package org.apache.qpid.server.security.auth.manager;

import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.annotations.SaslMechanism;
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.annotations.CreatePartition;
import org.apache.directory.server.core.integ.CreateLdapServerRule;
import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
import org.apache.directory.server.ldap.handlers.sasl.gssapi.GssapiMechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.plain.PlainMechanismHandler;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
import org.apache.qpid.server.configuration.updater.TaskExecutor;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.BrokerTestHelper;
import org.apache.qpid.server.model.NamedAddressSpace;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
import org.apache.qpid.server.security.auth.sasl.SaslSettings;
import org.apache.qpid.server.security.auth.sasl.SaslUtil;
import org.apache.qpid.server.security.auth.sasl.plain.PlainNegotiatorTest;
import org.apache.qpid.server.util.Strings;
import org.apache.qpid.test.utils.UnitTestBase;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;
import org.mockito.Mockito;

@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")}, allowAnonymousAccess = true, saslHost = "localhost", saslPrincipal = "ldap/localhost@QPID.ORG", saslMechanisms = {@SaslMechanism(name = "PLAIN", implClass = PlainMechanismHandler.class), @SaslMechanism(name = "GSSAPI", implClass = GssapiMechanismHandler.class)})
@CreateDS(name = "testDS", partitions = {@CreatePartition(name = "test", suffix = "dc=qpid,dc=org")}, additionalInterceptors = {KeyDerivationInterceptor.class})
@ApplyLdifFiles({"users.ldif"})
/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/CompositeUsernamePasswordAuthenticationManagerTest.class */
public class CompositeUsernamePasswordAuthenticationManagerTest extends UnitTestBase {
    private final List<AuthenticationProvider<?>> _authenticationProviders = new ArrayList();
    private Broker<?> _broker;
    private TaskExecutor _executor;
    private static final String USERNAME = "user1";
    private static final String PASSWORD = "password1";

    @ClassRule
    public static CreateLdapServerRule LDAP = new CreateLdapServerRule();
    private static final SaslSettings CRAM_MD_SASL_SETTINGS = new SaslSettings() { // from class: org.apache.qpid.server.security.auth.manager.CompositeUsernamePasswordAuthenticationManagerTest.1
        public String getLocalFQDN() {
            return "example.com";
        }

        public Principal getExternalPrincipal() {
            return null;
        }
    };

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/qpid/server/security/auth/manager/CompositeUsernamePasswordAuthenticationManagerTest$SaslHelper.class */
    public static class SaslHelper {
        private static final String GS2_HEADER = "n,,";
        private static final Charset ASCII = StandardCharsets.US_ASCII;
        private static String _clientFirstMessageBare;
        private static String _clientNonce;
        private static byte[] _serverSignature;

        private SaslHelper() {
        }

        private static byte[] calculateClientProof(byte[] bArr, String str, String str2, String str3) throws Exception {
            String str4 = new String(bArr, ASCII);
            String[] split = str4.split(",");
            if (split.length < 3) {
                Assert.fail("Server challenge '" + str4 + "' cannot be parsed");
            } else if (split[0].startsWith("m=")) {
                Assert.fail("Server requires mandatory extension which is not supported: " + split[0]);
            } else if (!split[0].startsWith("r=")) {
                Assert.fail("Server challenge '" + str4 + "' cannot be parsed, cannot find nonce");
            }
            String substring = split[0].substring(2);
            if (!substring.startsWith(_clientNonce)) {
                Assert.fail("Server challenge did not use correct client nonce");
            }
            if (!split[1].startsWith("s=")) {
                Assert.fail("Server challenge '" + str4 + "' cannot be parsed, cannot find salt");
            }
            byte[] decodeBase64 = Strings.decodeBase64(split[1].substring(2));
            if (!split[2].startsWith("i=")) {
                Assert.fail("Server challenge '" + str4 + "' cannot be parsed, cannot find iteration count");
            }
            int parseInt = Integer.parseInt(split[2].substring(2));
            if (parseInt <= 0) {
                Assert.fail("Iteration count " + parseInt + " is not a positive integer");
            }
            byte[] generateSaltedPassword = generateSaltedPassword(saslPrep(str3).getBytes(StandardCharsets.UTF_8), str, parseInt, decodeBase64);
            String str5 = "c=" + Base64.getEncoder().encodeToString(GS2_HEADER.getBytes(ASCII)) + ",r=" + substring;
            String str6 = _clientFirstMessageBare + "," + str4 + "," + str5;
            byte[] computeHmac = computeHmac(generateSaltedPassword, "Client Key", str);
            byte[] computeHmac2 = computeHmac(MessageDigest.getInstance(str2).digest(computeHmac), str6, str);
            byte[] bArr2 = (byte[]) computeHmac.clone();
            for (int i = 0; i < bArr2.length; i++) {
                int i2 = i;
                bArr2[i2] = (byte) (bArr2[i2] ^ computeHmac2[i]);
            }
            _serverSignature = computeHmac(computeHmac(generateSaltedPassword, "Server Key", str), str6, str);
            return (str5 + ",p=" + Base64.getEncoder().encodeToString(bArr2)).getBytes();
        }

