package org.owasp.esapi;

import java.util.Date;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
import org.owasp.esapi.errors.AuthenticationException;
import org.owasp.esapi.http.TestHttpServletRequest;
import org.owasp.esapi.http.TestHttpServletResponse;
import org.owasp.esapi.interfaces.ILogger;

/* JADX WARN: Classes with same name are omitted:
  input_file:ESAPI/build/classes/org/owasp/esapi/AuthenticatorTest.class
 */
/* loaded from: input_file:ESAPI/esapi_1.0.jar:org/owasp/esapi/AuthenticatorTest.class */
public class AuthenticatorTest extends TestCase {
    public static Test suite() {
        return new TestSuite(AuthenticatorTest.class);
    }

    public AuthenticatorTest(String str) {
        super(str);
    }

    protected void setUp() throws Exception {
    }

    protected void tearDown() throws Exception {
    }

    public void testCreateUser() throws AuthenticationException {
        System.out.println("createUser");
        String randomString = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS);
        Authenticator authenticator = Authenticator.getInstance();
        String generateStrongPassword = authenticator.generateStrongPassword();
        assertTrue(authenticator.createUser(randomString, generateStrongPassword, generateStrongPassword).verifyPassword(generateStrongPassword));
        try {
            authenticator.createUser(randomString, generateStrongPassword, generateStrongPassword);
            fail();
        } catch (AuthenticationException e) {
        }
        try {
            authenticator.createUser(Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS), "password1", "password2");
            fail();
        } catch (AuthenticationException e2) {
        }
        try {
            authenticator.createUser(Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS), "weak1", "weak1");
            fail();
        } catch (AuthenticationException e3) {
        }
        try {
            authenticator.createUser((String) null, "weak1", "weak1");
            fail();
        } catch (AuthenticationException e4) {
        }
        try {
            authenticator.createUser(Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS), (String) null, (String) null);
            fail();
        } catch (AuthenticationException e5) {
        }
    }

    public void testGenerateStrongPassword() throws AuthenticationException {
        System.out.println("generateStrongPassword");
        Authenticator authenticator = Authenticator.getInstance();
        String generateStrongPassword = authenticator.generateStrongPassword();
        for (int i = 0; i < 100; i++) {
            try {
                authenticator.verifyPasswordStrength(authenticator.generateStrongPassword(), generateStrongPassword);
            } catch (AuthenticationException e) {
                fail();
            }
        }
    }

    public void testGetCurrentUser() throws Exception {
        System.out.println("getCurrentUser");
        Authenticator authenticator = Authenticator.getInstance();
        String randomString = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS);
        String randomString2 = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS);
        User createUser = authenticator.createUser(randomString, "getCurrentUser", "getCurrentUser");
        User createUser2 = authenticator.createUser(randomString2, "getCurrentUser", "getCurrentUser");
        createUser.enable();
        TestHttpServletRequest testHttpServletRequest = new TestHttpServletRequest();
        TestHttpServletResponse testHttpServletResponse = new TestHttpServletResponse();
        Authenticator.getInstance().setCurrentHTTP(testHttpServletRequest, testHttpServletResponse);
        createUser.loginWithPassword("getCurrentUser", testHttpServletRequest, testHttpServletResponse);
        User currentUser = authenticator.getCurrentUser();
        assertEquals(currentUser, createUser);
        authenticator.setCurrentUser(createUser2);
        assertFalse(currentUser.getAccountName().equals(createUser2.getAccountName()));
        Runnable runnable = new Runnable() { // from class: org.owasp.esapi.AuthenticatorTest.1
            private int count = 1;
            private boolean result = false;

            public boolean getResult() {
                return this.result;
            }

            @Override // java.lang.Runnable
            public void run() {
                Authenticator authenticator2 = Authenticator.getInstance();
                User user = null;
                try {
                    String generateStrongPassword = authenticator2.generateStrongPassword();
                    StringBuilder sb = new StringBuilder("TestAccount");
                    int i = this.count;
                    this.count = i + 1;
                    String sb2 = sb.append(i).toString();
                    if (authenticator2.getUser(sb2) != null) {
                        authenticator2.removeUser(sb2);
                    }
                    user = authenticator2.createUser(sb2, generateStrongPassword, generateStrongPassword);
                    authenticator2.setCurrentUser(user);
                } catch (AuthenticationException e) {
                    e.printStackTrace();
                }
                this.result &= user.equals(authenticator2.getCurrentUser());
            }
        };
        ThreadGroup threadGroup = new ThreadGroup("test");
        for (int i = 0; i < 10; i++) {
            new Thread(threadGroup, runnable).start();
        }
        while (threadGroup.activeCount() > 0) {
            Thread.sleep(100L);
        }
    }

