package org.wildfly.security.sasl.scram;

import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.Security;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslClientFactory;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec;
import org.wildfly.security.sasl.test.SaslServerBuilder;
import org.wildfly.security.sasl.test.SaslTestUtil;
import org.wildfly.security.sasl.util.AbstractSaslParticipant;
import org.wildfly.security.sasl.util.ChannelBindingSaslClientFactory;

/* loaded from: input_file:org/wildfly/security/sasl/scram/BasicScramSelfTest.class */
public class BasicScramSelfTest {
    private static final Provider[] providers = {WildFlyElytronSaslScramProvider.getInstance()};
    private static final Map<String, Object> EMPTY = Collections.emptyMap();

    @BeforeClass
    public static void registerPasswordProvider() {
        AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: org.wildfly.security.sasl.scram.BasicScramSelfTest.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                for (Provider provider : BasicScramSelfTest.providers) {
                    Security.insertProviderAt(provider, 2);
                }
                return null;
            }
        });
    }

    @AfterClass
    public static void removePasswordProvider() {
        AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: org.wildfly.security.sasl.scram.BasicScramSelfTest.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                for (Provider provider : BasicScramSelfTest.providers) {
                    Security.removeProvider(provider.getName());
                }
                return null;
            }
        });
    }

    @Test
    public void testAuthenticationSha1ClearPassword() throws Exception {
        testAuthentication("SCRAM-SHA-1", new SaslServerBuilder(ScramSaslServerFactory.class, "SCRAM-SHA-1").setUserName("user").setPassword("pencil".toCharArray()).build(), ScramCallbackHandlerUtils.createClientCallbackHandler("user", "pencil".toCharArray()), "user", EMPTY);
    }

    @Test(expected = SaslException.class)
    public void testAuthenticationSha1ClearPasswordBadUsername() throws Exception {
        testAuthentication("SCRAM-SHA-1", new SaslServerBuilder(ScramSaslServerFactory.class, "SCRAM-SHA-1").setUserName("user").setPassword("pencil".toCharArray()).build(), ScramCallbackHandlerUtils.createClientCallbackHandler("wrong", "pencil".toCharArray()), "user", EMPTY);
    }

    @Test(expected = SaslException.class)
    public void testAuthenticationSha1ClearPasswordBadPassword() throws Exception {
        testAuthentication("SCRAM-SHA-1", new SaslServerBuilder(ScramSaslServerFactory.class, "SCRAM-SHA-1").setUserName("user").setPassword("pencil".toCharArray()).build(), ScramCallbackHandlerUtils.createClientCallbackHandler("user", "wrong".toCharArray()), "user", EMPTY);
    }

    @Test
    public void testAuthenticationSha1ClearCredentialPassword() throws Exception {
        testAuthentication("SCRAM-SHA-1", new SaslServerBuilder(ScramSaslServerFactory.class, "SCRAM-SHA-1").setUserName("user").setPassword("pencil".toCharArray()).build(), ScramCallbackHandlerUtils.createClientCallbackHandler("user", "pencil".toCharArray()), "user", EMPTY);
    }

    @Test
    public void testAuthenticationSha1ClearCredential() throws Exception {
        testAuthentication("SCRAM-SHA-1", new SaslServerBuilder(ScramSaslServerFactory.class, "SCRAM-SHA-1").setUserName("user").setPassword("pencil".toCharArray()).build(), ScramCallbackHandlerUtils.createClientCallbackHandler("user", PasswordFactory.getInstance("clear").generatePassword(new ClearPasswordSpec("pencil".toCharArray()))), "user", EMPTY);
    }

    @Test
    public void testAuthenticationSha1ScramCredential() throws Exception {
        testAuthentication("SCRAM-SHA-1", new SaslServerBuilder(ScramSaslServerFactory.class, "SCRAM-SHA-1").setUserName("user").setPassword("scram-sha-1", new IteratedSaltedHashPasswordSpec(new byte[]{29, -106, -18, 58, 82, -101, 90, 95, -98, 71, -64, 31, 34, -102, 44, -72, -90, -31, 95, 125}, new byte[]{65, 37, -62, 71, -28, 58, -79, -23, 60, 109, -1, 118}, 4096)).build(), ScramCallbackHandlerUtils.createClientCallbackHandler("user", "pencil".toCharArray()), "user", EMPTY);
    }