        private static byte[] computeHmac(byte[] bArr, String str, String str2) throws Exception {
            Mac createHmac = createHmac(bArr, str2);
            createHmac.update(str.getBytes(ASCII));
            return createHmac.doFinal();
        }

        private static byte[] generateSaltedPassword(byte[] bArr, String str, int i, byte[] bArr2) throws Exception {
            Mac createHmac = createHmac(bArr, str);
            createHmac.update(bArr2);
            createHmac.update(new byte[]{0, 0, 0, 1});
            byte[] doFinal = createHmac.doFinal();
            byte[] bArr3 = null;
            for (int i2 = 1; i2 < i; i2++) {
                createHmac.update(bArr3 != null ? bArr3 : doFinal);
                bArr3 = createHmac.doFinal();
                for (int i3 = 0; i3 < doFinal.length; i3++) {
                    int i4 = i3;
                    doFinal[i4] = (byte) (doFinal[i4] ^ bArr3[i3]);
                }
            }
            return doFinal;
        }

        private static Mac createHmac(byte[] bArr, String str) throws Exception {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, str);
            Mac mac = Mac.getInstance(str);
            mac.init(secretKeySpec);
            return mac;
        }

        private static String saslPrep(String str) {
            return str.replace("=", "=3D").replace(",", "=2C");
        }

        private static byte[] createInitialResponse(String str) {
            _clientFirstMessageBare = "n=" + saslPrep(str) + ",r=" + _clientNonce;
            return ("n,," + _clientFirstMessageBare).getBytes(ASCII);
        }
    }

    @Before
    public void setUp() throws Exception {
        this._executor = new CurrentThreadTaskExecutor();
        this._executor.start();
        this._broker = BrokerTestHelper.createBrokerMock();
        Mockito.when(this._broker.getTaskExecutor()).thenReturn(this._executor);
        Mockito.when(this._broker.getChildExecutor()).thenReturn(this._executor);
        Mockito.when(this._broker.getAuthenticationProviders()).thenReturn(this._authenticationProviders);
        SaslHelper._clientNonce = UUID.randomUUID().toString();
    }

    @After
    public void tearDown() throws Exception {
        this._executor.stop();
        this._authenticationProviders.clear();
    }

    private CompositeUsernamePasswordAuthenticationManager<?> createCompositeAuthenticationManager(UsernamePasswordAuthenticationProvider<?>... usernamePasswordAuthenticationProviderArr) {
        HashMap hashMap = new HashMap();
        hashMap.put("type", "Composite");
        hashMap.put("name", "CompositeAuthenticationProvider");
        hashMap.put("id", UUID.randomUUID());
        if (usernamePasswordAuthenticationProviderArr.length > 0) {
            hashMap.put("delegates", Arrays.stream(usernamePasswordAuthenticationProviderArr).map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toList()));
        }
        CompositeUsernamePasswordAuthenticationManager<?> compositeUsernamePasswordAuthenticationManager = (AuthenticationProvider) this._broker.getObjectFactory().create(AuthenticationProvider.class, hashMap, this._broker);
        this._authenticationProviders.add(compositeUsernamePasswordAuthenticationManager);
        return compositeUsernamePasswordAuthenticationManager;
    }

    private MD5AuthenticationProvider createMD5AuthenticationProvider() {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "MD5AuthenticationProvider");
        hashMap.put("type", "MD5");
        hashMap.put("id", UUID.randomUUID());
        MD5AuthenticationProvider mD5AuthenticationProvider = (AuthenticationProvider) this._broker.getObjectFactory().create(AuthenticationProvider.class, hashMap, this._broker);
        this._authenticationProviders.add(mD5AuthenticationProvider);
        return mD5AuthenticationProvider;
    }

