package org.camunda.bpm.engine.test.api.identity;

import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.camunda.bpm.engine.IdentityService;
import org.camunda.bpm.engine.RuntimeService;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.impl.cfg.ProcessEngineConfigurationImpl;
import org.camunda.bpm.engine.impl.digest.PasswordEncryptionException;
import org.camunda.bpm.engine.impl.digest.PasswordEncryptor;
import org.camunda.bpm.engine.impl.digest.PasswordManager;
import org.camunda.bpm.engine.impl.digest.SaltGenerator;
import org.camunda.bpm.engine.impl.digest.ShaHashDigest;
import org.camunda.bpm.engine.test.api.identity.util.MyConstantSaltGenerator;
import org.camunda.bpm.engine.test.api.identity.util.MyCustomPasswordEncryptor;
import org.camunda.bpm.engine.test.api.identity.util.MyCustomPasswordEncryptorCreatingPrefixThatCannotBeResolved;
import org.camunda.bpm.engine.test.util.ProcessEngineTestRule;
import org.camunda.bpm.engine.test.util.ProvidedProcessEngineRule;
import org.hamcrest.MatcherAssert;
import org.hamcrest.core.Is;
import org.hamcrest.core.IsNot;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.rules.RuleChain;

/* loaded from: input_file:org/camunda/bpm/engine/test/api/identity/PasswordHashingTest.class */
public class PasswordHashingTest {
    protected static ProvidedProcessEngineRule engineRule = new ProvidedProcessEngineRule();
    protected static ProcessEngineTestRule testRule = new ProcessEngineTestRule(engineRule);

    @Rule
    public ExpectedException thrown = ExpectedException.none();

    @Rule
    public RuleChain ruleChain = RuleChain.outerRule(engineRule).around(testRule);
    protected static final String PASSWORD = "password";
    protected static final String USER_NAME = "johndoe";
    protected static final String ALGORITHM_NAME = "awesome";
    protected IdentityService identityService;
    protected RuntimeService runtimeService;
    protected ProcessEngineConfigurationImpl processEngineConfiguration;
    protected PasswordEncryptor camundaDefaultEncryptor;
    protected List<PasswordEncryptor> camundaDefaultPasswordChecker;
    protected SaltGenerator camundaDefaultSaltGenerator;

    @Before
    public void initialize() {
        this.runtimeService = engineRule.getRuntimeService();
        this.identityService = engineRule.getIdentityService();
        this.processEngineConfiguration = engineRule.getProcessEngineConfiguration();
        this.camundaDefaultEncryptor = this.processEngineConfiguration.getPasswordEncryptor();
        this.camundaDefaultPasswordChecker = this.processEngineConfiguration.getCustomPasswordChecker();
        this.camundaDefaultSaltGenerator = this.processEngineConfiguration.getSaltGenerator();
    }

    @After
    public void cleanUp() {
        removeAllUser();
        resetEngineConfiguration();
    }

    protected void removeAllUser() {
        Iterator it = this.identityService.createUserQuery().list().iterator();
        while (it.hasNext()) {
            this.identityService.deleteUser(((User) it.next()).getId());
        }
    }

    protected void resetEngineConfiguration() {
        setEncryptors(this.camundaDefaultEncryptor, this.camundaDefaultPasswordChecker);
        this.processEngineConfiguration.setSaltGenerator(this.camundaDefaultSaltGenerator);
    }

    @Test
    public void saltHashingOnHashedPasswordWithoutSaltThrowsNoError() {
        this.processEngineConfiguration.setSaltGenerator(new MyConstantSaltGenerator(null));
        User newUser = this.identityService.newUser(USER_NAME);
        newUser.setPassword(PASSWORD);
        this.identityService.saveUser(newUser);
        MatcherAssert.assertThat(Boolean.valueOf(this.identityService.checkPassword(USER_NAME, PASSWORD)), Is.is(true));
    }

    @Test
    public void enteringTheSamePasswordShouldProduceTwoDifferentEncryptedPassword() {
        User newUser = this.identityService.newUser(USER_NAME);
        newUser.setPassword(PASSWORD);
        this.identityService.saveUser(newUser);
        User newUser2 = this.identityService.newUser("kermit");
        newUser2.setPassword(PASSWORD);
        this.identityService.saveUser(newUser2);
        MatcherAssert.assertThat(newUser.getPassword(), Is.is(IsNot.not(newUser2.getPassword())));
    }

    @Test
    public void ensurePasswordIsCorrectlyHashedWithSHA1() {
        setDefaultEncryptor(new ShaHashDigest());
        this.processEngineConfiguration.setSaltGenerator(new MyConstantSaltGenerator("12345678910"));
        User newUser = this.identityService.newUser(USER_NAME);
        newUser.setPassword(PASSWORD);
        this.identityService.saveUser(newUser);
        MatcherAssert.assertThat(((User) this.identityService.createUserQuery().userId(USER_NAME).singleResult()).getPassword(), Is.is("{SHA}n3fE9/7XOmgD3BkeJlC+JLyb/Qg="));
    }

