package org.owasp.esapi;

import java.util.Date;
import java.util.HashSet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
import org.owasp.esapi.errors.AuthenticationException;
import org.owasp.esapi.http.TestHttpServletRequest;
import org.owasp.esapi.http.TestHttpServletResponse;
import org.owasp.esapi.http.TestHttpSession;

/* JADX WARN: Classes with same name are omitted:
  input_file:ESAPI/build/classes/org/owasp/esapi/UserTest.class
 */
/* loaded from: input_file:ESAPI/esapi_1.0.jar:org/owasp/esapi/UserTest.class */
public class UserTest extends TestCase {
    public static Test suite() {
        return new TestSuite(UserTest.class);
    }

    public UserTest(String str) {
        super(str);
    }

    private User createTestUser(String str) throws AuthenticationException {
        return Authenticator.getInstance().createUser(Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS), str, str);
    }

    protected void setUp() throws Exception {
    }

    protected void tearDown() throws Exception {
    }

    public void testAddRole() throws Exception {
        System.out.println("addRole");
        Authenticator authenticator = Authenticator.getInstance();
        String randomString = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS);
        String generateStrongPassword = Authenticator.getInstance().generateStrongPassword();
        String randomString2 = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_LOWERS);
        User createUser = authenticator.createUser(randomString, generateStrongPassword, generateStrongPassword);
        createUser.addRole(randomString2);
        assertTrue(createUser.isInRole(randomString2));
        assertFalse(createUser.isInRole("ridiculous"));
    }

    public void testAddRoles() throws AuthenticationException {
        System.out.println("addRoles");
        User createTestUser = createTestUser(Authenticator.getInstance().generateStrongPassword());
        HashSet hashSet = new HashSet();
        hashSet.add("rolea");
        hashSet.add("roleb");
        createTestUser.addRoles(hashSet);
        assertTrue(createTestUser.isInRole("rolea"));
        assertTrue(createTestUser.isInRole("roleb"));
        assertFalse(createTestUser.isInRole("ridiculous"));
    }

    public void testChangePassword() throws Exception {
        System.out.println("changePassword");
        Authenticator authenticator = Authenticator.getInstance();
        String generateStrongPassword = authenticator.generateStrongPassword();
        User createTestUser = createTestUser(generateStrongPassword);
        String generateStrongPassword2 = authenticator.generateStrongPassword();
        createTestUser.changePassword(generateStrongPassword, generateStrongPassword2, generateStrongPassword2);
        assertTrue(createTestUser.verifyPassword(generateStrongPassword2));
        String generateStrongPassword3 = authenticator.generateStrongPassword();
        createTestUser.changePassword(generateStrongPassword2, generateStrongPassword3, generateStrongPassword3);
        try {
            createTestUser.changePassword(generateStrongPassword3, generateStrongPassword2, generateStrongPassword2);
        } catch (AuthenticationException e) {
        }
        assertTrue(createTestUser.verifyPassword(generateStrongPassword3));
        assertFalse(createTestUser.verifyPassword("badpass"));
    }

    public void testDisable() throws AuthenticationException {
        System.out.println("disable");
        User createTestUser = createTestUser(Authenticator.getInstance().generateStrongPassword());
        createTestUser.enable();
        assertTrue(createTestUser.isEnabled());
        createTestUser.disable();
        assertFalse(createTestUser.isEnabled());
    }

    public void testEnable() throws AuthenticationException {
        System.out.println("enable");
        User createTestUser = createTestUser(Authenticator.getInstance().generateStrongPassword());
        createTestUser.enable();
        assertTrue(createTestUser.isEnabled());
        createTestUser.disable();
        assertFalse(createTestUser.isEnabled());
    }

    public void testEquals() throws AuthenticationException {
        String generateStrongPassword = Authenticator.getInstance().generateStrongPassword();
        User user = new User("userA", generateStrongPassword, generateStrongPassword);
        User user2 = new User("userA", "differentPass", "differentPass");
        user.enable();
        assertTrue(user.equals(user2));
    }

