package org.wildfly.security.sasl.digest;

import java.nio.charset.StandardCharsets;
import java.security.Provider;
import java.security.Security;
import java.util.HashMap;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import mockit.Mock;
import mockit.MockUp;
import mockit.integration.junit4.JMockit;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.wildfly.common.iteration.ByteIterator;
import org.wildfly.common.iteration.CodePointIterator;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.sasl.test.SaslServerBuilder;

@RunWith(JMockit.class)
/* loaded from: input_file:org/wildfly/security/sasl/digest/CompatibilityServerTest.class */
public class CompatibilityServerTest {
    protected static final String REALM_PROPERTY = "com.sun.security.sasl.digest.realm";
    protected static final String QOP_PROPERTY = "javax.security.sasl.qop";
    private static final Provider provider = WildFlyElytronSaslDigestProvider.getInstance();

    private void mockNonce(final String str) {
        new MockUp<DigestSaslServer>() { // from class: org.wildfly.security.sasl.digest.CompatibilityServerTest.1
            @Mock
            byte[] generateNonce() {
                return str.getBytes(StandardCharsets.UTF_8);
            }
        };
    }

    @BeforeClass
    public static void registerPasswordProvider() {
        Security.insertProviderAt(provider, 1);
    }

    @AfterClass
    public static void removePasswordProvider() {
        Security.removeProvider(provider.getName());
    }

    @Test
    public void testRfc2831example1() throws Exception {
        mockNonce("OA6MG9tEQGm2hh");
        SaslServer build = new SaslServerBuilder(DigestServerFactory.class, "DIGEST-MD5").setUserName("chris").setPassword("clear", new ClearPasswordSpec("secret".toCharArray())).setProtocol("imap").setServerName("elwood.innosoft.com").addMechanismRealm("elwood.innosoft.com").build();
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",charset=utf-8,algorithm=md5-sess", new String(build.evaluateResponse(new byte[0]), "UTF-8"));
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("rspauth=ea40f60335c427b5527b84dbabcdfffd", new String(build.evaluateResponse("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertTrue(build.isComplete());
        Assert.assertEquals("chris", build.getAuthorizationID());
    }

    @Test
    public void testRfc2831example2() throws Exception {
        mockNonce("OA9BSXrbuRhWay");
        SaslServer build = new SaslServerBuilder(DigestServerFactory.class, "DIGEST-MD5").setUserName("chris").setPassword("clear", new ClearPasswordSpec("secret".toCharArray())).setProtocol("acap").setServerName("elwood.innosoft.com").addMechanismRealm("elwood.innosoft.com").build();
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",charset=utf-8,algorithm=md5-sess", new String(build.evaluateResponse(new byte[0]), "UTF-8"));
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("rspauth=2f0b3d7c3c2e486600ef710726aa2eae", new String(build.evaluateResponse("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",response=6084c6db3fede7352c551284490fd0fc,qop=auth".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertTrue(build.isComplete());
        Assert.assertEquals("chris", build.getAuthorizationID());
    }

    @Test
    public void testUnauthorizedAuthorizationId() throws Exception {
        mockNonce("OA9BSXrbuRhWay");
        HashMap hashMap = new HashMap();
        hashMap.put(REALM_PROPERTY, "elwood.innosoft.com");
        SaslServer build = new SaslServerBuilder(DigestServerFactory.class, "DIGEST-MD5").setUserName("chris").setPassword("clear", new ClearPasswordSpec("secret".toCharArray())).setProtocol("acap").setServerName("elwood.innosoft.com").setProperties(hashMap).build();
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",charset=utf-8,algorithm=md5-sess", new String(build.evaluateResponse(new byte[0]), "UTF-8"));
        Assert.assertFalse(build.isComplete());
        try {
            build.evaluateResponse("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",maxbuf=65536,response=0d071450228e395e2c0999e02b6aa665,qop=auth,authzid=\"george\"".getBytes(StandardCharsets.UTF_8));
            Assert.fail("Not throwed SaslException!");
        } catch (SaslException e) {
        }
        Assert.assertFalse(build.isComplete());
    }

