package org.opencms.security;

import com.lambdaworks.codec.Base64;
import com.lambdaworks.crypto.SCryptUtil;
import dev.samstevens.totp.code.DefaultCodeGenerator;
import dev.samstevens.totp.time.SystemTimeProvider;
import java.util.HashMap;
import junit.extensions.TestSetup;
import junit.framework.Test;
import junit.framework.TestSuite;
import org.junit.Assert;
import org.opencms.db.CmsLoginMessage;
import org.opencms.file.CmsObject;
import org.opencms.file.CmsUser;
import org.opencms.main.CmsException;
import org.opencms.main.OpenCms;
import org.opencms.security.twofactor.CmsSecondFactorInfo;
import org.opencms.test.OpenCmsTestCase;
import org.opencms.test.OpenCmsTestProperties;

/* loaded from: input_file:org/opencms/security/TestLoginAndPasswordHandler.class */
public class TestLoginAndPasswordHandler extends OpenCmsTestCase {
    public TestLoginAndPasswordHandler(String str) {
        super(str);
    }

    public static Test suite() {
        OpenCmsTestProperties.initialize(org.opencms.test.AllTests.TEST_PROPERTIES_PATH);
        TestSuite testSuite = new TestSuite();
        testSuite.setName(TestLoginAndPasswordHandler.class.getName());
        testSuite.addTest(new TestLoginAndPasswordHandler("testSCrypt"));
        testSuite.addTest(new TestLoginAndPasswordHandler("testUserDefaultPasswords"));
        testSuite.addTest(new TestLoginAndPasswordHandler("testCheckPasswordDigest"));
        testSuite.addTest(new TestLoginAndPasswordHandler("testPasswordConvesion"));
        testSuite.addTest(new TestLoginAndPasswordHandler("testLoginUser"));
        testSuite.addTest(new TestLoginAndPasswordHandler("testLoginMessage"));
        testSuite.addTest(new TestLoginAndPasswordHandler("testPasswordValidation"));
        testSuite.addTest(new TestLoginAndPasswordHandler("testSetResetPassword"));
        testSuite.addTest(new TestLoginAndPasswordHandler("testTwoFactorAuthentication"));
        return new TestSetup(testSuite) { // from class: org.opencms.security.TestLoginAndPasswordHandler.1
            protected void setUp() {
                OpenCmsTestCase.setupOpenCms("simpletest", "/");
            }

            protected void tearDown() {
                OpenCmsTestCase.removeOpenCms();
            }
        };
    }

    public void testCheckPasswordDigest() throws Throwable {
        echo("Testing if the password is digested and stored correctly");
        String userAdmin = OpenCms.getDefaultUsers().getUserAdmin();
        CmsObject cmsObject = getCmsObject();
        String digest = OpenCms.getPasswordHandler().digest("theNewPassword01");
        cmsObject.setPassword("Admin", "admin", "theNewPassword01");
        String password = cmsObject.readUser(userAdmin).getPassword();
        cmsObject.setPassword(userAdmin, "theNewPassword01", "admin");
        echo("Digested password: " + digest);
        echo("User password    : " + password);
        assertTrue("Passwords do not validate", OpenCms.getPasswordHandler().checkPassword("theNewPassword01", digest, false));
        assertEquals("Password length for Admin user not equal to expected digested password length", password.length(), digest.length());
    }