    @Test
    public void testAuthenticationSha1ScramCredentialBindingData() throws Exception {
        testAuthentication("SCRAM-SHA-1-PLUS", new SaslServerBuilder(ScramSaslServerFactory.class, "SCRAM-SHA-1-PLUS").setUserName("user").setPassword("scram-sha-1", new IteratedSaltedHashPasswordSpec(new byte[]{29, -106, -18, 58, 82, -101, 90, 95, -98, 71, -64, 31, 34, -102, 44, -72, -90, -31, 95, 125}, new byte[]{65, 37, -62, 71, -28, 58, -79, -23, 60, 109, -1, 118}, 4096)).setChannelBinding("type1", new byte[]{-2, -36, 16}).build(), new ChannelBindingSaslClientFactory(obtainSaslClientFactory(), "type1", new byte[]{-2, -36, 16}), ScramCallbackHandlerUtils.createClientCallbackHandler("user", "pencil".toCharArray()), "user", EMPTY);
    }

    @Test
    public void testAuthenticationSha1ScramCredentialBindingDataRequired() throws Exception {
        CallbackHandler createClientCallbackHandler = ScramCallbackHandlerUtils.createClientCallbackHandler("user", "pencil".toCharArray());
        ChannelBindingSaslClientFactory channelBindingSaslClientFactory = new ChannelBindingSaslClientFactory(obtainSaslClientFactory(), "same-type2", new byte[]{-2, -36, 18});
        HashMap hashMap = new HashMap();
        hashMap.put("wildfly.sasl.channel-binding-required", "true");
        testAuthentication("SCRAM-SHA-1-PLUS", new SaslServerBuilder(ScramSaslServerFactory.class, "SCRAM-SHA-1-PLUS").setUserName("user").setPassword("scram-sha-1", new IteratedSaltedHashPasswordSpec(new byte[]{29, -106, -18, 58, 82, -101, 90, 95, -98, 71, -64, 31, 34, -102, 44, -72, -90, -31, 95, 125}, new byte[]{65, 37, -62, 71, -28, 58, -79, -23, 60, 109, -1, 118}, 4096)).setChannelBinding("same-type2", new byte[]{-2, -36, 18}).setProperties(new HashMap(hashMap)).build(), channelBindingSaslClientFactory, createClientCallbackHandler, "user", hashMap);
    }

    @Test
    public void testNonPlusClientWithoutBindingWithPlusServer() throws Exception {
        CallbackHandler createClientCallbackHandler = ScramCallbackHandlerUtils.createClientCallbackHandler("user", "pencil".toCharArray());
        SaslClientFactory obtainSaslClientFactory = obtainSaslClientFactory();
        HashMap hashMap = new HashMap();
        hashMap.put("wildfly.sasl.channel-binding-required", "false");
        SaslServer build = new SaslServerBuilder(ScramSaslServerFactory.class, "SCRAM-SHA-1-PLUS").setUserName("user").setPassword("scram-sha-1", new IteratedSaltedHashPasswordSpec(new byte[]{29, -106, -18, 58, 82, -101, 90, 95, -98, 71, -64, 31, 34, -102, 44, -72, -90, -31, 95, 125}, new byte[]{65, 37, -62, 71, -28, 58, -79, -23, 60, 109, -1, 118}, 4096)).setProperties(new HashMap(hashMap)).setChannelBinding("same-type2", new byte[]{-2, -36, 18}).build();
        Assert.assertNotNull(obtainSaslClientFactory);
        SaslClient createSaslClient = obtainSaslClientFactory.createSaslClient(new String[]{"SCRAM-SHA-1"}, "user", "test", "localhost", hashMap, createClientCallbackHandler);
        Assert.assertNotNull(createSaslClient);
        Assert.assertTrue(createSaslClient instanceof ScramSaslClient);
        byte[] bArr = AbstractSaslParticipant.NO_BYTES;
        do {
            try {
                byte[] evaluateChallenge = createSaslClient.evaluateChallenge(bArr);
                if (evaluateChallenge == null) {
                    break;
                } else {
                    bArr = build.evaluateResponse(evaluateChallenge);
                }
            } catch (SaslException e) {
                Assert.assertTrue(e.getMessage().contains("server-does-support-channel-binding"));
                return;
            }
        } while (bArr != null);
        Assert.fail("SaslException expected");
    }