    public void testFailedLoginLockout() throws AuthenticationException {
        System.out.println("failedLoginLockout");
        Authenticator authenticator = Authenticator.getInstance();
        User createTestUser = createTestUser("failedLoginLockout");
        String generateStrongPassword = authenticator.generateStrongPassword();
        createTestUser.unlock();
        createTestUser.changePassword("failedLoginLockout", generateStrongPassword, generateStrongPassword);
        createTestUser.verifyPassword(generateStrongPassword);
        createTestUser.verifyPassword("ridiculous");
        System.out.println("FAILED: " + createTestUser.getFailedLoginCount());
        assertFalse(createTestUser.isLocked());
        createTestUser.verifyPassword("ridiculous");
        System.out.println("FAILED: " + createTestUser.getFailedLoginCount());
        assertFalse(createTestUser.isLocked());
        createTestUser.verifyPassword("ridiculous");
        System.out.println("FAILED: " + createTestUser.getFailedLoginCount());
        assertTrue(createTestUser.isLocked());
    }

    public void testGetAccountName() throws AuthenticationException {
        System.out.println("getAccountName");
        User createTestUser = createTestUser("getAccountName");
        String randomString = Randomizer.getInstance().getRandomString(7, Encoder.CHAR_ALPHANUMERICS);
        createTestUser.setAccountName(randomString);
        assertEquals(randomString.toLowerCase(), createTestUser.getAccountName());
        assertFalse("ridiculous".equals(createTestUser.getAccountName()));
    }

    public void testGetLastFailedLoginTime() throws Exception {
        System.out.println("getLastLoginTime");
        User createTestUser = createTestUser(Authenticator.getInstance().generateStrongPassword());
        createTestUser.verifyPassword("ridiculous");
        Date lastFailedLoginTime = createTestUser.getLastFailedLoginTime();
        Thread.sleep(10L);
        createTestUser.verifyPassword("ridiculous");
        assertTrue(lastFailedLoginTime.before(createTestUser.getLastFailedLoginTime()));
    }

    public void testGetLastLoginTime() throws Exception {
        System.out.println("getLastLoginTime");
        String generateStrongPassword = Authenticator.getInstance().generateStrongPassword();
        User createTestUser = createTestUser(generateStrongPassword);
        createTestUser.verifyPassword(generateStrongPassword);
        Date lastLoginTime = createTestUser.getLastLoginTime();
        Thread.sleep(10L);
        createTestUser.verifyPassword(generateStrongPassword);
        assertTrue(lastLoginTime.before(createTestUser.getLastLoginTime()));
    }

    public void testGetLastPasswordChangeTime() throws Exception {
        System.out.println("getLastPasswordChangeTime");
        User createTestUser = createTestUser("getLastPasswordChangeTime");
        Date lastPasswordChangeTime = createTestUser.getLastPasswordChangeTime();
        Thread.sleep(10L);
        String generateStrongPassword = Authenticator.getInstance().generateStrongPassword("getLastPasswordChangeTime", createTestUser);
        createTestUser.changePassword("getLastPasswordChangeTime", generateStrongPassword, generateStrongPassword);
        assertTrue(createTestUser.getLastPasswordChangeTime().after(lastPasswordChangeTime));
    }

    public void testGetRoles() throws Exception {
        System.out.println("getRoles");
        Authenticator authenticator = Authenticator.getInstance();
        String randomString = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS);
        String generateStrongPassword = Authenticator.getInstance().generateStrongPassword();
        String randomString2 = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_LOWERS);
        User createUser = authenticator.createUser(randomString, generateStrongPassword, generateStrongPassword);
        createUser.addRole(randomString2);
        assertTrue(createUser.getRoles().size() > 0);
    }