    private PlainAuthenticationProvider createPlainAuthenticationProvider(String... strArr) {
        HashMap hashMap = new HashMap();
        hashMap.put("name", strArr.length == 0 ? "PlainAuthenticationProvider" : strArr[0]);
        hashMap.put("type", "Plain");
        hashMap.put("id", UUID.randomUUID());
        AuthenticationProvider<?> authenticationProvider = (PlainAuthenticationProvider) this._broker.getObjectFactory().create(AuthenticationProvider.class, hashMap, this._broker);
        this._authenticationProviders.add(authenticationProvider);
        return authenticationProvider;
    }

    private ScramSHA256AuthenticationManager createScramSHA256AuthenticationManager(String... strArr) {
        HashMap hashMap = new HashMap();
        hashMap.put("name", strArr.length == 0 ? "ScramSHA256AuthenticationManager" : strArr[0]);
        hashMap.put("type", "SCRAM-SHA-256");
        hashMap.put("id", UUID.randomUUID());
        AuthenticationProvider<?> authenticationProvider = (ScramSHA256AuthenticationManager) this._broker.getObjectFactory().create(AuthenticationProvider.class, hashMap, this._broker);
        this._authenticationProviders.add(authenticationProvider);
        return authenticationProvider;
    }

    private ScramSHA1AuthenticationManager createScramSHA1AuthenticationManager(String... strArr) {
        HashMap hashMap = new HashMap();
        hashMap.put("name", strArr.length == 0 ? "ScramSHA1AuthenticationManager" : strArr[0]);
        hashMap.put("type", "SCRAM-SHA-1");
        hashMap.put("id", UUID.randomUUID());
        AuthenticationProvider<?> authenticationProvider = (ScramSHA1AuthenticationManager) this._broker.getObjectFactory().create(AuthenticationProvider.class, hashMap, this._broker);
        this._authenticationProviders.add(authenticationProvider);
        return authenticationProvider;
    }

    private SimpleLDAPAuthenticationManager<?> createSimpleLDAPAuthenticationManager() {
        HashMap hashMap = new HashMap();
        hashMap.put("name", "SimpleLDAPAuthenticationManager");
        hashMap.put("id", UUID.randomUUID());
        hashMap.put("type", "SimpleLDAP");
        hashMap.put("searchContext", "ou=users,dc=qpid,dc=org");
        hashMap.put("providerUrl", String.format("ldap://localhost:%d", Integer.valueOf(LDAP.getLdapServer().getPort())));
        hashMap.put("searchFilter", "(uid={0})");
        hashMap.put("context", Collections.singletonMap("qpid.auth.cache.size", "0"));
        AuthenticationProvider<?> authenticationProvider = (SimpleLDAPAuthenticationManager) this._broker.getObjectFactory().create(AuthenticationProvider.class, hashMap, this._broker);
        this._authenticationProviders.add(authenticationProvider);
        return authenticationProvider;
    }

    @Test(expected = IllegalArgumentException.class)
    public void failToCreateCompositeAuthenticationManager() {
        createCompositeAuthenticationManager(new UsernamePasswordAuthenticationProvider[0]);
    }

    @Test
    public void authenticateAgainstPlainAuthenticationProvider() throws Exception {
        PlainAuthenticationProvider createPlainAuthenticationProvider = createPlainAuthenticationProvider(new String[0]);
        createPlainAuthenticationProvider.createUser(USERNAME, PASSWORD, Collections.emptyMap());
        CompositeUsernamePasswordAuthenticationManager<?> createCompositeAuthenticationManager = createCompositeAuthenticationManager(createPlainAuthenticationProvider);
        AuthenticationResult authenticate = createCompositeAuthenticationManager.authenticate(USERNAME, PASSWORD);
        Assert.assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.SUCCESS, authenticate.getStatus());
        Assert.assertEquals("Unexpected result principal", USERNAME, authenticate.getMainPrincipal().getName());
        Assert.assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.SUCCESS, createCompositeAuthenticationManager.createSaslNegotiator("PLAIN", (SaslSettings) null, (NamedAddressSpace) null).handleResponse(String.format(PlainNegotiatorTest.RESPONSE_FORMAT_STRING, USERNAME, PASSWORD).getBytes(StandardCharsets.US_ASCII)).getStatus());
        saslCramMd("CRAM-MD5", createCompositeAuthenticationManager.createSaslNegotiator("CRAM-MD5", CRAM_MD_SASL_SETTINGS, (NamedAddressSpace) null), USERNAME, PASSWORD);
        saslScramSha("SCRAM-SHA-1", createCompositeAuthenticationManager.createSaslNegotiator("SCRAM-SHA-1", (SaslSettings) null, (NamedAddressSpace) null), USERNAME, PASSWORD);
        saslScramSha("SCRAM-SHA-256", createCompositeAuthenticationManager.createSaslNegotiator("SCRAM-SHA-256", (SaslSettings) null, (NamedAddressSpace) null), USERNAME, PASSWORD);
    }