    public void testGetUser() throws AuthenticationException {
        System.out.println("getUser");
        Authenticator authenticator = Authenticator.getInstance();
        String generateStrongPassword = authenticator.generateStrongPassword();
        String randomString = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS);
        authenticator.createUser(randomString, generateStrongPassword, generateStrongPassword);
        assertNotNull(authenticator.getUser(randomString));
        assertNull(authenticator.getUser(Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS)));
    }

    public void testGetUserFromSession() throws AuthenticationException {
        System.out.println("getUserFromSession");
        Authenticator authenticator = Authenticator.getInstance();
        String randomString = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS);
        String generateStrongPassword = authenticator.generateStrongPassword();
        User createUser = authenticator.createUser(randomString, generateStrongPassword, generateStrongPassword);
        createUser.enable();
        TestHttpServletRequest testHttpServletRequest = new TestHttpServletRequest();
        testHttpServletRequest.addParameter("username", randomString);
        testHttpServletRequest.addParameter("password", generateStrongPassword);
        authenticator.login((HttpServletRequest) testHttpServletRequest, (HttpServletResponse) new TestHttpServletResponse());
        assertEquals(createUser, authenticator.getUserFromSession(testHttpServletRequest));
    }

    public void testGetUserNames() throws AuthenticationException {
        System.out.println("getUserNames");
        Authenticator authenticator = Authenticator.getInstance();
        String generateStrongPassword = authenticator.generateStrongPassword();
        String[] strArr = {"firstUser", "secondUser", "thirdUser"};
        for (String str : strArr) {
            authenticator.createUser(str, generateStrongPassword, generateStrongPassword);
        }
        Set userNames = authenticator.getUserNames();
        for (String str2 : strArr) {
            assertTrue(userNames.contains(str2.toLowerCase()));
        }
    }

    public void testHashPassword() {
        System.out.println("hashPassword");
        Authenticator authenticator = Authenticator.getInstance();
        assertTrue(authenticator.hashPassword("test", "Jeff").equals(authenticator.hashPassword("test", "Jeff")));
    }

    public void testLogin() throws AuthenticationException {
        System.out.println("login");
        Authenticator authenticator = Authenticator.getInstance();
        String generateStrongPassword = authenticator.generateStrongPassword();
        authenticator.createUser("login", generateStrongPassword, generateStrongPassword).enable();
        TestHttpServletRequest testHttpServletRequest = new TestHttpServletRequest();
        testHttpServletRequest.addParameter("username", "login");
        testHttpServletRequest.addParameter("password", generateStrongPassword);
        assertTrue(authenticator.login((HttpServletRequest) testHttpServletRequest, (HttpServletResponse) new TestHttpServletResponse()).isLoggedIn());
    }

    public void testRemoveUser() throws Exception {
        System.out.println("removeUser");
        String randomString = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS);
        Authenticator authenticator = Authenticator.getInstance();
        String generateStrongPassword = authenticator.generateStrongPassword();
        authenticator.createUser(randomString, generateStrongPassword, generateStrongPassword);
        assertTrue(authenticator.exists(randomString));
        authenticator.removeUser(randomString);
        assertFalse(authenticator.exists(randomString));
        Iterator it = authenticator.getUserNames().iterator();
        while (it.hasNext()) {
            authenticator.removeUser((String) it.next());
        }
    }

    public void testSaveUsers() throws Exception {
        System.out.println("saveUsers");
        String randomString = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS);
        Authenticator authenticator = Authenticator.getInstance();
        String generateStrongPassword = authenticator.generateStrongPassword();
        authenticator.createUser(randomString, generateStrongPassword, generateStrongPassword);
        authenticator.saveUsers();
        assertNotNull(authenticator.getUser(randomString));
        authenticator.removeUser(randomString);
        assertNull(authenticator.getUser(randomString));
    }

    public void testSetCurrentUser() throws AuthenticationException {
        System.out.println("setCurrentUser");
        String randomString = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_UPPERS);
        String randomString2 = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_UPPERS);
        User createUser = Authenticator.getInstance().createUser(randomString, "getCurrentUser", "getCurrentUser");
        createUser.enable();
        Authenticator authenticator = Authenticator.getInstance();
        createUser.loginWithPassword("getCurrentUser", new TestHttpServletRequest(), new TestHttpServletResponse());
        User currentUser = authenticator.getCurrentUser();
        assertEquals(currentUser, createUser);
        User createUser2 = authenticator.createUser(randomString2, "getCurrentUser", "getCurrentUser");
        authenticator.setCurrentUser(createUser2);
        assertFalse(currentUser.getAccountName().equals(createUser2.getAccountName()));
        Runnable runnable = new Runnable() { // from class: org.owasp.esapi.AuthenticatorTest.2
            private int count = 1;