    public void testLoginMessage() throws Exception {
        echo("Testing login messages");
        CmsObject cmsObject = getCmsObject();
        String userAdmin = OpenCms.getDefaultUsers().getUserAdmin();
        assertNull(OpenCms.getLoginManager().getLoginMessage());
        OpenCms.getLoginManager().setLoginMessage(cmsObject, new CmsLoginMessage("This is the test login message", true));
        CmsException cmsException = null;
        try {
            cmsObject.loginUser("test1", "test1");
        } catch (CmsAuthentificationException e) {
            cmsException = e;
        }
        assertNotNull(cmsException);
        if (cmsException != null) {
            assertSame("ERR_LOGIN_FAILED_WITH_MESSAGE_1", cmsException.getMessageContainer().getKey());
            assertTrue(cmsException.getMessage().indexOf("This is the test login message") > 0);
        }
        cmsObject.loginUser(userAdmin, "admin");
        OpenCms.getLoginManager().removeLoginMessage(cmsObject);
        cmsObject.loginUser("test1", "test1");
        cmsObject.loginUser(userAdmin, "admin");
        OpenCms.getLoginManager().setLoginMessage(cmsObject, new CmsLoginMessage("This is the test login message", false));
        cmsObject.loginUser("test1", "test1");
        cmsObject.loginUser(userAdmin, "admin");
        OpenCms.getLoginManager().setLoginMessage(cmsObject, new CmsLoginMessage(0L, System.currentTimeMillis(), "This is the test login message", true));
        cmsObject.loginUser("test1", "test1");
        cmsObject.loginUser(userAdmin, "admin");
        OpenCms.getLoginManager().setLoginMessage(cmsObject, new CmsLoginMessage(System.currentTimeMillis() + 100000, Long.MAX_VALUE, "This is the test login message", true));
        cmsObject.loginUser("test1", "test1");
        cmsObject.loginUser(userAdmin, "admin");
        OpenCms.getLoginManager().setLoginMessage(cmsObject, new CmsLoginMessage("This is the test login message", true));
        CmsException cmsException2 = null;
        try {
            cmsObject.loginUser("test1", "test1");
        } catch (CmsAuthentificationException e2) {
            cmsException2 = e2;
        }
        assertNotNull(cmsException2);
        if (cmsException2 != null) {
            assertSame("ERR_LOGIN_FAILED_WITH_MESSAGE_1", cmsException2.getMessageContainer().getKey());
            assertTrue(cmsException2.getMessage().indexOf("This is the test login message") > 0);
        }
        cmsObject.loginUser(userAdmin, "admin");
        OpenCms.getLoginManager().removeLoginMessage(cmsObject);
    }

    public void testLoginUser() throws Exception {
        echo("Testing Exception behaviour during login");
        CmsObject cmsObject = getCmsObject();
        String userAdmin = OpenCms.getDefaultUsers().getUserAdmin();
        cmsObject.loginUser(userAdmin, "admin");
        assertTrue(OpenCms.getDefaultUsers().isUserAdmin(cmsObject.getRequestContext().getCurrentUser().getName()));
        CmsException cmsException = null;
        try {
            cmsObject.loginUser(userAdmin, "imamwrong");
        } catch (CmsAuthentificationException e) {
            cmsException = e;
        }
        assertNotNull(cmsException);
        if (cmsException != null) {
            assertSame("ERR_LOGIN_FAILED_2", cmsException.getMessageContainer().getKey());
        }
        CmsException cmsException2 = null;
        try {
            cmsObject.loginUser("idontexist", "imnotimportant");
        } catch (CmsAuthentificationException e2) {
            cmsException2 = e2;
        }
        assertNotNull(cmsException2);
        if (cmsException2 != null) {
            assertSame("ERR_LOGIN_FAILED_NO_USER_2", cmsException2.getMessageContainer().getKey());
        }
        cmsObject.loginUser("test1", "test1");
        assertEquals("test1", cmsObject.getRequestContext().getCurrentUser().getName());
        cmsObject.loginUser(userAdmin, "admin");
        assertEquals(userAdmin, cmsObject.getRequestContext().getCurrentUser().getName());
        CmsUser readUser = cmsObject.readUser("test1");
        readUser.setEnabled(false);
        cmsObject.writeUser(readUser);
        CmsException cmsException3 = null;
        try {
            cmsObject.loginUser("test1", "test1");
        } catch (CmsAuthentificationException e3) {
            cmsException3 = e3;
        }
        assertNotNull(cmsException3);
        if (cmsException3 != null) {
            assertSame("ERR_LOGIN_FAILED_DISABLED_2", cmsException3.getMessageContainer().getKey());
        }
        readUser.setEnabled(true);
        cmsObject.writeUser(readUser);
        cmsObject.loginUser("test1", "test1");
        assertEquals("test1", cmsObject.getRequestContext().getCurrentUser().getName());
    }

    public void testPasswordConvesion() throws Throwable {
        echo("Testing if the password is automatically converted from the old to the new hash algorithm");
        CmsObject cmsObject = getCmsObject();
        CmsUser readUser = cmsObject.readUser("test1");
        echo("Old stored password hash: " + readUser.getPassword());
        assertEquals("Password of user 'test1' not as expected", readUser.getPassword(), OpenCms.getPasswordHandler().digest("test1", "md5", "UTF-8"));
        cmsObject.loginUser("test1", "test1");
        CmsUser readUser2 = cmsObject.readUser("test1");
        echo("New stored password hash: " + readUser2.getPassword());
        assertTrue("Password validation with new hash algorithm failed", OpenCms.getPasswordHandler().checkPassword("test1", readUser2.getPassword(), false));
    }