    @Test
    public void authenticateAgainstMD5AuthenticationProvider() throws Exception {
        PlainAuthenticationProvider createPlainAuthenticationProvider = createPlainAuthenticationProvider(new String[0]);
        MD5AuthenticationProvider createMD5AuthenticationProvider = createMD5AuthenticationProvider();
        createMD5AuthenticationProvider.createUser(USERNAME, PASSWORD, Collections.emptyMap());
        CompositeUsernamePasswordAuthenticationManager<?> createCompositeAuthenticationManager = createCompositeAuthenticationManager(createPlainAuthenticationProvider, createMD5AuthenticationProvider);
        AuthenticationResult authenticate = createCompositeAuthenticationManager.authenticate(USERNAME, PASSWORD);
        Assert.assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.SUCCESS, authenticate.getStatus());
        Assert.assertEquals("Unexpected result principal", USERNAME, authenticate.getMainPrincipal().getName());
        Assert.assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.SUCCESS, createCompositeAuthenticationManager.createSaslNegotiator("PLAIN", (SaslSettings) null, (NamedAddressSpace) null).handleResponse(String.format(PlainNegotiatorTest.RESPONSE_FORMAT_STRING, USERNAME, PASSWORD).getBytes(StandardCharsets.US_ASCII)).getStatus());
        saslCramMd("CRAM-MD5-HASHED", createCompositeAuthenticationManager.createSaslNegotiator("CRAM-MD5-HASHED", CRAM_MD_SASL_SETTINGS, (NamedAddressSpace) null), USERNAME, PASSWORD);
        saslCramMd("CRAM-MD5-HEX", createCompositeAuthenticationManager.createSaslNegotiator("CRAM-MD5-HEX", CRAM_MD_SASL_SETTINGS, (NamedAddressSpace) null), USERNAME, PASSWORD);
    }

    @Test
    public void authenticateAgainstScramSHA1AuthenticationManager() throws Exception {
        ScramSHA1AuthenticationManager createScramSHA1AuthenticationManager = createScramSHA1AuthenticationManager(new String[0]);
        createScramSHA1AuthenticationManager.createUser(USERNAME, PASSWORD, Collections.emptyMap());
        CompositeUsernamePasswordAuthenticationManager<?> createCompositeAuthenticationManager = createCompositeAuthenticationManager(createScramSHA1AuthenticationManager);
        AuthenticationResult authenticate = createCompositeAuthenticationManager.authenticate(USERNAME, PASSWORD);
        Assert.assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.SUCCESS, authenticate.getStatus());
        Assert.assertEquals("Unexpected result principal", USERNAME, authenticate.getMainPrincipal().getName());
        saslScramSha("SCRAM-SHA-1", createCompositeAuthenticationManager.createSaslNegotiator("SCRAM-SHA-1", (SaslSettings) null, (NamedAddressSpace) null), USERNAME, PASSWORD);
    }

    @Test
    public void authenticateAgainstScramSHA256AuthenticationManager() throws Exception {
        ScramSHA256AuthenticationManager createScramSHA256AuthenticationManager = createScramSHA256AuthenticationManager(new String[0]);
        createScramSHA256AuthenticationManager.createUser(USERNAME, PASSWORD, Collections.emptyMap());
        CompositeUsernamePasswordAuthenticationManager<?> createCompositeAuthenticationManager = createCompositeAuthenticationManager(createScramSHA256AuthenticationManager);
        AuthenticationResult authenticate = createCompositeAuthenticationManager.authenticate(USERNAME, PASSWORD);
        Assert.assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.SUCCESS, authenticate.getStatus());
        Assert.assertEquals("Unexpected result principal", USERNAME, authenticate.getMainPrincipal().getName());
        saslScramSha("SCRAM-SHA-256", createCompositeAuthenticationManager.createSaslNegotiator("SCRAM-SHA-256", (SaslSettings) null, (NamedAddressSpace) null), USERNAME, PASSWORD);
    }

