package org.apache.kafka.common.security.scram.internals;

import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
import javax.security.sasl.SaslException;
import org.apache.kafka.common.security.scram.internals.ScramMessages;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/kafka/common/security/scram/internals/ScramMessagesTest.class */
public class ScramMessagesTest {
    private static final String[] VALID_EXTENSIONS = {"ext=val1", "anotherext=name1=value1 name2=another test value \"'!$[]()", "first=val1,second=name1 = value ,third=123"};
    private static final String[] INVALID_EXTENSIONS = {"ext1=value", "ext", "ext=value1,value2", "ext=,", "ext =value"};
    private static final String[] VALID_RESERVED = {"m=reserved-value", "m=name1=value1 name2=another test value \"'!$[]()"};
    private static final String[] INVALID_RESERVED = {"m", "m=name,value", "m=,"};
    private ScramFormatter formatter;

    @Before
    public void setUp() throws Exception {
        this.formatter = new ScramFormatter(ScramMechanism.SCRAM_SHA_256);
    }

    @Test
    public void validClientFirstMessage() throws SaslException {
        String secureRandomString = this.formatter.secureRandomString();
        checkClientFirstMessage(new ScramMessages.ClientFirstMessage("someuser", secureRandomString, Collections.emptyMap()), "someuser", secureRandomString, "");
        ScramMessages.ClientFirstMessage clientFirstMessage = (ScramMessages.ClientFirstMessage) createScramMessage(ScramMessages.ClientFirstMessage.class, String.format("n,,n=testuser,r=%s", secureRandomString));
        checkClientFirstMessage(clientFirstMessage, "testuser", secureRandomString, "");
        checkClientFirstMessage(new ScramMessages.ClientFirstMessage(clientFirstMessage.toBytes()), "testuser", secureRandomString, "");
        ScramMessages.ClientFirstMessage clientFirstMessage2 = (ScramMessages.ClientFirstMessage) createScramMessage(ScramMessages.ClientFirstMessage.class, String.format("n,,n=test=2Cuser,r=%s", secureRandomString));
        checkClientFirstMessage(clientFirstMessage2, "test=2Cuser", secureRandomString, "");
        Assert.assertEquals("test,user", this.formatter.username(clientFirstMessage2.saslName()));
        ScramMessages.ClientFirstMessage clientFirstMessage3 = (ScramMessages.ClientFirstMessage) createScramMessage(ScramMessages.ClientFirstMessage.class, String.format("n,,n=test=3Duser,r=%s", secureRandomString));
        checkClientFirstMessage(clientFirstMessage3, "test=3Duser", secureRandomString, "");
        Assert.assertEquals("test=user", this.formatter.username(clientFirstMessage3.saslName()));
        checkClientFirstMessage((ScramMessages.ClientFirstMessage) createScramMessage(ScramMessages.ClientFirstMessage.class, String.format("n,a=testauthzid,n=testuser,r=%s", secureRandomString)), "testuser", secureRandomString, "testauthzid");
        for (String str : VALID_RESERVED) {
            checkClientFirstMessage((ScramMessages.ClientFirstMessage) createScramMessage(ScramMessages.ClientFirstMessage.class, String.format("n,,%s,n=testuser,r=%s", str, secureRandomString)), "testuser", secureRandomString, "");
        }
        for (String str2 : VALID_EXTENSIONS) {
            checkClientFirstMessage((ScramMessages.ClientFirstMessage) createScramMessage(ScramMessages.ClientFirstMessage.class, String.format("n,,n=testuser,r=%s,%s", secureRandomString, str2)), "testuser", secureRandomString, "");
        }
        Assert.assertTrue("Token authentication not set from extensions", createScramMessage(ScramMessages.ClientFirstMessage.class, String.format("n,,n=testuser,r=%s,%s", secureRandomString, "tokenauth=true")).extensions().tokenAuthenticated());
    }

    @Test
    public void invalidClientFirstMessage() {
        String secureRandomString = this.formatter.secureRandomString();
        checkInvalidScramMessage(ScramMessages.ClientFirstMessage.class, String.format("n,x=something,n=testuser,r=%s", secureRandomString));
        for (String str : INVALID_RESERVED) {
            checkInvalidScramMessage(ScramMessages.ClientFirstMessage.class, String.format("n,,%s,n=testuser,r=%s", str, secureRandomString));
        }
        for (String str2 : INVALID_EXTENSIONS) {
            checkInvalidScramMessage(ScramMessages.ClientFirstMessage.class, String.format("n,,n=testuser,r=%s,%s", secureRandomString, str2));
        }
    }