    public void testPasswordValidation() throws Throwable {
        echo("Testing password validation handler");
        I_CmsPasswordHandler passwordHandler = OpenCms.getPasswordHandler();
        boolean z = false;
        try {
            passwordHandler.validatePassword("1*3");
            z = true;
        } catch (CmsSecurityException e) {
        }
        if (z) {
            fail("Invalid password 1*3 validated.");
        }
        try {
            passwordHandler.validatePassword("zyz*nowski");
        } catch (Exception e2) {
            echo("zyznowski invalid:" + e2.getMessage());
        }
        try {
            passwordHandler.validatePassword("Alfa99");
        } catch (Exception e3) {
            echo("alfa invalid:" + e3.getMessage());
        }
        try {
            passwordHandler.validatePassword("ca%Dill");
        } catch (Exception e4) {
            echo("ferrar invalid:" + e4.getMessage());
        }
        try {
            passwordHandler.validatePassword("#ulary");
        } catch (Exception e5) {
            echo("ulary invalid:" + e5.getMessage());
        }
    }

    public void testSCrypt() throws Throwable {
        echo("\nCreating 5 demo hashes with SCrpyt:");
        for (int i = 0; i < 5; i++) {
            System.out.println(SCryptUtil.scrypt("p\r\nassw0Rd!", 16384, 8, 1));
        }
        echo("Testing 5 hashes with SCrpyt");
        long currentTimeMillis = System.currentTimeMillis();
        for (int i2 = 0; i2 < 5; i2++) {
            String str = "p\r\nassw0Rd!" + i2;
            String scrypt = SCryptUtil.scrypt(str, 16384, 8, 1);
            Assert.assertNotEquals("FAILURE: TWO HASHES ARE EQUAL!", scrypt, SCryptUtil.scrypt(str, 16384, 8, 1));
            assertFalse("FAILURE: WRONG PASSWORD ACCEPTED!", SCryptUtil.check("p\r\nassw0Rd!" + (i2 + 1), scrypt));
            assertTrue("FAILURE: GOOD PASSWORD NOT ACCEPTED!", SCryptUtil.check(str, scrypt));
        }
        echo("Test took " + (System.currentTimeMillis() - currentTimeMillis) + " msec.");
        if (!"scrypt".equals(OpenCms.getPasswordHandler().getDigestType())) {
            fail("Expected SCrypt algorithm not configured as password digester");
            return;
        }
        String[] split = OpenCms.getPasswordHandler().digest("p\r\nassw0Rd!").split("\\$");
        if (split.length != 5 || !split[1].equals("s0")) {
            fail("OpenCms produced an invalid hashed SCrypt value");
        }
        long parseLong = Long.parseLong(split[2], 16);
        byte[] decode = Base64.decode(split[3].toCharArray());
        byte[] decode2 = Base64.decode(split[4].toCharArray());
        int pow = (int) Math.pow(2.0d, (parseLong >> 16) & 65535);
        int i3 = (((int) parseLong) >> 8) & 255;
        int i4 = ((int) parseLong) & 255;
        echo("Parsed SCrpyt digest as N:" + pow + " r:" + i3 + " p:" + i4 + " salt:" + decode + " derived:" + decode2);
        assertEquals("Unexpected SCrypt value for N", 16384, pow);
        assertEquals("Unexpected SCrypt value for r", 8, i3);
        assertEquals("Unexpected SCrypt value for p", 1, i4);
    }

    public void testSetResetPassword() throws Throwable {
        echo("Testing setting the password as admin");
        CmsObject cmsObject = getCmsObject();
        String userAdmin = OpenCms.getDefaultUsers().getUserAdmin();
        cmsObject.setPassword(userAdmin, "admin", "password1");
        cmsObject.loginUser(userAdmin, "password1");
        cmsObject.setPassword(userAdmin, "password2");
        cmsObject.loginUser(userAdmin, "password2");
        cmsObject.setPassword(userAdmin, "password2", "admin");
        cmsObject.loginUser(userAdmin, "admin");
    }

