package org.springframework.security.ui.digestauth;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.jmock.Mock;
import org.jmock.MockObjectTestCase;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.MockFilterChain;
import org.springframework.security.MockFilterConfig;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.dao.UserCache;
import org.springframework.security.providers.dao.cache.NullUserCache;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.memory.InMemoryDaoImpl;
import org.springframework.security.userdetails.memory.UserMap;
import org.springframework.security.userdetails.memory.UserMapEditor;
import org.springframework.security.util.StringSplitUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/ui/digestauth/DigestProcessingFilterTests.class */
public class DigestProcessingFilterTests extends MockObjectTestCase {
    private static final String NC = "00000002";
    private static final String CNONCE = "c822c727a648aba7";
    private static final String REALM = "The Actual, Correct Realm Name";
    private static final String KEY = "springsecurity";
    private static final String QOP = "auth";
    private static final String USERNAME = "rod,ok";
    private static final String PASSWORD = "koala";
    private static final String REQUEST_URI = "/some_file.html";
    private static final String NONCE = generateNonce(60);
    private DigestProcessingFilter filter;
    private MockHttpServletRequest request;

    public DigestProcessingFilterTests() {
    }

    public DigestProcessingFilterTests(String str) {
        super(str);
    }

    private String createAuthorizationHeader(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
        return "Digest username=\"" + str + "\", realm=\"" + str2 + "\", nonce=\"" + str3 + "\", uri=\"" + str4 + "\", response=\"" + str5 + "\", qop=" + str6 + ", nc=" + str7 + ", cnonce=\"" + str8 + "\"";
    }

    private MockHttpServletResponse executeFilterInContainerSimulator(Filter filter, ServletRequest servletRequest, boolean z) throws ServletException, IOException {
        filter.init(new MockFilterConfig());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        Mock mock = mock(FilterChain.class);
        FilterChain filterChain = (FilterChain) mock.proxy();
        mock.expects(z ? once() : never()).method("doFilter");
        filter.doFilter(servletRequest, mockHttpServletResponse, filterChain);
        filter.destroy();
        return mockHttpServletResponse;
    }

    private static String generateNonce(int i) {
        long currentTimeMillis = System.currentTimeMillis() + (i * 1000);
        return new String(Base64.encodeBase64((currentTimeMillis + ":" + new String(DigestUtils.md5Hex(currentTimeMillis + ":" + KEY))).getBytes()));
    }

    protected void setUp() throws Exception {
        super.setUp();
        SecurityContextHolder.clearContext();
        InMemoryDaoImpl inMemoryDaoImpl = new InMemoryDaoImpl();
        UserMapEditor userMapEditor = new UserMapEditor();
        userMapEditor.setAsText("rod,ok=koala,ROLE_ONE,ROLE_TWO,enabled\r\n");
        inMemoryDaoImpl.setUserMap((UserMap) userMapEditor.getValue());
        DigestProcessingFilterEntryPoint digestProcessingFilterEntryPoint = new DigestProcessingFilterEntryPoint();
        digestProcessingFilterEntryPoint.setRealmName(REALM);
        digestProcessingFilterEntryPoint.setKey(KEY);
        this.filter = new DigestProcessingFilter();
        this.filter.setUserDetailsService(inMemoryDaoImpl);
        this.filter.setAuthenticationEntryPoint(digestProcessingFilterEntryPoint);
        this.request = new MockHttpServletRequest("GET", REQUEST_URI);
        this.request.setServletPath(REQUEST_URI);
    }

    protected void tearDown() throws Exception {
        super.tearDown();
        SecurityContextHolder.clearContext();
    }

    public void testDoFilterWithNonHttpServletRequestDetected() throws Exception {
        try {
            new DigestProcessingFilter().doFilter((ServletRequest) null, new MockHttpServletResponse(), new MockFilterChain());
            fail("Should have thrown ServletException");
        } catch (ServletException e) {
            assertEquals("Can only process HttpServletRequest", e.getMessage());
        }
    }

    public void testDoFilterWithNonHttpServletResponseDetected() throws Exception {
        try {
            new DigestProcessingFilter().doFilter(new MockHttpServletRequest((String) null, (String) null), (ServletResponse) null, new MockFilterChain());
            fail("Should have thrown ServletException");
        } catch (ServletException e) {
            assertEquals("Can only process HttpServletResponse", e.getMessage());
        }
    }

