package org.sonar.server.authentication;

import java.util.Optional;
import java.util.Random;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.RandomStringUtils;
import org.assertj.core.api.Assertions;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mindrot.jbcrypt.BCrypt;
import org.sonar.db.DbTester;
import org.sonar.db.user.UserDto;
import org.sonar.db.user.UserTesting;
import org.sonar.server.authentication.LocalAuthentication;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;

/* loaded from: input_file:org/sonar/server/authentication/LocalAuthenticationTest.class */
public class LocalAuthenticationTest {
    private static final Random RANDOM = new Random();

    @Rule
    public ExpectedException expectedException = ExpectedException.none();

    @Rule
    public DbTester db = DbTester.create();
    private LocalAuthentication underTest = new LocalAuthentication(this.db.getDbClient());

    @Test
    public void incorrect_hash_should_throw_AuthenticationException() {
        UserDto hashMethod = UserTesting.newUserDto().setHashMethod("ALGON2");
        this.expectedException.expect(AuthenticationException.class);
        this.expectedException.expectMessage("Unknown hash method [ALGON2]");
        this.underTest.authenticate(this.db.getSession(), hashMethod, "whatever", AuthenticationEvent.Method.BASIC);
    }

    @Test
    public void null_hash_should_throw_AuthenticationException() {
        UserDto newUserDto = UserTesting.newUserDto();
        this.expectedException.expect(AuthenticationException.class);
        this.expectedException.expectMessage("null hash method");
        this.underTest.authenticate(this.db.getSession(), newUserDto, "whatever", AuthenticationEvent.Method.BASIC);
    }

    @Test
    public void authentication_with_bcrypt_with_correct_password_should_work() {
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(60);
        this.underTest.authenticate(this.db.getSession(), UserTesting.newUserDto().setHashMethod(LocalAuthentication.HashMethod.BCRYPT.name()).setCryptedPassword(BCrypt.hashpw(randomAlphanumeric, BCrypt.gensalt(12))), randomAlphanumeric, AuthenticationEvent.Method.BASIC);
    }

    @Test
    public void authentication_with_sha1_with_correct_password_should_work() {
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(60);
        byte[] bArr = new byte[20];
        RANDOM.nextBytes(bArr);
        String sha1Hex = DigestUtils.sha1Hex(bArr);
        this.underTest.authenticate(this.db.getSession(), UserTesting.newUserDto().setHashMethod(LocalAuthentication.HashMethod.SHA1.name()).setCryptedPassword(DigestUtils.sha1Hex("--" + sha1Hex + "--" + randomAlphanumeric + "--")).setSalt(sha1Hex), randomAlphanumeric, AuthenticationEvent.Method.BASIC);
    }

    @Test
    public void authentication_with_sha1_with_incorrect_password_should_throw_AuthenticationException() {
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(60);
        byte[] bArr = new byte[20];
        RANDOM.nextBytes(bArr);
        String sha1Hex = DigestUtils.sha1Hex(bArr);
        UserDto salt = UserTesting.newUserDto().setHashMethod(LocalAuthentication.HashMethod.SHA1.name()).setCryptedPassword(DigestUtils.sha1Hex("--" + sha1Hex + "--" + randomAlphanumeric + "--")).setSalt(sha1Hex);
        this.expectedException.expect(AuthenticationException.class);
        this.expectedException.expectMessage("wrong password");
        this.underTest.authenticate(this.db.getSession(), salt, "WHATEVER", AuthenticationEvent.Method.BASIC);
    }

    @Test
    public void authentication_with_sha1_with_empty_password_should_throw_AuthenticationException() {
        byte[] bArr = new byte[20];
        RANDOM.nextBytes(bArr);
        UserDto salt = UserTesting.newUserDto().setCryptedPassword((String) null).setHashMethod(LocalAuthentication.HashMethod.SHA1.name()).setSalt(DigestUtils.sha1Hex(bArr));
        this.expectedException.expect(AuthenticationException.class);
        this.expectedException.expectMessage("null password in DB");
        this.underTest.authenticate(this.db.getSession(), salt, "WHATEVER", AuthenticationEvent.Method.BASIC);
    }

    @Test
    public void authentication_with_sha1_with_empty_salt_should_throw_AuthenticationException() {
        UserDto salt = UserTesting.newUserDto().setHashMethod(LocalAuthentication.HashMethod.SHA1.name()).setCryptedPassword(DigestUtils.sha1Hex("--0242b0b4c0a93ddfe09dd886de50bc25ba000b51--" + RandomStringUtils.randomAlphanumeric(60) + "--")).setSalt((String) null);
        this.expectedException.expect(AuthenticationException.class);
        this.expectedException.expectMessage("null salt");
        this.underTest.authenticate(this.db.getSession(), salt, "WHATEVER", AuthenticationEvent.Method.BASIC);
    }

    @Test
    public void authentication_with_bcrypt_with_incorrect_password_should_throw_AuthenticationException() {
        UserDto cryptedPassword = UserTesting.newUserDto().setHashMethod(LocalAuthentication.HashMethod.BCRYPT.name()).setCryptedPassword(BCrypt.hashpw(RandomStringUtils.randomAlphanumeric(60), BCrypt.gensalt(12)));
        this.expectedException.expect(AuthenticationException.class);
        this.expectedException.expectMessage("wrong password");
        this.underTest.authenticate(this.db.getSession(), cryptedPassword, "WHATEVER", AuthenticationEvent.Method.BASIC);
    }

    @Test
    public void authentication_upgrade_hash_function_when_SHA1_was_used() {
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(60);
        byte[] bArr = new byte[20];
        RANDOM.nextBytes(bArr);
        String sha1Hex = DigestUtils.sha1Hex(bArr);
        UserDto salt = UserTesting.newUserDto().setLogin("myself").setHashMethod(LocalAuthentication.HashMethod.SHA1.name()).setCryptedPassword(DigestUtils.sha1Hex("--" + sha1Hex + "--" + randomAlphanumeric + "--")).setSalt(sha1Hex);
        this.db.users().insertUser(salt);
        this.underTest.authenticate(this.db.getSession(), salt, randomAlphanumeric, AuthenticationEvent.Method.BASIC);
        Optional selectUserByLogin = this.db.users().selectUserByLogin("myself");
        Assertions.assertThat(selectUserByLogin).isPresent();
        Assertions.assertThat(((UserDto) selectUserByLogin.get()).getHashMethod()).isEqualTo(LocalAuthentication.HashMethod.BCRYPT.name());
        Assertions.assertThat(((UserDto) selectUserByLogin.get()).getSalt()).isNull();
        this.underTest.authenticate(this.db.getSession(), salt, randomAlphanumeric, AuthenticationEvent.Method.BASIC);
    }
}
