package org.apache.qpid.server.security.auth.sasl.crammd5;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.xml.bind.DatatypeConverter;
import org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.database.HashedUser;
import org.apache.qpid.server.security.auth.sasl.PasswordSource;
import org.apache.qpid.server.security.auth.sasl.SaslUtil;
import org.apache.qpid.test.utils.QpidTestCase;
import org.mockito.Matchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/qpid/server/security/auth/sasl/crammd5/CramMd5NegotiatorTest.class */
public class CramMd5NegotiatorTest extends QpidTestCase {
    private static final String TEST_FQDN = "example.com";
    private static final String VALID_USERNAME = "testUser";
    private static final char[] VALID_USERPASSWORD = "testPassword".toCharArray();
    private static final String INVALID_USERPASSWORD = "invalidPassword";
    private static final String INVALID_USERNAME = "invalidUser";
    private AbstractCramMd5Negotiator _negotiator;
    private PasswordSource _passwordSource;
    private PasswordCredentialManagingAuthenticationProvider<?> _authenticationProvider;

    public void setUp() throws Exception {
        super.setUp();
        this._passwordSource = (PasswordSource) Mockito.mock(PasswordSource.class);
        Mockito.when(this._passwordSource.getPassword((String) Matchers.eq("testUser"))).thenReturn(VALID_USERPASSWORD);
        this._authenticationProvider = (PasswordCredentialManagingAuthenticationProvider) Mockito.mock(PasswordCredentialManagingAuthenticationProvider.class);
    }

    public void tearDown() throws Exception {
        super.tearDown();
        if (this._negotiator != null) {
            this._negotiator.dispose();
        }
    }

    public void testHandleResponseCramMD5ValidCredentials() throws Exception {
        this._negotiator = new CramMd5Negotiator(this._authenticationProvider, TEST_FQDN, this._passwordSource);
        doHandleResponseWithValidCredentials("CRAM-MD5");
    }

    public void testHandleResponseCramMD5InvalidPassword() throws Exception {
        this._negotiator = new CramMd5Negotiator(this._authenticationProvider, TEST_FQDN, this._passwordSource);
        doHandleResponseWithInvalidPassword("CRAM-MD5");
    }

    public void testHandleResponseCramMD5InvalidUsername() throws Exception {
        this._negotiator = new CramMd5Negotiator(this._authenticationProvider, TEST_FQDN, this._passwordSource);
        doHandleResponseWithInvalidUsername("CRAM-MD5");
    }

    public void testHandleResponseCramMD5HashedValidCredentials() throws Exception {
        hashPassword();
        this._negotiator = new CramMd5HashedNegotiator(this._authenticationProvider, TEST_FQDN, this._passwordSource);
        doHandleResponseWithValidCredentials("CRAM-MD5-HASHED");
    }

    public void testHandleResponseCramMD5HashedInvalidPassword() throws Exception {
        hashPassword();
        this._negotiator = new CramMd5HashedNegotiator(this._authenticationProvider, TEST_FQDN, this._passwordSource);
        doHandleResponseWithInvalidPassword("CRAM-MD5-HASHED");
    }

    public void testHandleResponseCramMD5HashedInvalidUsername() throws Exception {
        hashPassword();
        this._negotiator = new CramMd5HashedNegotiator(this._authenticationProvider, TEST_FQDN, this._passwordSource);
        doHandleResponseWithInvalidUsername("CRAM-MD5-HASHED");
    }

    public void testHandleResponseCramMD5HexValidCredentials() throws Exception {
        hashPassword();
        this._negotiator = new CramMd5HexNegotiator(this._authenticationProvider, TEST_FQDN, this._passwordSource);
        doHandleResponseWithValidCredentials("CRAM-MD5-HEX");
    }

    public void testHandleResponseCramMD5HexInvalidPassword() throws Exception {
        hashPassword();
        this._negotiator = new CramMd5HexNegotiator(this._authenticationProvider, TEST_FQDN, this._passwordSource);
        doHandleResponseWithInvalidPassword("CRAM-MD5-HEX");
    }

    public void testHandleResponseCramMD5HexInvalidUsername() throws Exception {
        hashPassword();
        this._negotiator = new CramMd5HexNegotiator(this._authenticationProvider, TEST_FQDN, this._passwordSource);
        doHandleResponseWithInvalidUsername("CRAM-MD5-HEX");
    }

    public void testHandleResponseCramMD5Base64HexValidCredentials() throws Exception {
        base64Password();
        this._negotiator = new CramMd5Base64HexNegotiator(this._authenticationProvider, TEST_FQDN, this._passwordSource);
        doHandleResponseWithValidCredentials("CRAM-MD5-HEX");
    }

    public void testHandleResponseCramMD5Base64HexInvalidPassword() throws Exception {
        base64Password();
        this._negotiator = new CramMd5Base64HexNegotiator(this._authenticationProvider, TEST_FQDN, this._passwordSource);
        doHandleResponseWithInvalidPassword("CRAM-MD5-HEX");
    }

    public void testHandleResponseCramMD5Base64HexInvalidUsername() throws Exception {
        base64Password();
        this._negotiator = new CramMd5Base64HexNegotiator(this._authenticationProvider, TEST_FQDN, this._passwordSource);
        doHandleResponseWithInvalidUsername("CRAM-MD5-HEX");
    }

