_TAB = "serverUnboundKeyTab";
    private static final Provider wildFlyElytronProvider = WildFlyElytronSaslGssapiProvider.getInstance();
    private static Subject clientSubject;
    private static Subject serverSubject;
    private static Subject unboundServerSubject;

    @Parameterized.Parameter(0)
    public boolean serverElytron;

    @Parameterized.Parameter(1)
    public boolean clientElytron;

    @Parameterized.Parameter(2)
    public boolean authServer;

    @Parameterized.Parameter(3)
    public boolean unbound;

    @Parameterized.Parameter(4)
    public VerificationMode mode;

    /* loaded from: input_file:org/wildfly/security/sasl/gssapi/CommunicationSuiteChild$AuthorizeOnlyCallbackHandler.class */
    private class AuthorizeOnlyCallbackHandler implements CallbackHandler {
        private AuthorizeOnlyCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (!(callback instanceof AuthorizeCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
                authorizeCallback.setAuthorized(authorizeCallback.getAuthorizationID().equals(authorizeCallback.getAuthenticationID()));
            }
        }
    }

    /* loaded from: input_file:org/wildfly/security/sasl/gssapi/CommunicationSuiteChild$NoCallbackHandler.class */
    private class NoCallbackHandler implements CallbackHandler {
        private NoCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            throw new UnsupportedCallbackException(callbackArr[0]);
        }
    }

    /* loaded from: input_file:org/wildfly/security/sasl/gssapi/CommunicationSuiteChild$VerificationMode.class */
    enum VerificationMode {
        NONE(CommunicationSuiteChild.QOP_AUTH),
        INTEGRITY(CommunicationSuiteChild.QOP_AUTH_INT),
        CONFIDENTIALITY(CommunicationSuiteChild.QOP_AUTH_CONF);

        private final String qop;

        VerificationMode(String str) {
            this.qop = str;
        }

        String getQop() {
            return this.qop;
        }
    }

    @Parameterized.Parameters(name = "serverElytron={0} clientElytron={1} authServer={2} unbound={3} mode={4}")
    public static Iterable<Object[]> serverElytron() {
        System.out.println("Parameters init");
        return Arrays.asList(new Object[]{true, true, false, false, VerificationMode.NONE}, new Object[]{true, true, true, false, VerificationMode.NONE}, new Object[]{true, true, false, false, VerificationMode.INTEGRITY}, new Object[]{true, true, false, false, VerificationMode.CONFIDENTIALITY}, new Object[]{true, true, false, true, VerificationMode.CONFIDENTIALITY}, new Object[]{true, false, false, false, VerificationMode.NONE}, new Object[]{true, false, true, false, VerificationMode.NONE}, new Object[]{true, false, false, false, VerificationMode.INTEGRITY}, new Object[]{true, false, false, false, VerificationMode.CONFIDENTIALITY}, new Object[]{true, false, false, true, VerificationMode.CONFIDENTIALITY}, new Object[]{false, true, false, false, VerificationMode.NONE}, new Object[]{false, true, true, false, VerificationMode.NONE}, new Object[]{false, true, false, false, VerificationMode.INTEGRITY}, new Object[]{false, true, false, false, VerificationMode.CONFIDENTIALITY}, new Object[]{false, true, false, true, VerificationMode.CONFIDENTIALITY}, new Object[]{false, false, false, false, VerificationMode.NONE}, new Object[]{false, false, true, false, VerificationMode.NONE}, new Object[]{false, false, false, false, VerificationMode.INTEGRITY}, new Object[]{false, false, false, false, VerificationMode.CONFIDENTIALITY}, new Object[]{false, false, false, true, VerificationMode.CONFIDENTIALITY});
    }

    @BeforeClass
    public static void initialize() throws LoginException {
        clientSubject = JaasUtil.loginClient();
        serverSubject = JaasUtil.loginServer(GssapiTestSuite.serverKeyTab, false);
        unboundServerSubject = JaasUtil.loginServer(GssapiTestSuite.serverUnboundKeyTab, true);
        Assert.assertNotNull(clientSubject);
        Assert.assertNotNull(serverSubject);
        Assert.assertNotNull(unboundServerSubject);
        AccessController.doPrivileged(() -> {
            return Integer.valueOf(Security.insertProviderAt(wildFlyElytronProvider, 1));
        });
    }

    @AfterClass
    public static void destroy() {
        clientSubject = null;
        serverSubject = null;
        unboundServerSubject = null;
        AccessController.doPrivileged(() -> {
            Security.removeProvider(wildFlyElytronProvider.getName());
            return null;
        });
    }