    @Test
    public void authenticateAgainstSimpleLDAPAuthenticationManager() {
        CompositeUsernamePasswordAuthenticationManager<?> createCompositeAuthenticationManager = createCompositeAuthenticationManager(createSimpleLDAPAuthenticationManager());
        AuthenticationResult authenticate = createCompositeAuthenticationManager.authenticate("test1", PASSWORD);
        Assert.assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.SUCCESS, authenticate.getStatus());
        Assert.assertEquals("Unexpected result principal", "cn=integration-test1,ou=users,dc=qpid,dc=org", authenticate.getMainPrincipal().getName());
        Assert.assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.SUCCESS, createCompositeAuthenticationManager.createSaslNegotiator("PLAIN", (SaslSettings) null, (NamedAddressSpace) null).handleResponse(String.format(PlainNegotiatorTest.RESPONSE_FORMAT_STRING, "test1", PASSWORD).getBytes(StandardCharsets.US_ASCII)).getStatus());
    }

    @Test
    public void authenticateAgainstPlainAndMd5AndSimpleLdap() throws Exception {
        PlainAuthenticationProvider createPlainAuthenticationProvider = createPlainAuthenticationProvider(new String[0]);
        createPlainAuthenticationProvider.createUser(USERNAME, PASSWORD, Collections.emptyMap());
        MD5AuthenticationProvider createMD5AuthenticationProvider = createMD5AuthenticationProvider();
        createMD5AuthenticationProvider.createUser("user2", "password2", Collections.emptyMap());
        CompositeUsernamePasswordAuthenticationManager<?> createCompositeAuthenticationManager = createCompositeAuthenticationManager(createPlainAuthenticationProvider, createMD5AuthenticationProvider, createSimpleLDAPAuthenticationManager());
        AuthenticationResult handleResponse = createCompositeAuthenticationManager.createSaslNegotiator("PLAIN", (SaslSettings) null, (NamedAddressSpace) null).handleResponse(String.format(PlainNegotiatorTest.RESPONSE_FORMAT_STRING, USERNAME, PASSWORD).getBytes(StandardCharsets.US_ASCII));
        Assert.assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.SUCCESS, handleResponse.getStatus());
        Assert.assertEquals("Unexpected result principal", USERNAME, handleResponse.getMainPrincipal().getName());
        saslCramMd("CRAM-MD5", createCompositeAuthenticationManager.createSaslNegotiator("CRAM-MD5", CRAM_MD_SASL_SETTINGS, (NamedAddressSpace) null), USERNAME, PASSWORD);
        saslScramSha("SCRAM-SHA-1", createCompositeAuthenticationManager.createSaslNegotiator("SCRAM-SHA-1", (SaslSettings) null, (NamedAddressSpace) null), USERNAME, PASSWORD);
        saslScramSha("SCRAM-SHA-256", createCompositeAuthenticationManager.createSaslNegotiator("SCRAM-SHA-256", (SaslSettings) null, (NamedAddressSpace) null), USERNAME, PASSWORD);
        AuthenticationResult handleResponse2 = createCompositeAuthenticationManager.createSaslNegotiator("PLAIN", (SaslSettings) null, (NamedAddressSpace) null).handleResponse(String.format(PlainNegotiatorTest.RESPONSE_FORMAT_STRING, "user2", "password2").getBytes(StandardCharsets.US_ASCII));
        Assert.assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.SUCCESS, handleResponse2.getStatus());
        Assert.assertEquals("Unexpected result principal", "user2", handleResponse2.getMainPrincipal().getName());
        saslCramMd("CRAM-MD5-HASHED", createCompositeAuthenticationManager.createSaslNegotiator("CRAM-MD5-HASHED", CRAM_MD_SASL_SETTINGS, (NamedAddressSpace) null), "user2", "password2");
        saslCramMd("CRAM-MD5-HEX", createCompositeAuthenticationManager.createSaslNegotiator("CRAM-MD5-HEX", CRAM_MD_SASL_SETTINGS, (NamedAddressSpace) null), "user2", "password2");
        AuthenticationResult handleResponse3 = createCompositeAuthenticationManager.createSaslNegotiator("PLAIN", (SaslSettings) null, (NamedAddressSpace) null).handleResponse(String.format(PlainNegotiatorTest.RESPONSE_FORMAT_STRING, "test1", PASSWORD).getBytes(StandardCharsets.US_ASCII));
        Assert.assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.SUCCESS, handleResponse3.getStatus());
        Assert.assertEquals("Unexpected result principal", "cn=integration-test1,ou=users,dc=qpid,dc=org", handleResponse3.getMainPrincipal().getName());
    }