    public void testExpiredNonceReturnsForbiddenWithStaleHeader() throws Exception {
        String generateNonce = generateNonce(0);
        this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, generateNonce, REQUEST_URI, DigestProcessingFilter.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, generateNonce, NC, CNONCE), QOP, NC, CNONCE));
        Thread.sleep(1000L);
        MockHttpServletResponse executeFilterInContainerSimulator = executeFilterInContainerSimulator(this.filter, this.request, false);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        assertEquals(401, executeFilterInContainerSimulator.getStatus());
        assertEquals("true", StringSplitUtils.splitEachArrayElementAndCreateMap(StringUtils.commaDelimitedListToStringArray(executeFilterInContainerSimulator.getHeader("WWW-Authenticate").toString().substring(7)), "=", "\"").get("stale"));
    }

    public void testFilterIgnoresRequestsContainingNoAuthorizationHeader() throws Exception {
        executeFilterInContainerSimulator(this.filter, this.request, true);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    public void testGettersSetters() {
        DigestProcessingFilter digestProcessingFilter = new DigestProcessingFilter();
        digestProcessingFilter.setUserDetailsService(new InMemoryDaoImpl());
        assertTrue(digestProcessingFilter.getUserDetailsService() != null);
        digestProcessingFilter.setAuthenticationEntryPoint(new DigestProcessingFilterEntryPoint());
        assertTrue(digestProcessingFilter.getAuthenticationEntryPoint() != null);
        digestProcessingFilter.setUserCache((UserCache) null);
        assertNull(digestProcessingFilter.getUserCache());
        digestProcessingFilter.setUserCache(new NullUserCache());
        assertNotNull(digestProcessingFilter.getUserCache());
    }

    public void testInvalidDigestAuthorizationTokenGeneratesError() throws Exception {
        this.request.addHeader("Authorization", "Digest " + new String(Base64.encodeBase64("NOT_A_VALID_TOKEN_AS_MISSING_COLON".getBytes())));
        assertEquals(401, executeFilterInContainerSimulator(this.filter, this.request, false).getStatus());
        assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    public void testMalformedHeaderReturnsForbidden() throws Exception {
        this.request.addHeader("Authorization", "Digest scsdcsdc");
        MockHttpServletResponse executeFilterInContainerSimulator = executeFilterInContainerSimulator(this.filter, this.request, false);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        assertEquals(401, executeFilterInContainerSimulator.getStatus());
    }

    public void testNonBase64EncodedNonceReturnsForbidden() throws Exception {
        this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, "NOT_BASE_64_ENCODED", REQUEST_URI, DigestProcessingFilter.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, "NOT_BASE_64_ENCODED", NC, CNONCE), QOP, NC, CNONCE));
        MockHttpServletResponse executeFilterInContainerSimulator = executeFilterInContainerSimulator(this.filter, this.request, false);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        assertEquals(401, executeFilterInContainerSimulator.getStatus());
    }

    public void testNonceWithIncorrectSignatureForNumericFieldReturnsForbidden() throws Exception {
        String str = new String(Base64.encodeBase64("123456:incorrectStringPassword".getBytes()));
        this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, str, REQUEST_URI, DigestProcessingFilter.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, str, NC, CNONCE), QOP, NC, CNONCE));
        MockHttpServletResponse executeFilterInContainerSimulator = executeFilterInContainerSimulator(this.filter, this.request, false);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        assertEquals(401, executeFilterInContainerSimulator.getStatus());
    }

    public void testNonceWithNonNumericFirstElementReturnsForbidden() throws Exception {
        String str = new String(Base64.encodeBase64("hello:ignoredSecondElement".getBytes()));
        this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, str, REQUEST_URI, DigestProcessingFilter.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, str, NC, CNONCE), QOP, NC, CNONCE));
        MockHttpServletResponse executeFilterInContainerSimulator = executeFilterInContainerSimulator(this.filter, this.request, false);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        assertEquals(401, executeFilterInContainerSimulator.getStatus());
    }

    public void testNonceWithoutTwoColonSeparatedElementsReturnsForbidden() throws Exception {
        String str = new String(Base64.encodeBase64("a base 64 string without a colon".getBytes()));
        this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, str, REQUEST_URI, DigestProcessingFilter.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, str, NC, CNONCE), QOP, NC, CNONCE));
        MockHttpServletResponse executeFilterInContainerSimulator = executeFilterInContainerSimulator(this.filter, this.request, false);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        assertEquals(401, executeFilterInContainerSimulator.getStatus());
    }