    @Test
    public void validServerFirstMessage() throws SaslException {
        String secureRandomString = this.formatter.secureRandomString();
        String secureRandomString2 = this.formatter.secureRandomString();
        String str = secureRandomString + secureRandomString2;
        String randomBytesAsString = randomBytesAsString();
        checkServerFirstMessage(new ScramMessages.ServerFirstMessage(secureRandomString, secureRandomString2, toBytes(randomBytesAsString), 8192), str, randomBytesAsString, 8192);
        ScramMessages.ServerFirstMessage serverFirstMessage = (ScramMessages.ServerFirstMessage) createScramMessage(ScramMessages.ServerFirstMessage.class, String.format("r=%s,s=%s,i=4096", str, randomBytesAsString));
        checkServerFirstMessage(serverFirstMessage, str, randomBytesAsString, 4096);
        checkServerFirstMessage(new ScramMessages.ServerFirstMessage(serverFirstMessage.toBytes()), str, randomBytesAsString, 4096);
        for (String str2 : VALID_RESERVED) {
            checkServerFirstMessage((ScramMessages.ServerFirstMessage) createScramMessage(ScramMessages.ServerFirstMessage.class, String.format("%s,r=%s,s=%s,i=4096", str2, str, randomBytesAsString)), str, randomBytesAsString, 4096);
        }
        for (String str3 : VALID_EXTENSIONS) {
            checkServerFirstMessage((ScramMessages.ServerFirstMessage) createScramMessage(ScramMessages.ServerFirstMessage.class, String.format("r=%s,s=%s,i=4096,%s", str, randomBytesAsString, str3)), str, randomBytesAsString, 4096);
        }
    }

    @Test
    public void invalidServerFirstMessage() {
        String secureRandomString = this.formatter.secureRandomString();
        String randomBytesAsString = randomBytesAsString();
        checkInvalidScramMessage(ScramMessages.ServerFirstMessage.class, String.format("r=%s,s=%s,i=0", secureRandomString, randomBytesAsString));
        checkInvalidScramMessage(ScramMessages.ServerFirstMessage.class, String.format("r=%s,s=%s,i=4096", secureRandomString, "=123"));
        checkInvalidScramMessage(ScramMessages.ServerFirstMessage.class, String.format("r=%s,invalid,s=%s,i=4096", secureRandomString, randomBytesAsString));
        for (String str : INVALID_RESERVED) {
            checkInvalidScramMessage(ScramMessages.ServerFirstMessage.class, String.format("%s,r=%s,s=%s,i=4096", str, secureRandomString, randomBytesAsString));
        }
        for (String str2 : INVALID_EXTENSIONS) {
            checkInvalidScramMessage(ScramMessages.ServerFirstMessage.class, String.format("r=%s,s=%s,i=4096,%s", secureRandomString, randomBytesAsString, str2));
        }
    }

    @Test
    public void validClientFinalMessage() throws SaslException {
        String secureRandomString = this.formatter.secureRandomString();
        String randomBytesAsString = randomBytesAsString();
        String randomBytesAsString2 = randomBytesAsString();
        ScramMessages.ClientFinalMessage clientFinalMessage = new ScramMessages.ClientFinalMessage(toBytes(randomBytesAsString), secureRandomString);
        Assert.assertNull("Invalid proof", clientFinalMessage.proof());
        clientFinalMessage.proof(toBytes(randomBytesAsString2));
        checkClientFinalMessage(clientFinalMessage, randomBytesAsString, secureRandomString, randomBytesAsString2);
        ScramMessages.ClientFinalMessage clientFinalMessage2 = (ScramMessages.ClientFinalMessage) createScramMessage(ScramMessages.ClientFinalMessage.class, String.format("c=%s,r=%s,p=%s", randomBytesAsString, secureRandomString, randomBytesAsString2));
        checkClientFinalMessage(clientFinalMessage2, randomBytesAsString, secureRandomString, randomBytesAsString2);
        checkClientFinalMessage(new ScramMessages.ClientFinalMessage(clientFinalMessage2.toBytes()), randomBytesAsString, secureRandomString, randomBytesAsString2);
        for (String str : VALID_EXTENSIONS) {
            checkClientFinalMessage((ScramMessages.ClientFinalMessage) createScramMessage(ScramMessages.ClientFinalMessage.class, String.format("c=%s,r=%s,%s,p=%s", randomBytesAsString, secureRandomString, str, randomBytesAsString2)), randomBytesAsString, secureRandomString, randomBytesAsString2);
        }
    }

    @Test
    public void invalidClientFinalMessage() {
        String secureRandomString = this.formatter.secureRandomString();
        String randomBytesAsString = randomBytesAsString();
        String randomBytesAsString2 = randomBytesAsString();
        checkInvalidScramMessage(ScramMessages.ClientFirstMessage.class, String.format("c=ab,r=%s,p=%s", secureRandomString, randomBytesAsString2));
        checkInvalidScramMessage(ScramMessages.ClientFirstMessage.class, String.format("c=%s,r=%s,p=123", randomBytesAsString, secureRandomString));
        for (String str : INVALID_EXTENSIONS) {
            checkInvalidScramMessage(ScramMessages.ClientFinalMessage.class, String.format("c=%s,r=%s,%s,p=%s", randomBytesAsString, secureRandomString, str, randomBytesAsString2));
        }
    }