    @Test
    public void testAuthorizedAuthorizationId() throws Exception {
        mockNonce("OA9BSXrbuRhWay");
        SaslServer build = new SaslServerBuilder(DigestServerFactory.class, "DIGEST-MD5").setUserName("chris").setPassword("clear", new ClearPasswordSpec("secret".toCharArray())).setProtocol("acap").setServerName("elwood.innosoft.com").addMechanismRealm("elwood.innosoft.com").build();
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",charset=utf-8,algorithm=md5-sess", new String(build.evaluateResponse(new byte[0]), "UTF-8"));
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("rspauth=af3ca83a805d4cfa00675a17315475c4", new String(build.evaluateResponse("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",response=aa4e81f1c6656350f7bce05d436665de,qop=auth,authzid=\"chris\"".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertTrue(build.isComplete());
        Assert.assertEquals("chris", build.getAuthorizationID());
    }

    @Test
    public void testQopAuthInt() throws Exception {
        mockNonce("OA9BSXrbuRhWay");
        HashMap hashMap = new HashMap();
        hashMap.put(QOP_PROPERTY, "auth-int");
        SaslServer build = new SaslServerBuilder(DigestServerFactory.class, "DIGEST-MD5").setUserName("chris").setPassword("clear", new ClearPasswordSpec("secret".toCharArray())).setProtocol("acap").setServerName("elwood.innosoft.com").setProperties(hashMap).addMechanismRealm("elwood.innosoft.com").build();
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",qop=\"auth-int\",charset=utf-8,algorithm=md5-sess", new String(build.evaluateResponse(new byte[0]), "UTF-8"));
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("rspauth=7a8794654d6d6de607e9143d52b554a8", new String(build.evaluateResponse("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",maxbuf=65536,response=d8b17f55b410208c6ebb22f89f9d6cbb,qop=auth-int,authzid=\"chris\"".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertTrue(build.isComplete());
        Assert.assertEquals("chris", build.getAuthorizationID());
        byte[] drain = CodePointIterator.ofString("1122334499191be7952a49d8549b000100000000").hexDecode().drain();
        Assert.assertEquals("11223344", ByteIterator.ofBytes(build.unwrap(drain, 0, drain.length)).hexEncode().drainToString());
        byte[] drain2 = CodePointIterator.ofString("55667788").hexDecode().drain();
        Assert.assertEquals("55667788cf5e02ad15987d9076b8000100000000", ByteIterator.ofBytes(build.wrap(drain2, 0, drain2.length)).hexEncode().drainToString());
        byte[] drain3 = CodePointIterator.ofString("aabbcc7e845ed48b0474447543000100000001").hexDecode().drain();
        Assert.assertEquals("aabbcc", ByteIterator.ofBytes(build.unwrap(drain3, 0, drain3.length)).hexEncode().drainToString());
        byte[] bArr = new byte[0];
        Assert.assertEquals("", ByteIterator.ofBytes(build.wrap(bArr, 0, bArr.length)).hexEncode().drainToString());
        byte[] drain4 = CodePointIterator.ofString("0188034ce1b414194c1c822a55000100000002").hexDecode().drain();
        Assert.assertEquals("", ByteIterator.ofBytes(build.unwrap(drain4, 0, drain4.length)).hexEncode().drainToString());
        try {
            byte[] drain5 = CodePointIterator.ofString("0102032cf12c67e4318ebd624e000100000003").hexDecode().drain();
            build.unwrap(drain5, 0, drain5.length);
            Assert.fail("Out of order sequencing SaslException expected!");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testQopAuthConf() throws Exception {
        mockNonce("OA9BSXrbuRhWay");
        HashMap hashMap = new HashMap();
        hashMap.put(QOP_PROPERTY, "auth-conf");
        SaslServer build = new SaslServerBuilder(DigestServerFactory.class, "DIGEST-MD5").setUserName("chris").setPassword("clear", new ClearPasswordSpec("secret".toCharArray())).setProtocol("acap").setServerName("elwood.innosoft.com").setProperties(hashMap).addMechanismRealm("elwood.innosoft.com").build();
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",qop=\"auth-conf\",charset=utf-8,cipher=\"3des,rc4,des,rc4-56,rc4-40\",algorithm=md5-sess", new String(build.evaluateResponse(new byte[0]), "UTF-8"));
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("rspauth=a804fda66588e2d911bbacd1b1163bc1", new String(build.evaluateResponse("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",maxbuf=65536,response=4520cf48234bb93b95548a25cd56601b,qop=auth-conf,cipher=\"3des\",authzid=\"chris\"".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertTrue(build.isComplete());
        Assert.assertEquals("chris", build.getAuthorizationID());
        Assert.assertEquals("auth-conf", build.getNegotiatedProperty(QOP_PROPERTY));
        Assert.assertEquals("high", build.getNegotiatedProperty("javax.security.sasl.strength"));
        byte[] drain = CodePointIterator.ofString("13f7644f8c783501177522c1a455cb1f000100000000").hexDecode().drain();
        Assert.assertEquals("11223344", ByteIterator.ofBytes(build.unwrap(drain, 0, drain.length)).hexEncode().drainToString());
        byte[] drain2 = CodePointIterator.ofString("55667788").hexDecode().drain();
        Assert.assertEquals("93ce33409e0fe5187e07c16fc3041f64000100000000", ByteIterator.ofBytes(build.wrap(drain2, 0, drain2.length)).hexEncode().drainToString());
        byte[] drain3 = CodePointIterator.ofString("ec426d9cd3276f22285ab5da8df8f26b000100000001").hexDecode().drain();
        Assert.assertEquals("aabbcc", ByteIterator.ofBytes(build.unwrap(drain3, 0, drain3.length)).hexEncode().drainToString());