    public void testGetScreenName() throws AuthenticationException {
        System.out.println("getScreenName");
        User createTestUser = createTestUser("getScreenName");
        String randomString = Randomizer.getInstance().getRandomString(7, Encoder.CHAR_ALPHANUMERICS);
        createTestUser.setScreenName(randomString);
        assertEquals(randomString, createTestUser.getScreenName());
        assertFalse("ridiculous".equals(createTestUser.getScreenName()));
    }

    public void testIncrementFailedLoginCount() throws AuthenticationException {
        System.out.println("incrementFailedLoginCount");
        User createTestUser = createTestUser("incrementFailedLoginCount");
        createTestUser.enable();
        assertEquals(0, createTestUser.getFailedLoginCount());
        TestHttpServletRequest testHttpServletRequest = new TestHttpServletRequest();
        TestHttpServletResponse testHttpServletResponse = new TestHttpServletResponse();
        Authenticator.getInstance().setCurrentHTTP(testHttpServletRequest, testHttpServletResponse);
        try {
            createTestUser.loginWithPassword("ridiculous", testHttpServletRequest, testHttpServletResponse);
        } catch (AuthenticationException e) {
        }
        assertEquals(1, createTestUser.getFailedLoginCount());
        try {
            createTestUser.loginWithPassword("ridiculous", testHttpServletRequest, testHttpServletResponse);
        } catch (AuthenticationException e2) {
        }
        assertEquals(2, createTestUser.getFailedLoginCount());
        try {
            createTestUser.loginWithPassword("ridiculous", testHttpServletRequest, testHttpServletResponse);
        } catch (AuthenticationException e3) {
        }
        assertEquals(3, createTestUser.getFailedLoginCount());
        try {
            createTestUser.loginWithPassword("ridiculous", testHttpServletRequest, testHttpServletResponse);
        } catch (AuthenticationException e4) {
        }
        assertTrue(createTestUser.isLocked());
    }

    public void testIsEnabled() throws AuthenticationException {
        System.out.println("isEnabled");
        User createTestUser = createTestUser("isEnabled");
        createTestUser.disable();
        assertFalse(createTestUser.isEnabled());
        createTestUser.enable();
        assertTrue(createTestUser.isEnabled());
    }

    public void testIsFirstRequest() throws AuthenticationException {
        System.out.println("isFirstRequest");
        TestHttpServletRequest testHttpServletRequest = new TestHttpServletRequest();
        TestHttpServletResponse testHttpServletResponse = new TestHttpServletResponse();
        Authenticator authenticator = Authenticator.getInstance();
        String generateStrongPassword = authenticator.generateStrongPassword();
        User createUser = authenticator.createUser("isFirstRequest", generateStrongPassword, generateStrongPassword);
        createUser.enable();
        testHttpServletRequest.addParameter(SecurityConfiguration.getInstance().getPasswordParameterName(), generateStrongPassword);
        testHttpServletRequest.addParameter(SecurityConfiguration.getInstance().getUsernameParameterName(), "isFirstRequest");
        authenticator.login((HttpServletRequest) testHttpServletRequest, (HttpServletResponse) testHttpServletResponse);
        assertTrue(createUser.isFirstRequest());
        authenticator.login((HttpServletRequest) testHttpServletRequest, (HttpServletResponse) testHttpServletResponse);
        assertFalse(createUser.isFirstRequest());
        authenticator.login((HttpServletRequest) testHttpServletRequest, (HttpServletResponse) testHttpServletResponse);
        assertFalse(createUser.isFirstRequest());
    }

    public void testIsInRole() throws AuthenticationException {
        System.out.println("isInRole");
        User createTestUser = createTestUser("isInRole");
        assertFalse(createTestUser.isInRole("TestRole"));
        createTestUser.addRole("TestRole");
        assertTrue(createTestUser.isInRole("TestRole"));
        assertFalse(createTestUser.isInRole("Ridiculous"));
    }