    @Test
    public void ensurePasswordIsCorrectlyHashedWithSHA512() {
        this.processEngineConfiguration.setSaltGenerator(new MyConstantSaltGenerator("12345678910"));
        User newUser = this.identityService.newUser(USER_NAME);
        newUser.setPassword(PASSWORD);
        this.identityService.saveUser(newUser);
        MatcherAssert.assertThat(((User) this.identityService.createUserQuery().userId(USER_NAME).singleResult()).getPassword(), Is.is("{SHA-512}sM1U4nCzoDbdUugvJ7dJ6rLc7t1ZPPsnAbUpTqi5nXCYp7PTZCHExuzjoxLLYoUKGd637jKqT8d9tpsZs3K5+g=="));
    }

    @Test
    public void twoEncryptorsWithSamePrefixThrowError() {
        LinkedList linkedList = new LinkedList();
        linkedList.add(new ShaHashDigest());
        ShaHashDigest shaHashDigest = new ShaHashDigest();
        this.thrown.expect(PasswordEncryptionException.class);
        this.thrown.expectMessage("Hash algorithm with the name 'SHA' was already added");
        setEncryptors(shaHashDigest, linkedList);
    }

    @Test
    public void prefixThatCannotBeResolvedThrowsError() {
        setDefaultEncryptor(new MyCustomPasswordEncryptorCreatingPrefixThatCannotBeResolved());
        User newUser = this.identityService.newUser(USER_NAME);
        newUser.setPassword(PASSWORD);
        this.identityService.saveUser(newUser);
        User user = (User) this.identityService.createUserQuery().userId(USER_NAME).singleResult();
        this.thrown.expect(PasswordEncryptionException.class);
        this.thrown.expectMessage("Could not resolve hash algorithm name of a hashed password");
        this.identityService.checkPassword(user.getId(), PASSWORD);
    }

    @Test
    public void plugInCustomPasswordEncryptor() {
        setEncryptors(new MyCustomPasswordEncryptor(PASSWORD, ALGORITHM_NAME), Collections.emptyList());
        User newUser = this.identityService.newUser(USER_NAME);
        newUser.setPassword(PASSWORD);
        this.identityService.saveUser(newUser);
        MatcherAssert.assertThat(((User) this.identityService.createUserQuery().userId(USER_NAME).singleResult()).getPassword(), Is.is("{awesome}xxx"));
    }

    @Test
    public void useSeveralCustomEncryptors() {
        this.processEngineConfiguration.setSaltGenerator(new MyConstantSaltGenerator("12345678910"));
        createUserWithEncryptor("Kermit", new MyCustomPasswordEncryptor(PASSWORD, ALGORITHM_NAME));
        createUserWithEncryptor("Fozzie", new MyCustomPasswordEncryptor(PASSWORD, "marvelousAlgorithm"));
        createUserWithEncryptor("Gonzo", new ShaHashDigest());
        LinkedList linkedList = new LinkedList();
        linkedList.add(new MyCustomPasswordEncryptor(PASSWORD, ALGORITHM_NAME));
        linkedList.add(new MyCustomPasswordEncryptor(PASSWORD, "marvelousAlgorithm"));
        setEncryptors(new ShaHashDigest(), linkedList);
        User user = (User) this.identityService.createUserQuery().userId("Kermit").singleResult();
        User user2 = (User) this.identityService.createUserQuery().userId("Fozzie").singleResult();
        User user3 = (User) this.identityService.createUserQuery().userId("Gonzo").singleResult();
        MatcherAssert.assertThat(user.getPassword(), Is.is("{awesome}xxx"));
        MatcherAssert.assertThat(user2.getPassword(), Is.is("{marvelousAlgorithm}xxx"));
        MatcherAssert.assertThat(user3.getPassword(), Is.is("{SHA}n3fE9/7XOmgD3BkeJlC+JLyb/Qg="));
    }

    protected void createUserWithEncryptor(String str, PasswordEncryptor passwordEncryptor) {
        setEncryptors(passwordEncryptor, Collections.emptyList());
        User newUser = this.identityService.newUser(str);
        newUser.setPassword(PASSWORD);
        this.identityService.saveUser(newUser);
    }

    protected void setDefaultEncryptor(PasswordEncryptor passwordEncryptor) {
        setEncryptors(passwordEncryptor, Collections.emptyList());
    }

    protected void setEncryptors(PasswordEncryptor passwordEncryptor, List<PasswordEncryptor> list) {
        this.processEngineConfiguration.setPasswordManager(new PasswordManager(passwordEncryptor, list));
    }
}