    @Test
    public void testSasl() throws Exception {
        SaslClient saslClient = getSaslClient();
        SaslServer saslServer = getSaslServer();
        try {
            byte[] bArr = new byte[0];
            while (true) {
                if (saslClient.isComplete() && saslServer.isComplete()) {
                    break;
                }
                bArr = saslClient.evaluateChallenge(bArr);
                if (!saslServer.isComplete()) {
                    bArr = saslServer.evaluateResponse(bArr);
                }
            }
            Assert.assertTrue(saslClient.isComplete());
            Assert.assertTrue(saslServer.isComplete());
            Assert.assertEquals("Authorization ID", "jduke@WILDFLY.ORG", saslServer.getAuthorizationID());
            Assert.assertEquals("Bound server name", TEST_SERVER_1, saslServer.getNegotiatedProperty("javax.security.sasl.bound.server.name"));
            Assert.assertEquals("Server QOP", this.mode.getQop(), saslServer.getNegotiatedProperty("javax.security.sasl.qop"));
            Assert.assertEquals("Client QOP", this.mode.getQop(), saslClient.getNegotiatedProperty("javax.security.sasl.qop"));
            if (this.mode != VerificationMode.NONE) {
                Assert.assertEquals("Server MAX_BUFFER", "64321", saslServer.getNegotiatedProperty("javax.security.sasl.maxbuffer"));
                Assert.assertEquals("Client MAX_BUFFER", "61234", saslClient.getNegotiatedProperty("javax.security.sasl.maxbuffer"));
                int parseInt = Integer.parseInt((String) saslServer.getNegotiatedProperty("javax.security.sasl.rawsendsize"));
                int parseInt2 = Integer.parseInt((String) saslClient.getNegotiatedProperty("javax.security.sasl.rawsendsize"));
                Assert.assertTrue("Server RAW_SEND_SIZE", 61000 < parseInt && parseInt < 61234);
                Assert.assertTrue("Client RAW_SEND_SIZE", 64000 < parseInt2 && parseInt2 < 64321);
                testDataExchange(saslClient, saslServer);
            }
        } finally {
            try {
                saslClient.dispose();
                saslServer.dispose();
            } catch (SaslException e) {
                e.printStackTrace();
            }
        }
    }

    private void testDataExchange(SaslClient saslClient, SaslServer saslServer) throws SaslException {
        byte[] bytes = "Some Test Data".getBytes(StandardCharsets.UTF_8);
        byte[] bytes2 = "Some Test Data".getBytes(StandardCharsets.UTF_8);
        byte[] wrap = saslClient.wrap(bytes, 0, bytes.length);
        Assert.assertTrue("Original data unmodified", Arrays.equals(bytes2, bytes));
        Assert.assertTrue("Unwrapped (By Server) matched original", Arrays.equals(saslServer.unwrap(wrap, 0, wrap.length), bytes));
        byte[] wrap2 = saslServer.wrap(bytes, 0, bytes.length);
        Assert.assertTrue("Original data unmodified", Arrays.equals(bytes2, bytes));
        Assert.assertTrue("Unwrapped (By Client) matched original", Arrays.equals(saslClient.unwrap(wrap2, 0, wrap2.length), bytes));
    }

    private SaslClient getSaslClient() throws Exception {
        return new SubjectWrappingSaslClient((SaslClient) Subject.doAs(clientSubject, this::createClient), clientSubject);
    }

    private SaslServer getSaslServer() throws Exception {
        return new SubjectWrappingSaslServer((SaslServer) Subject.doAs(serverSubject, this::createServer), this.unbound ? unboundServerSubject : serverSubject);
    }

    private SaslClient createClient() throws Exception {
        SaslClientFactory saslClientFactory = (SaslClientFactory) Class.forName((String) findProvider(SASL_CLIENT_FACTORY_GSSAPI, this.clientElytron).get(SASL_CLIENT_FACTORY_GSSAPI)).asSubclass(SaslClientFactory.class).newInstance();
        HashMap hashMap = new HashMap();
        hashMap.put("javax.security.sasl.server.authentication", Boolean.toString(this.authServer));
        hashMap.put("javax.security.sasl.qop", this.mode.getQop());
        hashMap.put("javax.security.sasl.maxbuffer", Integer.toString(61234));
        if (this.clientElytron && !this.serverElytron) {
            hashMap.put("wildfly.sasl.relax-compliance", Boolean.TRUE.toString());
        }
        return saslClientFactory.createSaslClient(new String[]{GSSAPI}, (String) null, "sasl", TEST_SERVER_1, hashMap, new NoCallbackHandler());
    }

    private SaslServer createServer() throws Exception {
        SaslServerFactory saslServerFactory = (SaslServerFactory) Class.forName((String) findProvider(SASL_SERVER_FACTORY_GSSAPI, this.serverElytron).get(SASL_SERVER_FACTORY_GSSAPI)).asSubclass(SaslServerFactory.class).newInstance();
        HashMap hashMap = new HashMap();
        hashMap.put("javax.security.sasl.qop", this.mode.getQop());
        hashMap.put("javax.security.sasl.maxbuffer", Integer.toString(64321));
        if (!this.clientElytron && this.serverElytron) {
            hashMap.put("wildfly.sasl.relax-compliance", Boolean.TRUE.toString());
        }
        return saslServerFactory.createSaslServer(GSSAPI, "sasl", this.unbound ? null : TEST_SERVER_1, hashMap, new AuthorizeOnlyCallbackHandler());
    }

    private Provider findProvider(String str, boolean z) {
        for (Provider provider : Security.getProviders(str)) {
            if (provider instanceof WildFlyElytronSaslGssapiProvider) {
                if (z) {
                    return provider;
                }
            } else if (!z) {
                return provider;
            }
        }
        return null;
    }
}