        byte[] bArr = new byte[0];
        Assert.assertEquals("", ByteIterator.ofBytes(build.wrap(bArr, 0, bArr.length)).hexEncode().drainToString());
        byte[] drain4 = CodePointIterator.ofString("b0acad3c969d091251666f91070166f5000100000002").hexDecode().drain();
        Assert.assertEquals("", ByteIterator.ofBytes(build.unwrap(drain4, 0, drain4.length)).hexEncode().drainToString());
        try {
            byte[] drain5 = CodePointIterator.ofString("2cfa9bced5b960763953c4f9838b7022000100000003").hexDecode().drain();
            build.unwrap(drain5, 0, drain5.length);
            Assert.fail("Out of order sequencing SaslException expected!");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testQopAuthConfRc4() throws Exception {
        mockNonce("OA9BSXrbuRhWay");
        HashMap hashMap = new HashMap();
        hashMap.put(QOP_PROPERTY, "auth-conf");
        SaslServer build = new SaslServerBuilder(DigestServerFactory.class, "DIGEST-MD5").setUserName("chris").setPassword("clear", new ClearPasswordSpec("secret".toCharArray())).setProtocol("acap").setServerName("elwood.innosoft.com").addMechanismRealm("elwood.innosoft.com").setProperties(hashMap).build();
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",qop=\"auth-conf\",charset=utf-8,cipher=\"3des,rc4,des,rc4-56,rc4-40\",algorithm=md5-sess", new String(build.evaluateResponse(new byte[0]), "UTF-8"));
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("rspauth=a804fda66588e2d911bbacd1b1163bc1", new String(build.evaluateResponse("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",maxbuf=65536,response=4520cf48234bb93b95548a25cd56601b,qop=auth-conf,cipher=\"rc4\",authzid=\"chris\"".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertTrue(build.isComplete());
        Assert.assertEquals("chris", build.getAuthorizationID());
        byte[] drain = CodePointIterator.ofString("6a9328ca634e47c8d1ecc3c3f6e6000100000000").hexDecode().drain();
        Assert.assertEquals("11223344", ByteIterator.ofBytes(build.unwrap(drain, 0, drain.length)).hexEncode().drainToString());
        byte[] drain2 = CodePointIterator.ofString("55667788").hexDecode().drain();
        Assert.assertEquals("9fc7eb1c3c9e04b52df6e347a389000100000000", ByteIterator.ofBytes(build.wrap(drain2, 0, drain2.length)).hexEncode().drainToString());
        byte[] drain3 = CodePointIterator.ofString("7e15b940fccbb58a5612f54da7000100000001").hexDecode().drain();
        Assert.assertEquals("aabbcc", ByteIterator.ofBytes(build.unwrap(drain3, 0, drain3.length)).hexEncode().drainToString());
        byte[] bArr = new byte[0];
        Assert.assertEquals("", ByteIterator.ofBytes(build.wrap(bArr, 0, bArr.length)).hexEncode().drainToString());
        byte[] drain4 = CodePointIterator.ofString("84468595614f4ac73fabe47cc4000100000002").hexDecode().drain();
        Assert.assertEquals("", ByteIterator.ofBytes(build.unwrap(drain4, 0, drain4.length)).hexEncode().drainToString());
        try {
            byte[] drain5 = CodePointIterator.ofString("4a206df4178a9b7d091dec3527000100000003").hexDecode().drain();
            build.unwrap(drain5, 0, drain5.length);
            Assert.fail("Out of order sequencing SaslException expected!");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testQopAuthConfDes() throws Exception {
        mockNonce("OA9BSXrbuRhWay");
        HashMap hashMap = new HashMap();
        hashMap.put(QOP_PROPERTY, "auth-conf");
        SaslServer build = new SaslServerBuilder(DigestServerFactory.class, "DIGEST-MD5").setUserName("chris").setPassword("clear", new ClearPasswordSpec("secret".toCharArray())).setProtocol("acap").setServerName("elwood.innosoft.com").addMechanismRealm("elwood.innosoft.com").setProperties(hashMap).build();
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",qop=\"auth-conf\",charset=utf-8,cipher=\"3des,rc4,des,rc4-56,rc4-40\",algorithm=md5-sess", new String(build.evaluateResponse(new byte[0]), "UTF-8"));
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("rspauth=a804fda66588e2d911bbacd1b1163bc1", new String(build.evaluateResponse("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",maxbuf=65536,response=4520cf48234bb93b95548a25cd56601b,qop=auth-conf,cipher=\"des\",authzid=\"chris\"".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertTrue(build.isComplete());
        Assert.assertEquals("chris", build.getAuthorizationID());
        byte[] drain = CodePointIterator.ofString("b2a12ba8ccd1030e7da4bac57a224197000100000000").hexDecode().drain();
        Assert.assertEquals("11223344", ByteIterator.ofBytes(build.unwrap(drain, 0, drain.length)).hexEncode().drainToString());
        byte[] drain2 = CodePointIterator.ofString("55667788").hexDecode().drain();
        Assert.assertEquals("8bc1267e71a769456f0c60f030e13f32000100000000", ByteIterator.ofBytes(build.wrap(drain2, 0, drain2.length)).hexEncode().drainToString());
        byte[] drain3 = CodePointIterator.ofString("13144fc90ca65d3838d3547cca43e8ad000100000001").hexDecode().drain();
        Assert.assertEquals("aabbcc", ByteIterator.ofBytes(build.unwrap(drain3, 0, drain3.length)).hexEncode().drainToString());
        byte[] bArr = new byte[0];
        Assert.assertEquals("", ByteIterator.ofBytes(build.wrap(bArr, 0, bArr.length)).hexEncode().drainToString());
        byte[] drain4 = CodePointIterator.ofString("7022412985dbee1d261ecb8850486c6e000100000002").hexDecode().drain();