    public void testIsLocked() throws AuthenticationException {
        System.out.println("isLocked");
        User createTestUser = createTestUser("isLocked");
        createTestUser.lock();
        assertTrue(createTestUser.isLocked());
        createTestUser.unlock();
        assertFalse(createTestUser.isLocked());
    }

    public void testIsSessionAbsoluteTimeout() throws AuthenticationException {
        System.out.println("isSessionAbsoluteTimeout");
        User createTestUser = createTestUser(Authenticator.getInstance().generateStrongPassword());
        long currentTimeMillis = System.currentTimeMillis();
        assertTrue(createTestUser.isSessionAbsoluteTimeout(new TestHttpSession(currentTimeMillis - 10800000, currentTimeMillis)));
        assertFalse(createTestUser.isSessionAbsoluteTimeout(new TestHttpSession(currentTimeMillis - 3600000, currentTimeMillis)));
    }

    public void testIsSessionTimeout() throws AuthenticationException {
        System.out.println("isSessionTimeout");
        User createTestUser = createTestUser(Authenticator.getInstance().generateStrongPassword());
        long currentTimeMillis = System.currentTimeMillis();
        assertTrue(createTestUser.isSessionAbsoluteTimeout(new TestHttpSession(currentTimeMillis - 10800000, currentTimeMillis - 1800000)));
        assertFalse(createTestUser.isSessionTimeout(new TestHttpSession(currentTimeMillis - 10800000, currentTimeMillis - 600000)));
    }

    public void testLock() throws AuthenticationException {
        System.out.println("lock");
        User createTestUser = createTestUser(Authenticator.getInstance().generateStrongPassword());
        createTestUser.lock();
        assertTrue(createTestUser.isLocked());
        createTestUser.unlock();
        assertFalse(createTestUser.isLocked());
    }

    public void testLoginWithPassword() throws AuthenticationException {
        System.out.println("loginWithPassword");
        TestHttpServletRequest testHttpServletRequest = new TestHttpServletRequest();
        TestHttpServletResponse testHttpServletResponse = new TestHttpServletResponse();
        assertFalse(((TestHttpSession) testHttpServletRequest.getSession()).getInvalidated());
        User createTestUser = createTestUser("loginWithPassword");
        createTestUser.enable();
        createTestUser.loginWithPassword("loginWithPassword", testHttpServletRequest, testHttpServletResponse);
        assertTrue(createTestUser.isLoggedIn());
        createTestUser.logout(testHttpServletRequest, testHttpServletResponse);
        assertFalse(createTestUser.isLoggedIn());
        assertFalse(createTestUser.isLocked());
        try {
            createTestUser.loginWithPassword("ridiculous", testHttpServletRequest, testHttpServletResponse);
        } catch (AuthenticationException e) {
        }
        assertFalse(createTestUser.isLoggedIn());
        try {
            createTestUser.loginWithPassword("ridiculous", testHttpServletRequest, testHttpServletResponse);
        } catch (AuthenticationException e2) {
        }
        try {
            createTestUser.loginWithPassword("ridiculous", testHttpServletRequest, testHttpServletResponse);
        } catch (AuthenticationException e3) {
        }
        assertTrue(createTestUser.isLocked());
    }

    public void testLogout() throws AuthenticationException {
        System.out.println("logout");
        TestHttpServletRequest testHttpServletRequest = new TestHttpServletRequest();
        TestHttpServletResponse testHttpServletResponse = new TestHttpServletResponse();
        assertFalse(((TestHttpSession) testHttpServletRequest.getSession()).getInvalidated());
        String generateStrongPassword = Authenticator.getInstance().generateStrongPassword();
        User createTestUser = createTestUser(generateStrongPassword);
        createTestUser.enable();
        System.out.println(createTestUser.getLastLoginTime());
        createTestUser.loginWithPassword(generateStrongPassword, testHttpServletRequest, testHttpServletResponse);
        assertTrue(createTestUser.isLoggedIn());
        TestHttpSession testHttpSession = (TestHttpSession) testHttpServletRequest.getSession();
        assertFalse(testHttpSession.getInvalidated());
        createTestUser.logout(testHttpServletRequest, testHttpServletResponse);
        assertFalse(createTestUser.isLoggedIn());
        assertTrue(testHttpSession.getInvalidated());
    }

