package org.apache.qpid.server.security.auth.sasl;

import java.io.File;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.Principal;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.xml.bind.DatatypeConverter;
import org.apache.qpid.server.security.auth.database.Base64MD5PasswordFilePrincipalDatabase;
import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HexInitialiser;
import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HexServerFactory;
import org.apache.qpid.test.utils.QpidTestCase;

/* loaded from: input_file:org/apache/qpid/server/security/auth/sasl/CRAMMD5HexServerTest.class */
public class CRAMMD5HexServerTest extends QpidTestCase {
    private SaslServer _saslServer;
    private CRAMMD5HexServerFactory _saslFactory;

    protected void setUp() throws Exception {
        super.setUp();
        CRAMMD5HexInitialiser cRAMMD5HexInitialiser = new CRAMMD5HexInitialiser();
        Base64MD5PasswordFilePrincipalDatabase createTestPrincipalDatabase = createTestPrincipalDatabase();
        assertEquals("Unexpected number of test users in the db", 2, createTestPrincipalDatabase.getUsers().size());
        cRAMMD5HexInitialiser.initialise(createTestPrincipalDatabase);
        this._saslFactory = new CRAMMD5HexServerFactory();
        this._saslServer = this._saslFactory.createSaslServer("CRAM-MD5-HEX", "AMQP", "localhost", (Map) null, cRAMMD5HexInitialiser.getCallbackHandler());
        assertNotNull("Unable to create saslServer with mechanism type CRAM-MD5-HEX", this._saslServer);
    }

    public void testSuccessfulAuth() throws Exception {
        byte[] evaluateResponse = this._saslServer.evaluateResponse(generateClientResponse("knownuser", "guest", this._saslServer.evaluateResponse(new byte[0])));
        assertTrue("Exchange must be flagged as complete after successful authentication", this._saslServer.isComplete());
        assertNull("Next server challenge must be null after successful authentication", evaluateResponse);
    }

    public void testKnownUserPresentsWrongPassword() throws Exception {
        try {
            this._saslServer.evaluateResponse(generateClientResponse("knownuser", "wrong!", this._saslServer.evaluateResponse(new byte[0])));
            fail("Exception not thrown");
        } catch (SaslException e) {
        }
        assertFalse("Exchange must not be flagged as complete after unsuccessful authentication", this._saslServer.isComplete());
    }

    public void testUnknownUser() throws Exception {
        try {
            this._saslServer.evaluateResponse(generateClientResponse("unknownuser", "guest", this._saslServer.evaluateResponse(new byte[0])));
            fail("Exception not thrown");
        } catch (SaslException e) {
            assertExceptionHasUnderlyingAsCause(AccountNotFoundException.class, e);
        }
        assertFalse("Exchange must not be flagged as complete after unsuccessful authentication", this._saslServer.isComplete());
    }

    public void testSuccessfulAuthReproducingQpid3158() throws Exception {
        byte[] evaluateResponse = this._saslServer.evaluateResponse(generateClientResponse("qpid3158user", "guest2", this._saslServer.evaluateResponse(new byte[0])));
        assertTrue("Exchange must be flagged as complete after successful authentication", this._saslServer.isComplete());
        assertNull("Next server challenge must be null after successful authentication", evaluateResponse);
    }

    private byte[] generateClientResponse(String str, String str2, byte[] bArr) throws Exception {
        byte[] bytes = new String(DatatypeConverter.printHexBinary(MessageDigest.getInstance("MD5").digest(str2.getBytes())).toLowerCase().toCharArray()).getBytes();
        Mac mac = Mac.getInstance("HmacMD5");
        mac.init(new SecretKeySpec(bytes, "HmacMD5"));
        return (str + " " + DatatypeConverter.printHexBinary(mac.doFinal(bArr)).toLowerCase()).getBytes();
    }

    private Base64MD5PasswordFilePrincipalDatabase createTestPrincipalDatabase() throws IOException {
        Base64MD5PasswordFilePrincipalDatabase base64MD5PasswordFilePrincipalDatabase = new Base64MD5PasswordFilePrincipalDatabase();
        File createTempFile = File.createTempFile("passwd", "db");
        createTempFile.deleteOnExit();
        base64MD5PasswordFilePrincipalDatabase.open(createTempFile);
        base64MD5PasswordFilePrincipalDatabase.createPrincipal(createTestPrincipal("knownuser"), "guest".toCharArray());
        base64MD5PasswordFilePrincipalDatabase.createPrincipal(createTestPrincipal("qpid3158user"), "guest2".toCharArray());
        return base64MD5PasswordFilePrincipalDatabase;
    }

    private Principal createTestPrincipal(final String str) {
        return new Principal() { // from class: org.apache.qpid.server.security.auth.sasl.CRAMMD5HexServerTest.1
            @Override // java.security.Principal
            public String getName() {
                return str;
            }
        };
    }

    private void assertExceptionHasUnderlyingAsCause(Class<? extends Throwable> cls, Throwable th) {
        assertNotNull(th);
        int i = 0;
        boolean z = false;
        while (true) {
            if (th.getCause() == null) {
                break;
            }
            int i2 = i;
            i++;
            if (i2 >= 10) {
                break;
            }
            if (cls.equals(th.getCause().getClass())) {
                z = true;
                break;
            }
            th = th.getCause();
        }
        if (z) {
            return;
        }
        fail("Not found expected underlying exception " + cls + " as underlying cause of " + th.getClass());
    }
}