        Assert.assertEquals("", ByteIterator.ofBytes(build.unwrap(drain4, 0, drain4.length)).hexEncode().drainToString());
        try {
            byte[] drain5 = CodePointIterator.ofString("3457275b036fa15042e41aeda83a563b000100000003").hexDecode().drain();
            build.unwrap(drain5, 0, drain5.length);
            Assert.fail("Out of order sequencing SaslException expected!");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testQopAuthConfRc456() throws Exception {
        mockNonce("OA9BSXrbuRhWay");
        HashMap hashMap = new HashMap();
        hashMap.put(QOP_PROPERTY, "auth-conf");
        SaslServer build = new SaslServerBuilder(DigestServerFactory.class, "DIGEST-MD5").setUserName("chris").setPassword("clear", new ClearPasswordSpec("secret".toCharArray())).setProtocol("acap").setServerName("elwood.innosoft.com").setProperties(hashMap).addMechanismRealm("elwood.innosoft.com").build();
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",qop=\"auth-conf\",charset=utf-8,cipher=\"3des,rc4,des,rc4-56,rc4-40\",algorithm=md5-sess", new String(build.evaluateResponse(new byte[0]), "UTF-8"));
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("rspauth=a804fda66588e2d911bbacd1b1163bc1", new String(build.evaluateResponse("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",maxbuf=65536,response=4520cf48234bb93b95548a25cd56601b,qop=auth-conf,cipher=\"rc4-56\",authzid=\"chris\"".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertTrue(build.isComplete());
        Assert.assertEquals("chris", build.getAuthorizationID());
        byte[] drain = CodePointIterator.ofString("7a77c4b8b20208e502e5dc09bbfc000100000000").hexDecode().drain();
        Assert.assertEquals("11223344", ByteIterator.ofBytes(build.unwrap(drain, 0, drain.length)).hexEncode().drainToString());
        byte[] drain2 = CodePointIterator.ofString("55667788").hexDecode().drain();
        Assert.assertEquals("c10acbf737cdebf2298df53417bc000100000000", ByteIterator.ofBytes(build.wrap(drain2, 0, drain2.length)).hexEncode().drainToString());
        byte[] drain3 = CodePointIterator.ofString("efcb8662925427788b0ffeab2c000100000001").hexDecode().drain();
        Assert.assertEquals("aabbcc", ByteIterator.ofBytes(build.unwrap(drain3, 0, drain3.length)).hexEncode().drainToString());
        byte[] bArr = new byte[0];
        Assert.assertEquals("", ByteIterator.ofBytes(build.wrap(bArr, 0, bArr.length)).hexEncode().drainToString());
        byte[] drain4 = CodePointIterator.ofString("03c8fa9cb28ecf4a99561e5ac3000100000002").hexDecode().drain();
        Assert.assertEquals("", ByteIterator.ofBytes(build.unwrap(drain4, 0, drain4.length)).hexEncode().drainToString());
        try {
            byte[] drain5 = CodePointIterator.ofString("4daa261a6afb77f0b1d1d3d4eb000100000003").hexDecode().drain();
            build.unwrap(drain5, 0, drain5.length);
            Assert.fail("Out of order sequencing SaslException expected!");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testQopAuthConfRc440() throws Exception {
        mockNonce("OA9BSXrbuRhWay");
        HashMap hashMap = new HashMap();
        hashMap.put(QOP_PROPERTY, "auth-conf");
        SaslServer build = new SaslServerBuilder(DigestServerFactory.class, "DIGEST-MD5").setUserName("chris").setPassword("clear", new ClearPasswordSpec("secret".toCharArray())).setProtocol("acap").setServerName("elwood.innosoft.com").addMechanismRealm("elwood.innosoft.com").setProperties(hashMap).build();
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",qop=\"auth-conf\",charset=utf-8,cipher=\"3des,rc4,des,rc4-56,rc4-40\",algorithm=md5-sess", new String(build.evaluateResponse(new byte[0]), "UTF-8"));
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("rspauth=a804fda66588e2d911bbacd1b1163bc1", new String(build.evaluateResponse("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",maxbuf=65536,response=4520cf48234bb93b95548a25cd56601b,qop=auth-conf,cipher=\"rc4-40\",authzid=\"chris\"".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertTrue(build.isComplete());
        Assert.assertEquals("chris", build.getAuthorizationID());
        byte[] drain = CodePointIterator.ofString("ed46c6b0d38acb719aad661f9625000100000000").hexDecode().drain();
        Assert.assertEquals("11223344", ByteIterator.ofBytes(build.unwrap(drain, 0, drain.length)).hexEncode().drainToString());
        byte[] drain2 = CodePointIterator.ofString("55667788").hexDecode().drain();
        Assert.assertEquals("44aca6145a89353d26258e524724000100000000", ByteIterator.ofBytes(build.wrap(drain2, 0, drain2.length)).hexEncode().drainToString());
        byte[] drain3 = CodePointIterator.ofString("b7bdc8f08733182154289e7f3d000100000001").hexDecode().drain();
        Assert.assertEquals("aabbcc", ByteIterator.ofBytes(build.unwrap(drain3, 0, drain3.length)).hexEncode().drainToString());
        byte[] bArr = new byte[0];
        Assert.assertEquals("", ByteIterator.ofBytes(build.wrap(bArr, 0, bArr.length)).hexEncode().drainToString());
        byte[] drain4 = CodePointIterator.ofString("34968ede3148eb0d3affe15656000100000002").hexDecode().drain();
        Assert.assertEquals("", ByteIterator.ofBytes(build.unwrap(drain4, 0, drain4.length)).hexEncode().drainToString());
        try {
            byte[] drain5 = CodePointIterator.ofString("8e497ee789076071cf3b5bb9e1000100000003").hexDecode().drain();
            build.unwrap(drain5, 0, drain5.length);
            Assert.fail("Out of order sequencing SaslException expected!");
        } catch (SaslException e) {
        }
    }