    public void testHandleResponseCramMD5Base64HashedValidCredentials() throws Exception {
        base64Password();
        this._negotiator = new CramMd5Base64HashedNegotiator(this._authenticationProvider, TEST_FQDN, this._passwordSource);
        doHandleResponseWithValidCredentials("CRAM-MD5-HASHED");
    }

    public void testHandleResponseCramMD5Base64HashedInvalidPassword() throws Exception {
        base64Password();
        this._negotiator = new CramMd5Base64HashedNegotiator(this._authenticationProvider, TEST_FQDN, this._passwordSource);
        doHandleResponseWithInvalidPassword("CRAM-MD5-HASHED");
    }

    public void testHandleResponseCramMD5Base64HashedInvalidUsername() throws Exception {
        base64Password();
        this._negotiator = new CramMd5Base64HashedNegotiator(this._authenticationProvider, TEST_FQDN, this._passwordSource);
        doHandleResponseWithInvalidUsername("CRAM-MD5-HASHED");
    }

    private void doHandleResponseWithValidCredentials(String str) throws Exception {
        AuthenticationResult handleResponse = this._negotiator.handleResponse(new byte[0]);
        assertEquals("Unexpected first result status", AuthenticationResult.AuthenticationStatus.CONTINUE, handleResponse.getStatus());
        assertNotNull("Unexpected first result challenge", handleResponse.getChallenge());
        AuthenticationResult handleResponse2 = this._negotiator.handleResponse(SaslUtil.generateCramMD5ClientResponse(str, "testUser", new String(VALID_USERPASSWORD), handleResponse.getChallenge()));
        assertEquals("Unexpected second result status", AuthenticationResult.AuthenticationStatus.SUCCESS, handleResponse2.getStatus());
        assertNull("Unexpected second result challenge", handleResponse2.getChallenge());
        assertEquals("Unexpected second result main principal", "testUser", handleResponse2.getMainPrincipal().getName());
        ((PasswordSource) Mockito.verify(this._passwordSource)).getPassword((String) Matchers.eq("testUser"));
        assertEquals("Unexpected third result status", AuthenticationResult.AuthenticationStatus.ERROR, this._negotiator.handleResponse(new byte[0]).getStatus());
    }

    private void doHandleResponseWithInvalidPassword(String str) throws Exception {
        AuthenticationResult handleResponse = this._negotiator.handleResponse(new byte[0]);
        assertEquals("Unexpected first result status", AuthenticationResult.AuthenticationStatus.CONTINUE, handleResponse.getStatus());
        assertNotNull("Unexpected first result challenge", handleResponse.getChallenge());
        AuthenticationResult handleResponse2 = this._negotiator.handleResponse(SaslUtil.generateCramMD5ClientResponse(str, "testUser", INVALID_USERPASSWORD, handleResponse.getChallenge()));
        assertEquals("Unexpected second result status", AuthenticationResult.AuthenticationStatus.ERROR, handleResponse2.getStatus());
        assertNull("Unexpected second result challenge", handleResponse2.getChallenge());
        assertNull("Unexpected second result main principal", handleResponse2.getMainPrincipal());
        ((PasswordSource) Mockito.verify(this._passwordSource)).getPassword((String) Matchers.eq("testUser"));
        assertEquals("Unexpected third result status", AuthenticationResult.AuthenticationStatus.ERROR, this._negotiator.handleResponse(new byte[0]).getStatus());
    }

    private void doHandleResponseWithInvalidUsername(String str) throws Exception {
        AuthenticationResult handleResponse = this._negotiator.handleResponse(new byte[0]);
        assertEquals("Unexpected first result status", AuthenticationResult.AuthenticationStatus.CONTINUE, handleResponse.getStatus());
        assertNotNull("Unexpected first result challenge", handleResponse.getChallenge());
        AuthenticationResult handleResponse2 = this._negotiator.handleResponse(SaslUtil.generateCramMD5ClientResponse(str, INVALID_USERNAME, new String(VALID_USERPASSWORD), handleResponse.getChallenge()));
        assertEquals("Unexpected second result status", AuthenticationResult.AuthenticationStatus.ERROR, handleResponse2.getStatus());
        assertNull("Unexpected second result challenge", handleResponse2.getChallenge());
        assertNull("Unexpected second result main principal", handleResponse2.getMainPrincipal());
        ((PasswordSource) Mockito.verify(this._passwordSource)).getPassword((String) Matchers.eq(INVALID_USERNAME));
        assertEquals("Unexpected third result status", AuthenticationResult.AuthenticationStatus.ERROR, this._negotiator.handleResponse(new byte[0]).getStatus());
    }

    private void hashPassword() {
        Mockito.when(this._passwordSource.getPassword((String) Matchers.eq("testUser"))).thenReturn(new HashedUser("testUser", VALID_USERPASSWORD, this._authenticationProvider).getPassword());
    }

    private void base64Password() throws NoSuchAlgorithmException {
        byte[] bytes = new String(VALID_USERPASSWORD).getBytes(StandardCharsets.UTF_8);
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        messageDigest.update(bytes);
        Mockito.when(this._passwordSource.getPassword((String) Matchers.eq("testUser"))).thenReturn(DatatypeConverter.printBase64Binary(messageDigest.digest()).toCharArray());
    }
}