    public void testRemoveRole() throws AuthenticationException {
        System.out.println("removeRole");
        String randomString = Randomizer.getInstance().getRandomString(8, Encoder.CHAR_LOWERS);
        User createTestUser = createTestUser("removeRole");
        createTestUser.addRole(randomString);
        assertTrue(createTestUser.isInRole(randomString));
        createTestUser.removeRole(randomString);
        assertFalse(createTestUser.isInRole(randomString));
    }

    public void testResetCSRFToken() throws AuthenticationException {
        System.out.println("resetCSRFToken");
        User createTestUser = createTestUser("resetCSRFToken");
        assertFalse(createTestUser.resetCSRFToken().equals(createTestUser.resetCSRFToken()));
    }

    public void testResetPassword() throws AuthenticationException {
        System.out.println("resetPassword");
        User createTestUser = createTestUser("resetPassword");
        for (int i = 0; i < 20; i++) {
            assertTrue(createTestUser.verifyPassword(createTestUser.resetPassword()));
        }
    }

    public void testResetRememberToken() throws AuthenticationException {
        System.out.println("resetRememberToken");
        User createTestUser = createTestUser("resetRememberToken");
        assertEquals(createTestUser.resetRememberToken(), createTestUser.getRememberToken());
    }

    public void testSetAccountName() throws AuthenticationException {
        System.out.println("setAccountName");
        User createTestUser = createTestUser("setAccountName");
        String randomString = Randomizer.getInstance().getRandomString(7, Encoder.CHAR_ALPHANUMERICS);
        createTestUser.setAccountName(randomString);
        assertEquals(randomString.toLowerCase(), createTestUser.getAccountName());
        assertFalse("ridiculous".equals(createTestUser.getAccountName()));
    }

    public void testSetExpirationTime() throws Exception {
        System.out.println("setAccountName");
        User createTestUser = createTestUser(Randomizer.getInstance().getRandomString(8, Encoder.CHAR_ALPHANUMERICS));
        createTestUser.setExpirationTime(new Date(0L));
        assertTrue(createTestUser.isExpired());
    }

    public void testSetRoles() throws AuthenticationException {
        System.out.println("setRoles");
        User createTestUser = createTestUser("setRoles");
        createTestUser.addRole("user");
        assertTrue(createTestUser.isInRole("user"));
        HashSet hashSet = new HashSet();
        hashSet.add("rolea");
        hashSet.add("roleb");
        createTestUser.setRoles(hashSet);
        assertFalse(createTestUser.isInRole("user"));
        assertTrue(createTestUser.isInRole("rolea"));
        assertTrue(createTestUser.isInRole("roleb"));
        assertFalse(createTestUser.isInRole("ridiculous"));
    }

    public void testSetScreenName() throws AuthenticationException {
        System.out.println("setScreenName");
        User createTestUser = createTestUser("setScreenName");
        String randomString = Randomizer.getInstance().getRandomString(7, Encoder.CHAR_ALPHANUMERICS);
        createTestUser.setScreenName(randomString);
        assertEquals(randomString, createTestUser.getScreenName());
        assertFalse("ridiculous".equals(createTestUser.getScreenName()));
    }

    public void testUnlock() throws AuthenticationException {
        System.out.println("unlockAccount");
        User createTestUser = createTestUser(Authenticator.getInstance().generateStrongPassword());
        createTestUser.lock();
        assertTrue(createTestUser.isLocked());
        createTestUser.unlock();
        assertFalse(createTestUser.isLocked());
    }
}