    @Test
    public void testReplayAttack() throws Exception {
        mockNonce("OA9BSXrbuRhWay");
        HashMap hashMap = new HashMap();
        hashMap.put(REALM_PROPERTY, "elwood.innosoft.com");
        SaslServer build = new SaslServerBuilder(DigestServerFactory.class, "DIGEST-MD5").setUserName("chris").setPassword("clear", new ClearPasswordSpec("secret".toCharArray())).setProtocol("acap").setServerName("elwood.innosoft.com").setProperties(hashMap).build();
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",charset=utf-8,algorithm=md5-sess", new String(build.evaluateResponse(new byte[0]), "UTF-8"));
        Assert.assertFalse(build.isComplete());
        try {
            build.evaluateResponse("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA6MG9tEQGm2hh\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"imap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth".getBytes(StandardCharsets.UTF_8));
            Assert.fail("Not throwed SaslException!");
        } catch (SaslException e) {
        }
        Assert.assertFalse(build.isComplete());
    }

    @Test
    public void testBadResponse() throws Exception {
        mockNonce("OA9BSXrbuRhWay");
        HashMap hashMap = new HashMap();
        hashMap.put(REALM_PROPERTY, "elwood.innosoft.com");
        SaslServer build = new SaslServerBuilder(DigestServerFactory.class, "DIGEST-MD5").setUserName("chris").setPassword("clear", new ClearPasswordSpec("secret".toCharArray())).setProtocol("acap").setServerName("elwood.innosoft.com").setProperties(hashMap).build();
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",charset=utf-8,algorithm=md5-sess", new String(build.evaluateResponse(new byte[0]), "UTF-8"));
        Assert.assertFalse(build.isComplete());
        try {
            build.evaluateResponse("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth".getBytes(StandardCharsets.UTF_8));
            Assert.fail("Not throwed SaslException!");
        } catch (SaslException e) {
        }
        Assert.assertFalse(build.isComplete());
    }