            @Override // java.lang.Runnable
            public void run() {
                User user = null;
                try {
                    String randomString3 = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS);
                    Authenticator authenticator2 = Authenticator.getInstance();
                    StringBuilder sb = new StringBuilder("test");
                    int i = this.count;
                    this.count = i + 1;
                    user = authenticator2.createUser(sb.append(i).toString(), randomString3, randomString3);
                } catch (AuthenticationException e) {
                    e.printStackTrace();
                }
                Authenticator.getInstance().setCurrentUser(user);
                Logger.getLogger("test", "test").logCritical(ILogger.SECURITY, "Got current user");
            }
        };
        for (int i = 0; i < 10; i++) {
            new Thread(runnable).start();
        }
    }

    public void testSetCurrentUserWithRequest() throws AuthenticationException {
        System.out.println("setCurrentUser(req,resp)");
        Authenticator authenticator = Authenticator.getInstance();
        String generateStrongPassword = authenticator.generateStrongPassword();
        String randomString = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS);
        User createUser = authenticator.createUser(randomString, generateStrongPassword, generateStrongPassword);
        createUser.enable();
        TestHttpServletRequest testHttpServletRequest = new TestHttpServletRequest();
        testHttpServletRequest.addParameter("username", randomString);
        testHttpServletRequest.addParameter("password", generateStrongPassword);
        TestHttpServletResponse testHttpServletResponse = new TestHttpServletResponse();
        authenticator.login((HttpServletRequest) testHttpServletRequest, (HttpServletResponse) testHttpServletResponse);
        assertEquals(createUser, authenticator.getCurrentUser());
        try {
            createUser.disable();
            authenticator.login((HttpServletRequest) testHttpServletRequest, (HttpServletResponse) testHttpServletResponse);
        } catch (Exception e) {
        }
        try {
            createUser.enable();
            createUser.lock();
            authenticator.login((HttpServletRequest) testHttpServletRequest, (HttpServletResponse) testHttpServletResponse);
        } catch (Exception e2) {
        }
        try {
            createUser.unlock();
            createUser.setExpirationTime(new Date());
            authenticator.login((HttpServletRequest) testHttpServletRequest, (HttpServletResponse) testHttpServletResponse);
        } catch (Exception e3) {
        }
    }

    public void testValidatePasswordStrength() throws AuthenticationException {
        System.out.println("validatePasswordStrength");
        Authenticator authenticator = Authenticator.getInstance();
        try {
            authenticator.verifyPasswordStrength("jeff", "password");
            fail();
        } catch (AuthenticationException e) {
        }
        try {
            authenticator.verifyPasswordStrength("same123string", "diff123bang");
            fail();
        } catch (AuthenticationException e2) {
        }
        try {
            authenticator.verifyPasswordStrength("JEFF", "password");
            fail();
        } catch (AuthenticationException e3) {
        }
        try {
            authenticator.verifyPasswordStrength("1234", "password");
            fail();
        } catch (AuthenticationException e4) {
        }
        try {
            authenticator.verifyPasswordStrength("password", "password");
            fail();
        } catch (AuthenticationException e5) {
        }
        try {
            authenticator.verifyPasswordStrength("-1", "password");
            fail();
        } catch (AuthenticationException e6) {
        }
        try {
            authenticator.verifyPasswordStrength("password123", "password");
            fail();
        } catch (AuthenticationException e7) {
        }
        try {
            authenticator.verifyPasswordStrength("test123", "password");
            fail();
        } catch (AuthenticationException e8) {
        }
        authenticator.verifyPasswordStrength("jeffJEFF12!", "password");
        authenticator.verifyPasswordStrength("super calif ragil istic", "password");
        authenticator.verifyPasswordStrength("TONYTONYTONYTONY", "password");
        authenticator.verifyPasswordStrength(authenticator.generateStrongPassword(), "password");
    }

    public void testExists() throws Exception {
        System.out.println("exists");
        String randomString = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS);
        Authenticator authenticator = Authenticator.getInstance();
        String generateStrongPassword = authenticator.generateStrongPassword();
        authenticator.createUser(randomString, generateStrongPassword, generateStrongPassword);
        assertTrue(authenticator.exists(randomString));
        authenticator.removeUser(randomString);
        assertFalse(authenticator.exists(randomString));
    }

    public void testMain() throws Exception {
        System.out.println("authenticator");
        String randomString = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS);
        String generateStrongPassword = Authenticator.getInstance().generateStrongPassword();
        Authenticator.main(new String[]{randomString, generateStrongPassword});
        assertNull(Authenticator.getInstance().getUser(randomString));
        Authenticator.main(new String[]{randomString, generateStrongPassword, "test"});
        User user = Authenticator.getInstance().getUser(randomString);
        assertNotNull(user);
        assertTrue(user.isInRole("test"));
        assertEquals(Authenticator.getInstance().hashPassword(generateStrongPassword, randomString), user.getHashedPassword());
    }
}