    @Test
    public void authenticateAgainstPlainAndSha256AndSimpleLdap() throws Exception {
        PlainAuthenticationProvider createPlainAuthenticationProvider = createPlainAuthenticationProvider(new String[0]);
        createPlainAuthenticationProvider.createUser(USERNAME, PASSWORD, Collections.emptyMap());
        ScramSHA256AuthenticationManager createScramSHA256AuthenticationManager = createScramSHA256AuthenticationManager(new String[0]);
        createScramSHA256AuthenticationManager.createUser("user2", "password2", Collections.emptyMap());
        CompositeUsernamePasswordAuthenticationManager<?> createCompositeAuthenticationManager = createCompositeAuthenticationManager(createPlainAuthenticationProvider, createScramSHA256AuthenticationManager, createSimpleLDAPAuthenticationManager());
        AuthenticationResult handleResponse = createCompositeAuthenticationManager.createSaslNegotiator("PLAIN", (SaslSettings) null, (NamedAddressSpace) null).handleResponse(String.format(PlainNegotiatorTest.RESPONSE_FORMAT_STRING, USERNAME, PASSWORD).getBytes(StandardCharsets.US_ASCII));
        Assert.assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.SUCCESS, handleResponse.getStatus());
        Assert.assertEquals("Unexpected result principal", USERNAME, handleResponse.getMainPrincipal().getName());
        saslCramMd("CRAM-MD5", createCompositeAuthenticationManager.createSaslNegotiator("CRAM-MD5", CRAM_MD_SASL_SETTINGS, (NamedAddressSpace) null), USERNAME, PASSWORD);
        saslScramSha("SCRAM-SHA-1", createCompositeAuthenticationManager.createSaslNegotiator("SCRAM-SHA-1", (SaslSettings) null, (NamedAddressSpace) null), USERNAME, PASSWORD);
        saslScramSha("SCRAM-SHA-256", createCompositeAuthenticationManager.createSaslNegotiator("SCRAM-SHA-256", (SaslSettings) null, (NamedAddressSpace) null), USERNAME, PASSWORD);
        saslScramSha("SCRAM-SHA-256", createCompositeAuthenticationManager.createSaslNegotiator("SCRAM-SHA-256", (SaslSettings) null, (NamedAddressSpace) null), "user2", "password2");
        AuthenticationResult handleResponse2 = createCompositeAuthenticationManager.createSaslNegotiator("PLAIN", (SaslSettings) null, (NamedAddressSpace) null).handleResponse(String.format(PlainNegotiatorTest.RESPONSE_FORMAT_STRING, "test1", PASSWORD).getBytes(StandardCharsets.US_ASCII));
        Assert.assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.SUCCESS, handleResponse2.getStatus());
        Assert.assertEquals("Unexpected result principal", "cn=integration-test1,ou=users,dc=qpid,dc=org", handleResponse2.getMainPrincipal().getName());
    }

    @Test
    public void usernameCollision() throws Exception {
        PlainAuthenticationProvider createPlainAuthenticationProvider = createPlainAuthenticationProvider(new String[0]);
        createPlainAuthenticationProvider.createUser(USERNAME, PASSWORD, Collections.emptyMap());
        ScramSHA256AuthenticationManager createScramSHA256AuthenticationManager = createScramSHA256AuthenticationManager(new String[0]);
        createScramSHA256AuthenticationManager.createUser(USERNAME, "password2", Collections.emptyMap());
        CompositeUsernamePasswordAuthenticationManager<?> createCompositeAuthenticationManager = createCompositeAuthenticationManager(createPlainAuthenticationProvider, createScramSHA256AuthenticationManager);
        saslScramSha("SCRAM-SHA-256", createCompositeAuthenticationManager.createSaslNegotiator("SCRAM-SHA-256", (SaslSettings) null, (NamedAddressSpace) null), USERNAME, PASSWORD);
        saslScramShaInvalidCredentials("SCRAM-SHA-256", createCompositeAuthenticationManager.createSaslNegotiator("SCRAM-SHA-256", (SaslSettings) null, (NamedAddressSpace) null), USERNAME, "password2");
    }