    public void testNormalOperationWhenPasswordIsAlreadyEncoded() throws Exception {
        this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, DigestProcessingFilter.generateDigest(true, USERNAME, REALM, DigestProcessingFilter.encodePasswordInA1Format(USERNAME, REALM, PASSWORD), "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE), QOP, NC, CNONCE));
        executeFilterInContainerSimulator(this.filter, this.request, true);
        assertNotNull(SecurityContextHolder.getContext().getAuthentication());
        assertEquals(USERNAME, ((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername());
    }

    public void testNormalOperationWhenPasswordNotAlreadyEncoded() throws Exception {
        this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, DigestProcessingFilter.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE), QOP, NC, CNONCE));
        executeFilterInContainerSimulator(this.filter, this.request, true);
        assertNotNull(SecurityContextHolder.getContext().getAuthentication());
        assertEquals(USERNAME, ((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername());
    }

    public void testOtherAuthorizationSchemeIsIgnored() throws Exception {
        this.request.addHeader("Authorization", "SOME_OTHER_AUTHENTICATION_SCHEME");
        executeFilterInContainerSimulator(this.filter, this.request, true);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    public void testStartupDetectsMissingAuthenticationEntryPoint() throws Exception {
        try {
            DigestProcessingFilter digestProcessingFilter = new DigestProcessingFilter();
            digestProcessingFilter.setUserDetailsService(new InMemoryDaoImpl());
            digestProcessingFilter.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("A DigestProcessingFilterEntryPoint is required", e.getMessage());
        }
    }

    public void testStartupDetectsMissingUserDetailsService() throws Exception {
        try {
            DigestProcessingFilter digestProcessingFilter = new DigestProcessingFilter();
            digestProcessingFilter.setAuthenticationEntryPoint(new DigestProcessingFilterEntryPoint());
            digestProcessingFilter.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("A UserDetailsService is required", e.getMessage());
        }
    }

    public void testSuccessLoginThenFailureLoginResultsInSessionLosingToken() throws Exception {
        this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, DigestProcessingFilter.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE), QOP, NC, CNONCE));
        executeFilterInContainerSimulator(this.filter, this.request, true);
        assertNotNull(SecurityContextHolder.getContext().getAuthentication());
        String generateDigest = DigestProcessingFilter.generateDigest(false, USERNAME, REALM, "WRONG_PASSWORD", "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);
        this.request = new MockHttpServletRequest();
        this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, generateDigest, QOP, NC, CNONCE));
        MockHttpServletResponse executeFilterInContainerSimulator = executeFilterInContainerSimulator(this.filter, this.request, false);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        assertEquals(401, executeFilterInContainerSimulator.getStatus());
    }

    public void testWrongCnonceBasedOnDigestReturnsForbidden() throws Exception {
        this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, DigestProcessingFilter.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, "DIFFERENT_CNONCE"), QOP, NC, "NOT_SAME_AS_USED_FOR_DIGEST_COMPUTATION"));
        MockHttpServletResponse executeFilterInContainerSimulator = executeFilterInContainerSimulator(this.filter, this.request, false);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        assertEquals(401, executeFilterInContainerSimulator.getStatus());
    }

    public void testWrongDigestReturnsForbidden() throws Exception {
        this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, DigestProcessingFilter.generateDigest(false, USERNAME, REALM, "WRONG_PASSWORD", "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE), QOP, NC, CNONCE));
        MockHttpServletResponse executeFilterInContainerSimulator = executeFilterInContainerSimulator(this.filter, this.request, false);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        assertEquals(401, executeFilterInContainerSimulator.getStatus());
    }

    public void testWrongRealmReturnsForbidden() throws Exception {
        this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, "WRONG_REALM", NONCE, REQUEST_URI, DigestProcessingFilter.generateDigest(false, USERNAME, "WRONG_REALM", PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE), QOP, NC, CNONCE));
        MockHttpServletResponse executeFilterInContainerSimulator = executeFilterInContainerSimulator(this.filter, this.request, false);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        assertEquals(401, executeFilterInContainerSimulator.getStatus());
    }

    public void testWrongUsernameReturnsForbidden() throws Exception {
        this.request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, DigestProcessingFilter.generateDigest(false, "NOT_A_KNOWN_USER", REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE), QOP, NC, CNONCE));
        MockHttpServletResponse executeFilterInContainerSimulator = executeFilterInContainerSimulator(this.filter, this.request, false);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        assertEquals(401, executeFilterInContainerSimulator.getStatus());
    }
}