    @Test
    public void testPlusClientWithBindingWithNonPlusServer() throws Exception {
        CallbackHandler createClientCallbackHandler = ScramCallbackHandlerUtils.createClientCallbackHandler("user", "pencil".toCharArray());
        ChannelBindingSaslClientFactory channelBindingSaslClientFactory = new ChannelBindingSaslClientFactory(obtainSaslClientFactory(), "same-type2", new byte[]{-2, -36, 18});
        HashMap hashMap = new HashMap();
        hashMap.put("wildfly.sasl.channel-binding-required", "false");
        SaslServer build = new SaslServerBuilder(ScramSaslServerFactory.class, "SCRAM-SHA-1").setUserName("user").setPassword("scram-sha-1", new IteratedSaltedHashPasswordSpec(new byte[]{29, -106, -18, 58, 82, -101, 90, 95, -98, 71, -64, 31, 34, -102, 44, -72, -90, -31, 95, 125}, new byte[]{65, 37, -62, 71, -28, 58, -79, -23, 60, 109, -1, 118}, 4096)).setProperties(new HashMap(hashMap)).build();
        Assert.assertNotNull(channelBindingSaslClientFactory);
        SaslClient createSaslClient = channelBindingSaslClientFactory.createSaslClient(new String[]{"SCRAM-SHA-1-PLUS"}, "user", "test", "localhost", hashMap, createClientCallbackHandler);
        Assert.assertNotNull(createSaslClient);
        Assert.assertTrue(createSaslClient instanceof ScramSaslClient);
        byte[] bArr = AbstractSaslParticipant.NO_BYTES;
        do {
            try {
                byte[] evaluateChallenge = createSaslClient.evaluateChallenge(bArr);
                if (evaluateChallenge == null) {
                    break;
                } else {
                    bArr = build.evaluateResponse(evaluateChallenge);
                }
            } catch (SaslException e) {
                Assert.assertTrue(e.getMessage().contains("server-does-not-support-channel-binding"));
                return;
            }
        } while (bArr != null);
        Assert.fail("SaslException expected");
    }

    private void testAuthentication(String str, SaslServer saslServer, CallbackHandler callbackHandler, String str2, Map<String, ?> map) throws Exception {
        SaslClientFactory obtainSaslClientFactory = obtainSaslClientFactory();
        Assert.assertNotNull(obtainSaslClientFactory);
        testAuthentication(str, saslServer, obtainSaslClientFactory, callbackHandler, str2, map);
    }

    private void testAuthentication(String str, SaslServer saslServer, SaslClientFactory saslClientFactory, CallbackHandler callbackHandler, String str2, Map<String, ?> map) throws Exception {
        Assert.assertEquals(str, saslServer.getMechanismName());
        Assert.assertNotNull(saslClientFactory);
        SaslClient createSaslClient = saslClientFactory.createSaslClient(new String[]{str}, str2, "test", "localhost", map, callbackHandler);
        Assert.assertNotNull(createSaslClient);
        Assert.assertTrue(createSaslClient instanceof ScramSaslClient);
        byte[] bArr = AbstractSaslParticipant.NO_BYTES;
        do {
            byte[] evaluateChallenge = createSaslClient.evaluateChallenge(bArr);
            if (evaluateChallenge == null) {
                break;
            } else {
                bArr = saslServer.evaluateResponse(evaluateChallenge);
            }
        } while (bArr != null);
        Assert.assertTrue(saslServer.isComplete());
        Assert.assertTrue(createSaslClient.isComplete());
    }

    private SaslClientFactory obtainSaslClientFactory() {
        SaslClientFactory obtainSaslClientFactory = SaslTestUtil.obtainSaslClientFactory(ScramSaslClientFactory.class);
        Assert.assertTrue(obtainSaslClientFactory instanceof ScramSaslClientFactory);
        return obtainSaslClientFactory;
    }
}