    @Test
    public void differentUsersInScramSHA256AuthenticationManagers() throws Exception {
        ScramSHA256AuthenticationManager createScramSHA256AuthenticationManager = createScramSHA256AuthenticationManager("ScramSHA256AuthenticationManager1");
        createScramSHA256AuthenticationManager.createUser(USERNAME, PASSWORD, Collections.emptyMap());
        ScramSHA256AuthenticationManager createScramSHA256AuthenticationManager2 = createScramSHA256AuthenticationManager("ScramSHA256AuthenticationManager2");
        createScramSHA256AuthenticationManager2.createUser("user2", "password2", Collections.emptyMap());
        ScramSHA256AuthenticationManager createScramSHA256AuthenticationManager3 = createScramSHA256AuthenticationManager("ScramSHA256AuthenticationManager3");
        createScramSHA256AuthenticationManager3.createUser("user3", "password4", Collections.emptyMap());
        CompositeUsernamePasswordAuthenticationManager<?> createCompositeAuthenticationManager = createCompositeAuthenticationManager(createScramSHA256AuthenticationManager, createScramSHA256AuthenticationManager2, createScramSHA256AuthenticationManager3);
        saslScramSha("SCRAM-SHA-256", createCompositeAuthenticationManager.createSaslNegotiator("SCRAM-SHA-256", (SaslSettings) null, (NamedAddressSpace) null), USERNAME, PASSWORD);
        saslScramSha("SCRAM-SHA-256", createCompositeAuthenticationManager.createSaslNegotiator("SCRAM-SHA-256", (SaslSettings) null, (NamedAddressSpace) null), "user2", "password2");
        saslScramSha("SCRAM-SHA-256", createCompositeAuthenticationManager.createSaslNegotiator("SCRAM-SHA-256", (SaslSettings) null, (NamedAddressSpace) null), "user3", "password4");
    }

    @Test
    public void userNotFound() throws Exception {
        ScramSHA256AuthenticationManager createScramSHA256AuthenticationManager = createScramSHA256AuthenticationManager(new String[0]);
        createScramSHA256AuthenticationManager.createUser(USERNAME, PASSWORD, Collections.emptyMap());
        ScramSHA1AuthenticationManager createScramSHA1AuthenticationManager = createScramSHA1AuthenticationManager(new String[0]);
        createScramSHA1AuthenticationManager.createUser("user2", "password2", Collections.emptyMap());
        CompositeUsernamePasswordAuthenticationManager<?> createCompositeAuthenticationManager = createCompositeAuthenticationManager(createScramSHA256AuthenticationManager, createScramSHA1AuthenticationManager, createSimpleLDAPAuthenticationManager());
        saslScramShaInvalidCredentials("SCRAM-SHA-256", createCompositeAuthenticationManager.createSaslNegotiator("SCRAM-SHA-256", (SaslSettings) null, (NamedAddressSpace) null), "test99", PASSWORD);
        saslScramShaInvalidCredentials("SCRAM-SHA-1", createCompositeAuthenticationManager.createSaslNegotiator("SCRAM-SHA-1", (SaslSettings) null, (NamedAddressSpace) null), "test99", "password2");
        Assert.assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.ERROR, createCompositeAuthenticationManager.createSaslNegotiator("PLAIN", (SaslSettings) null, (NamedAddressSpace) null).handleResponse(String.format(PlainNegotiatorTest.RESPONSE_FORMAT_STRING, "test99", PASSWORD).getBytes(StandardCharsets.US_ASCII)).getStatus());
    }

    @Test(expected = IllegalConfigurationException.class)
    public void nestedComposteUsernamePasswordAuthenticationManager() {
        ScramSHA256AuthenticationManager createScramSHA256AuthenticationManager = createScramSHA256AuthenticationManager(new String[0]);
        createScramSHA256AuthenticationManager.createUser(USERNAME, PASSWORD, Collections.emptyMap());
        createCompositeAuthenticationManager(createCompositeAuthenticationManager(createScramSHA256AuthenticationManager));
    }