    @Test
    public void testMoreRealmsFromServer() throws Exception {
        mockNonce("OA9BSXrbuRhWay");
        HashMap hashMap = new HashMap();
        hashMap.put(REALM_PROPERTY, "other-realm elwood.innosoft.com next-realm");
        SaslServer build = new SaslServerBuilder(DigestServerFactory.class, "DIGEST-MD5").setUserName("chris").setPassword("clear", new ClearPasswordSpec("secret".toCharArray())).setProtocol("acap").setServerName("elwood.innosoft.com").setProperties(hashMap).build();
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("realm=\"other-realm\",realm=\"elwood.innosoft.com\",realm=\"next-realm\",nonce=\"OA9BSXrbuRhWay\",charset=utf-8,algorithm=md5-sess", new String(build.evaluateResponse(new byte[0]), "UTF-8"));
        Assert.assertFalse(build.isComplete());
        try {
            build.evaluateResponse("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA9BSuZWMSpW8m\",digest-uri=\"acap/elwood.innosoft.com\",response=d388dad90d4bbd760a152321f2143af7,qop=auth".getBytes(StandardCharsets.UTF_8));
            Assert.fail("Not throwed SaslException!");
        } catch (SaslException e) {
        }
        Assert.assertFalse(build.isComplete());
    }