    @Test
    public void validServerFinalMessage() throws SaslException {
        String randomBytesAsString = randomBytesAsString();
        checkServerFinalMessage(new ScramMessages.ServerFinalMessage("unknown-user", (byte[]) null), "unknown-user", null);
        checkServerFinalMessage(new ScramMessages.ServerFinalMessage((String) null, toBytes(randomBytesAsString)), null, randomBytesAsString);
        ScramMessages.ServerFinalMessage serverFinalMessage = (ScramMessages.ServerFinalMessage) createScramMessage(ScramMessages.ServerFinalMessage.class, String.format("v=%s", randomBytesAsString));
        checkServerFinalMessage(serverFinalMessage, null, randomBytesAsString);
        checkServerFinalMessage(new ScramMessages.ServerFinalMessage(serverFinalMessage.toBytes()), null, randomBytesAsString);
        ScramMessages.ServerFinalMessage serverFinalMessage2 = (ScramMessages.ServerFinalMessage) createScramMessage(ScramMessages.ServerFinalMessage.class, "e=other-error");
        checkServerFinalMessage(serverFinalMessage2, "other-error", null);
        checkServerFinalMessage(new ScramMessages.ServerFinalMessage(serverFinalMessage2.toBytes()), "other-error", null);
        for (String str : VALID_EXTENSIONS) {
            checkServerFinalMessage((ScramMessages.ServerFinalMessage) createScramMessage(ScramMessages.ServerFinalMessage.class, String.format("v=%s,%s", randomBytesAsString, str)), null, randomBytesAsString);
        }
    }

    @Test
    public void invalidServerFinalMessage() {
        String randomBytesAsString = randomBytesAsString();
        checkInvalidScramMessage(ScramMessages.ServerFinalMessage.class, "e=error1,error2");
        checkInvalidScramMessage(ScramMessages.ServerFinalMessage.class, String.format("v=1=23", new Object[0]));
        for (String str : INVALID_EXTENSIONS) {
            checkInvalidScramMessage(ScramMessages.ServerFinalMessage.class, String.format("v=%s,%s", randomBytesAsString, str));
            checkInvalidScramMessage(ScramMessages.ServerFinalMessage.class, String.format("e=unknown-user,%s", str));
        }
    }

    private String randomBytesAsString() {
        return Base64.getEncoder().encodeToString(this.formatter.secureRandomBytes());
    }

    private byte[] toBytes(String str) {
        return Base64.getDecoder().decode(str);
    }

    private void checkClientFirstMessage(ScramMessages.ClientFirstMessage clientFirstMessage, String str, String str2, String str3) {
        Assert.assertEquals(str, clientFirstMessage.saslName());
        Assert.assertEquals(str2, clientFirstMessage.nonce());
        Assert.assertEquals(str3, clientFirstMessage.authorizationId());
    }

    private void checkServerFirstMessage(ScramMessages.ServerFirstMessage serverFirstMessage, String str, String str2, int i) {
        Assert.assertEquals(str, serverFirstMessage.nonce());
        Assert.assertArrayEquals(Base64.getDecoder().decode(str2), serverFirstMessage.salt());
        Assert.assertEquals(i, serverFirstMessage.iterations());
    }

    private void checkClientFinalMessage(ScramMessages.ClientFinalMessage clientFinalMessage, String str, String str2, String str3) {
        Assert.assertArrayEquals(Base64.getDecoder().decode(str), clientFinalMessage.channelBinding());
        Assert.assertEquals(str2, clientFinalMessage.nonce());
        Assert.assertArrayEquals(Base64.getDecoder().decode(str3), clientFinalMessage.proof());
    }

    private void checkServerFinalMessage(ScramMessages.ServerFinalMessage serverFinalMessage, String str, String str2) {
        Assert.assertEquals(str, serverFinalMessage.error());
        if (str2 == null) {
            Assert.assertNull("Unexpected server signature", serverFinalMessage.serverSignature());
        } else {
            Assert.assertArrayEquals(Base64.getDecoder().decode(str2), serverFinalMessage.serverSignature());
        }
    }

    private <T extends ScramMessages.AbstractScramMessage> T createScramMessage(Class<T> cls, String str) throws SaslException {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        if (cls == ScramMessages.ClientFirstMessage.class) {
            return new ScramMessages.ClientFirstMessage(bytes);
        }
        if (cls == ScramMessages.ServerFirstMessage.class) {
            return new ScramMessages.ServerFirstMessage(bytes);
        }
        if (cls == ScramMessages.ClientFinalMessage.class) {
            return new ScramMessages.ClientFinalMessage(bytes);
        }
        if (cls == ScramMessages.ServerFinalMessage.class) {
            return new ScramMessages.ServerFinalMessage(bytes);
        }
        throw new IllegalArgumentException("Unknown message type: " + cls);
    }

    private <T extends ScramMessages.AbstractScramMessage> void checkInvalidScramMessage(Class<T> cls, String str) {
        try {
            createScramMessage(cls, str);
            Assert.fail("Exception not throws for invalid message of type " + cls + " : " + str);
        } catch (SaslException e) {
        }
    }
}