    @Test(expected = IllegalConfigurationException.class)
    public void duplicateDelegates() {
        ScramSHA256AuthenticationManager createScramSHA256AuthenticationManager = createScramSHA256AuthenticationManager(new String[0]);
        createScramSHA256AuthenticationManager.createUser(USERNAME, PASSWORD, Collections.emptyMap());
        createCompositeAuthenticationManager(createScramSHA256AuthenticationManager, createScramSHA256AuthenticationManager);
    }

    private void saslCramMd(String str, SaslNegotiator saslNegotiator, String str2, String str3) throws Exception {
        AuthenticationResult handleResponse = saslNegotiator.handleResponse(new byte[0]);
        Assert.assertEquals("Unexpected first result status", AuthenticationResult.AuthenticationStatus.CONTINUE, handleResponse.getStatus());
        AuthenticationResult handleResponse2 = saslNegotiator.handleResponse(SaslUtil.generateCramMD5ClientResponse(str, str2, str3, handleResponse.getChallenge()));
        Assert.assertEquals("Unexpected second result status", AuthenticationResult.AuthenticationStatus.SUCCESS, handleResponse2.getStatus());
        Assert.assertNull("Unexpected second result challenge", handleResponse2.getChallenge());
        Assert.assertEquals("Unexpected second result main principal", str2, handleResponse2.getMainPrincipal().getName());
        Assert.assertEquals("Unexpected third result status", AuthenticationResult.AuthenticationStatus.ERROR, saslNegotiator.handleResponse(new byte[0]).getStatus());
    }

    private void saslScramSha(String str, SaslNegotiator saslNegotiator, String str2, String str3) throws Exception {
        byte[] createInitialResponse = SaslHelper.createInitialResponse(str2);
        AuthenticationResult handleResponse = saslNegotiator.handleResponse(createInitialResponse);
        Assert.assertEquals("Unexpected first result status", AuthenticationResult.AuthenticationStatus.CONTINUE, handleResponse.getStatus());
        Assert.assertNotNull("Unexpected first result challenge", handleResponse.getChallenge());
        AuthenticationResult handleResponse2 = saslNegotiator.handleResponse(SaslHelper.calculateClientProof(handleResponse.getChallenge(), "SCRAM-SHA-256".equals(str) ? "HmacSHA256" : "HmacSHA1", "SCRAM-SHA-256".equals(str) ? "SHA-256" : "SHA-1", str3));
        Assert.assertEquals("Unexpected second result status", AuthenticationResult.AuthenticationStatus.SUCCESS, handleResponse2.getStatus());
        Assert.assertNotNull("Unexpected second result challenge", handleResponse2.getChallenge());
        Assert.assertEquals("Unexpected second result principal", str2, handleResponse2.getMainPrincipal().getName());
        String[] split = new String(handleResponse2.getChallenge(), SaslHelper.ASCII).split(",");
        if (!split[0].startsWith("v=")) {
            Assert.fail("Server final message did not contain verifier");
        }
        if (!Arrays.equals(SaslHelper._serverSignature, Strings.decodeBase64(split[0].substring(2)))) {
            Assert.fail("Server signature did not match");
        }
        AuthenticationResult handleResponse3 = saslNegotiator.handleResponse(createInitialResponse);
        Assert.assertEquals("Unexpected result status after completion of negotiation", AuthenticationResult.AuthenticationStatus.ERROR, handleResponse3.getStatus());
        Assert.assertNull("Unexpected principal after completion of negotiation", handleResponse3.getMainPrincipal());
    }

    private void saslScramShaInvalidCredentials(String str, SaslNegotiator saslNegotiator, String str2, String str3) throws Exception {
        AuthenticationResult handleResponse = saslNegotiator.handleResponse(SaslHelper.createInitialResponse(str2));
        Assert.assertEquals("Unexpected first result status", AuthenticationResult.AuthenticationStatus.CONTINUE, handleResponse.getStatus());
        Assert.assertNotNull("Unexpected first result challenge", handleResponse.getChallenge());
        AuthenticationResult handleResponse2 = saslNegotiator.handleResponse(SaslHelper.calculateClientProof(handleResponse.getChallenge(), "SCRAM-SHA-256".equals(str) ? "HmacSHA256" : "HmacSHA1", "SCRAM-SHA-256".equals(str) ? "SHA-256" : "SHA-1", str3));
        Assert.assertEquals("Unexpected second result status", AuthenticationResult.AuthenticationStatus.ERROR, handleResponse2.getStatus());
        Assert.assertNull("Unexpected second result challenge", handleResponse2.getChallenge());
    }
}