    @Test
    public void testBlankClientNonce() throws Exception {
        mockNonce("OA9BSXrbuRhWay");
        SaslServer build = new SaslServerBuilder(DigestServerFactory.class, "DIGEST-MD5").setUserName("chris").setPassword("clear", new ClearPasswordSpec("secret".toCharArray())).setProtocol("acap").setServerName("elwood.innosoft.com").addMechanismRealm("other-realm").addMechanismRealm("elwood.innosoft.com").addMechanismRealm("next-realm").build();
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("realm=\"other-realm\",realm=\"elwood.innosoft.com\",realm=\"next-realm\",nonce=\"OA9BSXrbuRhWay\",charset=utf-8,algorithm=md5-sess", new String(build.evaluateResponse(new byte[0]), "UTF-8"));
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("rspauth=2bf631e48acb9863e9f5518ccc804b3b", new String(build.evaluateResponse("charset=utf-8,username=\"chris\",realm=\"elwood.innosoft.com\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"\",digest-uri=\"acap/elwood.innosoft.com\",response=0ca21eafddf586f954909d2fd95b1ee7,qop=auth".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertTrue(build.isComplete());
        Assert.assertEquals("chris", build.getAuthorizationID());
    }

    @Test
    public void testUtf8Charset() throws Exception {
        mockNonce("snи你��");
        SaslServer build = new SaslServerBuilder(DigestServerFactory.class, "DIGEST-MD5").setUserName("и你��").setPassword("clear", new ClearPasswordSpec("и你��".toCharArray())).setProtocol("и你��").setServerName("realm.и你��.com").setProperties(new HashMap()).addMechanismRealm("realm.и你��.com").build();
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("realm=\"realm.и你��.com\",nonce=\"snи你��\",charset=utf-8,algorithm=md5-sess", new String(build.evaluateResponse(new byte[0]), "UTF-8"));
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("rspauth=9c4d137545617ba98c11aaea939b4381", new String(build.evaluateResponse("charset=utf-8,username=\"и你��\",realm=\"realm.и你��.com\",nonce=\"snи你��\",nc=00000001,cnonce=\"cnи你��\",digest-uri=\"и你��/realm.и你��.com\",maxbuf=65536,response=420939e06d2d748c157c5e33499b41a9,qop=auth".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertTrue(build.isComplete());
        Assert.assertEquals("и你��", build.getAuthorizationID());
    }

    @Test
    public void testMoreRealmsWithEscapedDelimiters() throws Exception {
        mockNonce("OA9BSXrbuRhWay");
        HashMap hashMap = new HashMap();
        hashMap.put(REALM_PROPERTY, "first\\ realm second\\\\\\ realm \\ with\\ spaces\\  \\ ");
        SaslServer build = new SaslServerBuilder(DigestServerFactory.class, "DIGEST-MD5").setUserName("chris").setPassword("clear", new ClearPasswordSpec("secret".toCharArray())).setProtocol("protocol name").setServerName("server name").addMechanismRealm("first realm").addMechanismRealm("second\\ realm").addMechanismRealm(" with spaces ").addMechanismRealm(" ").setProperties(hashMap).build();
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("realm=\"first realm\",realm=\"second\\\\ realm\",realm=\" with spaces \",realm=\" \",nonce=\"OA9BSXrbuRhWay\",charset=utf-8,algorithm=md5-sess", new String(build.evaluateResponse(new byte[0]), "UTF-8"));
        Assert.assertFalse(build.isComplete());
        Assert.assertEquals("rspauth=05a18aff49b22e373bb91af7396ce345", new String(build.evaluateResponse("charset=utf-8,username=\"chris\",realm=\"first realm\",nonce=\"OA9BSXrbuRhWay\",nc=00000001,cnonce=\"OA6MHXh6VqTrRk\",digest-uri=\"protocol name/server name\",maxbuf=65536,response=bf3dd710ee08b05c663456975c156075,qop=auth".getBytes(StandardCharsets.UTF_8)), "UTF-8"));
        Assert.assertTrue(build.isComplete());
        Assert.assertEquals("chris", build.getAuthorizationID());
    }
}