    public void testTwoFactorAuthentication() throws Exception {
        CmsObject cmsObject = getCmsObject();
        CmsUser createUser = cmsObject.createUser("testTwoFactorAuthentication2", "password", "", new HashMap());
        try {
            cmsObject.readGroup("TwoFactorAuthentication");
        } catch (Exception e) {
            cmsObject.createGroup("TwoFactorAuthentication", "", 0, (String) null);
        }
        cmsObject.addUserToGroup("testTwoFactorAuthentication2", "TwoFactorAuthentication");
        CmsObject initCmsObject = OpenCms.initCmsObject("Guest");
        boolean z = false;
        try {
            initCmsObject.loginUser("testTwoFactorAuthentication2", "password");
        } catch (Exception e2) {
            z = true;
        }
        assertTrue("should not be able to log in without second factor", z);
        boolean z2 = false;
        try {
            initCmsObject.loginUser("testTwoFactorAuthentication2", "password", new CmsSecondFactorInfo("123456"));
        } catch (Exception e3) {
            z2 = true;
        }
        assertTrue("should not be able to log in with dummy verification code", z2);
        boolean z3 = false;
        try {
            initCmsObject.loginUser("testTwoFactorAuthentication2", "password", new CmsSecondFactorInfo("$%& // ---!", "123456"));
        } catch (Exception e4) {
            z3 = true;
        }
        assertTrue("should not be able to log in with dummy verification code and secret", z3);
        DefaultCodeGenerator defaultCodeGenerator = new DefaultCodeGenerator();
        String secret = OpenCms.getTwoFactorAuthenticationHandler().generateSetupInfo(createUser).getSecret();
        initCmsObject.loginUser("testTwoFactorAuthentication2", "password", new CmsSecondFactorInfo(secret, defaultCodeGenerator.generate(secret, new SystemTimeProvider().getTime() / 30)));
        OpenCms.initCmsObject("Guest").loginUser("testTwoFactorAuthentication2", "password", new CmsSecondFactorInfo(defaultCodeGenerator.generate(secret, new SystemTimeProvider().getTime() / 30)));
    }

    public void testUserDefaultPasswords() throws Exception {
        CmsObject cmsObject = getCmsObject();
        echo("Testing the user import.");
        I_CmsPasswordHandler passwordHandler = OpenCms.getPasswordHandler();
        echo("Testing passwords of imported users");
        assertTrue("Admin user password does not check", passwordHandler.checkPassword("admin", cmsObject.readUser(OpenCms.getDefaultUsers().getUserAdmin()).getPassword(), false));
        CmsUser readUser = cmsObject.readUser(OpenCms.getDefaultUsers().getUserGuest());
        assertFalse("Guest user password does check with old default (empty String) but should fail becasue it is now a random UUID", passwordHandler.checkPassword("", readUser.getPassword(), true));
        try {
            SCryptUtil.check("{random-value}", readUser.getPassword());
        } catch (IllegalArgumentException e) {
            fail("Guest user password not a valid SCrypt password");
        }
        try {
            SCryptUtil.check("{random-value}", cmsObject.readUser(OpenCms.getDefaultUsers().getUserExport()).getPassword());
        } catch (IllegalArgumentException e2) {
            fail("Export user password not a valid SCrypt password");
        }
        try {
            SCryptUtil.check("{random-value}", cmsObject.readUser(OpenCms.getDefaultUsers().getUserDeletedResource()).getPassword());
        } catch (IllegalArgumentException e3) {
            fail("Deleted resource user password not a valid SCrypt password");
        }
        CmsUser readUser2 = cmsObject.readUser("test1");
        assertFalse("test1 user password does check with default SCrypt but should fail becasuse it is encoded in MD5", passwordHandler.checkPassword("test1", readUser2.getPassword(), false));
        assertTrue("test1 user password does not check with fallback to MD5", passwordHandler.checkPassword("test1", readUser2.getPassword(), true));
        CmsUser readUser3 = cmsObject.readUser("test2");
        assertFalse("test2 user password does check with default SCrypt but should fail becasuse it is encoded in MD5", passwordHandler.checkPassword("test2", readUser3.getPassword(), false));
        assertTrue("test2 user password does not check with fallback to MD5", passwordHandler.checkPassword("test2", readUser3.getPassword(), true));
    }
}
